Ir para conteúdo

BABOO e KTS 2018 no YouTube Loja online do BABOO

Paulo C Passos

Participante
  • Postagens

    36
  • Desde

  • Última visita

Perfil

  • Escolaridade
    2º grau completo
  • Área Profissional
    Administração
  • Nível Profissional
    Consultor
  • Estado
    Paraná
  • Sexo
    masculino
  1. Mensagem de erro .DLL

    A mensagem desapareceu. Parece que agora está em ordem. Obrigado.
  2. Mensagem de erro .DLL

    O log: SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17] WebSite: www.safezone.cc DateLog: 02.11.2017 14:45:35 Path starting: C:\Users\Paulo\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: Paulo VersionXML: 4.73is-27.10.2017 ___________________________________________________________________________ Windows 10(6.3.15063) (x64) Professional Release: 1703 Lang: Portuguese(0416) Installation date OS: 07.06.2017 14:43:34 LicenseStatus: Windows(R), Professional edition The machine is permanently activated. Boot Mode: Normal Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe SystemDrive: C: FS: [NTFS] Capacity: [683 Gb] Used: [177.2 Gb] Free: [505.8 Gb] ------------------------------- [ Windows ] ------------------------------- Internet Explorer 11.674.15063.0 User Account Control enabled Notify before download Windows Update (wuauserv) - The service is running Central de Segurança (wscsvc) - The service is running Registro remoto (RemoteRegistry) - The service has stopped Descoberta SSDP (SSDPSRV) - The service is running Serviços de Área de Trabalho Remota (TermService) - The service has stopped Windows Remote Management (WS-Management) (WinRM) - The service has stopped ------------------------------ [ MS Office ] ------------------------------ Microsoft Office 2010 x86 v.14.0.7015.1000 ---------------------------- [ Antivirus_WMI ] ---------------------------- Windows Defender (disabled) Trend Micro Internet Security (enabled and up to date) --------------------------- [ FirewallWindows ] --------------------------- Firewall do Windows (MpsSvc) - The service is running --------------------------- [ AntiSpyware_WMI ] --------------------------- Windows Defender (disabled) ---------------------- [ AntiVirusFirewallInstall ] ----------------------- Trend Micro Internet Security v.12.0 --------------------------- [ OtherUtilities ] ---------------------------- WinRAR 5.30 beta 4 (64-bit) v.5.30.4 Warning! Download Update Oracle VM VirtualBox 5.0.24 v.5.0.24 Warning! Download Update OpenOffice 4.1.3 v.4.13.9783 Warning! Download Update --------------------------------- [ IM ] ---------------------------------- Skype™ 7.36 v.7.36.101 Warning! Download Update --------------------------------- [ P2P ] --------------------------------- µTorrent v.3.5.0.44090 Warning! P2P-client. -------------------------------- [ Java ] --------------------------------- Java 8 Update 111 v.8.0.1110.14 Warning! Download Update Uninstall old version and install new one (jre-8u152-Windows-i586.exe). --------------------------- [ AppleProduction ] --------------------------- Bonjour v.3.1.0.1 iTunes v.12.4.1.6 Warning! Download Update ^Please use Apple Software Update tool.^ Serviço do Bonjour (Bonjour Service) - The service is running --------------------------- [ AdobeProduction ] --------------------------- Adobe Flash Player 27 PPAPI v.27.0.0.183 Adobe Acrobat Reader DC - Português v.17.012.20098 ------------------------------- [ Browser ] ------------------------------- Google Chrome v.62.0.3202.62 Warning! Download Update --------------------------- [ RunningProcess ] ---------------------------- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.62.0.3202.62 ------------------ [ AntivirusFirewallProcessServices ] ------------------- Platinum Host Service (Platinum Host Service) - The service is running C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe v.3.12.0.1036 C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe v.5.5.0.1256 C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe v.5.5.0.1256 C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe v.3.12.0.1036 C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe v.3.12.0.1036 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe v.5.5.0.1256 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe v.5.5.0.1256 C:\Program Files\Windows Defender\MSASCuiL.exe v.4.11.15063.0 Serviço Windows Defender antivírus (WinDefend) - The service has stopped Serviço de Inspeção de Rede do Windows Defender antivírus (WdNisSvc) - The service has stopped ----------------------------- [ End of Log ] ------------------------------
  3. Mensagem de erro .DLL

    O Log: Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 01-11-2017 Executado por Paulo (01-11-2017 14:44:05) Run:1 Executando a partir de C:\Users\Paulo\Desktop Perfis Carregados: Paulo (Perfis Disponíveis: Paulo) Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** start CreateRestorePoint: Startup: C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FPHGIdU.vbs [2017-10-25] () 2017-10-25 18:35 - 2017-10-25 18:35 - 000000000 _____ C:\Users\Paulo\sbx.dll 2017-10-25 18:34 - 2017-10-25 18:34 - 000000008 _____ C:\Users\Paulo\91x AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32] AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1002] AlternateDataStreams: C:\Windows\system32\Drivers\gbpddreg64.sys:X5ZN8aGvT4 [686] AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410] EmptyTemp: end ***************** Ponto de Restauração criado com sucesso. C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FPHGIdU.vbs => movido com sucesso C:\Users\Paulo\sbx.dll => movido com sucesso C:\Users\Paulo\91x => movido com sucesso C:\Program Files (x86)\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removido (a) com sucesso.. C:\Program Files (x86)\GbPlugin => ":u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==" ADS removido (a) com sucesso.. C:\Windows\system32\Drivers\gbpddfac64.sys => ":X5ZN8aGvT4" ADS removido (a) com sucesso.. C:\Windows\system32\Drivers\gbpddreg64.sys => ":X5ZN8aGvT4" ADS removido (a) com sucesso.. C:\Windows\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso.. =========== EmptyTemp: ========== BITS transfer queue => 6053888 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12841834 B Java, Flash, Steam htmlcache => 562 B Windows/system/drivers => 10202189 B Edge => 8012589 B Chrome => 18939882 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 0 B LocalService => 19000 B NetworkService => 0 B Paulo => 1006364775 B RecycleBin => 1229641855 B EmptyTemp: => 2.1 GB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 14:45:31 ====
  4. Mensagem de erro .DLL

    O log: Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 01-11-2017 Executado por Paulo (01-11-2017 14:44:05) Run:1 Executando a partir de C:\Users\Paulo\Desktop Perfis Carregados: Paulo (Perfis Disponíveis: Paulo) Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** start CreateRestorePoint: Startup: C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FPHGIdU.vbs [2017-10-25] () 2017-10-25 18:35 - 2017-10-25 18:35 - 000000000 _____ C:\Users\Paulo\sbx.dll 2017-10-25 18:34 - 2017-10-25 18:34 - 000000008 _____ C:\Users\Paulo\91x AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32] AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1002] AlternateDataStreams: C:\Windows\system32\Drivers\gbpddreg64.sys:X5ZN8aGvT4 [686] AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410] EmptyTemp: end
  5. Mensagem de erro .DLL

    Os Logs Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 26-10-2017 Executado por Paulo (administrador) em PAULO-PC (31-10-2017 08:53:24) Executando a partir de C:\Users\Paulo\Desktop Perfis Carregados: Paulo (Perfis Disponíveis: Paulo) Platform: Windows 10 Pro Versão 1703 15063.674 (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (AMD) C:\Windows\System32\atiesrxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe (Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe (Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\10011\7.2.1023\7.2.1023\TmsaInstance64.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe (AMD) C:\Windows\System32\atieclxx.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture_DELL.exe (Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\atiw.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe (Dell) C:\Users\Paulo\AppData\Local\Apps\2.0\J7KBX1RY.L0L\RC444NXJ.D34\dell..tion_831211ca63b981c5_0008.0008_b150a6542eb950c1\DellSystemDetect.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILDE.EXE (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHAL.EXE (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\NativeMessageHost\ToolbarNativeMsgHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11709.1001.27.0_x64__8wekyb3d8bbwe\WinStore.App.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17083.18321.0_x64__8wekyb3d8bbwe\Music.UI.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8600.40525.0_x64__8wekyb3d8bbwe\HxOutlook.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8600.40525.0_x64__8wekyb3d8bbwe\HxTsr.exe () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17092.13511.0_x64__8wekyb3d8bbwe\Video.UI.exe () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Calculator.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe () C:\Program Files\WindowsApps\Microsoft.Office.Sway_18.1710.52701.0_x64__8wekyb3d8bbwe\Microsoft.Office.Sway.LightweightClient.UWP.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3348200 2015-08-22] (ELAN Microelectronics Corp.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [245872 2017-07-23] (Trend Micro Inc.) HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1242568 2017-07-23] (Trend Micro Inc.) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1151872 2016-11-18] (SEIKO EPSON CORPORATION) Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-16] (Banco do Brasil) Winlogon\Notify\ GbPluginCef-x32: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [X] HKU\S-1-5-21-270676865-3621291441-929404117-1001\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-270676865-3621291441-929404117-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAL.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-270676865-3621291441-929404117-1001\...\Run: [DellSystemDetect] => C:\Users\Paulo\AppData\Local\Apps\2.0\J7KBX1RY.L0L\RC444NXJ.D34\dell..tion_831211ca63b981c5_0008.0008_b150a6542eb950c1\DellSystemDetect.exe [314544 2017-10-30] (Dell) HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION) HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION) Lsa: [Notification Packages] DPPassFilter scecli ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1947872 2016-06-16] (Banco do Brasil) ShellExecuteHooks-x32: GbIehCefObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\DIEBOLD\WARSAW\wsaxbco.dll [971312 2017-08-11] (GAS Tecnologia LTDA) Startup: C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FPHGIdU.vbs [2017-10-25] () ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{678d80a4-e760-4833-bef4-13d27425c596}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{f859f5ad-426a-4041-8caa-c9fc77813181}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-270676865-3621291441-929404117-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.br/?gws_rd=ssl SearchScopes: HKU\S-1-5-21-270676865-3621291441-929404117-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-01] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2016-06-16] (Banco do Brasil) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-01] (Oracle Corporation) Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.) Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.) Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.) Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.) Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2017-07-23] (Trend Micro Inc.) Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2017-07-23] (Trend Micro Inc.) FireFox: ======== FF HKLM\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension => não encontrado (a) FF HKLM-x32\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension => não encontrado (a) FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2017-10-30] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-12] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-12] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-01] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-01] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2011-12-02] (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-25] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-25] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com.br/ CHR StartupUrls: Default -> "hxxps://www.google.com.br/?gws_rd=ssl" CHR Profile: C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default [2017-10-31] CHR Extension: (Apresentações) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16] CHR Extension: (Documentos) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16] CHR Extension: (Google Drive) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-24] CHR Extension: (YouTube) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-24] CHR Extension: (Adobe Acrobat) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-24] CHR Extension: (Planilhas) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16] CHR Extension: (Documentos Google off-line) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-24] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21] CHR Extension: (Trend Micro Toolbar) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2017-10-30] CHR Extension: (Gmail) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-24] CHR Extension: (Chrome Media Router) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-27] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - hxxps://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 Amsp; C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [374968 2017-07-19] (Trend Micro Inc.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [323152 2015-06-29] (Windows (R) Win 7 DDK provider) R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2016-06-29] (Conexant Systems, Inc.) R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2017-04-11] (Dell Inc.) R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2017-04-11] (Dell Inc.) R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677880 2017-04-25] (SEIKO EPSON CORPORATION) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144104 2015-08-22] (ELAN Microelectronics Corp.) R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-06-16] (GAS Tecnologia) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [337888 2016-05-04] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Arquivo não assinado] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation) R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1129928 2017-07-23] (Trend Micro Inc.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation) R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-09-22] (Dell Inc.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH) R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [77824 2016-06-29] (Synaptics Incorporated) R2 valWbioSyncSvc; C:\Windows\system32\valWbioSyncSvc.exe [47616 2016-06-29] (Synaptics Incorporated) R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [1056304 2017-08-30] (GAS Tecnologia LTDA) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [82696 2015-07-31] (Advanced Micro Devices, Inc.) U5 AthDfu; C:\Windows\System32\Drivers\AthDfu.sys [52352 2012-03-08] (Windows (R) Win 7 DDK provider) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2017-10-31] (GAS Tecnologia) R0 gbpddreg; C:\Windows\System32\drivers\gbpddreg64.sys [29816 2017-10-30] (GAS Tecnologia) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-06-29] (REALiX(tm)) R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [26504 2012-02-22] (Intel Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation) S3 MOBILETV; C:\Windows\system32\drivers\SiUSBXp.sys [16384 2007-12-06] (Silicon Laboratories) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896744 2015-11-25] (Realtek ) S3 rtcrfilt64; C:\Windows\system32\DRIVERS\rtcrfilt64.sys [19600 2012-09-04] (Realtek Semiconductor Corp.) R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation) S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] () R1 SMIDriver; C:\Windows\system32\DRIVERS\smi.sys [28400 2016-06-29] (Windows (R) Win 7 DDK provider) R3 ST_ACCEL; C:\Windows\system32\DRIVERS\ST_ACCEL.sys [67184 2012-01-03] (STMicroelectronics) R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [145048 2017-10-04] (Trend Micro Inc.) R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [449688 2017-10-04] (Trend Micro Inc.) R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [72504 2016-01-05] (Trend Micro Inc.) R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [147672 2017-05-10] (Trend Micro Inc.) S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [39056 2015-06-23] (Trend Micro Inc.) R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [140952 2017-10-04] (Trend Micro Inc.) R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [560856 2017-05-04] (Trend Micro Inc.) R1 tmumh; C:\Windows\system32\DRIVERS\TMUMH.sys [135320 2017-10-02] (Trend Micro Inc.) R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [134264 2017-05-10] (Trend Micro Inc.) R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [119712 2016-06-28] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [192864 2016-06-28] (Oracle Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation) R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [28376 2017-10-31] (GAS Tecnologia) R1 wsddntf; C:\Windows\system32\DRIVERS\wsddntf.sys [47176 2016-06-21] (GAS Tecnologia) R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [25184 2016-06-08] (GAS Tecnologia) R3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [25184 2016-11-07] (GAS Tecnologia) S3 GBPRCM; \??\C:\Program Files (x86)\GbPlugin\gbprcm64.sys [X] U2 TMAgent; não ImagePath S3 Warsaw_PP; \??\C:\PROGRA~2\GbPlugin\wsftprp64.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-10-31 08:53 - 2017-10-31 08:54 - 000023734 _____ C:\Users\Paulo\Desktop\FRST.txt 2017-10-31 08:53 - 2017-10-31 08:53 - 000000000 ____D C:\FRST 2017-10-31 08:46 - 2017-10-31 08:47 - 002403328 _____ (Farbar) C:\Users\Paulo\Desktop\FRST64.exe 2017-10-30 22:56 - 2017-10-30 22:56 - 000004150 _____ C:\Windows\System32\Tasks\EPSON XP-211 214 216 Series Update {E0C1C62D-7C61-48E2-87A2-1E92E577D5E8} 2017-10-30 22:56 - 2017-10-30 22:56 - 000003972 _____ C:\Windows\System32\Tasks\EPSON XP-211 214 216 Series Invitation {E0C1C62D-7C61-48E2-87A2-1E92E577D5E8} 2017-10-30 22:56 - 2017-10-30 22:56 - 000000937 _____ C:\Windows\Tasks\EPSON XP-211 214 216 Series Update {E0C1C62D-7C61-48E2-87A2-1E92E577D5E8}.job 2017-10-30 22:56 - 2017-10-30 22:56 - 000000751 _____ C:\Windows\Tasks\EPSON XP-211 214 216 Series Invitation {E0C1C62D-7C61-48E2-87A2-1E92E577D5E8}.job 2017-10-30 22:55 - 2013-10-22 04:04 - 000179712 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\SET8467.tmp 2017-10-30 22:55 - 2011-03-15 03:03 - 000083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ID4BLDE.DLL 2017-10-30 22:55 - 2007-04-10 01:06 - 000010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL 2017-10-30 20:44 - 2017-10-31 08:27 - 000028376 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys 2017-10-30 20:44 - 2017-10-30 20:44 - 000003038 _____ C:\Windows\System32\Tasks\Rerun Warsaw's CoreFixer 2017-10-30 20:44 - 2017-10-30 20:44 - 000000000 ___HD C:\Program Files (x86)\GAS Tecnologia 2017-10-30 20:44 - 2017-10-30 20:44 - 000000000 ____D C:\Program Files\Diebold 2017-10-30 20:44 - 2016-11-07 14:54 - 000025184 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddprm.sys 2017-10-30 20:44 - 2016-06-21 16:24 - 000047176 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddntf.sys 2017-10-30 20:44 - 2016-06-21 16:24 - 000010345 _____ C:\Windows\system32\Drivers\wsddntf.cat 2017-10-30 20:44 - 2016-06-08 18:43 - 000025184 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddpp.sys 2017-10-30 17:44 - 2017-10-30 17:44 - 000000000 ____D C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell 2017-10-30 17:44 - 2017-10-30 17:44 - 000000000 ____D C:\Users\Paulo\AppData\Local\Deployment 2017-10-30 16:51 - 2017-10-30 17:04 - 000000000 ____D C:\Users\Paulo\AppData\Roaming\ZHP 2017-10-30 16:51 - 2017-10-30 16:51 - 000000000 ____D C:\Users\Paulo\AppData\Local\ZHP 2017-10-30 16:36 - 2017-10-30 16:43 - 000000000 ____D C:\AdwCleaner 2017-10-30 16:04 - 2017-10-30 16:04 - 000000000 ___HD C:\TMRescueDisk 2017-10-30 16:00 - 2017-10-30 16:00 - 000000000 ____D C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Internet Security 2017-10-30 15:59 - 2017-10-30 15:59 - 000000000 ____D C:\Windows\SysWOW64\tmumh 2017-10-30 15:59 - 2017-10-30 15:59 - 000000000 ____D C:\Windows\system32\tmumh 2017-10-30 15:59 - 2017-10-04 16:55 - 000449688 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys 2017-10-30 15:59 - 2017-10-04 16:55 - 000145048 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmactmon.sys 2017-10-30 15:59 - 2017-10-04 16:55 - 000140952 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmevtmgr.sys 2017-10-30 15:59 - 2017-10-02 04:28 - 000135320 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\TMUMH.sys 2017-10-30 15:59 - 2017-05-10 05:46 - 000147672 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmeevw.sys 2017-10-30 15:59 - 2017-05-10 05:17 - 000134264 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmusa.sys 2017-10-30 15:59 - 2017-05-04 17:56 - 000560856 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmnciesc.sys 2017-10-30 15:59 - 2016-01-05 01:35 - 000072504 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\TMEBC64.sys 2017-10-30 15:59 - 2015-06-23 00:49 - 000039056 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmel.sys 2017-10-30 15:57 - 2017-10-30 15:57 - 000000059 _____ C:\Windows\system32\SupportTool.exe.bat 2017-10-30 15:56 - 2017-10-30 15:56 - 000000000 ____D C:\Program Files\Trend Micro 2017-10-30 13:08 - 2017-10-30 13:08 - 000000000 ____D C:\Program Files (x86)\DIEBOLD 2017-10-30 12:38 - 2017-10-30 12:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2017-10-30 12:38 - 2017-10-30 12:38 - 000000000 ____D C:\Program Files\VS Revo Group 2017-10-30 12:10 - 2017-10-30 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2017-10-30 12:10 - 2017-10-30 12:34 - 000000000 ____D C:\Program Files\HP 2017-10-30 11:30 - 2017-10-30 11:30 - 000010098 _____ C:\Users\Paulo\Desktop\guinchos.xlsx 2017-10-30 11:27 - 2017-10-30 13:08 - 000000000 ____D C:\Users\Todos os Usuários\GbPlugin 2017-10-30 11:27 - 2017-10-30 13:08 - 000000000 ____D C:\ProgramData\GbPlugin 2017-10-30 11:27 - 2017-10-30 11:27 - 000000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia 2017-10-30 11:27 - 2017-10-30 11:27 - 000000000 ____D C:\ProgramData\GAS Tecnologia 2017-10-30 08:54 - 2017-10-30 17:37 - 000000000 ____D C:\Users\Paulo\Desktop\Nova análise 2017-10-29 16:29 - 2017-10-29 16:29 - 000000000 ____D C:\Program Files\EpsonNet 2017-10-29 16:29 - 2017-10-29 16:29 - 000000000 ____D C:\Program Files\EPSON 2017-10-29 16:29 - 2013-04-16 20:03 - 000179712 ____N (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMBLDE.DLL 2017-10-29 16:29 - 2012-11-12 20:41 - 000535552 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppui.dll 2017-10-29 16:29 - 2012-11-12 20:41 - 000535552 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppui.dll 2017-10-29 16:29 - 2012-11-12 15:15 - 000558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppmon.dll 2017-10-29 16:29 - 2012-11-12 15:15 - 000558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppmon.dll 2017-10-29 16:29 - 2012-10-22 17:19 - 000221696 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enspres.dll 2017-10-29 16:29 - 2012-10-22 17:19 - 000221696 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enpres.dll 2017-10-29 14:51 - 2017-10-29 14:51 - 002035120 _____ C:\Users\Paulo\Documents\04. Contabilidade - A nova Contabilidade Pública Municipal .pdf 2017-10-27 22:27 - 2017-10-27 22:27 - 000388608 _____ (Trend Micro Inc.) C:\Users\Paulo\Desktop\HijackThis.exe 2017-10-27 21:11 - 2017-10-30 21:13 - 000004212 _____ C:\Windows\System32\Tasks\CCleaner Update 2017-10-26 16:56 - 2017-10-30 13:02 - 000000000 ____D C:\Users\Todos os Usuários\HP 2017-10-26 16:56 - 2017-10-30 13:02 - 000000000 ____D C:\ProgramData\HP 2017-10-26 16:56 - 2017-10-30 12:34 - 000000000 ____D C:\Program Files (x86)\HP 2017-10-26 16:56 - 2017-10-26 16:56 - 000000000 ____D C:\Users\Paulo\AppData\Roaming\HpUpdate 2017-10-26 16:55 - 2017-10-26 16:55 - 000000057 _____ C:\Users\Todos os Usuários\Ament.ini 2017-10-26 16:55 - 2017-10-26 16:55 - 000000057 _____ C:\ProgramData\Ament.ini 2017-10-26 16:54 - 2017-10-28 11:36 - 000000000 ____D C:\Users\Paulo\AppData\Local\HP 2017-10-25 22:52 - 2017-10-25 22:52 - 000000000 ____D C:\Users\Paulo\Desktop\Brinda 2017-10-25 22:31 - 2017-10-25 22:31 - 000002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-10-25 22:28 - 2017-10-25 22:28 - 000003586 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-10-25 22:28 - 2017-10-25 22:28 - 000003462 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-10-25 18:35 - 2017-10-25 18:35 - 000000000 _____ C:\Users\Paulo\sbx.dll 2017-10-25 18:34 - 2017-10-25 18:34 - 000000008 _____ C:\Users\Paulo\91x 2017-10-16 22:17 - 2017-10-30 16:04 - 000000000 ____D C:\Users\Todos os Usuários\Trend Micro Installer 2017-10-16 22:17 - 2017-10-30 16:04 - 000000000 ____D C:\ProgramData\Trend Micro Installer 2017-10-16 21:56 - 2017-10-16 21:56 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe 2017-10-16 21:37 - 2017-09-30 00:29 - 000804784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll 2017-10-16 21:37 - 2017-09-30 00:26 - 001333136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2017-10-16 21:37 - 2017-09-30 00:26 - 001292872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2017-10-16 21:37 - 2017-09-30 00:10 - 001150776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2017-10-16 21:37 - 2017-09-30 00:10 - 000480920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2017-10-16 21:37 - 2017-09-30 00:05 - 000750488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe 2017-10-16 21:37 - 2017-09-30 00:04 - 004215184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll 2017-10-16 21:37 - 2017-09-30 00:04 - 000438096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.dll 2017-10-16 21:37 - 2017-09-30 00:04 - 000182680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll 2017-10-16 21:37 - 2017-09-30 00:03 - 006768288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll 2017-10-16 21:37 - 2017-09-30 00:02 - 000175512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll 2017-10-16 21:37 - 2017-09-29 05:45 - 002953216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys 2017-10-16 21:37 - 2017-09-29 05:43 - 000060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll 2017-10-16 21:37 - 2017-09-29 05:40 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll 2017-10-16 21:37 - 2017-09-29 05:39 - 000364032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll 2017-10-16 21:37 - 2017-09-29 05:38 - 002671616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2017-10-16 21:37 - 2017-09-29 05:38 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll 2017-10-16 21:37 - 2017-09-29 05:38 - 000370688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll 2017-10-16 21:37 - 2017-09-29 05:38 - 000229376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll 2017-10-16 21:37 - 2017-09-29 05:37 - 000306688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.dll 2017-10-16 21:37 - 2017-09-29 05:36 - 000590336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll 2017-10-16 21:37 - 2017-09-29 05:34 - 002859520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2017-10-16 21:37 - 2017-09-29 05:34 - 000787456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2017-10-16 21:37 - 2017-09-29 05:33 - 007598080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2017-10-16 21:37 - 2017-09-29 05:33 - 004559360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll 2017-10-16 21:37 - 2017-09-29 05:32 - 001627136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2017-10-16 21:37 - 2017-09-29 05:32 - 001244160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Phone.dll 2017-10-16 21:37 - 2017-09-29 05:29 - 001460736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_fs.dll 2017-10-16 21:37 - 2017-09-29 05:29 - 001318912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_health.dll 2017-10-16 21:37 - 2017-09-29 05:29 - 000157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2017-10-16 21:37 - 2017-09-29 05:28 - 000681472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll 2017-10-16 21:37 - 2017-09-29 05:28 - 000473088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll 2017-10-16 21:37 - 2017-09-29 05:28 - 000297984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe 2017-10-16 21:37 - 2017-09-29 05:28 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe 2017-10-16 21:37 - 2017-09-29 05:28 - 000040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cipher.exe 2017-10-16 21:37 - 2017-09-20 13:08 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll 2017-10-16 21:37 - 2017-09-20 13:08 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll 2017-10-16 21:37 - 2017-09-20 13:08 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll 2017-10-16 21:36 - 2017-09-30 00:29 - 001408536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll 2017-10-16 21:36 - 2017-09-30 00:10 - 001839872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2017-10-16 21:36 - 2017-09-30 00:10 - 000606072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2017-10-16 21:36 - 2017-09-30 00:10 - 000508344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll 2017-10-16 21:36 - 2017-09-30 00:09 - 002259760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreUIComponents.dll 2017-10-16 21:36 - 2017-09-30 00:09 - 000787712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2017-10-16 21:36 - 2017-09-30 00:06 - 004471368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2017-10-16 21:36 - 2017-09-30 00:05 - 005827744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.storage.dll 2017-10-16 21:36 - 2017-09-30 00:05 - 002603744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dll 2017-10-16 21:36 - 2017-09-30 00:05 - 001266544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll 2017-10-16 21:36 - 2017-09-30 00:05 - 000559000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe 2017-10-16 21:36 - 2017-09-30 00:04 - 000612120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2017-10-16 21:36 - 2017-09-30 00:04 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll 2017-10-16 21:36 - 2017-09-30 00:04 - 000347544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2017-10-16 21:36 - 2017-09-30 00:03 - 020373408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2017-10-16 21:36 - 2017-09-30 00:03 - 001439032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll 2017-10-16 21:36 - 2017-09-30 00:02 - 001624096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Uev.AppAgent.dll 2017-10-16 21:36 - 2017-09-30 00:02 - 001517464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll 2017-10-16 21:36 - 2017-09-30 00:01 - 000124544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2017-10-16 21:36 - 2017-09-29 05:44 - 000133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll 2017-10-16 21:36 - 2017-09-29 05:43 - 002199552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll 2017-10-16 21:36 - 2017-09-29 05:43 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\smartscreenps.dll 2017-10-16 21:36 - 2017-09-29 05:42 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mgmtapi.dll 2017-10-16 21:36 - 2017-09-29 05:41 - 013844992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2017-10-16 21:36 - 2017-09-29 05:41 - 000110080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BitLockerCsp.dll 2017-10-16 21:36 - 2017-09-29 05:40 - 006728192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2017-10-16 21:36 - 2017-09-29 05:40 - 000371200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll 2017-10-16 21:36 - 2017-09-29 05:39 - 020511232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll 2017-10-16 21:36 - 2017-09-29 05:39 - 011888640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2017-10-16 21:36 - 2017-09-29 05:38 - 005721600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll 2017-10-16 21:36 - 2017-09-29 05:38 - 001135616 ____R (The ICU Project) C:\Windows\SysWOW64\icuuc.dll 2017-10-16 21:36 - 2017-09-29 05:38 - 000498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll 2017-10-16 21:36 - 2017-09-29 05:38 - 000471040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmCoreProvisioning.dll 2017-10-16 21:36 - 2017-09-29 05:38 - 000308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll 2017-10-16 21:36 - 2017-09-29 05:37 - 000038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBrokerUI.dll 2017-10-16 21:36 - 2017-09-29 05:36 - 019337216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-10-16 21:36 - 2017-09-29 05:35 - 003654656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2017-10-16 21:36 - 2017-09-29 05:34 - 006255616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll 2017-10-16 21:36 - 2017-09-29 05:34 - 000798720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll 2017-10-16 21:36 - 2017-09-29 05:34 - 000434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.dll 2017-10-16 21:36 - 2017-09-29 05:33 - 001506816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2017-10-16 21:36 - 2017-09-29 05:33 - 000658944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2017-10-16 21:36 - 2017-09-29 05:32 - 002782720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll 2017-10-16 21:36 - 2017-09-29 05:32 - 002340864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2017-10-16 21:36 - 2017-09-29 05:31 - 003107328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2017-10-16 21:36 - 2017-09-29 03:40 - 000804312 _____ C:\Windows\SysWOW64\locale.nls 2017-10-16 21:36 - 2017-09-29 03:40 - 000804312 _____ C:\Windows\system32\locale.nls 2017-10-16 21:36 - 2017-09-18 20:20 - 000049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tetheringclient.dll 2017-10-16 21:36 - 2017-09-18 20:15 - 000648704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApiPublic.dll 2017-10-16 21:30 - 2017-09-30 03:50 - 001068208 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll 2017-10-16 21:30 - 2017-09-30 03:42 - 000820120 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe 2017-10-16 21:30 - 2017-09-30 03:41 - 005304496 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll 2017-10-16 21:30 - 2017-09-30 03:40 - 000558912 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.dll 2017-10-16 21:30 - 2017-09-30 03:40 - 000336320 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthService.exe 2017-10-16 21:30 - 2017-09-30 03:38 - 007910072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll 2017-10-16 21:30 - 2017-09-29 05:34 - 003669504 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys 2017-10-16 21:30 - 2017-09-29 05:32 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll 2017-10-16 21:30 - 2017-09-29 05:32 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2017-10-16 21:30 - 2017-09-29 05:31 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\wuuhosdeployment.dll 2017-10-16 21:30 - 2017-09-29 05:30 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2017-10-16 21:30 - 2017-09-29 05:29 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll 2017-10-16 21:30 - 2017-09-29 05:27 - 000565760 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll 2017-10-16 21:30 - 2017-09-29 05:27 - 000538624 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll 2017-10-16 21:30 - 2017-09-29 05:27 - 000350720 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.dll 2017-10-16 21:30 - 2017-09-29 05:24 - 003377664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2017-10-16 21:30 - 2017-09-29 05:23 - 005557760 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll 2017-10-16 21:30 - 2017-09-29 05:23 - 002446336 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2017-10-16 21:30 - 2017-09-29 05:23 - 002055680 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys 2017-10-16 21:30 - 2017-09-29 05:23 - 001398784 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2017-10-16 21:30 - 2017-09-29 05:23 - 000986624 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2017-10-16 21:30 - 2017-09-29 05:23 - 000972288 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll 2017-10-16 21:30 - 2017-09-29 05:22 - 000407040 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll 2017-10-16 21:30 - 2017-09-29 05:20 - 001811456 _____ (Microsoft Corporation) C:\Windows\system32\wsp_health.dll 2017-10-16 21:30 - 2017-09-29 05:19 - 002088448 _____ (Microsoft Corporation) C:\Windows\system32\wsp_fs.dll 2017-10-16 21:29 - 2017-09-30 03:51 - 001458320 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2017-10-16 21:29 - 2017-09-30 03:50 - 001346112 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2017-10-16 21:29 - 2017-09-30 03:49 - 001004136 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2017-10-16 21:29 - 2017-09-30 03:42 - 001506712 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll 2017-10-16 21:29 - 2017-09-30 03:41 - 000651672 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe 2017-10-16 21:29 - 2017-09-30 03:41 - 000259400 _____ (Microsoft Corporation) C:\Windows\system32\MusNotifyIcon.exe 2017-10-16 21:29 - 2017-09-30 03:41 - 000228248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2017-10-16 21:29 - 2017-09-30 03:40 - 000408984 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2017-10-16 21:29 - 2017-09-30 03:40 - 000072944 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe 2017-10-16 21:29 - 2017-09-30 03:39 - 021351760 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2017-10-16 21:29 - 2017-09-30 03:39 - 000203672 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll 2017-10-16 21:29 - 2017-09-30 03:36 - 002672024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2017-10-16 21:29 - 2017-09-29 05:32 - 000209920 _____ (Microsoft Corporation) C:\Windows\system32\smartscreenps.dll 2017-10-16 21:29 - 2017-09-29 05:32 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\usoapi.dll 2017-10-16 21:29 - 2017-09-29 05:32 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\mgmtapi.dll 2017-10-16 21:29 - 2017-09-29 05:31 - 000306176 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe 2017-10-16 21:29 - 2017-09-29 05:31 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe 2017-10-16 21:29 - 2017-09-29 05:31 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll 2017-10-16 21:29 - 2017-09-29 05:30 - 007931392 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2017-10-16 21:29 - 2017-09-29 05:30 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll 2017-10-16 21:29 - 2017-09-29 05:29 - 000724992 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll 2017-10-16 21:29 - 2017-09-29 05:29 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll 2017-10-16 21:29 - 2017-09-29 05:28 - 000556032 _____ (Microsoft Corporation) C:\Windows\system32\TpmCoreProvisioning.dll 2017-10-16 21:29 - 2017-09-29 05:28 - 000527360 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll 2017-10-16 21:29 - 2017-09-29 05:28 - 000458752 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnr.dll 2017-10-16 21:29 - 2017-09-29 05:28 - 000254976 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll 2017-10-16 21:29 - 2017-09-29 05:27 - 000412160 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll 2017-10-16 21:29 - 2017-09-29 05:27 - 000409600 _____ (Microsoft Corporation) C:\Windows\system32\cryptngc.dll 2017-10-16 21:29 - 2017-09-29 05:26 - 008213504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2017-10-16 21:29 - 2017-09-29 05:26 - 000356864 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll 2017-10-16 21:29 - 2017-09-29 05:26 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\TokenBrokerUI.dll 2017-10-16 21:29 - 2017-09-29 05:25 - 008199168 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll 2017-10-16 21:29 - 2017-09-29 05:25 - 004175872 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll 2017-10-16 21:29 - 2017-09-29 05:25 - 002760704 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll 2017-10-16 21:29 - 2017-09-29 05:24 - 002503680 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll 2017-10-16 21:29 - 2017-09-29 05:24 - 001628672 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll 2017-10-16 21:29 - 2017-09-29 05:24 - 000684032 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll 2017-10-16 21:29 - 2017-09-29 05:23 - 004730368 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-10-16 21:29 - 2017-09-29 05:23 - 002730496 _____ (Microsoft Corporation) C:\Windows\system32\smartscreen.exe 2017-10-16 21:29 - 2017-09-29 05:23 - 001052672 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll 2017-10-16 21:29 - 2017-09-29 05:23 - 000841216 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll 2017-10-16 21:29 - 2017-09-29 05:23 - 000756224 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2017-10-16 21:29 - 2017-09-29 05:23 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.dll 2017-10-16 21:29 - 2017-09-29 05:22 - 001438208 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Phone.dll 2017-10-16 21:29 - 2017-09-29 05:21 - 003304448 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2017-10-16 21:29 - 2017-09-29 05:21 - 000722944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2017-10-16 21:29 - 2017-09-29 05:21 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2017-10-16 21:29 - 2017-09-29 05:21 - 000147456 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll 2017-10-16 21:29 - 2017-09-29 05:20 - 000804864 _____ (Microsoft Corporation) C:\Windows\system32\fvewiz.dll 2017-10-16 21:29 - 2017-09-29 05:20 - 000385536 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll 2017-10-16 21:29 - 2017-09-29 05:20 - 000286208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2017-10-16 21:29 - 2017-09-29 05:19 - 000325120 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll 2017-10-16 21:29 - 2017-09-29 05:19 - 000306176 _____ (Microsoft Corporation) C:\Windows\system32\fveui.dll 2017-10-16 21:29 - 2017-09-29 05:19 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll 2017-10-16 21:29 - 2017-09-29 05:18 - 002438656 _____ (Microsoft Corporation) C:\Windows\system32\ResetEngine.dll 2017-10-16 21:29 - 2017-09-29 05:18 - 000364032 _____ (Microsoft Corporation) C:\Windows\system32\bdechangepin.exe 2017-10-16 21:29 - 2017-09-29 05:18 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\manage-bde.exe 2017-10-16 21:29 - 2017-09-29 05:18 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerDeviceEncryption.exe 2017-10-16 21:29 - 2017-09-18 21:11 - 001018272 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi 2017-10-16 21:28 - 2017-09-30 03:49 - 000777400 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2017-10-16 21:28 - 2017-09-30 03:49 - 000135576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2017-10-16 21:28 - 2017-09-30 03:48 - 008319384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-10-16 21:28 - 2017-09-30 03:48 - 002399728 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2017-10-16 21:28 - 2017-09-30 03:48 - 002327448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2017-10-16 21:28 - 2017-09-30 03:47 - 001194792 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2017-10-16 21:28 - 2017-09-30 03:44 - 000712600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys 2017-10-16 21:28 - 2017-09-30 03:44 - 000181912 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2017-10-16 21:28 - 2017-09-30 03:43 - 007318888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.storage.dll 2017-10-16 21:28 - 2017-09-30 03:43 - 002442136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2017-10-16 21:28 - 2017-09-30 03:41 - 005477600 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll 2017-10-16 21:28 - 2017-09-30 03:40 - 000642680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2017-10-16 21:28 - 2017-09-30 03:38 - 002239136 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll 2017-10-16 21:28 - 2017-09-30 03:36 - 000057976 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2017-10-16 21:28 - 2017-09-29 05:46 - 023678976 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll 2017-10-16 21:28 - 2017-09-29 05:32 - 000029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2017-10-16 21:28 - 2017-09-29 05:29 - 008333312 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll 2017-10-16 21:28 - 2017-09-29 05:29 - 000550400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys 2017-10-16 21:28 - 2017-09-29 05:29 - 000461824 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll 2017-10-16 21:28 - 2017-09-29 05:29 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\msIso.dll 2017-10-16 21:28 - 2017-09-29 05:29 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\ServiceWorkerHost.exe 2017-10-16 21:28 - 2017-09-29 05:27 - 012803072 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-10-16 21:28 - 2017-09-29 05:26 - 000772096 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll 2017-10-16 21:28 - 2017-09-29 05:23 - 003140096 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll 2017-10-16 21:28 - 2017-09-29 05:23 - 001460224 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-10-16 21:28 - 2017-09-29 05:23 - 000647168 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll 2017-10-16 21:28 - 2017-09-29 05:21 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll 2017-10-16 21:28 - 2017-09-29 05:21 - 000154624 _____ (Microsoft Corporation) C:\Windows\system32\regsvc.dll 2017-10-16 21:28 - 2017-09-29 05:21 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\InputLocaleManager.dll 2017-10-16 21:28 - 2017-09-29 05:20 - 000194560 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2017-10-16 21:28 - 2017-09-29 05:18 - 001527296 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe 2017-10-16 21:28 - 2017-09-29 05:18 - 000347648 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe 2017-10-16 21:28 - 2017-09-29 05:18 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe 2017-10-16 21:28 - 2017-09-18 20:20 - 000831488 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApiPublic.dll 2017-10-16 21:27 - 2017-09-30 03:52 - 001595152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll 2017-10-16 21:27 - 2017-09-30 03:51 - 000661224 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll 2017-10-16 21:27 - 2017-09-30 03:47 - 002969880 _____ (Microsoft Corporation) C:\Windows\system32\CoreUIComponents.dll 2017-10-16 21:27 - 2017-09-30 03:42 - 004848952 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2017-10-16 21:27 - 2017-09-30 03:41 - 000961944 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll 2017-10-16 21:27 - 2017-09-30 03:40 - 000724704 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2017-10-16 21:27 - 2017-09-29 05:34 - 017370624 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll 2017-10-16 21:27 - 2017-09-29 05:33 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll 2017-10-16 21:27 - 2017-09-29 05:32 - 002199552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll 2017-10-16 21:27 - 2017-09-29 05:31 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\efssvc.dll 2017-10-16 21:27 - 2017-09-29 05:30 - 023686144 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-10-16 21:27 - 2017-09-29 05:30 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerCsp.dll 2017-10-16 21:27 - 2017-09-29 05:29 - 000304640 _____ (Microsoft Corporation) C:\Windows\system32\dusmsvc.dll 2017-10-16 21:27 - 2017-09-29 05:28 - 000699904 _____ (Microsoft Corporation) C:\Windows\system32\FlightSettings.dll 2017-10-16 21:27 - 2017-09-29 05:28 - 000256000 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll 2017-10-16 21:27 - 2017-09-29 05:27 - 001321984 ____R (The ICU Project) C:\Windows\system32\icuuc.dll 2017-10-16 21:27 - 2017-09-29 05:26 - 001269760 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll 2017-10-16 21:27 - 2017-09-29 05:24 - 003307008 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2017-10-16 21:27 - 2017-09-29 05:24 - 001307648 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll 2017-10-16 21:27 - 2017-09-29 05:23 - 001887744 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2017-10-16 21:27 - 2017-09-29 05:23 - 001605632 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2017-10-16 21:27 - 2017-09-29 05:22 - 002829824 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2017-10-16 21:27 - 2017-09-29 05:22 - 001802240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2017-10-16 21:27 - 2017-09-29 05:21 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe 2017-10-16 21:27 - 2017-09-29 05:20 - 000150016 _____ (Microsoft Corporation) C:\Windows\system32\iscsiexe.dll 2017-10-16 21:27 - 2017-09-29 05:18 - 000893440 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll 2017-10-16 21:27 - 2017-09-29 05:18 - 000603136 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll 2017-10-16 21:27 - 2017-09-29 05:18 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\cipher.exe 2017-10-16 21:27 - 2017-09-18 21:20 - 001065104 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2017-10-16 21:27 - 2017-09-18 21:20 - 000900376 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2017-10-16 21:27 - 2017-09-18 21:17 - 001395664 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2017-10-16 21:27 - 2017-09-18 21:17 - 001186464 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2017-10-16 21:27 - 2017-09-18 20:25 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\eShims.dll 2017-10-16 21:26 - 2017-09-30 03:51 - 001147288 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe 2017-10-16 21:26 - 2017-09-30 03:50 - 001024920 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe 2017-10-16 21:26 - 2017-09-30 03:48 - 000644696 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2017-10-16 21:26 - 2017-09-30 03:41 - 002086808 _____ (Microsoft Corporation) C:\Windows\system32\UpdateAgent.dll 2017-10-16 21:26 - 2017-09-30 03:41 - 000654976 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll 2017-10-16 21:26 - 2017-09-30 03:41 - 000257432 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll 2017-10-16 21:26 - 2017-09-30 03:40 - 000849816 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe 2017-10-16 21:26 - 2017-09-30 03:40 - 000701336 _____ (Microsoft Corporation) C:\Windows\system32\AppVCatalog.dll 2017-10-16 21:26 - 2017-09-30 03:40 - 000184728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2017-10-16 21:26 - 2017-09-30 03:39 - 001694104 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll 2017-10-16 21:26 - 2017-09-30 03:38 - 001854872 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll 2017-10-16 21:26 - 2017-09-30 03:37 - 002377112 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.AppAgent.dll 2017-10-16 21:26 - 2017-09-30 03:37 - 002229144 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll 2017-10-16 21:26 - 2017-09-30 03:37 - 001464728 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll 2017-10-16 21:26 - 2017-09-30 03:36 - 000855960 _____ (Microsoft Corporation) C:\Windows\system32\AppVOrchestration.dll 2017-10-16 21:26 - 2017-09-30 03:36 - 000675224 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll 2017-10-16 21:26 - 2017-09-29 05:30 - 000529408 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll 2017-10-16 21:26 - 2017-09-29 05:27 - 000616960 _____ (Microsoft Corporation) C:\Windows\system32\WindowManagement.dll 2017-10-16 21:26 - 2017-09-29 05:27 - 000524800 _____ (Microsoft Corporation) C:\Windows\system32\TileDataRepository.dll 2017-10-16 21:26 - 2017-09-29 05:26 - 002809344 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll 2017-10-16 21:26 - 2017-09-29 05:26 - 001468928 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll 2017-10-16 21:26 - 2017-09-29 05:26 - 001197568 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.CommonBridge.dll 2017-10-16 21:26 - 2017-09-29 05:26 - 001141760 _____ (Microsoft Corporation) C:\Windows\system32\ApplySettingsTemplateCatalog.exe 2017-10-16 21:26 - 2017-09-29 05:25 - 000586240 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll 2017-10-16 21:26 - 2017-09-29 05:24 - 001886208 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll 2017-10-16 21:26 - 2017-09-29 05:24 - 001201664 _____ (Microsoft Corporation) C:\Windows\system32\AgentService.exe 2017-10-16 21:26 - 2017-09-29 05:23 - 002195968 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ModernAppAgent.dll 2017-10-16 21:26 - 2017-09-18 21:18 - 000965024 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.efi 2017-10-16 21:26 - 2017-09-18 21:17 - 000821664 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.exe 2017-10-16 21:26 - 2017-09-18 20:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\tetheringclient.dll 2017-10-16 21:26 - 2017-09-18 20:23 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\tetheringservice.dll 2017-10-16 21:25 - 2017-09-30 03:45 - 000511896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2017-10-16 21:25 - 2017-09-30 03:40 - 000173976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2017-10-16 21:25 - 2017-09-29 05:32 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys 2017-10-16 21:25 - 2017-09-18 21:09 - 000554400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS 2017-10-09 17:18 - 2017-10-09 17:18 - 000009224 _____ C:\Users\Paulo\Desktop\Paquimetros.xlsx 2017-10-04 13:33 - 2017-10-04 13:33 - 000010409 _____ C:\Users\Paulo\Desktop\diferenças de salário.xlsx 2017-10-03 12:10 - 2017-10-03 12:10 - 000011417 _____ C:\Users\Paulo\Documents\estudo investimento.xlsx 2017-10-03 10:27 - 2017-10-03 10:27 - 000000000 ____D C:\Users\Todos os Usuários\UDL 2017-10-03 10:27 - 2017-10-03 10:27 - 000000000 ____D C:\ProgramData\UDL ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-10-31 08:55 - 2015-11-29 16:44 - 000028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys 2017-10-31 08:47 - 2017-06-12 17:05 - 000000000 ____D C:\Users\Paulo\Desktop\Baixados 2017-10-31 08:31 - 2017-03-18 19:03 - 000000000 ___HD C:\Program Files\WindowsApps 2017-10-31 08:31 - 2017-03-18 19:03 - 000000000 ____D C:\Windows\AppReadiness 2017-10-31 08:30 - 2017-06-07 12:25 - 000004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0F315700-F1D1-4754-B870-BC4350CC96B4} 2017-10-31 08:28 - 2015-08-22 02:15 - 000000000 __SHD C:\Users\Paulo\IntelGraphicsProfiles 2017-10-30 22:57 - 2017-03-18 19:03 - 000000000 ____D C:\Windows\system32\FxsTmp 2017-10-30 22:55 - 2017-03-18 19:01 - 000000000 ____D C:\Windows\INF 2017-10-30 22:53 - 2015-11-30 17:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software 2017-10-30 21:25 - 2017-07-11 12:27 - 000000000 ____D C:\Users\Paulo\Desktop\Paulo 2017-10-30 21:20 - 2017-06-07 12:22 - 003456802 _____ C:\Windows\system32\PerfStringBackup.INI 2017-10-30 21:20 - 2017-03-20 01:57 - 001190666 _____ C:\Windows\system32\prfh0416.dat 2017-10-30 21:20 - 2017-03-20 01:57 - 000536126 _____ C:\Windows\system32\prfc0416.dat 2017-10-30 21:18 - 2017-03-18 09:40 - 000008192 _____ C:\Windows\system32\config\ELAM 2017-10-30 21:15 - 2017-06-07 12:25 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-10-30 21:15 - 2015-11-29 16:44 - 000029816 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddreg64.sys 2017-10-30 21:14 - 2017-03-18 09:40 - 001310720 _____ C:\Windows\system32\config\BBI 2017-10-30 20:46 - 2017-06-07 12:04 - 000426464 _____ C:\Windows\system32\FNTCACHE.DAT 2017-10-30 20:44 - 2015-11-30 21:03 - 000000000 ____D C:\Users\Todos os Usuários\Temp 2017-10-30 20:44 - 2015-11-30 21:03 - 000000000 ____D C:\ProgramData\Temp 2017-10-30 18:35 - 2016-06-29 21:48 - 000000000 ____D C:\Users\Todos os Usuários\Dell 2017-10-30 18:35 - 2016-06-29 21:48 - 000000000 ____D C:\ProgramData\Dell 2017-10-30 17:25 - 2017-06-07 12:25 - 000003712 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-10-30 17:25 - 2017-06-07 12:25 - 000003410 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-10-30 16:05 - 2015-11-29 14:13 - 000000000 ____D C:\Users\Paulo\AppData\Local\Trend Micro 2017-10-30 16:00 - 2015-11-29 14:10 - 000000000 ____D C:\Users\Todos os Usuários\Trend Micro 2017-10-30 16:00 - 2015-11-29 14:10 - 000000000 ____D C:\ProgramData\Trend Micro 2017-10-30 15:59 - 2017-03-18 19:03 - 000000000 ___HD C:\Windows\ELAMBKUP 2017-10-29 21:37 - 2017-06-07 12:08 - 000000000 ____D C:\Users\Paulo 2017-10-29 18:41 - 2015-11-29 16:44 - 000000000 ____D C:\Program Files (x86)\GbPlugin 2017-10-29 16:55 - 2017-06-11 15:57 - 000000000 ____D C:\Windows\Minidump 2017-10-29 16:44 - 2015-11-30 17:55 - 000000000 ____D C:\Program Files (x86)\EPSON Software 2017-10-29 16:30 - 2015-11-30 17:58 - 000001005 _____ C:\Users\Public\Desktop\EPSON Scan.lnk 2017-10-29 16:29 - 2015-11-30 17:54 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-10-29 16:28 - 2017-06-07 12:06 - 000000000 ____D C:\Users\Todos os Usuários\EPSON 2017-10-29 16:28 - 2017-06-07 12:06 - 000000000 ____D C:\ProgramData\EPSON 2017-10-28 23:06 - 2017-03-18 19:03 - 000000000 ____D C:\Windows\system32\NDF 2017-10-28 11:31 - 2016-01-27 21:59 - 000407608 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe 2017-10-27 21:17 - 2015-11-28 23:00 - 000000000 ____D C:\Users\Paulo\AppData\Local\Packages 2017-10-27 21:14 - 2017-03-18 19:03 - 000000000 ____D C:\Windows\LiveKernelReports 2017-10-27 21:11 - 2015-12-19 02:08 - 000000000 ____D C:\Program Files\CCleaner 2017-10-26 19:32 - 2017-03-18 18:51 - 000000000 ____D C:\Windows\CbsTemp 2017-10-25 22:30 - 2015-11-28 23:53 - 000000000 ____D C:\Program Files (x86)\Google 2017-10-25 18:35 - 2017-01-14 11:40 - 000000000 ____D C:\Users\Paulo\AppData\Roaming\Spotify 2017-10-25 18:34 - 2017-08-01 21:33 - 000000000 ____D C:\Users\Paulo\AppData\Local\Backuptrans Android WhatsApp Transfer (x64) 2017-10-25 17:28 - 2017-03-18 19:03 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-10-25 17:28 - 2017-03-18 19:03 - 000000000 ____D C:\Windows\system32\Macromed 2017-10-25 00:21 - 2016-04-04 19:33 - 000000000 ____D C:\Users\Paulo\Desktop\Dr M 2017-10-24 14:48 - 2017-02-01 19:08 - 000000000 ____D C:\Users\Paulo\Desktop\2017 2017-10-24 12:05 - 2017-05-30 18:06 - 000000000 ____D C:\Users\Paulo\AppData\Roaming\WhatsApp 2017-10-19 22:52 - 2013-04-20 22:29 - 000000000 ____D C:\Pimaco 2017-10-19 22:19 - 2015-04-26 12:33 - 000000000 ____D C:\Template 2017-10-19 11:36 - 2017-05-19 15:22 - 000000000 ____D C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp 2017-10-19 11:35 - 2017-05-19 15:22 - 000000000 ____D C:\Users\Paulo\AppData\Local\WhatsApp 2017-10-19 11:35 - 2017-05-19 15:21 - 000000000 ____D C:\Users\Paulo\AppData\Local\SquirrelTemp 2017-10-18 17:03 - 2017-03-18 19:03 - 000000000 ____D C:\Windows\rescache 2017-10-17 00:18 - 2015-08-22 02:15 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-10-17 00:00 - 2017-03-18 19:03 - 000000000 ____D C:\Windows\ShellExperiences 2017-10-17 00:00 - 2017-03-18 19:03 - 000000000 ____D C:\Windows\Provisioning 2017-10-17 00:00 - 2017-03-18 19:03 - 000000000 ____D C:\Windows\PolicyDefinitions 2017-10-16 23:59 - 2017-03-18 19:03 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll 2017-10-16 23:59 - 2017-03-18 19:03 - 000207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll 2017-10-16 23:52 - 2017-01-14 11:42 - 000000000 ____D C:\Users\Paulo\AppData\Local\Spotify 2017-10-16 22:00 - 2015-12-10 14:09 - 000000000 ____D C:\Windows\system32\MRT 2017-10-16 22:00 - 2015-11-29 11:58 - 000000000 ____D C:\Users\Todos os Usuários\Microsoft Help 2017-10-16 21:56 - 2015-12-10 14:09 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-10-12 22:21 - 2017-03-18 19:06 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-10-12 22:21 - 2017-03-18 19:06 - 000177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-10-06 00:12 - 2016-06-05 22:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2017-10-04 10:52 - 2017-02-01 19:08 - 000000000 ____D C:\Users\Paulo\Documents\2016 Emilio 2017-10-02 23:19 - 2015-11-30 17:57 - 000000000 ____D C:\Program Files (x86)\epson ==================== Arquivos na raiz de alguns diretórios ======= 2016-02-17 17:22 - 2016-02-17 17:22 - 000004608 _____ () C:\Users\Paulo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-11-29 14:10 - 2015-11-29 14:10 - 000000036 _____ () C:\Users\Paulo\AppData\Local\housecall.guid.cache 2016-06-22 22:10 - 2016-06-22 22:10 - 000000017 _____ () C:\Users\Paulo\AppData\Local\resmon.resmoncfg 2017-10-26 16:55 - 2017-10-26 16:55 - 000000057 _____ () C:\ProgramData\Ament.ini Arquivos para serem movidos ou deletados: ==================== C:\Users\Paulo\sbx.dll ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2017-10-24 12:56 ==================== Fim de FRST.txt ============================ Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 26-10-2017 Executado por Paulo (31-10-2017 08:55:37) Executando a partir de C:\Users\Paulo\Desktop Windows 10 Pro Versão 1703 15063.674 (X64) (2017-06-07 14:43:34) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-270676865-3621291441-929404117-500 - Administrator - Disabled) Convidado (S-1-5-21-270676865-3621291441-929404117-501 - Limited - Disabled) DefaultAccount (S-1-5-21-270676865-3621291441-929404117-503 - Limited - Disabled) Paulo (S-1-5-21-270676865-3621291441-929404117-1001 - Administrator - Enabled) => C:\Users\Paulo ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Trend Micro Internet Security (Enabled - Up to date) {1E5CB925-ABFC-68A9-91DC-4258BDE6C44A} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) µTorrent (HKU\S-1-5-21-270676865-3621291441-929404117-1001\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.) Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated) Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Assistente Pimaco (HKLM-x32\...\{1E040F6A-6DC9-4DCF-819C-FCFE720B6097}) (Version: 1.0.0 - Pimaco) Autodesk Design Review 2013 (HKLM-x32\...\{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}) (Version: 13.2.0.82 - Autodesk, Inc.) Hidden Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.2.0.82 - Autodesk, Inc.) Autodesk DWG TrueView 2016 - English (HKLM\...\DWG TrueView 2016 - English) (Version: 20.1.49.0 - Autodesk) Backuptrans Android WhatsApp Transfer (x64) 3.2.79 (HKU\S-1-5-21-270676865-3621291441-929404117-1001\...\Backuptrans Android WhatsApp Transfer (x64)) (Version: 3.2.79 - Backuptrans) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Carnê-Leão 2014 (HKLM-x32\...\LEAO2014) (Version: 1.0a - Receita Federal do Brasil) Carnê-Leão 2015 (HKLM-x32\...\LEAO2015) (Version: 1.4 - Receita Federal do Brasil) Carnê-Leão 2016 (HKLM-x32\...\LEAO2016) (Version: 1.0 - Receita Federal do Brasil) Carnê-Leão 2017 (HKLM-x32\...\LEAO2017) (Version: 1.0 - Receita Federal do Brasil) CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform) Conexant HD Audio (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 1.0.52.0 - Conexant) Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.40.50 - Conexant) Conexant SmartAudio HD (HKLM-x32\...\{7A630EC4-B56A-4709-B18F-769B4F80DD17}) (Version: 8.54.40.50 - Conexant) Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.4.2.0 - Dell Inc.) Hidden Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell) Dell SupportAssistAgent (HKLM\...\{18EF001B-B005-46CB-917B-112BA69ED85E}) (Version: 2.0.3.10 - Dell) Dell System Detect (HKU\S-1-5-21-270676865-3621291441-929404117-1001\...\d24084d039586cae) (Version: 8.8.0.1 - Dell) Dell Touchpad (HKLM\...\Elantech) (Version: 15.3.0.14 - ELAN Microelectronic Corp.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Desinstalar impressora EPSON TX430 Series (HKLM\...\EPSON TX430 Series) (Version: - SEIKO EPSON Corporation) Desinstalar Impressora EPSON XP-211 214 216 Series (HKLM\...\EPSON XP-211 214 216 Series) (Version: - SEIKO EPSON Corporation) Dirf 2016 (HKLM-x32\...\Dirf 2016) (Version: - ) DWG TrueView 2016 - English (HKLM\...\{5783F2D7-F028-0409-0100-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.82.0000 - Seiko Epson Corporation) Epson Event Manager (HKLM-x32\...\{541E6575-D4A4-448A-91F3-F5E9D6731A7F}) (Version: 3.10.0083 - Seiko Epson Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION) Ganhos de Capital 2013 (HKLM-x32\...\Ganhos de Capital 2013) (Version: - ) GCAP 2016 - Ganhos de Capital 2016 (HKLM-x32\...\GCAP2016) (Version: 1.0 - Receita Federal do Brasil) GCAP 2017 - Ganhos de Capital 2017 (HKLM-x32\...\GCAP2017) (Version: 1.0 - Receita Federal do Brasil) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.62 - Google Inc.) Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden High-Definition Video Playback (HKLM-x32\...\{9193490D-5229-4FC4-9BB9-A6D63C09574A}) (Version: 11.1.10500.2.65 - Nero AG) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) IRPF2010 - Declaração de Ajuste Anual e Final de Espólio (HKLM-x32\...\IRPF2010 - Declaração de Ajuste Anual e Final de Espólio) (Version: - ) IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2013) (Version: 1.5 - Receita Federal do Brasil) IRPF2016 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2016) (Version: 1.1 - Receita Federal do Brasil) IRPF2017 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2017) (Version: 1.0 - Receita Federal do Brasil) iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-270676865-3621291441-929404117-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{650c9b4a-60ec-4e4e-8d8e-32d85ce3b7c5}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Nero 11 (HKLM-x32\...\{7E4413BB-CE31-4E01-A1C0-E37BDD0187CE}) (Version: 11.0.11200 - Nero AG) Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG) NirSoft ProduKey (HKLM-x32\...\NirSoft ProduKey) (Version: - ) OpenOffice 4.1.3 (HKLM-x32\...\{0588C64E-B662-4C78-9496-7A6AAEAA24F9}) (Version: 4.13.9783 - Apache Software Foundation) Oracle VM VirtualBox 5.0.24 (HKLM\...\{BA15D402-19CA-493E-958B-170A0C446F25}) (Version: 5.0.24 - Oracle Corporation) Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation) PhoneClean (HKLM-x32\...\PhoneClean) (Version: 5.0.1.0 - iMobie Inc.) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.1 - Qualcomm Atheros) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.026 - Dell Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.) Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Sicalc Auto Atendimento (HKLM-x32\...\Sicalc Auto Atendimento) (Version: 5.22 - Receita Federal do Brasil) Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.) SmartShare (HKLM-x32\...\{BAB337AE-DD9E-45C3-BED6-0EE4732AEC60}) (Version: 2.3.1507.2802 - LG Electronics Inc.) Spotify (HKU\S-1-5-21-270676865-3621291441-929404117-1001\...\Spotify) (Version: 1.0.60.492.gbb40dab8 - Spotify AB) Suporte para Aplicativos Apple (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.) Suporte para Aplicativos Apple Apple (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.65452 - TeamViewer) Trend Micro Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 12.0 - Trend Micro Inc.) Warsaw 2.0.3.2 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.0.3.2 - GAS Tecnologia) welcome (HKLM-x32\...\{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}) (Version: 11.0.21500.0.4 - Nero AG) Hidden WhatsApp (HKU\S-1-5-21-270676865-3621291441-929404117-1001\...\WhatsApp) (Version: 0.2.6426 - WhatsApp) Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation) WinRAR 5.30 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.4 - win.rar GmbH) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-270676865-3621291441-929404117-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2016 - English\dwgviewr.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-270676865-3621291441-929404117-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2016 - English\en-US\dwgviewrficn.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-270676865-3621291441-929404117-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ShellIconOverlayIdentifiers: [ FSOverlayIcon] -> {C0829D19-E5A0-44F5-B56E-D15030C53BB9} => C:\Program Files\Trend Micro\Titanium\plugin\TmOverlayIcon.dll [2017-07-23] (Trend Micro Inc.) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.) ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2015-02-06] (Autodesk) ContextMenuHandlers1-x32: [Autodesk.DWF.ContextMenu] -> {6C18531F-CA85-45F7-8278-FF33CF0A5964} => C:\Program Files (x86)\Common Files\Autodesk Shared\DWF Common\DWFShellExtension.dll [2016-01-18] (Autodesk, Inc.) ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-09-13] (Alexander Roshal) ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-09-13] (Alexander Roshal) ContextMenuHandlers1-x32-x32: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2017-07-23] (Trend Micro Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Nenhum Arquivo ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-05-04] (Intel Corporation) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-09-13] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-09-13] (Alexander Roshal) ContextMenuHandlers6-x32: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2017-07-23] (Trend Micro Inc.) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {08939C74-00CB-44AD-A60D-5CBB65A158F4} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.) Task: {12DBA40F-65AF-4A7A-87BA-53F328AAA2CD} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Nenhum Arquivo <==== ATENÇÃO Task: {19E8E3D2-0D05-43D2-820A-D4373F9D9225} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated) Task: {20C43E61-3A38-4336-AF8F-1CEA5DA0467B} - System32\Tasks\EPSON XP-211 214 216 Series Invitation {142BC7D3-8E74-48D2-B389-7F9123854A47} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION) Task: {28B0B97C-CE76-462F-B27F-E72E086A086D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-10-16] (Microsoft Corporation) Task: {3BECFA1B-240F-4B89-8584-0693C71AB3B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-25] (Google Inc.) Task: {3D822642-DEE5-4997-89E9-27F5C5DA463C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe [2017-10-25] (Adobe Systems Incorporated) Task: {3F112B62-F627-4B80-A9DE-8852DF190D61} - System32\Tasks\{908B3AA5-6415-4DDC-9FAF-16E07B7FE1A0} => C:\Windows\system32\pcalua.exe -a "C:\Users\Paulo\Desktop\CD DELL\ZIPFILES\86GHF.exe" -d "C:\Users\Paulo\Desktop\CD DELL\ZIPFILES" Task: {4A1DF043-2B97-4927-9C7A-7FA0A561800D} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.) Task: {4FACD8A3-42A5-4852-8EDF-59C6D45242B6} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe Task: {4FC4E077-D46A-41F7-B6A4-B5C9C5EA7B93} - System32\Tasks\EPSON XP-211 214 216 Series Invitation {D7CD92E2-39AD-43D9-AB26-EE639966615B} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION) Task: {5C836376-C690-48ED-BD0D-99AD0CE6032D} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-09-22] (Dell Inc.) Task: {602A9156-D680-452B-8FD0-65315E43DFC2} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {64D0474F-18E6-4948-9A55-E7AEB7D5FE51} - System32\Tasks\EPSON XP-211 214 216 Series Invitation {E0C1C62D-7C61-48E2-87A2-1E92E577D5E8} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION) Task: {6F2FBF14-4B03-4826-A3E0-48296FE000A5} - System32\Tasks\EPSON XP-211 214 216 Series Invitation {29749AF8-2DA7-4047-B3DF-0AF18D8634B6} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION) Task: {7B326B96-3C2E-4699-A653-C90E405FCC5F} - System32\Tasks\EPSON XP-211 214 216 Series Update {142BC7D3-8E74-48D2-B389-7F9123854A47} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION) Task: {91729567-10D3-4C0D-A80A-F7D243E96039} - System32\Tasks\EPSON XP-211 214 216 Series Update {E0C1C62D-7C61-48E2-87A2-1E92E577D5E8} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION) Task: {BCB37EC6-D72F-488B-82F7-1C13CB7B2315} - System32\Tasks\Rerun Warsaw's CoreFixer => C:\Windows\TEMP\is-7CKQR.tmp\corefixer.exe <==== ATENÇÃO Task: {C5942FF1-A61A-4E3A-A650-CD11813DC2EB} - System32\Tasks\{44F823DD-4C88-4A85-AD73-093901B4D6B5} => C:\Windows\system32\pcalua.exe -a C:\Users\Paulo\Desktop\Baixados\iMEI_Intel_W8.1_A01_Setup-D2CTT_ZPE.exe -d C:\Users\Paulo\Desktop\Baixados Task: {C6802349-007D-4547-9304-40C708769108} - System32\Tasks\SmartShare => C:\Program Files (x86)\LG Software\LG Smart Share\SmartShareStart.exe [2014-12-05] (LG Electronics Inc.) Task: {CF1CAB2F-BF5D-4599-9E9C-A200C810B2CA} - System32\Tasks\EPSON XP-211 214 216 Series Update {29749AF8-2DA7-4047-B3DF-0AF18D8634B6} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION) Task: {D9B36A85-325B-464B-AEC8-4C8006F50410} - System32\Tasks\EPSON XP-211 214 216 Series Update {D7CD92E2-39AD-43D9-AB26-EE639966615B} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION) Task: {E34EE062-EDE2-4990-BC16-E3B65FC65ED2} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd) Task: {FA23F030-675D-47CD-B8B3-153D7DE4719A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-25] (Google Inc.) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\EPSON XP-211 214 216 Series Invitation {142BC7D3-8E74-48D2-B389-7F9123854A47}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE Task: C:\Windows\Tasks\EPSON XP-211 214 216 Series Invitation {29749AF8-2DA7-4047-B3DF-0AF18D8634B6}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE Task: C:\Windows\Tasks\EPSON XP-211 214 216 Series Invitation {D7CD92E2-39AD-43D9-AB26-EE639966615B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE Task: C:\Windows\Tasks\EPSON XP-211 214 216 Series Invitation {E0C1C62D-7C61-48E2-87A2-1E92E577D5E8}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE Task: C:\Windows\Tasks\EPSON XP-211 214 216 Series Update {142BC7D3-8E74-48D2-B389-7F9123854A47}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE:/EXE:{142BC7D3-8E74-48D2-B389-7F9123854A47} /F:UpdateWORKGROUP\PAULO-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\Windows\Tasks\EPSON XP-211 214 216 Series Update {29749AF8-2DA7-4047-B3DF-0AF18D8634B6}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE:/EXE:{29749AF8-2DA7-4047-B3DF-0AF18D8634B6} /F:UpdateWORKGROUP\PAULO-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\Windows\Tasks\EPSON XP-211 214 216 Series Update {D7CD92E2-39AD-43D9-AB26-EE639966615B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE:/EXE:{D7CD92E2-39AD-43D9-AB26-EE639966615B} /F:UpdateWORKGROUP\PAULO-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\Windows\Tasks\EPSON XP-211 214 216 Series Update {E0C1C62D-7C61-48E2-87A2-1E92E577D5E8}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE:/EXE:{E0C1C62D-7C61-48E2-87A2-1E92E577D5E8} /F:UpdateWORKGROUP\PAULO-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi ==================== Atalhos & WMI ======================== (As entradas podem ser listadas para serem restauradas ou removidas.) ==================== Módulos Carregados (Whitelisted) ============== 2017-10-30 15:56 - 2017-01-13 05:41 - 000039424 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc140-mt-1_62.dll 2017-10-30 15:56 - 2017-01-13 05:39 - 000076288 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc140-mt-1_62.dll 2017-10-30 15:56 - 2017-01-13 06:01 - 000737792 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll 2017-10-30 15:56 - 2017-01-13 05:42 - 000131072 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc140-mt-1_62.dll 2017-10-30 15:56 - 2017-01-13 05:39 - 000048640 _____ () C:\Program Files\Trend Micro\AMSP\boost_chrono-vc140-mt-1_62.dll 2017-10-30 15:56 - 2017-01-13 05:55 - 002333184 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll 2017-10-23 18:51 - 2017-07-23 17:24 - 000182568 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll 2016-03-18 23:56 - 2016-03-18 23:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-04-22 02:07 - 2016-04-22 02:07 - 001337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-10-30 15:58 - 2017-07-23 17:24 - 000131072 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc140-mt-1_62.dll 2017-10-30 15:58 - 2017-07-23 17:24 - 000039424 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc140-mt-1_62.dll 2017-10-30 15:58 - 2017-07-23 17:24 - 000076288 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc140-mt-1_62.dll 2017-10-30 15:58 - 2017-07-23 17:24 - 000048640 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_chrono-vc140-mt-1_62.dll 2017-10-30 15:58 - 2017-07-23 17:24 - 001016320 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc140-mt-1_62.dll 2017-03-18 18:58 - 2017-03-18 18:58 - 000138000 _____ () C:\Windows\SYSTEM32\inputhost.dll 2017-03-18 18:59 - 2017-03-20 01:59 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-06-29 23:40 - 2012-07-18 12:03 - 000165024 _____ () C:\Program Files\Conexant\SA3\MaxxAudioWrapper.dll 2017-10-23 18:51 - 2017-07-23 17:24 - 000085952 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll 2017-10-25 22:31 - 2017-10-17 06:08 - 002871640 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.62\swiftshader\libglesv2.dll 2017-10-25 22:31 - 2017-10-17 06:08 - 000138072 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.62\swiftshader\libegl.dll 2017-09-18 09:41 - 2017-09-18 09:41 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11709.1001.27.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-10-27 21:01 - 2017-10-27 21:03 - 010273280 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11709.1001.27.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll 2017-10-05 19:16 - 2017-10-05 19:21 - 000021504 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2017-10-05 19:16 - 2017-10-05 19:21 - 048839168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2017-10-05 19:16 - 2017-10-05 19:22 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll 2017-10-05 19:16 - 2017-10-05 19:19 - 000352256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll 2017-10-05 19:16 - 2017-10-05 19:22 - 000164352 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\VideoPlugin.dll 2017-10-05 19:16 - 2017-10-05 19:19 - 000675328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\IPPNativePlugin.dll 2017-10-05 19:16 - 2017-10-05 19:19 - 002836480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll 2017-10-05 19:16 - 2017-10-05 19:22 - 020559872 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll 2017-10-05 19:16 - 2017-10-05 19:19 - 002705408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2017-10-05 19:16 - 2017-10-05 19:17 - 003128320 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll 2017-08-30 00:43 - 2017-08-30 00:43 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-10-05 19:16 - 2017-10-05 19:19 - 000118784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\ExploreModel.dll 2017-10-05 19:16 - 2017-10-05 19:21 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll 2017-10-05 19:16 - 2017-10-05 19:21 - 001380864 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll 2017-10-05 19:16 - 2017-10-05 19:17 - 000367616 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\AnimatedGIF.dll 2017-10-09 16:59 - 2017-10-09 17:00 - 034988544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17083.18321.0_x64__8wekyb3d8bbwe\Music.UI.exe 2017-10-09 16:59 - 2017-10-09 17:00 - 009214464 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17083.18321.0_x64__8wekyb3d8bbwe\EntCommon.dll 2017-08-23 13:18 - 2017-08-23 13:21 - 000957952 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17083.18321.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll 2017-09-26 22:47 - 2017-09-27 10:18 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17083.18321.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-10-09 16:59 - 2017-10-09 17:00 - 013224960 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17083.18321.0_x64__8wekyb3d8bbwe\Music.Visuals.dll 2017-10-10 15:01 - 2017-10-10 15:02 - 001226416 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8600.40525.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll 2017-04-07 18:47 - 2017-04-07 18:54 - 001695440 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8600.40525.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll 2017-09-18 09:41 - 2017-09-18 09:41 - 003553704 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8600.40525.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-10-19 07:27 - 2017-10-19 07:29 - 025741312 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17092.13511.0_x64__8wekyb3d8bbwe\Video.UI.exe 2017-10-19 07:27 - 2017-10-19 07:28 - 009257984 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17092.13511.0_x64__8wekyb3d8bbwe\EntCommon.dll 2017-09-26 22:47 - 2017-09-27 10:18 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17092.13511.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-10-10 15:01 - 2017-10-10 15:01 - 004252672 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Calculator.exe 2017-09-26 22:47 - 2017-09-27 10:18 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-10-31 08:31 - 2017-10-31 08:31 - 000015872 _____ () C:\Program Files\WindowsApps\Microsoft.Office.Sway_18.1710.52701.0_x64__8wekyb3d8bbwe\Microsoft.Office.Sway.LightweightClient.UWP.exe 2017-10-31 08:31 - 2017-10-31 08:31 - 006272000 _____ () C:\Program Files\WindowsApps\Microsoft.Office.Sway_18.1710.52701.0_x64__8wekyb3d8bbwe\Microsoft.Office.Sway.LightweightClient.UWP.dll 2017-10-31 08:31 - 2017-10-31 08:31 - 002361528 _____ () C:\Program Files\WindowsApps\Microsoft.Office.Sway_18.1710.52701.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll 2015-03-16 12:28 - 2015-03-16 12:28 - 000155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll 2017-01-22 13:45 - 2013-09-12 14:55 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2017-10-23 18:51 - 2017-07-23 17:24 - 000108032 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc140-mt-1_62.dll 2017-10-23 18:51 - 2017-07-23 17:24 - 000035840 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_system-vc140-mt-1_62.dll 2017-10-23 18:51 - 2017-07-23 17:24 - 000044032 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_chrono-vc140-mt-1_62.dll 2017-10-23 18:51 - 2017-07-23 17:24 - 000064000 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc140-mt-1_62.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32] AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1002] AlternateDataStreams: C:\Windows\system32\Drivers\gbpddreg64.sys:X5ZN8aGvT4 [686] AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-270676865-3621291441-929404117-1001\...\bancobrasil.com.br -> www.bancobrasil.com.br IE trusted site: HKU\S-1-5-21-270676865-3621291441-929404117-1001\...\bb.com.br -> hxxps://seg.bb.com.br IE trusted site: HKU\S-1-5-21-270676865-3621291441-929404117-1001\...\caixa.gov.br -> imagem.caixa.gov.br IE trusted site: HKU\S-1-5-21-270676865-3621291441-929404117-1001\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2015-11-28 23:35 - 2017-05-23 23:12 - 000000753 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-270676865-3621291441-929404117-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == HKLM\...\StartupApproved\Run32: => "SDTray" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [UDP Query User{445C4F85-80CE-441A-BA35-BEAED13266D4}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe FirewallRules: [TCP Query User{927A9DC0-6E0B-476B-B136-B72F447B9398}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe FirewallRules: [UDP Query User{7B89A0B3-1209-4638-873C-93672655A58A}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe FirewallRules: [TCP Query User{D3C6EBDB-07B5-4DB1-91C0-8693E75E288A}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe FirewallRules: [{627D2FB9-C6FC-4411-B364-1BF6DB1A0B00}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe FirewallRules: [{53928055-2EC6-4A29-9815-F8281351B8AC}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe FirewallRules: [UDP Query User{720AF6B4-D8D7-411A-888E-F7B69D7423B5}C:\users\paulo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\paulo\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{9D64AD52-329A-40E5-BFCA-67041AED33BE}C:\users\paulo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\paulo\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{D771139A-1B5E-4126-9CAE-CA4BAD68E989}C:\users\paulo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\paulo\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{82ABD934-2099-4D70-A364-54829368EF05}C:\users\paulo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\paulo\appdata\roaming\spotify\spotify.exe FirewallRules: [{1826265D-2472-4817-802A-A3088FE21BB4}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{746A040E-2806-4E29-A776-367E30CB83E2}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{C54531B8-F915-4A87-B213-A9CD8B3FC4D5}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe FirewallRules: [{2786D105-53B3-4417-A59F-122A21673E03}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe FirewallRules: [{2707C672-C309-49C8-B303-69660CA01286}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe FirewallRules: [{CD204792-447C-4417-81CE-5CB24307D871}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe FirewallRules: [TCP Query User{350E520C-4C26-4054-A69A-6663C165C29C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{261D8A68-E9CD-4CAB-8FCC-35DC1ABC570A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{AFEAFD62-5529-4D21-8DDE-DE57B4361A87}] => (Allow) C:\Users\Paulo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{47A33333-A437-4DD2-825F-E024775AFCCA}] => (Allow) C:\Users\Paulo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{FCB7B533-5C10-48D5-B3AA-DB0E1CEDC53A}] => (Allow) C:\Users\Paulo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{696E70DC-6D01-4EF9-8449-49B709F974F3}] => (Allow) C:\Users\Paulo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D10CEDF1-0C14-4181-B113-CFF5F7377A3E}] => (Allow) C:\Users\Paulo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{E40A26DC-3E83-41CD-9DBF-5D6947892A91}] => (Allow) C:\Users\Paulo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{1B099D2D-F4FF-4FB6-A0D0-FC09036386CF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{481CE0C3-7A6B-4615-9BEC-C385EAF00647}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{6E624768-5307-4A85-BAA0-A292750B0BE3}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{3251875D-0D89-485D-BF41-7249DA2BD3CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{76DBE28F-879D-4C7A-A907-100262AB1F34}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{4E414B4D-9611-4570-BADF-D5430579977C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{E99FD370-AB1D-462D-992D-E7FC882C473B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{12D71DE7-5EE6-4703-AAD6-6A930C750259}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [TCP Query User{4B2B4FAA-34F3-4E20-A4A6-E35839B6CA10}C:\Windows\system32\rundll32.exe] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [UDP Query User{C0B1627B-B721-49AC-BBEA-DDE6C9726744}C:\Windows\system32\rundll32.exe] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [{1F6E4397-D3E0-4F0E-B45A-58BEFCEAB86D}] => (Block) C:\Windows\system32\rundll32.exe FirewallRules: [{DE867236-BBA5-44B4-ADCB-AE31CA041517}] => (Block) C:\Windows\system32\rundll32.exe FirewallRules: [{C0A2CA8C-8513-40C3-85C7-B9FF15339D3A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{2B658EBA-28FA-4A5D-B37E-80C894AD20C8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{0E136751-BA5C-4C09-BBEF-257939C59C3C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{0A0853A3-C0B2-4818-B7EA-DA04831A5222}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{F6C76030-99DA-4E38-93AF-DC69D6B88499}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{8D086B2A-4EFC-4FBB-A534-59F6AE465F99}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe ==================== Pontos de Restauração ========================= 24-10-2017 13:53:40 Ponto de Verificação Agendado 29-10-2017 16:01:13 Removed Epson Customer Research Participation 30-10-2017 12:39:09 Revo Uninstaller's restore point - HP Deskjet 1000 J110 series Ajuda 30-10-2017 12:54:19 Revo Uninstaller's restore point - HP Deskjet 1000 J110 series Software básico do dispositivo 30-10-2017 12:54:54 Installed HP Deskjet 1000 J110 series Basic Device Software 30-10-2017 12:57:21 Revo Uninstaller's restore point - HP Deskjet 2050 J510 series Ajuda 30-10-2017 13:00:34 Installed HP Deskjet 2050 J510 series Basic Device Software ==================== Dispositivos Apresentando Falhas No Gerenciador ============= ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (10/30/2017 11:56:44 PM) (Source: BiometricSensorDataSynchronization) (EventID: 0) (User: ) Description: Event-ID 0 Error: (10/30/2017 09:14:27 PM) (Source: BiometricSensorDataSynchronization) (EventID: 0) (User: ) Description: Event-ID 0 Error: (10/30/2017 09:13:01 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa explorer.exe versão 10.0.15063.674 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle Segurança e Manutenção. ID do Processo: 1d34 Hora de Início: 01d351d1035a98f3 Hora de Término: 0 Caminho do Aplicativo: C:\Windows\explorer.exe ID do Relatório: 4374dd53-0c9d-4fc9-995d-88f5239013b7 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (10/30/2017 09:06:12 PM) (Source: ESENT) (EventID: 104) (User: ) Description: qmgr.dll (10832) QmgrDatabaseInstance: O mecanismo de banco de dados interrompeu a instância (0) com o erro (-1090). Sequência Interna de Intervalos: [1] 0.000003 +J(0) [2] 0.000009 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [3] 0.000956 +J(CM:0, PgRf:6, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 0K, PF:0K # 0K, P:0K) [4] 0.000005 +J(0) [5] 0.0 +J(0) [6] 0.000063 +J(0) +M(C:0K, Fs:1, WS:-84K # 0K, PF:-88K # 0K, P:-88K) [7] - [8] 0.000007 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [9] 0.015429 +J(0) +M(C:0K, Fs:5, WS:-16K # 0K, PF:-40K # 0K, P:-40K) [10] - [11] 0.000007 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [12] - [13] 0.000034 +J(0) +M(C:0K, Fs:0, WS:-4K # 0K, PF:-4K # 0K, P:-4K) [14] 0.001673 +J(0) +M(C:0K, Fs:0, WS:-8K # 0K, PF:-8K # 0K, P:-8K) [15] 0.000010 +J(0) +M(C:0K, Fs:0, WS:-16K # 0K, PF:-32K # 0K, P:-32K) [16] 0.000002 +J(0). Error: (10/30/2017 09:06:12 PM) (Source: ESENT) (EventID: 471) (User: ) Description: qmgr.dll (10832) QmgrDatabaseInstance: Não é possível reverter a operação #-39 no banco de dados C:\ProgramData\Microsoft\Network\Downloader\qmgr.db. Erro: -510. Todas as atualizações futuras serão rejeitadas. Error: (10/30/2017 09:06:12 PM) (Source: ESENT) (EventID: 492) (User: ) Description: qmgr.dll (10832) QmgrDatabaseInstance: A sequência de arquivo de log em "C:\ProgramData\Microsoft\Network\Downloader\" foi interrompida devido a um erro fatal. Não serão possíveis outras atualizações dos bancos de dados que utilizam essa sequência de arquivo de log. Corrija o problema e reinicie, ou restaure do backup. Error: (10/30/2017 09:06:12 PM) (Source: ESENT) (EventID: 413) (User: ) Description: qmgr.dll (10832) QmgrDatabaseInstance: Não é possível criar um novo arquivo de log porque o banco de dados não pode gravar na unidade de log. Talvez a unidade seja somente leitura, tenha espaço em disco insuficiente, esteja mal configurada ou esteja corrompida. Erro -1032. Error: (10/30/2017 09:06:12 PM) (Source: ESENT) (EventID: 488) (User: ) Description: qmgr.dll (10832) QmgrDatabaseInstance: Uma tentativa de criar o arquivo "C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log" falhou com o erro de sistema 80 (0x00000050): "O arquivo já existe. ". A operação para criar o arquivo falhará com o erro -1814 (0xfffff8ea). Error: (10/30/2017 08:45:25 PM) (Source: BiometricSensorDataSynchronization) (EventID: 0) (User: ) Description: Event-ID 0 Error: (10/30/2017 06:31:34 PM) (Source: BiometricSensorDataSynchronization) (EventID: 0) (User: ) Description: Event-ID 0 Erros de Sistema: ============= Error: (10/30/2017 11:56:42 PM) (Source: DCOM) (EventID: 10010) (User: PAULO-PC) Description: O servidor {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} não se registrou no DCOM dentro do tempo limite necessário. Error: (10/30/2017 11:56:42 PM) (Source: DCOM) (EventID: 10010) (User: PAULO-PC) Description: O servidor {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} não se registrou no DCOM dentro do tempo limite necessário. Error: (10/30/2017 11:56:42 PM) (Source: DCOM) (EventID: 10010) (User: PAULO-PC) Description: O servidor {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} não se registrou no DCOM dentro do tempo limite necessário. Error: (10/30/2017 11:56:42 PM) (Source: DCOM) (EventID: 10010) (User: PAULO-PC) Description: O servidor {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} não se registrou no DCOM dentro do tempo limite necessário. Error: (10/30/2017 11:56:42 PM) (Source: DCOM) (EventID: 10010) (User: PAULO-PC) Description: O servidor {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} não se registrou no DCOM dentro do tempo limite necessário. Error: (10/30/2017 11:56:42 PM) (Source: DCOM) (EventID: 10010) (User: PAULO-PC) Description: O servidor {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} não se registrou no DCOM dentro do tempo limite necessário. Error: (10/30/2017 11:56:42 PM) (Source: DCOM) (EventID: 10010) (User: PAULO-PC) Description: O servidor {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} não se registrou no DCOM dentro do tempo limite necessário. Error: (10/30/2017 11:56:42 PM) (Source: DCOM) (EventID: 10010) (User: PAULO-PC) Description: O servidor {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} não se registrou no DCOM dentro do tempo limite necessário. Error: (10/30/2017 11:56:42 PM) (Source: DCOM) (EventID: 10010) (User: PAULO-PC) Description: O servidor {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} não se registrou no DCOM dentro do tempo limite necessário. Error: (10/30/2017 11:56:42 PM) (Source: DCOM) (EventID: 10010) (User: PAULO-PC) Description: O servidor {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} não se registrou no DCOM dentro do tempo limite necessário. CodeIntegrity: =================================== Date: 2017-10-30 23:56:26.908 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements. Date: 2017-10-30 23:56:17.158 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbdhm64.dll that did not meet the Microsoft signing level requirements. Date: 2017-10-30 20:51:19.125 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbdhm64.dll that did not meet the Microsoft signing level requirements. Date: 2017-10-30 12:37:34.065 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements. Date: 2017-10-30 11:00:01.934 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements. Date: 2017-10-29 21:33:16.130 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements. Date: 2017-10-29 14:54:08.166 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2017-10-29 11:38:52.798 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements. Date: 2017-10-29 10:18:37.399 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements. Date: 2017-10-29 10:18:29.927 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbdhm64.dll that did not meet the Microsoft signing level requirements. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i7-3612QM CPU @ 2.10GHz Percentagem de memória em uso: 55% RAM física total: 6019.3 MB RAM física disponível: 2660.44 MB Virtual Total: 12163.3 MB Virtual disponível: 8039.28 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:683.03 GB) (Free:509.63 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 53C0298E) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=15.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=683 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 8 GB) (Disk ID: 53C029C5) Partition 1: (Not Active) - (Size=8 GB) - (Type=84) ==================== Fim de Addition.txt ============================
  6. Mensagem de erro .DLL

    O Junkeware Removal foi descontinuado: Malwarebytes has chosen to discontinue Junkware Removal Tool (JRT) by announcing the end of maintenance as of October 26, 2017. Os Logs: AdwCleaner 7.0.4.0 - Logfile created on Mon Oct 30 18:43:29 2017 # Updated on 2017/27/10 by Malwarebytes # Running on Windows 10 Pro (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** No malicious folders deleted. ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [982 B] - [2017/10/30 18:42:54] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## ~ ZHPCleaner v2017.10.27.186 by Nicolas Coolman (2017/10/27) ~ Run by Paulo (Administrator) (30/10/2017 17:04:19) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Reparo ~ Report : C:\Users\Paulo\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Paulo\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Pro, 64-bit (Build 15063) ---\\ Serviços (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Navegadores de Internet (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Arquivo hosts (1) ~ O arquivo hosts é legítimo (19) ---\\ Tarefas automáticas agendadas. (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Explorer ( Arquivos, Pastas) (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Registro ( Chaves, Valores, Dados ) (3) SUPRIMIDO chave*: HKCU\Software\undefined [] =>.SUP.Downloader SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\TSToolbar.TSProtectorBar [TSProtectorBar Class] =>PUP.Optional.MocaFlix SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\TSToolbar.TSProtectorBar.1 [TSProtectorBar Class] =>PUP.Optional.MocaFlix ---\\ Resumo dos elementos encontrados na sua estação de trabalho (2) https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Downloader https://www.nicolascoolman.com/fr/pup-mocaflix/ =>PUP.Optional.MocaFlix ---\\ Dodatkowe oczyszczenie. (20) ~ Chave de registro Tracing Supprimido (20) ~ Remover os relatórios antigos ZHPCleaner. (0) ---\\ Resultado de reparação Reparação efectuada com sucesso ~ Este navegador está faltando ! (Mozilla Firefox) ~ Este navegador está faltando ! (Opera Software) ---\\ Estatísticas ~ Items scan : 734 ~ Items encontrado : 0 ~ items cancelados : 0 ~ Items réparo : 3 ~ End of clean in 00h00mn11s ~==================== ZHPCleaner-[R]-30102017-17_04_30.txt ZHPCleaner--30102017-17_00_29.txt
  7. Mensagem de erro .DLL

    Log ESET :\$RECYCLE.BIN\S-1-5-21-270676865-3621291441-929404117-1001\$R61Z9LU.zip VBS/TrojanDownloader.Agent.PIP trojan deleted C:\$RECYCLE.BIN\S-1-5-21-270676865-3621291441-929404117-1001\$RKCJLZK.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting C:\$RECYCLE.BIN\S-1-5-21-270676865-3621291441-929404117-1001\$RX3P7L3.zip VBS/TrojanDownloader.Agent.PIP trojan deleted C:\Windows\ServiceProfiles\LocalService\winhttp\1059477824.cache JS/ProxyChanger.CW trojan cleaned by deleting C:\Windows\ServiceProfiles\LocalService\winhttp\1217096524.cache JS/ProxyChanger.CW trojan cleaned by deleting C:\Windows\ServiceProfiles\LocalService\winhttp\1492629872.cache JS/ProxyChanger.CW trojan cleaned by deleting C:\Windows\ServiceProfiles\LocalService\winhttp\24009549.cache JS/ProxyChanger.CW trojan cleaned by deleting C:\Windows\ServiceProfiles\LocalService\winhttp\4004415539.cache JS/ProxyChanger.CW trojan cleaned by deleting C:\Windows\ServiceProfiles\LocalService\winhttp\4114187614.cache JS/ProxyChanger.CW trojan cleaned by deleting C:\Windows\ServiceProfiles\LocalService\winhttp\4168232793.cache JS/ProxyChanger.CW trojan cleaned by deleting C:\Windows\ServiceProfiles\LocalService\winhttp\799996242.cache JS/ProxyChanger.CW trojan cleaned by deleting C:\Windows\ServiceProfiles\LocalService\winhttp\80692169.cache JS/ProxyChanger.CW trojan cleaned by deleting C:\Windows\ServiceProfiles\LocalService\winhttp\980978934.cache JS/ProxyChanger.CW trojan cleaned by deleting
  8. Mensagem de erro .DLL

    Relatório: Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 29/10/17 Hora da análise: 14:55 Arquivo de registro: f7c36bdc-bcc9-11e7-b716-5cf9ddecc322.json Administrador: Sim -Informação do software- Versão: 3.2.2.2029 Versão de componentes: 1.0.212 Versão do pacote de definições: 1.0.3123 Licença: Versão de Avaliação -Informação do sistema- Sistema operacional: Windows 10 (Build 15063.674) CPU: x64 Sistema de arquivos: NTFS Usuário: PAULO-PC\Paulo -Resumo da análise- Tipo de análise: Análise de Ameaças Resultado: Concluído Objetos verificados: 471132 Ameaças detectadas: 0 (Nenhum item malicioso detectado) Ameaças em quarentena: 0 (Nenhum item malicioso detectado) Tempo decorrido: 24 min, 48 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Detectar PUM: Detectar -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 0 (Nenhum item malicioso detectado) Valor de registro: 0 (Nenhum item malicioso detectado) Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 0 (Nenhum item malicioso detectado) Arquivo: 0 (Nenhum item malicioso detectado) Setor físico: 0 (Nenhum item malicioso detectado) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:24:19, on 29/10/2017 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.15063.0608) Boot mode: Normal Running processes: C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Users\Paulo\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.br/?gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit= O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll O2 - BHO: Trend Micro Network Filter Plugin - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1403\2.7.1088\TmopIEPlg32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Trend Micro IE Protection - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll O3 - Toolbar: Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [SilentCleanService] C:\Program Files (x86)\iMobie\PhoneClean\SilentCleanServer.exe O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [OneDrive] "C:\Users\Paulo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [Spotify] C:\Users\Paulo\AppData\Roaming\Spotify\Spotify.exe --autostart O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAL.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus TX430" O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-211 214 216 Series" O4 - HKCU\..\Run: [EPLTarget\P0000000000000002] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT "EPLTarget\P0000000000000002" /M "XP-211 214 216 Series" O4 - HKCU\..\Run: [Spotify Web Helper] C:\Users\Paulo\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-18\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-211 214 216 Series" (User 'SISTEMA') O4 - HKUS\.DEFAULT\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-211 214 216 Series" (User 'Default user') O4 - Startup: FPHGIdU.vbs O4 - Startup: Monitorar alertas de tinta - HP Deskjet 1000 J110 series.lnk = ? O4 - Startup: Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk = ? O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O15 - Trusted Zone: http://www.bb.com.br O15 - Trusted Zone: imagem.caixa.gov.br O15 - Trusted Zone: internetbanking.caixa.gov.br O15 - Trusted Zone: internetbankingpf.caixa.gov.br O15 - Trusted Zone: www.caixa.gov.br O15 - Trusted Zone: http://www.caixa.gov.br O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1403\2.7.1088\TmopIEPlg32.dll O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll (file missing) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: CxUtilSvc - Conexant Systems, Inc. - C:\Program Files\Conexant\SA3\CxUtilSvc.exe O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EpsonCustomerResearchParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing) O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Synaptics FP WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\Windows\system32\valWBFPolicyService.exe (file missing) O23 - Service: BiometricSensorDataSynchronization (valWbioSyncSvc) - Unknown owner - C:\Windows\system32\valWbioSyncSvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15850 bytes
  9. Mensagem de erro .DLL

  10. Mensagem de erro .DLL

    Quando dou boot aparece a mensagem que está no arquivo em anexo. Gostaria que analisasse o log. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:12:32, on 27/10/2017 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.15063.0608) Boot mode: Normal Running processes: C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Users\Paulo\Desktop\HijackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.br/?gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit= O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll O2 - BHO: Trend Micro Network Filter Plugin - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1403\2.7.1088\TmopIEPlg32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Trend Micro IE Protection - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll O3 - Toolbar: Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [SilentCleanService] C:\Program Files (x86)\iMobie\PhoneClean\SilentCleanServer.exe O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [OneDrive] "C:\Users\Paulo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [Spotify] C:\Users\Paulo\AppData\Roaming\Spotify\Spotify.exe --autostart O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAL.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus TX430" O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-211 214 216 Series" O4 - HKCU\..\Run: [EPLTarget\P0000000000000002] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT "EPLTarget\P0000000000000002" /M "XP-211 214 216 Series" O4 - HKCU\..\Run: [Spotify Web Helper] C:\Users\Paulo\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-18\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-211 214 216 Series" (User 'SISTEMA') O4 - HKUS\.DEFAULT\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-211 214 216 Series" (User 'Default user') O4 - Startup: FPHGIdU.vbs O4 - Startup: Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk = ? O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O15 - Trusted Zone: http://www.bb.com.br O15 - Trusted Zone: imagem.caixa.gov.br O15 - Trusted Zone: internetbanking.caixa.gov.br O15 - Trusted Zone: internetbankingpf.caixa.gov.br O15 - Trusted Zone: www.caixa.gov.br O15 - Trusted Zone: http://www.caixa.gov.br O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1403\2.7.1088\TmopIEPlg32.dll O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll (file missing) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: CxUtilSvc - Conexant Systems, Inc. - C:\Program Files\Conexant\SA3\CxUtilSvc.exe O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EpsonCustomerResearchParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing) O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Synaptics FP WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\Windows\system32\valWBFPolicyService.exe (file missing) O23 - Service: BiometricSensorDataSynchronization (valWbioSyncSvc) - Unknown owner - C:\Windows\system32\valWbioSyncSvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15619 bytes tela.docx
  11. Laptop abrindo janela prompt de comando

    Aparentemente sem novos incidentes. Acho que deu tudo certo. Obrigado !
  12. Laptop abrindo janela prompt de comando

    Os logs: Zoek.exe v5.0.0.1 Updated 27-09-2015 Tool run by Paulo on 23/05/2017 at 22:06:38,88. Microsoft Windows 10 Pro 10.0.14393 x64 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\Paulo\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2017-05-20-203946.log 15657 bytes C:\zoek-results2017-05-22-221241.log 1286 bytes ==== System Restore Info ====================== 23/05/2017 22:10:57 Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ==== Empty Folders Check ====================== C:\Windows\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "com.trendmicro.tmopfirefox.ext@trendop"="C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\com.trendmicro.tmopfirefox.ext@trendop.xpi" [24/01/2017 00:07] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "com.trendmicro.tmopfirefox.ext@trendop"="C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\com.trendmicro.tmopfirefox.ext@trendop.xpi" [24/01/2017 00:07] ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions efaidnbmnnnibpcajpcglclefindmkaj - No path found[] ohhcpmplhhiiaoiddkfboafbhiknefdf - No path found[] Chrome Media Router - Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.com.br/?gws_rd=ssl" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.com.br/?gws_rd=ssl" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Reset Google Chrome ====================== C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\Paulo\Desktop\Carnê-Leão 2016.lnk - C:\Users\Paulo\Desktop\Carnê-Leão 2017.lnk - C:\Users\Paulo\Desktop\GCAP 2016 - Ganhos de Capital 2016.lnk - C:\Arquivos de Programas RFB\GCAP2016\GCAP2016.exe C:\Users\Paulo\Desktop\GCAP 2017 - Ganhos de Capital 2017.lnk - C:\Arquivos de Programas RFB\GCAP2017\GCAP2017.exe C:\Users\Paulo\Desktop\IRPF2010 - Declaração de Ajuste Anual e Final de Espólio.lnk - C:\Users\Paulo\Desktop\IRPF2016 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk - C:\Users\Paulo\Desktop\WhatsApp.lnk - C:\Users\Paulo\AppData\Local\WhatsApp\Update.exe --processStart WhatsApp.exe C:\Users\Paulo\Desktop\IRPF 2016\Dirf 2016.LNK - C:\Arquivos de Programas RFB\Dirf2016\Dirf2016.exe C:\Users\Paulo\Desktop\IRPF 2016\PER-DCOMP 6.5.lnk - C:\Arquivos de Programas RFB\PERDCOMP65\PERDCOMP65.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Autodesk Design Review 2013.lnk - C:\Program Files (x86)\Autodesk\Autodesk Design Review 2013\DesignReview.exe C:\Users\Public\Desktop\DWG TrueView 2016 - English.lnk - C:\Program Files (x86)\Autodesk\DWG TrueView 2016 - English\dwgviewr.exe /language "en-US" C:\Users\Public\Desktop\EPSON Scan.lnk - C:\Windows\twain_32\escndv\escndv.exe C:\Users\Public\Desktop\IRPF2017 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk - ==== shortcuts in Users Start Menu ====================== C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\Paulo\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2017\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2017.lnk - C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp\WhatsApp.lnk - C:\Users\Paulo\AppData\Local\WhatsApp\Update.exe --processStart WhatsApp.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\SupportAssist\SupportAssist.lnk - C:\Program Files\Dell\SupportAssist\pcdlauncher.exe -lloc dsc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON Scan\Definições EPSON Scan.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON Scan\EPSON Scan.lnk - C:\Windows\twain_32\escndv\escndv.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software\Event Manager.lnk - C:\Program Files (x86)\EPSON Software\Event Manager\EProjManager.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie\PhoneClean\PhoneClean Online Help.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie\PhoneClean\PhoneClean.lnk - C:\Program Files (x86)\iMobie\PhoneClean\PhoneClean.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie\PhoneClean\Uninstall.lnk - C:\Program Files (x86)\iMobie\PhoneClean\uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB\Sicalc Auto Atendimento\Desinstalar.lnk - C:\Program Files (x86)\Programas RFB\Sicalc Auto Atendimento\uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB\Sicalc Auto Atendimento\Sicalc Auto Atendimento.lnk - C:\Program Files (x86)\Programas RFB\Sicalc Auto Atendimento\SicalcAA.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2010\IRPF - Declaração de Ajuste Anual e Final de Espólio\Ajuda do IRPF2010.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2010\IRPF - Declaração de Ajuste Anual e Final de Espólio\Desinstalar IRPF2010.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2010\IRPF - Declaração de Ajuste Anual e Final de Espólio\IRPF2010 - Declaração de Ajuste Anual e Final de Espólio.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2010\IRPF - Declaração de Ajuste Anual e Final de Espólio\Leia-me do IRPF2010.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2017\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Ajuda do IRPF2017.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2017\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\IRPF2017 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2017\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Leia-me do IRPF2017.lnk - ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk - C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.exe C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhoneClean.lnk - C:\Program Files (x86)\iMobie\PhoneClean\PhoneClean.exe C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Nero Burning ROM 11.lnk - C:\Windows\Installer\{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}\ScBurningROMStartM_7533AE23D677474387D2A66427FA7052.exe C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Oracle VM VirtualBox.lnk - C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.exe C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Windows\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spotify.lnk - C:\Users\Paulo\AppData\Roaming\Spotify\Spotify.exe C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TeamViewer 11.lnk - C:\Program Files (x86)\TeamViewer\TeamViewer.exe C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Trend Micro\Trend Micro Internet Security.lnk - C:\Program Files (x86)\Trend Micro\Titanium\UIFramework\uiWinMgr.exe C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Paulo\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Paulo\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Paulo\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Paulo\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=205 folders=67 149236398 bytes) ==== Empty Temp Folders ====================== C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Paulo\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0" not found "C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1" not found "C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2" not found "C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3" not found "C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Cache\index" not found ==== EOF on 24/05/2017 at 7:32:44,69 ====================== Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 07:39:16, on 24/05/2017 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.14393.0953) Boot mode: Normal Running processes: C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\icacls.exe C:\Program Files (x86)\LG Software\LG Smart Share\Update\SmartShareTray.exe C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe C:\Program Files (x86)\LG Software\LG Smart Share\DMC\Aggregation.exe C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe C:\Program Files (x86)\LG Software\LG Smart Share\DMS\AutoThumb.exe C:\Users\Paulo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe C:\Users\Paulo\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.br/?gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll O2 - BHO: Trend Micro Network Filter Plugin - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1403\2.7.1088\TmopIEPlg32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Trend Micro IE Protection - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll O3 - Toolbar: Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [SilentCleanService] C:\Program Files (x86)\iMobie\PhoneClean\SilentCleanServer.exe O4 - HKCU\..\Run: [OneDrive] "C:\Users\Paulo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAL.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus TX430" O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Paulo\AppData\Roaming\Spotify\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Spotify] "C:\Users\Paulo\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized O4 - HKCU\..\Run: [EPLTarget\P0000000000000002] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT "EPLTarget\P0000000000000002" /M "XP-211 214 216 Series" O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-18\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-211 214 216 Series" (User 'SISTEMA') O4 - HKUS\.DEFAULT\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-211 214 216 Series" (User 'Default user') O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O15 - Trusted Zone: http://www.bb.com.br O15 - Trusted Zone: imagem.caixa.gov.br O15 - Trusted Zone: internetbanking.caixa.gov.br O15 - Trusted Zone: internetbankingpf.caixa.gov.br O15 - Trusted Zone: www.caixa.gov.br O15 - Trusted Zone: http://www.caixa.gov.br O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1403\2.7.1088\TmopIEPlg32.dll O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: CxUtilSvc - Conexant Systems, Inc. - C:\Program Files\Conexant\SA3\CxUtilSvc.exe O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EpsonCustomerResearchParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing) O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Synaptics FP WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\Windows\system32\valWBFPolicyService.exe (file missing) O23 - Service: BiometricSensorDataSynchronization (valWbioSyncSvc) - Unknown owner - C:\Windows\system32\valWbioSyncSvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15299 bytes
  13. Laptop abrindo janela prompt de comando

    Terei que repetir a execução do Zoek ?
  14. Laptop abrindo janela prompt de comando

    Novos Logs Zoek.exe v5.0.0.1 Updated 27-09-2015 Tool run by Paulo on 20/05/2017 at 14:36:24,56. Microsoft Windows 10 Pro 10.0.14393 x64 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\Paulo\Desktop\zoek.exe [Scan all users] [Script inserted] ===== Runcheck 14:38:38,61 ===== --- Create Environment Variables 14:38:56,74 --- Create System Restore Point 14:40:23,44 --- Checking Input 14:40:41,75 --- Reset Hosts File 14:42:04,76 --- AU AppData Check 14:42:09,99 --- Remove From Windows Installer 14:42:54,36 --- Empty Folders Check 15:04:50,69 --- Registry HKLM Software Check 15:04:50,87 --- Quick Launch Shortcut Check 15:06:22,50 --- IE Startpage Check 15:07:37,87 --- Program Files DB Check 15:12:58,12 --- C:\Users\Default\AppData DB Check 15:21:47,87 --- C:\Users\Default.migrated\AppData DB Check 15:21:47,87 --- C:\Users\DefaultAppPool\AppData DB Check 15:21:47,87 --- C:\Users\Paulo\AppData DB Check 15:21:47,87 --- C:\Windows\SysNative\config\systemprofile\AppData DB Check 15:21:47,87 --- C:\Windows\sysWoW64\config\systemprofile\AppData DB Check 15:21:47,87 --- C:\Windows\serviceprofiles\networkservice\AppData DB Check 15:21:47,87 --- C:\Windows\serviceprofiles\Localservice\AppData DB Check 15:21:47,87 --- C:\Users\Paulo DB Check 15:51:25,17 --- C:\PROGRA~3 DB Check 15:54:37,82 --- C:\Users\Default\AppData\Local DB Check 15:55:36,29 --- C:\Users\Default User\AppData\Local DB Check 15:55:36,29 --- C:\Users\Default.migrated\AppData\Local DB Check 15:55:36,29 --- C:\Users\DefaultAppPool\AppData\Local DB Check 15:55:36,29 --- C:\Users\Paulo\AppData\Local DB Check 15:55:36,29 --- C:\Users\USURIO~1\AppData\Local DB Check 15:55:36,29 --- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 15:55:36,29 --- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 15:55:36,29 --- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 15:55:36,29 --- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 15:55:36,29 --- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 16:21:08,86 --- C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 16:23:03,59 --- Tasks DB Check 16:24:17,05 --- C:\Users\Paulo\AppData\LocalLow DB Check 16:25:02,01 --- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 16:25:02,01 --- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 16:25:02,01 --- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 16:25:02,01 --- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 16:25:02,01 --- Tasks2 DB Check 16:34:52,73 --- Documents DB Check 16:40:45,38 --- Documents2 DB Check 16:42:57,61 --- C:\Users\Public\Desktop DB Check 16:43:13,29 --- C:\Users\Paulo\Desktop DB Check 16:44:10,47 --- Services DB Check 16:45:45,42 --- FF prefs.js DB Check 16:51:46,79 --- Del by CLSID 16:51:56,00 --- Delete Services 16:55:10,47 --- Delete files\folders 16:55:36,40 --- Create Backups 16:55:38,50 --- Firefox Extensions 16:56:44,48 --- Chrome Look 16:57:14,36 --- IEdefaults 17:02:13,70 --- Reset Chrome 17:02:58,18 --- Shortcut Fix 17:03:00,12 --- Reset IE Proxy 17:09:17,36 --- Del from Uninstall List 17:15:34,53 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:47:23, on 22/05/2017 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.14393.0953) Boot mode: Normal Running processes: C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe C:\Users\Paulo\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.br/?gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll O2 - BHO: Trend Micro Network Filter Plugin - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1403\2.7.1088\TmopIEPlg32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Trend Micro IE Protection - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll O3 - Toolbar: Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [SilentCleanService] C:\Program Files (x86)\iMobie\PhoneClean\SilentCleanServer.exe O4 - HKCU\..\Run: [OneDrive] "C:\Users\Paulo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAL.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus TX430" O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Paulo\AppData\Roaming\Spotify\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Spotify] "C:\Users\Paulo\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized O4 - HKCU\..\Run: [EPLTarget\P0000000000000002] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT "EPLTarget\P0000000000000002" /M "XP-211 214 216 Series" O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-18\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-211 214 216 Series" (User 'SISTEMA') O4 - HKUS\.DEFAULT\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-211 214 216 Series" (User 'Default user') O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O15 - Trusted Zone: http://www.bb.com.br O15 - Trusted Zone: imagem.caixa.gov.br O15 - Trusted Zone: internetbanking.caixa.gov.br O15 - Trusted Zone: internetbankingpf.caixa.gov.br O15 - Trusted Zone: www.caixa.gov.br O15 - Trusted Zone: http://www.caixa.gov.br O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1403\2.7.1088\TmopIEPlg32.dll O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: CxUtilSvc - Conexant Systems, Inc. - C:\Program Files\Conexant\SA3\CxUtilSvc.exe O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EpsonCustomerResearchParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing) O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Synaptics FP WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\Windows\system32\valWBFPolicyService.exe (file missing) O23 - Service: BiometricSensorDataSynchronization (valWbioSyncSvc) - Unknown owner - C:\Windows\system32\valWbioSyncSvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14796 bytes
  15. Laptop abrindo janela prompt de comando

    Abaixo os logs: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.3 (04.10.2017) Operating System: Windows 10 Pro x64 Ran by Paulo (Administrator) on 19/05/2017 at 21:01:55,71 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 19/05/2017 at 21:41:36,14 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v6.047 - Relatório criado 19/05/2017 às 20:40:32 # Atualizado em 19/05/2017 por Malwarebytes # Banco de dados : 2017-05-19.1 [Servidor] # Sistema operacional : Windows 10 Pro (X64) # Usuário : Paulo - PAULO-PC # Executando de : C:\Users\Paulo\Desktop\Baixados\adwcleaner_6.047.exe # Modo: Limpo # Apoio : https://www.malwarebytes.com/support ***** [ Serviços ] ***** ***** [ Pastas ] ***** ***** [ Arquivos ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Atalhos ] ***** ***** [ Atividades agendadas ] ***** Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:40:20, on 19/05/2017 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.14393.0953) Boot mode: Normal Running processes: C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files\Trend Micro\AMSP\module\20013\ChromeExt\chromeextension\TmopChromeMsgHost32.exe C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\chrome_extension2\host\chrome_native_msg_host.exe C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\NativeMessageHost\ToolbarNativeMsgHost.exe C:\Users\Paulo\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.br/?gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll O2 - BHO: Trend Micro Network Filter Plugin - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Trend Micro IE Protection - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll O3 - Toolbar: Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [SilentCleanService] C:\Program Files (x86)\iMobie\PhoneClean\SilentCleanServer.exe O4 - HKCU\..\Run: [OneDrive] "C:\Users\Paulo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAL.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus TX430" O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Paulo\AppData\Roaming\Spotify\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Spotify] "C:\Users\Paulo\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized O4 - HKCU\..\Run: [EPLTarget\P0000000000000002] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT "EPLTarget\P0000000000000002" /M "XP-211 214 216 Series" O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-18\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-211 214 216 Series" (User 'SISTEMA') O4 - HKUS\.DEFAULT\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-211 214 216 Series" (User 'Default user') O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O15 - Trusted Zone: http://www.bb.com.br O15 - Trusted Zone: imagem.caixa.gov.br O15 - Trusted Zone: internetbanking.caixa.gov.br O15 - Trusted Zone: internetbankingpf.caixa.gov.br O15 - Trusted Zone: www.caixa.gov.br O15 - Trusted Zone: http://www.caixa.gov.br O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: CxUtilSvc - Conexant Systems, Inc. - C:\Program Files\Conexant\SA3\CxUtilSvc.exe O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EpsonCustomerResearchParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing) O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Synaptics FP WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\Windows\system32\valWBFPolicyService.exe (file missing) O23 - Service: BiometricSensorDataSynchronization (valWbioSyncSvc) - Unknown owner - C:\Windows\system32\valWbioSyncSvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15241 bytes
×