Logo Hardware.com.br
glalla
glalla Tô em todas Registrado
979 Mensagens 166 Curtidas

[Resolvido] Ozip Search deu uma bagunçada no meu navegador

#1 Por glalla 15/01/2017 - 02:22
Pessoal,

Não sei o que houve, mas hoje quando fui fazer uma pesquisa no google apareceu um outro buscador chamado "ozip search".

Tentei passar a Farbar, mas quando tento fazer o download desta ferramenta abre sempre páginas redirecionadas para outros sites e não consigo fazer o download da Farbar.

Passei o AdwCleaner que fez a seguinte limpeza:

"AdwCleaner[C0
"]
# AdwCleaner v6.042 - Relatório criado 15/01/2017 às 01:07:22
# *Updated on 06/01/2017 by Malwarebytes
# Banco de dados : 2017-01-14.1 [Servidor]
# Sistema operacional : Windows 8.1 Single Language (X64)
# Usuário : Glauber - WIN8
# Executando de : C:\Users\Glauber Segalla\Desktop\adwcleaner_6.042.exe
# Limpar
# Apoio : https://www.malwarebytes.com/support



***** [ Serviços ] *****



***** [ Pastas ] *****

[-] RestauradoC:\Program Files\ReviverSoft
[-] RestauradoC:\ProgramData\ReviverSoft
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\ReviverSoft
[-] RestauradoC:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft


***** [ Arquivos ] *****

[-] RestauradoC:\windows\SysNative\LavasoftTcpService64.dll
[-] RestauradoC:\windows\SysNative\LavasoftTcpServiceOff.ini
[-] RestauradoC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk
[-] RestauradoC:\windows\SysWOW64\lavasofttcpservice.dll
[-] RestauradoC:\windows\SysWOW64\LavasoftTcpServiceOff.ini


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Atalhos ] *****



***** [ Tarefas agendadas ] *****



***** [ Registro ] *****

[-] RestauradoHKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
[-] RestauradoHKU\.DEFAULT\Software\jhtrsq
[#] *Key deleted on reboot: HKU\S-1-5-18\Software\jhtrsq
[-] RestauradoHKLM\SOFTWARE\jhtrsq
[-] RestauradoHKLM\SOFTWARE\WISECLEANER
[-] RestauradoHKLM\SOFTWARE\Auslogics
[-] Restaurado[x64] HKLM\SOFTWARE\jhtrsq
[-] RestauradoHKLM\SOFTWARE\Classes\Installer\Features\952BA647474611149866C1269F6A0E36
[-] RestauradoHKLM\SOFTWARE\Classes\Installer\Products\952BA647474611149866C1269F6A0E36
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\952BA647474611149866C1269F6A0E36
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\952BA647474611149866C1269F6A0E36
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\952BA647474611149866C1269F6A0E36
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\952BA647474611149866C1269F6A0E36
[-] RestauradoHKU\S-1-5-21-1751273365-4100181127-1669670999-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
[#] *Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Codec Settings UAC Manager]
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [Codec Settings UAC Manager]
[-] RestauradoHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com


***** [ Verificando navegadores ... ] *****

[-] Chrome preferences reset"[EMAIL]extensions.toolbar@ask.com.install[/EMAIL]-event-fired" - true
[-] [C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Excluídobr.ask.com


*************************

:: Chaves "Tracing" excluídas
:: Configurações Winsock restauradas

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3351 *Bytes] - [15/01/2017 01:07:22]
C:\AdwCleaner\AdwCleaner[S0].txt - [3461 *Bytes] - [15/01/2017 01:01:27]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3499 *Bytes] ##########



"AdwCleaner[S0
"]
# AdwCleaner v6.042 - Relatório criado 15/01/2017 às 01:01:27
# *Updated on 06/01/2017 by Malwarebytes
# Banco de dados : 2017-01-14.1 [Servidor]
# Sistema operacional : Windows 8.1 Single Language (X64)
# Usuário : Glauber - WIN8
# Executando de : C:\Users\Glauber Segalla\Desktop\adwcleaner_6.042.exe
# *Mode: Scan
# Apoio : https://www.malwarebytes.com/support



***** [ Serviços ] *****

*No malicious services found.


***** [ Pastas ] *****

Encontrado C:\Program Files\ReviverSoft
Encontrado C:\ProgramData\ReviverSoft
Encontrado C:\ProgramData\Application Data\ReviverSoft
Encontrado C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft


***** [ Arquivos ] *****

Encontrado C:\windows\SysNative\LavasoftTcpService64.dll
Encontrado C:\windows\SysNative\LavasoftTcpServiceOff.ini
Encontrado C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk
Encontrado C:\windows\SysWOW64\lavasofttcpservice.dll
Encontrado C:\windows\SysWOW64\LavasoftTcpServiceOff.ini


***** [ DLL ] *****

*No malicious DLLs found.


***** [ WMI ] *****

*No malicious keys found.


***** [ Atalhos ] *****

Procurando por atalhos infectados ...


***** [ Tarefas agendadas ] *****

*No malicious task found.


***** [ Registro ] *****

Encontrado HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Encontrado HKU\.DEFAULT\Software\jhtrsq
Encontrado HKU\S-1-5-18\Software\jhtrsq
Encontrado HKLM\SOFTWARE\jhtrsq
Encontrado HKLM\SOFTWARE\WISECLEANER
Encontrado HKLM\SOFTWARE\Auslogics
Encontrado [x64] HKLM\SOFTWARE\jhtrsq
Encontrado HKLM\SOFTWARE\Classes\Installer\Features\952BA647474611149866C1269F6A0E36
Encontrado HKLM\SOFTWARE\Classes\Installer\Products\952BA647474611149866C1269F6A0E36
Encontrado [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\952BA647474611149866C1269F6A0E36
Encontrado [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\952BA647474611149866C1269F6A0E36
Encontrado [x64] HKLM\SOFTWARE\Classes\Installer\Features\952BA647474611149866C1269F6A0E36
Encontrado [x64] HKLM\SOFTWARE\Classes\Installer\Products\952BA647474611149866C1269F6A0E36
Encontrado HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Encontrado HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Encontrado [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Valor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Codec Settings UAC Manager]
Valor [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [Codec Settings UAC Manager]
Encontrado HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com


***** [ Navegadores ] *****

Encontrado [C:\Users\Glauber Segalla\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\6d5utyea.default\prefs.js] - "[EMAIL]extensions.toolbar@ask.com.install[/EMAIL]-event-fired" - true
*Chromium pref Found: [C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Web data] - br.ask.com

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [3279 *Bytes] - [15/01/2017 01:01:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3353 *Bytes] ##########



No geral parece que não ocorre nada no computador, mas quando acessei alguns sites pelo Mozilla Firefox que solicitavam senha abria sempre um pop-up em nova aba que consegui salvar o nome que acredito ser proveniente do Ozip Search.

Mostrar: "http://weevah.top/watch?key = depois tem várias letras e números misturados".

Aguardo instruções para remover completamente esta praga.
mozilla-firefox pop-up ozip-search sequestrador-de-navegador pesquisa download houve search baguncada fazer farbar ozip
TmfeijoMMonroe
TmfeijoMMonr... Cyber Highlander Registrado
13.7K Mensagens 4.2K Curtidas
#4 Por TmfeijoMMonr...
15/01/2017 - 16:12
Boa tarde ! Prezado glalla

Tente com o malwarebytes e com a eset on line.

http://www.caixadedicas.com/2009/10/tutorial-do-malwarebytes-anti-malware.html

https://www.eset.com/int/home/online-scanner/

https://www.hardware.com.br/comunidade/virus-desabilita/1438539/#post7670119

Agora tudo abaixo; apenas um resumo de total perda de tempo.

https://www.hardware.com.br/comunidade/consertar-windows/1409278/1.html ( maio/2016)

Uma up suporte à perdas de tempo:

https://www.hardware.com.br/comunidade/ransomware-chamado/1439745/

Abraços

glalla disse:
Já fiz isso na pasta App Data, o problema é que não aparece nada instalado dentro destas pastas.

Acredito que esteja em outro local, pois testei todos os navegadores instalados e ele instalou esta tranqueira em todos.

Além disso, está me bloqueando para fazer downloads.

Tem alguma ferramenta que possa ajudar a tirar estas pragas?
A ignorância é a pior inimiga do homem . Não tenho medo de nada; apenas da inveja . E o mundo cada vez melhor !!
Palavras sábias de um hiper profissional do judiciário; perito digital e em psicologia jurídica .
A sua inveja é a velocidade de meu sucesso .
Um coração medroso congela o trabalho . Um coração temerário incendeia qualquer serviço ; arrasando - o .
glalla
glalla Tô em todas Registrado
979 Mensagens 166 Curtidas
#5 Por glalla
15/01/2017 - 16:23
Olá TmfeijoMMonroe,

Acabei de fazer a análise com o Mbam.

"relatório mbam arquivos enviados para quarentena 15-01-17"

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 15/01/17
Hora da análise: 15:23
Arquivo de registro: relatório mbam arquivos enviados para quarentena 15-01-17.txt
Administrador: Sim

-Informação do software-
Versão: 3.0.5.1299
Versão de componentes: 1.0.43
Versão do pacote de definições: 1.0.1018
Licença: Versão de avaliação

-Informação do sistema-
Sistema operacional: Windows 8.1
CPU: x64
Sistema de arquivos: NTFS
Usuário: WIN8\Glauber

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Resultado: Concluído
Objetos verificados: 356322
Tempo decorrido: 41 min, 1 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 1
PUP.Optional.WiseRC, HKLM\SOFTWARE\CLASSES\CLSID\{D4EF86C3-77D7-4F82-BBB8-6DFFAB6E2D32}, Quarentena, [2514], [349250],1.0.1018

Valor de registro: 1
PUP.Optional.WiseRC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|WISEREGCLEANER.EXE, Quarentena, [2514], [349251],1.0.1018

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 13
PUP.Optional.WiseRC, C:\Users\Glauber Segalla\AppData\Roaming\Wise Registry Cleaner\Backup, Quarentena, [2514], [349249],1.0.1018
PUP.Optional.WiseRC, C:\Users\Glauber Segalla\AppData\Roaming\Wise Registry Cleaner\Ad, Quarentena, [2514], [349249],1.0.1018
PUP.Optional.WiseRC, C:\USERS\GLAUBER SEGALLA\APPDATA\ROAMING\Wise Registry Cleaner, Quarentena, [2514], [349249],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\diagnostics, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\snapshots, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\Internet, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\PROGRAMS, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\events, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\Logs, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\ohm, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\USERS\GLAUBER SEGALLA\APPDATA\ROAMING\DRPSU, Quarentena, [2475], [358060],1.0.1018

Arquivo: 191
PUP.Optional.WiseRC, C:\Users\Glauber Segalla\AppData\Roaming\Wise Registry Cleaner\Backup\WIN8 19-04-2016 152530.reg, Quarentena, [2514], [349249],1.0.1018
PUP.Optional.WiseRC, C:\Users\Glauber Segalla\AppData\Roaming\Wise Registry Cleaner\Config.ini, Quarentena, [2514], [349249],1.0.1018
PUP.Optional.WiseRC, C:\Users\Glauber Segalla\AppData\Roaming\Wise Registry Cleaner\Errorlog.txt, Quarentena, [2514], [349249],1.0.1018
PUP.Optional.WiseRC, C:\Users\Glauber Segalla\AppData\Roaming\Wise Registry Cleaner\OptIgnoreList.txt, Quarentena, [2514], [349249],1.0.1018
PUP.Optional.DriverPack, C:\USERS\GLAUBER SEGALLA\APPDATA\ROAMING\DRPSU\DIAGNOSTICS\HARDWARE.JSON, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\diagnostics\localdiagnostics.json, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\diagnostics\soft.json, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\diagnostics\softchanges.json, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\Microsoft-NTx64-point64-drp.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\AMD-81x64-drp.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\AMD-FORCED-Catalyst-81x64-21.19.137.1-drp.zip, Excluir ao reiniciar, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\AMD-FORCED-Legacy-81x64-15.7.1-drp.zip, Excluir ao reiniciar, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\AMD-FORCED-PSP-81x64-drp.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\AMD-FORCED-SMBus-NTx64-drp.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\Atheros-FORCED-81x64-WiFi_10.0.0.339-drp.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\Atheros-FORCED-81x64-WiFi_10.0.0.345-drp.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\Microsoft-NTx64-dc3du-drp.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\Microsoft-NTx64-WirelessKeyboardFilter-drp.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\Realtek-FORCED-NTx64-5229_10.0.10586.29092-drp.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\Realtek-FORCED-NTx64-7878-drp.zip, Excluir ao reiniciar, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\Realtek-FORCED-NTx64-7960-drp.zip, Excluir ao reiniciar, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\Realtek-matchver-FORCED-881x64-PCIe_8.046.0422.2016-drp.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\Realtek-matchver-FORCED-881x64-PCIe_8.047.0920.2016-drp.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\Internet\WifiInterface.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\Logs\log___2016-08-01-01-56-29.html, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\Logs\log___2016-08-01-11-34-31.html, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\Logs\log___2016-08-10-01-28-10.html, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\Logs\log___2016-08-10-02-58-41.html, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\Logs\log___2016-08-13-11-03-31.html, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\Logs\log___2016-08-17-17-10-43.html, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\Logs\log___2016-10-22-00-19-53.html, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\ohm\openhardwaremonitor.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\snapshots\DriverPack_Snapshot_20160801_015715.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\snapshots\DriverPack_Snapshot_20160801_113456.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\snapshots\DriverPack_Snapshot_20160810_030304.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\snapshots\DriverPack_Snapshot_20160813_110352.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\snapshots\DriverPack_Snapshot_20160817_171108.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\snapshots\DriverPack_Snapshot_20161022_002020.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_16724.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_27174.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_29131.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_75731.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_77638.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_79876.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_83236.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_87768.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_97148.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_99693.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\ps.irbkcnlv.7xb8x.cmd.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\ps.irc5011z.akm1t.cmd.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\ps.iroeaxi5.lm4jt.cmd.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_93888.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_97148.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_99693.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_17580.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_25173.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_27174.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_28393.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_29131.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_29588.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_31840.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_37215.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_38112.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_4234.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_51981.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\driversInstallationStatus.json, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\installing_17580.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\installing_25173.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\installing_28393.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\installing_31840.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\installing_4234.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\installing_93888.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_16724.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_27174.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_29131.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_29588.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_34320.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_35289.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_35905.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_29588.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_69308.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\ps.irohjcgb.g4eua.cmd.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_37215.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_4234.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_87768.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_59158.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_16724.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_17580.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_25173.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_27174.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_28393.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_29131.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_29588.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_31840.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_34320.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_35289.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_35905.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_37215.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_38112.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_40800.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\ps.irt96dtd.cm9wd.cmd.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\ps.irzc20jh.yp8op.cmd.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\ps.iukkv4xj.rlmts.cmd.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\ps.iukkv4xj.rlmts.stderr.log, Excluir ao reiniciar, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\ps.iukkv4xj.rlmts.stdout.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_45451.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_46467.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_47930.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_48730.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_51981.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_52495.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_58958.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_59158.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_59618.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_63300.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_65611.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_66428.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_68977.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_69308.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_75731.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_77638.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_79876.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_83236.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_63300.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_65611.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_66428.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_83236.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_93888.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_99693.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_16724.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_27174.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_29131.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_29588.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_34320.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_35289.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_35905.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_37215.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_38112.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_46467.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_47930.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_48730.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_51981.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_58958.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_59158.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_63300.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_65611.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_66428.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_34320.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_35289.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_35905.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_37215.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_38112.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_46467.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_47930.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_48730.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_51981.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_58958.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_59158.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_63300.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_65611.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_66428.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_69308.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_75731.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_77638.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_79876.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_83236.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_87768.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_97148.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_99693.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_38112.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_46467.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_47930.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_48730.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_51981.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_58958.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_59158.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_63300.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_65611.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_66428.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_69308.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_75731.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_77638.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_79876.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_83236.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_87768.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_97148.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_99693.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_undefined.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.FFHijacker, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\5132484.CFG, Quarentena, [1405], [345404],1.0.1018
Adware.FileFinder, C:\USERS\GLAUBER SEGALLA\APPDATA\LOCAL\TEMP\REMO_RECOVER_OUTLOOK_EXPRESS_V.2.0.1.6_CRACK_ZIP__13Z01AC.EXE, Quarentena, [756], [360561],1.0.1018
PUP.Optional.FFHijacker, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\DEFAULTS\PREF\5132484.JS, Quarentena, [1405], [345398],1.0.1018

Setor físico: 0
(Nenhum item malicioso detectado)


(end)


A ferramenta Eset eu passo mais tarde pois aqui começou agora um temporal e vou ter que desligar o PC.
TmfeijoMMonroe
TmfeijoMMonr... Cyber Highlander Registrado
13.7K Mensagens 4.2K Curtidas
#6 Por TmfeijoMMonr...
15/01/2017 - 16:50
Boa tarde ! Prezado regente glalla

No aguardo da eset em seu feito.
O malwarebytes vc rodastes na opção de scan customizado ? Conforme tutorial acima !
Já desinstale o malwarebytes com o revo uninstaller; que os itens quarentenados irão embora junto.

Abraços

glalla disse:
Olá TmfeijoMMonroe,

Acabei de fazer a análise com o Mbam.

"relatório mbam arquivos enviados para quarentena 15-01-17"

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 15/01/17
Hora da análise: 15:23
Arquivo de registro: relatório mbam arquivos enviados para quarentena 15-01-17.txt
Administrador: Sim

-Informação do software-
Versão: 3.0.5.1299
Versão de componentes: 1.0.43
Versão do pacote de definições: 1.0.1018
Licença: Versão de avaliação

-Informação do sistema-
Sistema operacional: Windows 8.1
CPU: x64
Sistema de arquivos: NTFS
Usuário: WIN8\Glauber

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Resultado: Concluído
Objetos verificados: 356322
Tempo decorrido: 41 min, 1 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 1
PUP.Optional.WiseRC, HKLM\SOFTWARE\CLASSES\CLSID\{D4EF86C3-77D7-4F82-BBB8-6DFFAB6E2D32}, Quarentena, [2514], [349250],1.0.1018

Valor de registro: 1
PUP.Optional.WiseRC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|WISEREGCLEANER.EXE, Quarentena, [2514], [349251],1.0.1018

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 13
PUP.Optional.WiseRC, C:\Users\Glauber Segalla\AppData\Roaming\Wise Registry Cleaner\Backup, Quarentena, [2514], [349249],1.0.1018
PUP.Optional.WiseRC, C:\Users\Glauber Segalla\AppData\Roaming\Wise Registry Cleaner\Ad, Quarentena, [2514], [349249],1.0.1018
PUP.Optional.WiseRC, C:\USERS\GLAUBER SEGALLA\APPDATA\ROAMING\Wise Registry Cleaner, Quarentena, [2514], [349249],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\diagnostics, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\snapshots, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\Internet, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\PROGRAMS, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\events, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\Logs, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\ohm, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\USERS\GLAUBER SEGALLA\APPDATA\ROAMING\DRPSU, Quarentena, [2475], [358060],1.0.1018

Arquivo: 191
PUP.Optional.WiseRC, C:\Users\Glauber Segalla\AppData\Roaming\Wise Registry Cleaner\Backup\WIN8 19-04-2016 152530.reg, Quarentena, [2514], [349249],1.0.1018
PUP.Optional.WiseRC, C:\Users\Glauber Segalla\AppData\Roaming\Wise Registry Cleaner\Config.ini, Quarentena, [2514], [349249],1.0.1018
PUP.Optional.WiseRC, C:\Users\Glauber Segalla\AppData\Roaming\Wise Registry Cleaner\Errorlog.txt, Quarentena, [2514], [349249],1.0.1018
PUP.Optional.WiseRC, C:\Users\Glauber Segalla\AppData\Roaming\Wise Registry Cleaner\OptIgnoreList.txt, Quarentena, [2514], [349249],1.0.1018
PUP.Optional.DriverPack, C:\USERS\GLAUBER SEGALLA\APPDATA\ROAMING\DRPSU\DIAGNOSTICS\HARDWARE.JSON, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\diagnostics\localdiagnostics.json, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\diagnostics\soft.json, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\diagnostics\softchanges.json, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\Microsoft-NTx64-point64-drp.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\AMD-81x64-drp.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\AMD-FORCED-Catalyst-81x64-21.19.137.1-drp.zip, Excluir ao reiniciar, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\AMD-FORCED-Legacy-81x64-15.7.1-drp.zip, Excluir ao reiniciar, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\AMD-FORCED-PSP-81x64-drp.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\AMD-FORCED-SMBus-NTx64-drp.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\Atheros-FORCED-81x64-WiFi_10.0.0.339-drp.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\Atheros-FORCED-81x64-WiFi_10.0.0.345-drp.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\Microsoft-NTx64-dc3du-drp.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\Microsoft-NTx64-WirelessKeyboardFilter-drp.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\Realtek-FORCED-NTx64-5229_10.0.10586.29092-drp.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\Realtek-FORCED-NTx64-7878-drp.zip, Excluir ao reiniciar, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\Realtek-FORCED-NTx64-7960-drp.zip, Excluir ao reiniciar, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\Realtek-matchver-FORCED-881x64-PCIe_8.046.0422.2016-drp.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\DRIVERS\Realtek-matchver-FORCED-881x64-PCIe_8.047.0920.2016-drp.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\Internet\WifiInterface.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\Logs\log___2016-08-01-01-56-29.html, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\Logs\log___2016-08-01-11-34-31.html, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\Logs\log___2016-08-10-01-28-10.html, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\Logs\log___2016-08-10-02-58-41.html, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\Logs\log___2016-08-13-11-03-31.html, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\Logs\log___2016-08-17-17-10-43.html, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\Logs\log___2016-10-22-00-19-53.html, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\ohm\openhardwaremonitor.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\snapshots\DriverPack_Snapshot_20160801_015715.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\snapshots\DriverPack_Snapshot_20160801_113456.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\snapshots\DriverPack_Snapshot_20160810_030304.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\snapshots\DriverPack_Snapshot_20160813_110352.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\snapshots\DriverPack_Snapshot_20160817_171108.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\snapshots\DriverPack_Snapshot_20161022_002020.zip, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_16724.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_27174.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_29131.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_75731.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_77638.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_79876.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_83236.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_87768.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_97148.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_99693.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\ps.irbkcnlv.7xb8x.cmd.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\ps.irc5011z.akm1t.cmd.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\ps.iroeaxi5.lm4jt.cmd.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_93888.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_97148.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_99693.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_17580.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_25173.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_27174.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_28393.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_29131.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_29588.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_31840.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_37215.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_38112.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_4234.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_51981.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\driversInstallationStatus.json, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\installing_17580.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\installing_25173.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\installing_28393.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\installing_31840.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\installing_4234.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\installing_93888.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_16724.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_27174.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_29131.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_29588.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_34320.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_35289.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_35905.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_29588.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_69308.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\ps.irohjcgb.g4eua.cmd.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_37215.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_4234.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_87768.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_59158.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_16724.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_17580.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_25173.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_27174.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_28393.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_29131.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_29588.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_31840.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_34320.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_35289.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_35905.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_37215.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_38112.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_40800.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\ps.irt96dtd.cm9wd.cmd.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\ps.irzc20jh.yp8op.cmd.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\ps.iukkv4xj.rlmts.cmd.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\ps.iukkv4xj.rlmts.stderr.log, Excluir ao reiniciar, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\ps.iukkv4xj.rlmts.stdout.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_45451.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_46467.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_47930.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_48730.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_51981.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_52495.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_58958.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_59158.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_59618.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_63300.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_65611.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_66428.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_68977.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_69308.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_75731.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_77638.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_79876.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_finished_83236.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_63300.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_65611.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_66428.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_83236.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_93888.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\wget_log_99693.log, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_16724.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_27174.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_29131.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_29588.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_34320.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_35289.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_35905.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_37215.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_38112.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_46467.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_47930.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_48730.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_51981.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_58958.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_59158.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_63300.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_65611.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\log_zip_file_66428.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_34320.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_35289.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_35905.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_37215.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_38112.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_46467.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_47930.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_48730.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_51981.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_58958.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_59158.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_63300.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_65611.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_66428.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_69308.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_75731.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_77638.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_79876.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_83236.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_87768.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_97148.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\devcon_99693.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_38112.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_46467.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_47930.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_48730.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_51981.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_58958.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_59158.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_63300.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_65611.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_66428.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_69308.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_75731.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_77638.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_79876.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_83236.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_87768.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_97148.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_99693.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.DriverPack, C:\Users\Glauber Segalla\AppData\Roaming\DRPSu\temp\unzipping_undefined.txt, Quarentena, [2475], [358060],1.0.1018
PUP.Optional.FFHijacker, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\5132484.CFG, Quarentena, [1405], [345404],1.0.1018
Adware.FileFinder, C:\USERS\GLAUBER SEGALLA\APPDATA\LOCAL\TEMP\REMO_RECOVER_OUTLOOK_EXPRESS_V.2.0.1.6_CRACK_ZIP__13Z01AC.EXE, Quarentena, [756], [360561],1.0.1018
PUP.Optional.FFHijacker, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\DEFAULTS\PREF\5132484.JS, Quarentena, [1405], [345398],1.0.1018

Setor físico: 0
(Nenhum item malicioso detectado)


(end)


A ferramenta Eset eu passo mais tarde pois aqui começou agora um temporal e vou ter que desligar o PC.
A ignorância é a pior inimiga do homem . Não tenho medo de nada; apenas da inveja . E o mundo cada vez melhor !!
Palavras sábias de um hiper profissional do judiciário; perito digital e em psicologia jurídica .
A sua inveja é a velocidade de meu sucesso .
Um coração medroso congela o trabalho . Um coração temerário incendeia qualquer serviço ; arrasando - o .
glalla
glalla Tô em todas Registrado
979 Mensagens 166 Curtidas
#7 Por glalla
15/01/2017 - 20:11
Olá TmfeijoMMonroe,

O malwarebytes vc rodastes na opção de scan customizado ? Conforme tutorial acima !


Sim, eu passei da mesma forma que o tutorial informou.

No aguardo da eset em seu feito.

"Log ESET"

B:\Aplicativos\PACOTE DE CODECS PARA RODAR QUALQUER ARQUIVO DE MÍDIA NO WMPLAYER\media.player.codec.pack.v4.4.2.setup.exe uma variante de Win32/Spigot.B Aplicação potencialmente não desejado excluído
C:\Cursos do Hotmart\Trabalhar pela Internet Agora 2.0\Módulo 23 - Downloads de ferramentas bônus citadas nas aulas\relink1.zip PHP/Kryptik.AE cavalo de Tróia excluído
C:\Windows\[email]KMS-R@1n.exe[/email] uma variante de Win64/HackKMS.H Aplicação potencialmente insegura limpo por exclusão
C:\Windows\[email]KMS-R@1nHook.dll[/email] uma variante de Win64/HackKMS.D Aplicação potencialmente insegura limpo por exclusão
C:\Windows\[email]KMS-R@1nHook.exe[/email] uma variante de Win64/HackKMS.C Aplicação potencialmente insegura limpo por exclusão



Mesmo passando as duas ferramentas sinto que o computador ainda apresenta muitos problemas enquanto estou navegando.

A conexão está bastante lenta e ainda ainda estão abrindo em todos os navegadores várias pop-ups de propagandas ou deste Ozip Search.

Aguardo mais instruções.
TmfeijoMMonroe
TmfeijoMMonr... Cyber Highlander Registrado
13.7K Mensagens 4.2K Curtidas
#8 Por TmfeijoMMonr...
15/01/2017 - 20:18
Boa noite !

Execute as famosas ferramentas JRT e o adwcleaner:

https://www.bleepingcomputer.com/download/adwcleaner/

https://www.bleepingcomputer.com/download/junkware-removal-tool/


TmfeijoMMonroe disse:
Boa tarde ! Prezado regente glalla

No aguardo da eset em seu feito.
O malwarebytes vc rodastes na opção de scan customizado ? Conforme tutorial acima !
Já desinstale o malwarebytes com o revo uninstaller; que os itens quarentenados irão embora junto.

Abraços


glalla disse:
Olá TmfeijoMMonroe,



Sim, eu passei da mesma forma que o tutorial informou.

No aguardo da eset em seu feito.

"Log ESET"

B:\Aplicativos\PACOTE DE CODECS PARA RODAR QUALQUER ARQUIVO DE MÍDIA NO WMPLAYER\media.player.codec.pack.v4.4.2.setup.exe uma variante de Win32/Spigot.B Aplicação potencialmente não desejado excluído
C:\Cursos do Hotmart\Trabalhar pela Internet Agora 2.0\Módulo 23 - Downloads de ferramentas bônus citadas nas aulas\relink1.zip PHP/Kryptik.AE cavalo de Tróia excluído
C:\Windows\[EMAIL]KMS-R@1n.exe[/EMAIL] uma variante de Win64/HackKMS.H Aplicação potencialmente insegura limpo por exclusão
C:\Windows\[EMAIL]KMS-R@1nHook.dll[/EMAIL] uma variante de Win64/HackKMS.D Aplicação potencialmente insegura limpo por exclusão
C:\Windows\[EMAIL]KMS-R@1nHook.exe[/EMAIL] uma variante de Win64/HackKMS.C Aplicação potencialmente insegura limpo por exclusão



Mesmo passando as duas ferramentas sinto que o computador ainda apresenta muitos problemas enquanto estou navegando.

A conexão está bastante lenta e ainda ainda estão abrindo em todos os navegadores várias pop-ups de propagandas ou deste Ozip Search.

Aguardo mais instruções.
A ignorância é a pior inimiga do homem . Não tenho medo de nada; apenas da inveja . E o mundo cada vez melhor !!
Palavras sábias de um hiper profissional do judiciário; perito digital e em psicologia jurídica .
A sua inveja é a velocidade de meu sucesso .
Um coração medroso congela o trabalho . Um coração temerário incendeia qualquer serviço ; arrasando - o .
glalla
glalla Tô em todas Registrado
979 Mensagens 166 Curtidas
#9 Por glalla
15/01/2017 - 20:58
Olá TmfeijoMMonroe,

Boa noite !

Execute as famosas ferramentas JRT e o adwcleaner:

https://www.bleepingcomputer.com/download/adwcleaner/

https://www.bleepingcomputer.com/download/junkware-removal-tool/


Passei as duas ferramentas aqui estão os logs de ambas:

"AdwCleaner[C2
"]
# AdwCleaner v6.042 - Relatório criado 15/01/2017 às 20:46:24
# *Updated on 06/01/2017 by Malwarebytes
# Banco de dados : 2017-01-15.1 [Servidor]
# Sistema operacional : Windows 8.1 Single Language (X64)
# Usuário : Glauber - WIN8
# Executando de : C:\Users\Glauber Segalla\Downloads\ATALHOS DE PROGRAMAS SALVOS NO DESKTOP\SEGURANÇA E LIMPEZA\adwcleaner_6.042.exe
# Limpar
# Apoio : https://www.malwarebytes.com/support



***** [ Serviços ] *****



***** [ Pastas ] *****

[-] RestauradoC:\Program Files\ReviverSoft
[-] RestauradoC:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft


***** [ Arquivos ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Atalhos ] *****



***** [ Tarefas agendadas ] *****



***** [ Registro ] *****



***** [ Verificando navegadores ... ] *****

[-] [C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Excluídobr.ask.com


*************************

:: Chaves "Tracing" excluídas
:: Configurações Winsock restauradas

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3607 *Bytes] - [15/01/2017 01:07:22]
C:\AdwCleaner\AdwCleaner[C2].txt - [1198 *Bytes] - [15/01/2017 20:46:24]
C:\AdwCleaner\AdwCleaner[S0].txt - [3461 *Bytes] - [15/01/2017 01:01:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [1546 *Bytes] - [15/01/2017 20:45:49]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1420 *Bytes] ##########



"Log do JRT"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 8.1 Single Language x64
Ran by Glauber (Administrator) on 15/01/2017 at 20:34:18,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 7

Failed to delete: C:\Program Files\reviversoft (Folder)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\ProgramData\reviversoft (Folder)
Successfully deleted: C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio (Folder)
Successfully deleted: C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkojfkhlekighikafcpjkiklfbnlmeio (Folder)
Successfully deleted: C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage (File)
Successfully deleted: C:\Users\Glauber Segalla\AppData\Roaming\productdata (Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/01/2017 at 20:39:37,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Infelizmente a ferramenta JRT excluiu o Start Menu Reviver que eu usava para acessar o menu iniciar no windows 8.1. Você sabe por qual motivo ele excluiu este programa? Eu utilizo ele há quase um ano e nunca tive qualquer problema com ele. Acredito que esta praga tenha ocasionado algum problema dentro deste programa.

Parece que as duas ferramentas não excluíram ainda os problemas nos navegadores firefox, internet explorer e pale moon, pois em todos eles continuam a aparecer aquelas pragas em novas abas do navegador conforme estou navegando. Tem vezes, até que ele não me deixa fazer um download. Aconteceu isso ontem e agora pouco na hora que fui baixar o JRT. No lugar abriu uma página para eu atualizar meu navegador e também uma página de atualização do java.

Estou com as últimas versões tanto do navegador como do java.

Fico no aguardo de sua análise para saber qual procedimento devo seguir.
Danindanis
Danindanis Membro Senior Registrado
212 Mensagens 26 Curtidas
#10 Por Danindanis
15/01/2017 - 23:34
Tente o spy hunter, porem com ele você terá que apagar arquivo por arquivo, pois só na versão paga que ele apaga tudo automático. Na versão de demonstração voce consegue ver onde esta o arquivo e apaga-lo. Faça um ponto de restauração antes pois ele indica vários registros do sistema, es e voce apagar algo a mais do que ele indica deu ruim. Ele aparece bem mais arquivos do que os outros, então espere uma enxurrada.

PS: Se preferir apague apenas os que estão te incomodando.
PS2: Ja que foi apagado o Start Menu Reviver recomendo o que eu uso, o nome dele e Start8 muito bom ele.
TmfeijoMMonroe
TmfeijoMMonr... Cyber Highlander Registrado
13.7K Mensagens 4.2K Curtidas
#11 Por TmfeijoMMonr...
15/01/2017 - 23:45
Boa noite ! Prezados

De maneira alguma e por motivo nenhum . Não instalem este coletivo de malwares digamos assim ; ou seja o spy hunter !

Abraços

Danindanis disse:
Tente o spy hunter, porem com ele você terá que apagar arquivo por arquivo, pois só na versão paga que ele apaga tudo automático. Na versão de demonstração voce consegue ver onde esta o arquivo e apaga-lo. Faça um ponto de restauração antes pois ele indica vários registros do sistema, es e voce apagar algo a mais do que ele indica deu ruim. Ele aparece bem mais arquivos do que os outros, então espere uma enxurrada.

PS: Se preferir apague apenas os que estão te incomodando.
PS2: Ja que foi apagado o Start Menu Reviver recomendo o que eu uso, o nome dele e Start8 muito bom ele.
A ignorância é a pior inimiga do homem . Não tenho medo de nada; apenas da inveja . E o mundo cada vez melhor !!
Palavras sábias de um hiper profissional do judiciário; perito digital e em psicologia jurídica .
A sua inveja é a velocidade de meu sucesso .
Um coração medroso congela o trabalho . Um coração temerário incendeia qualquer serviço ; arrasando - o .
glalla
glalla Tô em todas Registrado
979 Mensagens 166 Curtidas
#12 Por glalla
16/01/2017 - 02:56
Pessoal,

Apenas como um complemento para ajudar vocês eu anotei o link dos sites que estão ainda aparecendo em todos os navegadores que tenho instalado no meu computador (Firefox, Chrome, Pale Moon e Internet Explorer) e ainda não consegui descobrir onde está localizada esta praga.

São estes os principais links que aparecem:

http://weevah2.top/watch?key=depois várias letras e números
http://ad.dumedia.ru/click?id=depois várias letras e números
http://download.howtosplified.com/in...depois várias letras e números
http://clotraim.website/afu.php (este link que vem abrindo todos os outros)

Parece que ele é um redirecionador para todos estes outros links que ficam abrindo constantemente mesmo eu não fazendo nada no navegador.

Outra coisa muito chata que ele vem fazendo é bloquear os meus downloads. Conforme clico em algum link de download abrem estes sites citados e não consigo voltar ao link do download.
joram
joram Highlander Registrado
5.4K Mensagens 2.5K Curtidas
#13 Por joram
16/01/2017 - 08:00
/_ Bom Dia! glalla _\

> Está faltando diagnóstico nestas análises! E a recomendação oficial são os relatórios da FRST.

Imagem
https://www.hardware.com.br/comunidade/v-t/1226830/

Siga as recomendações deste Tópico e poste: FRST.txt + Addition.txt
Disponibilize os relatórios em Cjoint.com ou utilize spoiler,cuja instrução está ao final daquela página.
Outra opçãohospedar os relatórios em Hébergement de fichiers, Security-x.fr.

[Abs]
Moderador - iMasters Fóruns - Segurança & Malwares
Administrador - Fórum SecSecurity
Administrador - Fórum PC Brasil
glalla
glalla Tô em todas Registrado
979 Mensagens 166 Curtidas
#14 Por glalla
16/01/2017 - 11:01
ok Joram,

Aqui estão os logs pedidos:

"FRST.txt"

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 15-01-2017
Executado por Glauber (administrador) em WIN8 (16-01-2017 10:53:40)
Executando a partir de C:\Users\Glauber Segalla\Desktop
Perfis Carregados: Glauber (Perfis Disponíveis: Glauber)
Platform: Windows 8.1 Single Language (Update) (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe

==================== Registro (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634288 2014-06-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1386712 2014-06-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [109824 2016-08-05] (Panda Security, S.L.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4015216 2016-12-15] (Tonec Inc.)
HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\Users\Glauber Segalla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-04-08]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

AutoConfigURL: [S-1-5-21-1751273365-4100181127-1669670999-1001] => hxxp://noblockweb.net/wpad.dat?75bf99f57d20c269bed3260f4914685723699845
Tcpip\Parameters: [DhcpNameServer] 200.189.80.122 200.189.80.108
Tcpip\..\Interfaces\{886A4B6C-67C0-46E8-8CA2-7C512AAD8465}: [DhcpNameServer] 200.189.80.122 200.189.80.108
ManualProxies: 0hxxp://noblockweb.net/wpad.dat?75bf99f57d20c269bed3260f4914685723699845

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/17
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/17
HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/17
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1751273365-4100181127-1669670999-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-02-01] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-02-01] (Microsoft Corporation)
BHO: Sem Nome -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> Nenhum Arquivo
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-02-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-06] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-02-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-06] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
DPF: HKLM-x32 {55A2C0CD-3DE8-4264-9637-A0B40B05714E} hxxps://col430-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=453342177
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-01] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - Nenhum Arquivo

FireFox:
========
FF DefaultProfile: flk299ku.perfil
FF ProfilePath: C:\Users\Glauber Segalla\AppData\Roaming\Mozilla\Firefox\Profiles\flk299ku.perfil [2017-01-16]
FF Homepage: Mozilla\Firefox\Profiles\flk299ku.perfil -> hxxp://favoritosglauber.blogspot.com.br/
FF Extension: (QuickFox Notes) - C:\Users\Glauber Segalla\AppData\Roaming\Mozilla\Firefox\Profiles\flk299ku.perfil\Extensions\[email]amin.eft_bmnotes@gmail.com[/email] [2017-01-12]
FF Extension: (Classic Theme Restorer) - C:\Users\Glauber Segalla\AppData\Roaming\Mozilla\Firefox\Profiles\flk299ku.perfil\Extensions\[email]ClassicThemeRestorer@ArisT2Noia4dev.xpi[/email] [2017-01-12]
FF Extension: (YouTube mp3) - C:\Users\Glauber Segalla\AppData\Roaming\Mozilla\Firefox\Profiles\flk299ku.perfil\Extensions\[email]info@youtube-mp3.org.xpi[/email] [2017-01-13]
FF Extension: (Português (pt-BR) Language Pack) - C:\Users\Glauber Segalla\AppData\Roaming\Mozilla\Firefox\Profiles\flk299ku.perfil\Extensions\[email]langpack-pt-BR@firefox.mozilla.org.xpi[/email] [2017-01-12]
FF Extension: (Português Brasileiro (Nova Ortografia)) - C:\Users\Glauber Segalla\AppData\Roaming\Mozilla\Firefox\Profiles\flk299ku.perfil\Extensions\[email]pt-BR@dictionaries.addons.mozilla.org[/email] [2017-01-12]
FF Extension: (Google Translator for Firefox) - C:\Users\Glauber Segalla\AppData\Roaming\Mozilla\Firefox\Profiles\flk299ku.perfil\Extensions\[email]translator@zoli.bod.xpi[/email] [2017-01-12]
FF Extension: (Flagfox) - C:\Users\Glauber Segalla\AppData\Roaming\Mozilla\Firefox\Profiles\flk299ku.perfil\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2017-01-12]
FF Extension: (Speed Dial) - C:\Users\Glauber Segalla\AppData\Roaming\Mozilla\Firefox\Profiles\flk299ku.perfil\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2017-01-12]
FF Extension: (Open Profile Folder) - C:\Users\Glauber Segalla\AppData\Roaming\Mozilla\Firefox\Profiles\flk299ku.perfil\Extensions\{a756d17a-5a4c-4417-813c-c8cd0151e486}.xpi [2017-01-12]
FF Extension: (Tab Mix Plus) - C:\Users\Glauber Segalla\AppData\Roaming\Mozilla\Firefox\Profiles\flk299ku.perfil\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-01-12]
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-11-16]
FF ProfilePath: C:\Users\Glauber Segalla\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\6d5utyea.default [2017-01-16]
FF Homepage: Moonchild Productions\Pale Moon\Profiles\6d5utyea.default -> hxxp://favoritosglauber.blogspot.com.br/
FF Extension: (QuickFox Notes) - C:\Users\Glauber Segalla\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\6d5utyea.default\Extensions\[email]amin.eft_bmnotes@gmail.com[/email] [2017-01-08]
FF Extension: (YouTube mp3) - C:\Users\Glauber Segalla\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\6d5utyea.default\Extensions\[email]info@youtube-mp3.org.xpi[/email] [2017-01-08]
FF Extension: (Português Brasileiro Language Pack) - C:\Users\Glauber Segalla\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\6d5utyea.default\Extensions\[email]langpack-pt-BR@firefox.mozilla.org.xpi[/email] [2015-05-25] [não assinado]
FF Extension: (IDM CC) - C:\Users\Glauber Segalla\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\6d5utyea.default\Extensions\[email]mozilla_cc@internetdownloadmanager.com[/email] [2017-01-08] [não assinado]
FF Extension: (Português Brasileiro (Nova Ortografia)) - C:\Users\Glauber Segalla\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\6d5utyea.default\Extensions\[email]pt-BR@dictionaries.addons.mozilla.org[/email] [2017-01-08]
FF Extension: (Google Translator for Firefox) - C:\Users\Glauber Segalla\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\6d5utyea.default\Extensions\[email]translator@zoli.bod.xpi[/email] [2017-01-08]
FF Extension: (Flagfox) - C:\Users\Glauber Segalla\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\6d5utyea.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2017-01-08]
FF Extension: (Speed Dial) - C:\Users\Glauber Segalla\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\6d5utyea.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2015-09-13]
FF Extension: (Open Profile Folder) - C:\Users\Glauber Segalla\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\6d5utyea.default\Extensions\{a756d17a-5a4c-4417-813c-c8cd0151e486}.xpi [2017-01-08]
FF Extension: (Tab Mix Plus) - C:\Users\Glauber Segalla\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\6d5utyea.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-06-16]
FF SearchPlugin: C:\Users\Glauber Segalla\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\6d5utyea.default\searchplugins\youtube.xml [2014-08-11]
FF HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\Firefox\Extensions: [[email]mozilla_cc2@internetdownloadmanager.com[/email]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\SeaMonkey\Extensions: [[email]mozilla_cc@internetdownloadmanager.com[/email]] - C:\Users\Glauber Segalla\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Glauber Segalla\AppData\Roaming\IDM\idmmzcc5 [2017-01-16] [não assinado]
FF HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\SeaMonkey\Extensions: [[email]mozilla_cc2@internetdownloadmanager.com[/email]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-02-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://drive.google.com/drive/folders/0By4JBoB0i7ViRHVGb1lsRVROUWM
CHR StartupUrls: Default -> "hxxps://www.facebook.com/","hxxps://app.hotmart.com/"
CHR Profile: C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default [2017-01-16]
CHR Extension: (Google Apresentações) - C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-03]
CHR Extension: (Sniply: Drive Conversion Through Content) - C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeihpnlhiiipbchlidcipfpiaecpkd [2017-01-03]
CHR Extension: (Sudoku) - C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhembpgcpfegeigidembjopfhghnpj [2017-01-03]
CHR Extension: (SEOquake) - C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2017-01-13]
CHR Extension: (Google Docs) - C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-03]
CHR Extension: (Google Drive) - C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-03]
CHR Extension: (Keeper Web App) - C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnglfciifmgnafcgkkngkeopldlialb [2017-01-03]
CHR Extension: (YouTube) - C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-03]
CHR Extension: (Paciência Online) - C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahbledjpnekmjeglfnelmnjfnmmemob [2017-01-03]
CHR Extension: (Dólar Hoje) - C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemaaomlfllldamnpoajaedaemnblgal [2017-01-03]
CHR Extension: (Planilhas do Google) - C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-03]
CHR Extension: (Documentos Google off-line) - C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-03]
CHR Extension: (HP Smart Print) - C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpaiomihcebnclahoknbodeiaiohcdi [2017-01-03]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-01-12]
CHR Extension: (HP Network Check Launcher) - C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2017-01-03]
CHR Extension: (Paciência de Freecell) - C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnjgfflolfogjcejlkmkphkcohnmjdfd [2017-01-03]
CHR Extension: (Hootsuite) - C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2017-01-03]
CHR Extension: (TubeBuddy for YouTube) - C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2017-01-15]
CHR Extension: (IDM Integration Module) - C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-01-03]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-03]
CHR Extension: (Pingler) - C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\odgiehjnopebofbjkgdjenflakfaahnm [2017-01-03]
CHR Extension: (Gmail) - C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-03]
CHR Extension: (Chrome Media Router) - C:\Users\Glauber Segalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-03]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2762936 2016-01-07] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [153096 2016-08-04] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-08-05] (Panda Security, S.L.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\windows\SysWOW64\tbaseprovisioning.exe [51216 2016-07-08] (Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 LiveUpdateSvc; não ImagePath

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 amdkmcsp; C:\windows\System32\drivers\amdkmcsp.sys [109488 2016-07-08] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\windows\System32\drivers\amdpsp.sys [260528 2016-07-08] (Advanced Micro Devices, Inc. )
R3 athr; C:\windows\system32\DRIVERS\athwbx.sys [4316456 2016-05-03] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2016-01-23] (REALiX(tm))
R2 inpoutx64; C:\windows\System32\Drivers\inpoutx64.sys [15008 2016-11-10] (Highresolution Enterprises ["]www.highrez.co.uk])
S4 IObitUnlocker; C:\Program Files (x86)\Outlook Express\IO\IObitUnlocker.sys [36568 2013-09-30] (IObit)
S3 ksapi64; C:\windows\system32\drivers\ksapi64.sys [56680 2016-02-10] (Kingsoft Corporation)
R1 NNSALPC; C:\windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\windows\System32\DRIVERS\NNSHttp.sys [201464 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTPS; C:\windows\System32\DRIVERS\NNSHttps.sys [110840 2015-12-04] (Panda Security, S.L.)
R1 NNSIDS; C:\windows\System32\DRIVERS\NNSIds.sys [110840 2015-12-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\windows\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.)
R1 NNSPICC; C:\windows\System32\DRIVERS\NNSPicc.sys [103160 2015-12-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\windows\System32\DRIVERS\NNSPihsw.sys [85712 2016-03-14] (Panda Security, S.L.)
R1 NNSPOP3; C:\windows\System32\DRIVERS\NNSPop3.sys [124152 2015-12-04] (Panda Security, S.L.)
R1 NNSPROT; C:\windows\System32\DRIVERS\NNSProt.sys [300280 2015-12-04] (Panda Security, S.L.)
R1 NNSPRV; C:\windows\System32\DRIVERS\NNSPrv.sys [177424 2016-02-17] (Panda Security, S.L.)
R1 NNSSMTP; C:\windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-12-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\windows\System32\DRIVERS\NNSStrm.sys [264976 2016-02-17] (Panda Security, S.L.)
R1 NNSTLSC; C:\windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-12-04] (Panda Security, S.L.)
R2 PSINAflt; C:\windows\System32\DRIVERS\PSINAflt.sys [171792 2016-08-05] (Panda Security, S.L.)
R2 PSINFile; C:\windows\System32\DRIVERS\PSINFile.sys [127248 2016-08-05] (Panda Security, S.L.)
R1 PSINKNC; C:\windows\System32\DRIVERS\psinknc.sys [205072 2016-08-05] (Panda Security, S.L.)
R2 PSINProc; C:\windows\System32\DRIVERS\PSINProc.sys [131344 2016-08-05] (Panda Security, S.L.)
R2 PSINProt; C:\windows\System32\DRIVERS\PSINProt.sys [144656 2016-08-05] (Panda Security, S.L.)
R2 PSINReg; C:\windows\System32\DRIVERS\PSINReg.sys [114960 2016-08-05] (Panda Security, S.L.)
U3 PSKMAD; C:\windows\System32\DRIVERS\PSKMAD.sys [70360 2016-08-08] (Panda Security, S.L.)
R3 RSP2STOR; C:\windows\system32\DRIVERS\RtsP2Stor.sys [294104 2016-08-27] (Realtek Semiconductor Corp.)
R1 VBoxNetAdp; C:\windows\system32\DRIVERS\VBoxNetAdp6.sys [131096 2016-11-23] (Oracle Corporation)
R1 VBoxNetLwf; C:\windows\system32\DRIVERS\VBoxNetLwf.sys [203856 2016-11-23] (Oracle Corporation)
S3 VBoxUSB; C:\windows\System32\Drivers\VBoxUSB.sys [138896 2016-11-23] (Oracle Corporation)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\windows\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-01-16 10:53 - 2017-01-16 10:55 - 00027524 _____ C:\Users\Glauber Segalla\Desktop\FRST.txt
2017-01-16 10:52 - 2017-01-16 10:53 - 00000000 ____D C:\FRST
2017-01-16 10:51 - 2017-01-16 10:51 - 02419200 _____ (Farbar) C:\Users\Glauber Segalla\Desktop\FRST64.exe
2017-01-16 02:47 - 2017-01-16 02:47 - 01861392 _____ (Installer ) C:\Users\Glauber Segalla\Desktop\Baixaki_classic-shell-for-windows-10.exe
2017-01-16 01:39 - 2017-01-16 01:40 - 10860931 _____ C:\Users\Glauber Segalla\Desktop\Como Colocar Menu Iniciar no Windows 8 (Sem Usar Programas).mp4
2017-01-15 20:47 - 2016-08-08 07:00 - 00070360 _____ (Panda Security, S.L.) C:\windows\system32\Drivers\PSKMAD.sys
2017-01-15 20:39 - 2017-01-15 20:39 - 00001316 _____ C:\Users\Glauber Segalla\Desktop\JRT.txt
2017-01-15 20:28 - 2017-01-15 20:28 - 01663040 _____ (Malwarebytes) C:\Users\Glauber Segalla\Desktop\JRT.exe
2017-01-15 17:49 - 2017-01-15 17:49 - 00001057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2017-01-15 16:28 - 2017-01-15 20:19 - 00000000 ____D C:\Users\Glauber Segalla\AppData\Local\ESET
2017-01-15 16:21 - 2017-01-15 16:21 - 00030114 _____ C:\Users\Glauber Segalla\Desktop\relatório mbam arquivos enviados para quarentena 15-01-17.txt
2017-01-15 16:10 - 2017-01-15 16:10 - 00033326 _____ C:\Users\Glauber Segalla\Desktop\relatório mbam 15-01-17.txt
2017-01-15 02:56 - 2017-01-15 02:56 - 16769244 _____ C:\Users\Glauber Segalla\Desktop\How to remove browser redirects (browser hijackers)-.mp4
2017-01-15 00:56 - 2017-01-15 20:46 - 00000000 ____D C:\AdwCleaner
2017-01-13 01:13 - 2017-01-13 01:13 - 14691766 _____ C:\Users\Glauber Segalla\Desktop\Aula 2 - Analisando o Anúncio Nicho Emagrecimento.mp4
2017-01-11 17:03 - 2017-01-15 20:20 - 00000350 _____ C:\windows\Tasks\HPCeeScheduleForGlauber.job
2017-01-11 17:03 - 2017-01-15 17:08 - 00003168 _____ C:\windows\System32\Tasks\HPCeeScheduleForGlauber
2017-01-10 03:05 - 2017-01-10 03:05 - 00126976 _____ (Microsoft Corporation) C:\windows\system32\psbase.DLL
2017-01-10 03:05 - 2017-01-10 03:05 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\psbase.DLL
2017-01-10 03:05 - 2017-01-10 03:05 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\pstorec.DLL
2017-01-10 03:05 - 2017-01-10 03:05 - 00045056 _____ (Microsoft Corporation) C:\windows\SysWOW64\pstorec.DLL
2017-01-10 03:05 - 2017-01-10 03:05 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\pstorsvc.DLL
2017-01-10 03:05 - 2017-01-10 03:05 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\pstorsvc.DLL
2017-01-10 03:05 - 2017-01-10 03:05 - 00000000 ____D C:\Users\Todos os Usuários\IObit
2017-01-10 03:05 - 2017-01-10 03:05 - 00000000 ____D C:\ProgramData\IObit
2017-01-10 03:04 - 2017-01-10 03:06 - 00000000 ____D C:\Program Files (x86)\Outlook Express
2017-01-10 03:04 - 2017-01-10 03:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook Express
2017-01-10 00:43 - 2017-01-10 00:44 - 00000000 ____D C:\Users\Glauber Segalla\AppData\Local\CutePDF Writer
2017-01-08 01:39 - 2017-01-08 01:39 - 00000000 ____D C:\Users\Glauber Segalla\AppData\Local\Moonchild Productions
2017-01-08 01:36 - 2017-01-08 01:36 - 00001108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk
2017-01-08 01:36 - 2017-01-08 01:36 - 00000000 ____D C:\Program Files (x86)\Pale Moon
2017-01-05 19:51 - 2017-01-05 19:51 - 00000963 _____ C:\Users\Glauber Segalla\Desktop\Imagens - Atalho.lnk
2017-01-05 19:51 - 2017-01-05 19:51 - 00000953 _____ C:\Users\Glauber Segalla\Desktop\Vídeos - Atalho.lnk
2017-01-05 19:46 - 2017-01-05 19:46 - 00001006 _____ C:\Users\Glauber Segalla\Desktop\TABELAS DE CAMPEONATOS - Atalho.lnk
2017-01-05 19:44 - 2017-01-05 19:44 - 00000881 _____ C:\Users\Glauber Segalla\Desktop\SCANNER - Atalho.lnk
2017-01-05 18:17 - 2017-01-05 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2017-01-05 18:17 - 2016-01-22 17:57 - 00089008 _____ C:\windows\system32\cpwmon64.dll
2017-01-05 18:07 - 2017-01-05 18:07 - 00000000 ____D C:\Users\Glauber Segalla\AppData\Local\Apps\2.0
2017-01-05 18:03 - 2017-01-05 18:03 - 00001917 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2017-01-05 18:03 - 2017-01-05 18:03 - 00000000 ____D C:\Users\Glauber Segalla\AppData\Roaming\SumatraPDF
2017-01-05 18:03 - 2017-01-05 18:03 - 00000000 ____D C:\Program Files (x86)\SumatraPDF
2017-01-04 17:08 - 2017-01-15 17:08 - 00000382 _____ C:\windows\Tasks\HPCeeScheduleForGlauber Segalla.job
2017-01-04 17:08 - 2017-01-04 17:08 - 00003216 _____ C:\windows\System32\Tasks\HPCeeScheduleForGlauber Segalla
2017-01-02 02:10 - 2017-01-02 02:11 - 00007680 _____ C:\Users\Glauber Segalla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-28 18:51 - 2017-01-05 18:17 - 00000000 ____D C:\Program Files (x86)\GPLGS
2016-12-27 19:52 - 2016-12-28 13:06 - 00000088 _____ C:\Users\Public\Nova mensagem.txt
2016-12-27 11:56 - 2016-12-28 19:25 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1751273365-4100181127-1669670999-1004
2016-12-26 20:05 - 2016-12-26 20:05 - 00000000 ____D C:\Users\Glauber Segalla\AppData\Local\CEF
2016-12-26 20:02 - 2016-12-26 20:06 - 00000000 ____D C:\Users\Todos os Usuários\Adobe
2016-12-26 20:02 - 2016-12-26 20:06 - 00000000 ____D C:\ProgramData\Adobe
2016-12-26 01:06 - 2016-12-26 01:06 - 00001058 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2016-12-22 20:01 - 2017-01-01 01:33 - 00000000 ____D C:\Users\Glauber Segalla\Desktop\GUIA EXPRESS FACEADS
2016-12-22 00:16 - 2016-12-28 01:55 - 00000000 ____D C:\Users\Glauber Segalla\Desktop\Afiliado Macgyver
2016-12-19 18:20 - 2016-12-20 02:15 - 00080896 _____ C:\Users\Glauber Segalla\Desktop\Relação de Contadores do Guia Perito.doc
2016-12-17 12:08 - 2016-12-17 12:08 - 00001136 _____ C:\Users\Glauber Segalla\Desktop\TREINAMENTO GRATUITO MARCELO CALIXTO - Atalho.lnk
2016-12-16 19:34 - 2016-12-16 19:34 - 00003500 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 19:34 - 2016-12-16 19:34 - 00003372 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 11:25 - 2016-12-16 11:25 - 07619943 _____ C:\Users\Glauber Segalla\Desktop\Como criar mais um canal no Youtube com o mesmo e-mail - MiTutoriais.mp4
2016-12-15 09:51 - 2016-10-17 13:35 - 00223464 _____ (Tonec Inc.) C:\windows\system32\Drivers\idmwfp.sys
2016-12-06 20:39 - 2016-12-06 20:40 - 00004132 _____ C:\windows\System32\Tasks\eM Client Database Backup
2016-12-06 03:03 - 2016-12-06 03:03 - 00001102 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2016-12-06 03:03 - 2016-12-06 03:03 - 00000000 ____D C:\windows\LastGood.Tmp
2016-12-06 03:03 - 2016-12-06 03:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2016-12-06 03:03 - 2016-11-23 14:57 - 00928416 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxDrv.sys
2016-12-06 03:03 - 2016-11-23 14:57 - 00149768 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSBMon.sys
2016-12-06 02:55 - 2016-12-06 02:55 - 00097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2016-12-06 02:55 - 2016-12-06 02:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-12-06 02:54 - 2016-12-06 02:54 - 00000000 ____D C:\Program Files (x86)\Java
2016-12-05 20:37 - 2016-12-14 10:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-05 20:37 - 2016-12-05 20:37 - 00001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-05 20:36 - 2017-01-15 16:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-05 13:37 - 2016-12-05 13:39 - 00524288 ___SH C:\windows\system32\config\drivers{52815b99-bb00-11e6-8661-9cb654a6fa79}.TMContainer00000000000000000002.regtrans-ms
2016-12-05 13:37 - 2016-12-05 13:39 - 00524288 ___SH C:\windows\system32\config\drivers{52815b99-bb00-11e6-8661-9cb654a6fa79}.TMContainer00000000000000000001.regtrans-ms
2016-12-05 13:37 - 2016-12-05 13:39 - 00065536 ___SH C:\windows\system32\config\drivers{52815b99-bb00-11e6-8661-9cb654a6fa79}.TM.blf
2016-12-05 13:35 - 2016-12-05 13:49 - 00524288 ___SH C:\Users\Glauber Segalla\ntuser.dat{6bf936b0-bafe-11e6-8648-9cb654a6fa79}.TMContainer00000000000000000002.regtrans-ms
2016-12-05 13:35 - 2016-12-05 13:49 - 00524288 ___SH C:\Users\Glauber Segalla\ntuser.dat{6bf936b0-bafe-11e6-8648-9cb654a6fa79}.TMContainer00000000000000000001.regtrans-ms
2016-12-05 13:35 - 2016-12-05 13:49 - 00065536 ___SH C:\Users\Glauber Segalla\ntuser.dat{6bf936b0-bafe-11e6-8648-9cb654a6fa79}.TM.blf
2016-12-05 13:02 - 2016-12-05 13:02 - 00524288 ___SH C:\windows\system32\config\drivers{86686238-bafb-11e6-8647-9cb654a6fa79}.TMContainer00000000000000000002.regtrans-ms
2016-12-05 13:02 - 2016-12-05 13:02 - 00524288 ___SH C:\windows\system32\config\drivers{86686238-bafb-11e6-8647-9cb654a6fa79}.TMContainer00000000000000000001.regtrans-ms
2016-12-05 13:02 - 2016-12-05 13:02 - 00065536 ___SH C:\windows\system32\config\drivers{86686238-bafb-11e6-8647-9cb654a6fa79}.TM.blf
2016-12-05 13:00 - 2016-12-05 13:02 - 00524288 ___SH C:\Users\Glauber Segalla\ntuser.dat{1072a140-baf7-11e6-8661-9cb654a6fa79}.TMContainer00000000000000000002.regtrans-ms
2016-12-05 13:00 - 2016-12-05 13:02 - 00524288 ___SH C:\Users\Glauber Segalla\ntuser.dat{1072a140-baf7-11e6-8661-9cb654a6fa79}.TMContainer00000000000000000001.regtrans-ms
2016-12-05 13:00 - 2016-12-05 13:02 - 00065536 ___SH C:\Users\Glauber Segalla\ntuser.dat{1072a140-baf7-11e6-8661-9cb654a6fa79}.TM.blf
2016-12-05 12:30 - 2016-12-05 12:33 - 00524288 ___SH C:\windows\system32\config\drivers{10729ff3-baf7-11e6-8661-9cb654a6fa79}.TMContainer00000000000000000002.regtrans-ms
2016-12-05 12:30 - 2016-12-05 12:33 - 00524288 ___SH C:\windows\system32\config\drivers{10729ff3-baf7-11e6-8661-9cb654a6fa79}.TMContainer00000000000000000001.regtrans-ms
2016-12-05 12:30 - 2016-12-05 12:33 - 00065536 ___SH C:\windows\system32\config\drivers{10729ff3-baf7-11e6-8661-9cb654a6fa79}.TM.blf
2016-12-05 12:28 - 2016-12-05 12:49 - 00524288 ___SH C:\Users\Glauber Segalla\ntuser.dat{0e5638a0-baea-11e6-8660-9cb654a6fa79}.TMContainer00000000000000000002.regtrans-ms
2016-12-05 12:28 - 2016-12-05 12:49 - 00524288 ___SH C:\Users\Glauber Segalla\ntuser.dat{0e5638a0-baea-11e6-8660-9cb654a6fa79}.TMContainer00000000000000000001.regtrans-ms
2016-12-05 12:28 - 2016-12-05 12:49 - 00065536 ___SH C:\Users\Glauber Segalla\ntuser.dat{0e5638a0-baea-11e6-8660-9cb654a6fa79}.TM.blf
2016-11-30 17:49 - 2017-01-11 17:02 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2016-11-27 02:16 - 2017-01-08 01:39 - 00000000 ____D C:\Users\Glauber Segalla\AppData\Roaming\Moonchild Productions
2016-11-25 11:44 - 2017-01-04 20:01 - 00000000 ____D C:\Users\Glauber Segalla\Desktop\CURSO GRATUITO DE BING ADS
2016-11-24 11:37 - 2016-11-24 11:37 - 00546912 _____ C:\windows\system32\FNTCACHE.DAT
2016-11-23 14:57 - 2016-11-23 14:57 - 00203856 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxNetLwf.sys
2016-11-23 14:57 - 2016-11-23 14:57 - 00138896 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSB.sys
2016-11-23 14:57 - 2016-11-23 14:57 - 00131096 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxNetAdp6.sys
2016-11-22 02:10 - 2016-11-22 02:10 - 00000000 ____D C:\Users\Glauber Segalla\AppData\Roaming\Geek Uninstaller
2016-11-21 00:51 - 2016-11-21 00:51 - 00000000 ____D C:\windows\System32\Tasks\R@1n-KMS
2016-11-21 00:51 - 2016-11-21 00:51 - 00000000 ____D C:\Users\Glauber Segalla\AppData\Local\mpress
2016-11-21 00:46 - 2016-11-21 00:46 - 00000000 ____D C:\windows\LOG
2016-11-20 14:29 - 2017-01-16 10:53 - 00000000 ____D C:\Users\Glauber Segalla\AppData\LocalLow\Mozilla
2016-11-19 11:12 - 2016-09-29 11:13 - 00875712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2016-11-19 11:12 - 2016-09-29 11:13 - 00869568 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
2016-11-19 11:12 - 2016-09-29 11:13 - 00678600 _____ (Microsoft Corporation) C:\windows\system32\msvcp120_clr0400.dll
2016-11-19 11:12 - 2016-09-29 11:13 - 00536768 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp120_clr0400.dll
2016-11-19 11:10 - 2016-10-08 19:10 - 03547648 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2016-11-19 11:09 - 2016-11-05 18:46 - 00422744 ____C (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2016-11-19 11:09 - 2016-10-12 19:49 - 00379224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2016-11-19 11:09 - 2016-10-12 19:11 - 00922968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refs.sys
2016-11-19 11:09 - 2016-10-11 14:45 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\TpmTasks.dll
2016-11-19 11:09 - 2016-10-10 21:31 - 00990040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2016-11-19 11:09 - 2016-10-10 16:18 - 00069976 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-11-19 11:09 - 2016-10-10 16:18 - 00022360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cmimcext.sys
2016-11-19 11:09 - 2016-10-09 12:17 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\ActionQueue.dll
2016-11-19 11:09 - 2016-10-09 12:08 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\shsetup.dll
2016-11-19 11:09 - 2016-10-09 12:08 - 00095232 _____ (Microsoft Corporation) C:\windows\SysWOW64\shsetup.dll
2016-11-19 11:09 - 2016-10-08 20:24 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2016-11-19 11:09 - 2016-10-08 19:31 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2016-11-19 11:09 - 2016-10-05 12:01 - 01200128 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
2016-11-19 11:09 - 2016-10-05 12:00 - 00868864 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
2016-11-19 11:09 - 2016-10-05 12:00 - 00323072 _____ (Microsoft Corporation) C:\windows\system32\GlobCollationHost.dll
2016-11-19 11:09 - 2016-10-05 11:52 - 00513456 _____ C:\windows\SysWOW64\locale.nls
2016-11-19 11:09 - 2016-10-05 11:52 - 00513456 _____ C:\windows\system32\locale.nls
2016-11-19 11:09 - 2016-10-05 02:15 - 01969944 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2016-11-19 11:09 - 2016-10-05 02:15 - 01613528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2016-11-19 11:09 - 2016-10-05 02:15 - 00324896 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2016-11-19 11:09 - 2016-10-05 02:15 - 00245320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2016-11-19 11:09 - 2016-09-27 18:16 - 00445873 _____ C:\windows\system32\ApnDatabase.xml
2016-11-19 11:09 - 2016-09-20 20:30 - 02462040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2016-11-14 13:33 - 2016-10-28 19:04 - 00828408 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-11-14 13:33 - 2016-10-28 19:04 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-14 13:01 - 2016-11-02 18:48 - 00372568 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-11-14 13:01 - 2016-11-02 18:48 - 00315224 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-11-14 13:01 - 2016-10-27 16:53 - 00576000 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-11-14 13:01 - 2016-10-27 16:51 - 02896384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-11-14 13:01 - 2016-10-27 16:37 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-11-14 13:01 - 2016-10-27 16:28 - 25763328 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-11-14 13:01 - 2016-10-27 16:19 - 06047744 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-11-14 13:01 - 2016-10-27 16:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-11-14 13:01 - 2016-10-27 16:07 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2016-11-14 13:01 - 2016-10-27 16:05 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-11-14 13:01 - 2016-10-27 15:57 - 01033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-11-14 13:01 - 2016-10-27 15:49 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-11-14 13:01 - 2016-10-27 15:47 - 00378880 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-11-14 13:01 - 2016-10-27 15:46 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-11-14 13:01 - 2016-10-27 15:46 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-11-14 13:01 - 2016-10-27 15:44 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-11-14 13:01 - 2016-10-27 15:17 - 15257088 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-11-14 13:01 - 2016-10-27 15:16 - 02920448 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-11-14 13:01 - 2016-10-27 15:03 - 01543680 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-11-14 13:01 - 2016-10-27 13:05 - 20304896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-11-14 13:01 - 2016-10-25 12:11 - 04169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-11-14 13:01 - 2016-10-22 15:34 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-11-14 13:01 - 2016-10-22 15:27 - 02287616 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-11-14 13:01 - 2016-10-22 15:21 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-11-14 13:01 - 2016-10-22 14:58 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-11-14 13:01 - 2016-10-22 14:57 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2016-11-14 13:01 - 2016-10-22 14:56 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-11-14 13:01 - 2016-10-22 14:51 - 00880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-11-14 13:01 - 2016-10-22 14:46 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-11-14 13:01 - 2016-10-22 14:45 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-11-14 13:01 - 2016-10-22 14:45 - 00330752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-11-14 13:01 - 2016-10-22 14:44 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-11-14 13:01 - 2016-10-22 14:43 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-11-14 13:01 - 2016-10-22 14:30 - 13654016 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-11-14 13:01 - 2016-10-22 14:12 - 02444800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-11-14 13:01 - 2016-10-22 14:09 - 01312256 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-11-14 13:01 - 2016-10-13 17:06 - 01385280 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2016-11-14 13:01 - 2016-10-13 17:06 - 01124376 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2016-11-14 13:01 - 2016-10-12 06:01 - 00377176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\clfs.sys
2016-11-14 13:01 - 2016-10-11 18:21 - 00497448 _____ (Microsoft Corporation) C:\windows\system32\mfsvr.dll
2016-11-14 13:01 - 2016-10-11 18:21 - 00399776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfsvr.dll
2016-11-14 13:01 - 2016-10-11 16:34 - 00247296 _____ (Microsoft Corporation) C:\windows\system32\microsoft-windows-system-events.dll
2016-11-14 13:01 - 2016-10-11 15:47 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\input.dll
2016-11-14 13:01 - 2016-10-11 14:55 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\input.dll
2016-11-14 13:01 - 2016-10-10 19:17 - 00444248 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-11-14 13:01 - 2016-10-10 19:17 - 00333656 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-11-14 13:01 - 2016-10-09 20:59 - 00551256 ____C (Microsoft Corporation) C:\windows\system32\Drivers\vhdmp.sys
2016-11-14 13:01 - 2016-10-08 21:12 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-11-14 13:01 - 2016-10-08 20:53 - 03754496 _____ (Microsoft Corporation) C:\windows\system32\MSVidCtl.dll
2016-11-14 13:01 - 2016-10-08 20:21 - 01445376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-11-14 13:01 - 2016-10-08 20:18 - 00840704 _____ (Microsoft Corporation) C:\windows\system32\netlogon.dll
2016-11-14 13:01 - 2016-10-08 20:07 - 00332288 _____ (Microsoft Corporation) C:\windows\system32\UIAnimation.dll
2016-11-14 13:01 - 2016-10-08 20:02 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-11-14 13:01 - 2016-10-08 19:49 - 02410496 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSVidCtl.dll
2016-11-14 13:01 - 2016-10-08 19:21 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAnimation.dll
2016-11-14 13:01 - 2016-10-07 23:34 - 01660040 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-11-14 13:01 - 2016-10-07 23:34 - 01212248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-11-14 13:01 - 2016-10-04 18:39 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bowser.sys
2016-11-14 13:01 - 2016-10-04 18:23 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-11-14 13:01 - 2016-10-04 18:08 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\olepro32.dll
2016-11-14 13:01 - 2016-10-04 18:08 - 00077824 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2016-11-14 13:00 - 2016-11-02 12:03 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-11-14 13:00 - 2016-11-02 12:00 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-11-14 13:00 - 2016-10-27 14:54 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-11-14 13:00 - 2016-10-22 15:35 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-11-14 13:00 - 2016-10-22 14:09 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-11-12 17:55 - 2016-11-19 11:29 - 00524288 ___SH C:\windows\system32\config\drivers{a38e0400-a911-11e6-860e-9cb654a6fa79}.TMContainer00000000000000000001.regtrans-ms
2016-11-12 17:55 - 2016-11-19 11:29 - 00065536 ___SH C:\windows\system32\config\drivers{a38e0400-a911-11e6-860e-9cb654a6fa79}.TM.blf
2016-11-12 17:55 - 2016-11-12 17:58 - 00524288 ___SH C:\windows\system32\config\drivers{a38e0400-a911-11e6-860e-9cb654a6fa79}.TMContainer00000000000000000002.regtrans-ms
2016-11-12 17:53 - 2016-11-12 18:00 - 00524288 ___SH C:\Users\Glauber Segalla\ntuser.dat{8fe0ae9e-a90d-11e6-8606-9cb654a6fa79}.TMContainer00000000000000000002.regtrans-ms
2016-11-12 17:53 - 2016-11-12 18:00 - 00524288 ___SH C:\Users\Glauber Segalla\ntuser.dat{8fe0ae9e-a90d-11e6-8606-9cb654a6fa79}.TMContainer00000000000000000001.regtrans-ms
2016-11-12 17:53 - 2016-11-12 18:00 - 00065536 ___SH C:\Users\Glauber Segalla\ntuser.dat{8fe0ae9e-a90d-11e6-8606-9cb654a6fa79}.TM.blf
2016-11-12 16:30 - 2016-11-12 16:32 - 00524288 ___SH C:\windows\system32\config\drivers{a090a661-a905-11e6-8605-9cb654a6fa79}.TMContainer00000000000000000002.regtrans-ms
2016-11-12 16:30 - 2016-11-12 16:32 - 00524288 ___SH C:\windows\system32\config\drivers{a090a661-a905-11e6-8605-9cb654a6fa79}.TMContainer00000000000000000001.regtrans-ms
2016-11-12 16:30 - 2016-11-12 16:32 - 00065536 ___SH C:\windows\system32\config\drivers{a090a661-a905-11e6-8605-9cb654a6fa79}.TM.blf
2016-11-12 16:28 - 2016-11-12 16:37 - 00524288 ___SH C:\Users\Glauber Segalla\ntuser.dat{4175fed8-a8fa-11e6-860d-9cb654a6fa79}.TMContainer00000000000000000002.regtrans-ms
2016-11-12 16:28 - 2016-11-12 16:37 - 00524288 ___SH C:\Users\Glauber Segalla\ntuser.dat{4175fed8-a8fa-11e6-860d-9cb654a6fa79}.TMContainer00000000000000000001.regtrans-ms
2016-11-12 16:28 - 2016-11-12 16:37 - 00065536 ___SH C:\Users\Glauber Segalla\ntuser.dat{4175fed8-a8fa-11e6-860d-9cb654a6fa79}.TM.blf
2016-11-10 12:22 - 2016-11-10 12:22 - 00015008 _____ (Highresolution Enterprises ["]www.highrez.co.uk]) C:\windows\system32\Drivers\inpoutx64.sys
2016-11-10 12:22 - 2016-08-09 09:35 - 00059880 _____ (Kerish Products) C:\windows\system32\GPUTemp.dll
2016-11-10 12:22 - 2011-01-20 01:07 - 00098304 _____ (Highresolution Enterprises) C:\windows\SysWOW64\inpout32.dll
2016-11-09 12:51 - 2016-11-12 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2016-11-09 12:51 - 2016-11-09 12:52 - 00002180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus.lnk
2016-11-09 11:37 - 2016-11-09 11:37 - 00000000 _____ C:\Autoexec.bat
2016-11-07 12:28 - 2016-11-12 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack
2016-11-07 12:27 - 2016-11-07 12:31 - 00000000 ____D C:\windows\SysWOW64\Codecs
2016-11-05 11:59 - 2016-11-05 12:57 - 00000000 ____D C:\Users\Glauber Segalla\Desktop\VENDEDOR OCULTO
2016-11-03 17:08 - 2017-01-15 20:21 - 00000000 ____D C:\Users\Glauber Segalla\AppData\Local\CrashDumps
2016-11-03 17:06 - 2016-11-03 17:06 - 00000000 ___RD C:\Users\Glauber Segalla\Contacts
2016-11-02 18:39 - 2016-11-02 18:39 - 00001176 _____ C:\Users\Glauber Segalla\Desktop\Trabalhar pela Internet Agora 2.0 - Atalho.lnk
2016-11-02 18:11 - 2016-11-02 18:11 - 00001318 _____ C:\Users\Glauber Segalla\Desktop\Crie, Desenvolva e Venda Aplicativos em 5 MINUTOS - Atalho.lnk
2016-10-23 03:20 - 2016-12-12 18:32 - 00038912 _____ C:\Users\Glauber Segalla\Desktop\CARTOLA.xls
2016-10-22 19:57 - 2016-09-09 20:14 - 00275800 ____C (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2016-10-22 19:57 - 2016-09-09 12:15 - 00269824 _____ (Microsoft Corporation) C:\windows\system32\DafPrintProvider.dll
2016-10-22 19:57 - 2016-09-09 12:09 - 00203776 _____ (Microsoft Corporation) C:\windows\SysWOW64\DafPrintProvider.dll
2016-10-22 19:57 - 2016-09-09 12:04 - 00864256 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2016-10-22 19:57 - 2016-09-09 12:03 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\iscsiwmi.dll
2016-10-22 19:57 - 2016-09-09 12:02 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\iscsiwmi.dll
2016-10-22 19:57 - 2016-09-03 16:20 - 00075264 _____ (Microsoft Corporation) C:\windows\system32\iscsidsc.dll
2016-10-22 19:57 - 2016-09-03 16:06 - 00151040 _____ (Microsoft Corporation) C:\windows\system32\iscsiexe.dll
2016-10-22 19:57 - 2016-09-03 15:21 - 00055296 _____ (Microsoft Corporation) C:\windows\SysWOW64\iscsidsc.dll
2016-10-22 19:57 - 2016-09-03 14:12 - 00512512 _____ (Microsoft Corporation) C:\windows\system32\winspool.drv
2016-10-22 19:57 - 2016-09-03 14:05 - 01094656 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2016-10-22 19:57 - 2016-09-03 13:58 - 00397824 _____ (Microsoft Corporation) C:\windows\SysWOW64\winspool.drv
2016-10-22 19:57 - 2016-09-02 12:05 - 00306176 _____ (Microsoft Corporation) C:\windows\system32\pdh.dll
2016-10-22 19:57 - 2016-09-02 12:05 - 00262144 _____ (Microsoft Corporation) C:\windows\SysWOW64\pdh.dll
2016-10-22 19:57 - 2016-09-01 12:33 - 00377856 _____ (Microsoft Corporation) C:\windows\system32\vmrdvcore.dll
2016-10-22 19:57 - 2016-09-01 12:33 - 00342528 _____ (Microsoft Corporation) C:\windows\system32\SessEnv.dll
2016-10-22 19:57 - 2016-09-01 12:31 - 00296960 _____ (Microsoft Corporation) C:\windows\SysWOW64\SessEnv.dll
2016-10-22 19:57 - 2016-08-30 12:11 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\dab.dll
2016-10-22 19:57 - 2016-08-30 00:45 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\xolehlp.dll
2016-10-22 19:57 - 2016-08-30 00:18 - 00871936 _____ (Microsoft Corporation) C:\windows\system32\msdtcprx.dll
2016-10-22 19:57 - 2016-08-30 00:18 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\xolehlp.dll
2016-10-22 19:57 - 2016-08-30 00:03 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdtcprx.dll
2016-10-22 19:57 - 2016-08-22 11:34 - 01628672 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2016-10-22 12:54 - 2017-01-16 03:16 - 00142051 ____H C:\Users\Glauber Segalla\AppData\Local\IconCache.db
2016-10-22 01:36 - 2016-10-22 01:36 - 00000000 ____D C:\Users\Todos os Usuários\ATI
2016-10-22 01:36 - 2016-10-22 01:36 - 00000000 ____D C:\ProgramData\ATI
2016-10-22 01:35 - 2016-10-22 20:00 - 00524288 ___SH C:\windows\system32\config\drivers{52a5e0fb-9808-11e6-85bd-9cb654a6fa79}.TMContainer00000000000000000001.regtrans-ms
2016-10-22 01:35 - 2016-10-22 20:00 - 00065536 ___SH C:\windows\system32\config\drivers{52a5e0fb-9808-11e6-85bd-9cb654a6fa79}.TM.blf
2016-10-22 01:35 - 2016-10-22 01:38 - 00524288 ___SH C:\windows\system32\config\drivers{52a5e0fb-9808-11e6-85bd-9cb654a6fa79}.TMContainer00000000000000000002.regtrans-ms
2016-10-22 01:34 - 2016-10-22 03:07 - 00524288 ___SH C:\Users\Glauber Segalla\ntuser.dat{5fbcb0f2-97fc-11e6-85c3-9cb654a6fa79}.TMContainer00000000000000000002.regtrans-ms
2016-10-22 01:34 - 2016-10-22 03:07 - 00524288 ___SH C:\Users\Glauber Segalla\ntuser.dat{5fbcb0f2-97fc-11e6-85c3-9cb654a6fa79}.TMContainer00000000000000000001.regtrans-ms
2016-10-22 01:34 - 2016-10-22 03:07 - 00065536 ___SH C:\Users\Glauber Segalla\ntuser.dat{5fbcb0f2-97fc-11e6-85c3-9cb654a6fa79}.TM.blf
2016-10-22 00:35 - 2012-03-08 12:47 - 00108640 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAR64.dll
2016-10-22 00:23 - 2016-10-22 00:24 - 00000000 ____D C:\Program Files (x86)\WinRAR
2016-10-21 20:21 - 2016-10-22 00:46 - 00000000 ____D C:\Users\Glauber Segalla\AppData\Local\AMD
2016-10-21 20:16 - 2016-10-21 20:16 - 00000000 ____D C:\Program Files (x86)\AMD
2016-10-21 20:13 - 2016-10-21 20:13 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-10-21 20:06 - 2016-10-22 01:20 - 00000000 ____D C:\AMD
2016-10-18 17:51 - 2016-12-15 01:07 - 00000842 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-10-18 17:51 - 2016-11-12 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-18 17:51 - 2016-10-18 17:51 - 00002802 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2016-10-18 17:51 - 2016-10-18 17:51 - 00000000 ____D C:\Program Files\CCleaner
2016-10-18 02:06 - 2016-10-18 02:06 - 00002489 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-10-18 02:06 - 2016-10-18 02:06 - 00002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-10-18 02:06 - 2016-10-18 02:06 - 00002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-10-18 02:06 - 2016-10-18 02:06 - 00002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-10-18 02:06 - 2016-10-18 02:06 - 00002385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-10-18 02:06 - 2016-10-18 02:06 - 00002382 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-10-18 02:06 - 2016-10-18 02:06 - 00002372 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-10-18 02:06 - 2016-10-18 02:06 - 00002368 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-10-18 02:06 - 2016-10-18 02:06 - 00002352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-10-18 00:47 - 2016-10-18 00:47 - 00000000 ____D C:\Users\Glauber Segalla\AppData\Local\Little_Apps

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-01-16 10:55 - 2016-04-22 03:12 - 00000902 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2017-01-16 10:50 - 2016-09-16 03:27 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1751273365-4100181127-1669670999-1001
2017-01-16 03:16 - 2016-01-14 20:16 - 00000000 ____D C:\Users\Glauber Segalla\AppData\Roaming\DMCache
2017-01-16 02:18 - 2016-08-04 12:25 - 00000000 ____D C:\Users\Glauber Segalla\AppData\Roaming\eM Client
2017-01-16 00:13 - 2015-04-22 17:06 - 00785298 _____ C:\windows\system32\prfh0416.dat
2017-01-16 00:13 - 2015-04-22 17:06 - 00181786 _____ C:\windows\system32\prfc0416.dat
2017-01-16 00:13 - 2014-03-18 07:53 - 01860808 _____ C:\windows\system32\PerfStringBackup.INI
2017-01-16 00:13 - 2013-08-22 11:36 - 00000000 ____D C:\windows\Inf
2017-01-15 20:47 - 2013-08-22 12:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-01-15 20:46 - 2015-04-22 16:14 - 00065536 _____ C:\windows\system32\spu_storage.bin
2017-01-15 16:12 - 2016-01-05 15:06 - 00000000 ____D C:\Users\Glauber Segalla
2017-01-15 14:44 - 2016-05-19 20:09 - 00000000 ____D C:\windows\Minidump
2017-01-15 02:03 - 2016-01-07 20:25 - 00000000 ____D C:\Users\Glauber Segalla\.VirtualBox
2017-01-15 01:42 - 2016-01-11 22:43 - 00000000 ____D C:\Users\Glauber Segalla\Desktop\Compartilhada
2017-01-14 16:12 - 2016-03-14 03:31 - 00000000 ____D C:\Users\Glauber Segalla\AppData\Roaming\IDM
2017-01-14 16:12 - 2016-01-19 18:37 - 00000000 ____D C:\Users\Glauber Segalla\AppData\Roaming\uTorrent
2017-01-11 12:54 - 2013-08-22 11:25 - 00262144 ___SH C:\windows\system32\config\BBI
2017-01-11 02:55 - 2016-10-10 03:22 - 00003790 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-01-11 02:55 - 2013-08-22 13:36 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-01-11 02:55 - 2013-08-22 13:36 - 00000000 ____D C:\windows\system32\Macromed
2017-01-11 00:27 - 2016-01-11 15:05 - 00000000 ____D C:\Users\Glauber Segalla\VirtualBox VMs
2017-01-10 03:02 - 2013-08-22 13:36 - 00000000 ____D C:\windows\Help
2017-01-06 11:50 - 2016-01-17 19:11 - 00000000 ____D C:\SisAdm
2017-01-06 00:14 - 2016-01-22 20:00 - 00000000 ____D C:\Users\Glauber Segalla\AppData\Local\ElevatedDiagnostics
2017-01-05 20:25 - 2016-01-05 15:06 - 00000000 ____D C:\Users\Glauber Segalla\AppData\Roaming\Adobe
2017-01-05 20:18 - 2013-08-22 13:36 - 00000000 ____D C:\windows\AppReadiness
2017-01-05 18:17 - 2016-02-17 02:14 - 00000000 ____D C:\Program Files (x86)\Acro Software
2017-01-05 18:13 - 2016-01-20 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Limpeza
2017-01-04 02:09 - 2016-10-02 03:13 - 00000000 ____D C:\Users\Glauber Segalla\Desktop\BLOG NA HORA
2017-01-04 02:09 - 2016-01-05 15:06 - 00000000 ____D C:\Users\Glauber Segalla\AppData\Local\Packages
2017-01-04 01:41 - 2016-05-14 11:33 - 00000000 ____D C:\Users\Glauber Segalla\Desktop\ANÚNCIOS MATADORES PARA FACEBOOK
2017-01-04 01:15 - 2016-02-21 02:36 - 00000000 ____D C:\Users\Glauber Segalla\AppData\Roaming\Notepad++
2017-01-03 18:37 - 2016-08-01 12:31 - 00000000 ____D C:\Users\Glauber Segalla\Documents\eM Client
2017-01-03 03:05 - 2016-01-21 20:06 - 00000000 ____D C:\Users\Glauber Segalla\AppData\Local\Google
2017-01-01 02:34 - 2016-01-20 16:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilitários
2016-12-28 19:10 - 2013-08-22 13:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-28 17:54 - 2013-08-22 13:36 - 00000000 ____D C:\windows\debug
2016-12-28 17:13 - 2016-01-05 15:06 - 00000000 ___RD C:\Users\Glauber Segalla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-27 19:52 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Public
2016-12-27 11:44 - 2016-05-25 03:35 - 00000000 __SHD C:\$RECYCLE.BIN
2016-12-26 01:06 - 2016-08-11 04:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-12-19 00:26 - 2013-08-22 13:36 - 00000000 __RSD C:\windows\assembly
2016-12-17 19:09 - 2016-10-17 01:36 - 00000000 ____D C:\Users\Glauber Segalla\Downloads\ATALHOS DE PROGRAMAS SALVOS NO DESKTOP

==================== Arquivos na raiz de alguns diretórios =======

2017-01-02 02:10 - 2017-01-02 02:11 - 0007680 _____ () C:\Users\Glauber Segalla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-13 17:51 - 2016-02-13 17:51 - 0000017 _____ () C:\Users\Glauber Segalla\AppData\Local\resmon.resmoncfg
2016-01-16 02:29 - 2016-01-16 02:29 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\windows\explorer.exe => O arquivo é assinado digitalmente
C:\windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\windows\system32\services.exe => O arquivo é assinado digitalmente
C:\windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2017-01-09 11:40

==================== Fim de FRST.txt ============================


"Addition.txt"

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 15-01-2017
Executado por Glauber (16-01-2017 10:56:26)
Executando a partir de C:\Users\Glauber Segalla\Desktop
Windows 8.1 Single Language (Update) (X64) (2016-01-05 17:06:09)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================

Administrador (S-1-5-21-1751273365-4100181127-1669670999-500 - Administrator - Disabled)
Convidado (S-1-5-21-1751273365-4100181127-1669670999-501 - Limited - Enabled)
Glauber (S-1-5-21-1751273365-4100181127-1669670999-1001 - Administrator - Enabled) => C:\Users\Glauber Segalla

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Panda Free Antivirus (Enabled - Up to date) {46AEFD02-ACA3-E038-1FA5-4A15EFD361E0}
AS: Panda Free Antivirus (Enabled - Up to date) {FDCF1CE6-8A99-EFB6-2515-716794542B5D}
FW: Panda Firewall (Disabled) {7E957C27-E6CC-E160-34FA-E3201100269B}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

µTorrent (HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{D1822C34-F342-B6AA-6369-899C9D2A9227}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
aTube Catcher versão 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Camtasia Studio 8 (HKLM-x32\...\{A2A41B60-D51F-4C04-BC94-B4C94F7B6DC0}) (Version: 8.6.0.2054 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4113 - CyberLink Corp.)
Dasher (HKLM-x32\...\Dasher) (Version: - Internet Chess Club)
Dicionário eletrônico Houaiss (HKLM-x32\...\Houaiss) (Version: 1.0 - )
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
eM Client (HKLM-x32\...\{7B35918E-43E4-45AF-8F1B-C15D86CA919D}) (Version: 6.0.24928.0 - eM Client Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Deskjet 2050 J510 series Estudo de aprimoramento de produtos (HKLM\...\{8D71EFB0-B1EF-4478-92D2-A65DB23AC460}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Software básico do dispositivo (HKLM\...\{2DCBB45E-AA03-4089-87E7-EC17E606D738}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Documentation (HKLM-x32\...\{229FDD0B-B642-4032-8C15-772B47797B8D}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{57A79409-9C79-4080-9FFA-09D4DAECC26B}) (Version: 12.5.32.203 - HP)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Media Player Codec Pack 4.4.2 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.4.2 - Media Player Codec Pack)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Office Professional Plus 2016 - pt-br (HKLM\...\ProPlusRetail - pt-br) (Version: 16.0.6366.2062 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 pt-BR)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: - )
My Drivers 5.00 (HKLM-x32\...\My Drivers_is1) (Version: 5.00 - Huntersoft)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 7 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.0.30 (HKLM\...\{7586FA2D-03B9-4074-84B7-E0049597BF84}) (Version: 5.0.30 - Oracle Corporation)
Outlook Express 6 (HKLM-x32\...\Outlook Express 6) (Version: - )
Pale Moon 25.8.1 (x86 en-US) (HKLM-x32\...\Pale Moon 25.8.1 (x86 en-US)) (Version: 25.8.1 - Moonchild Productions)
Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 17.00.01.0000 - Panda Security)
Panda Free Antivirus (Version: 8.31.00 - Panda Security) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29080 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.40.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7272 - Realtek Semiconductor Corp.)
RegSeeker (HKLM-x32\...\RegSeeker) (Version: 2.57.2212 - HoverDesk)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1 - Krzysztof Kowalczyk)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Video to Video (HKLM-x32\...\{7F95A744-78DA-4AED-A8F0-A0AF330B8411}_is1) (Version: - Media Converters)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {18F59F41-105A-4A07-B2A5-F5E19309485C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-07] (Microsoft Corporation)
Task: {1FF17B92-39B4-4202-85B1-6927F676845A} - \Microsoft OneDrive Auto Update Task-S-1-5-21-1751273365-4100181127-1669670999-1001 -> Nenhum Arquivo <==== ATENÇÃO
Task: {290B5787-9F68-4B05-B5E2-162CC7CFCEDD} - System32\Tasks\HPCeeScheduleForGlauber => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {2F254692-BFD8-403E-AC6B-4CCC3639D946} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-02-01] (Microsoft Corporation)
Task: {353C9E21-F030-4D8A-93AF-9D9ED23B2EFE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {35A0FA07-53A3-4B41-BB7B-AF25F5E83E15} - \CatalinaGroupUpdateTaskUserS-1-5-21-1751273365-4100181127-1669670999-1001UA -> Nenhum Arquivo <==== ATENÇÃO
Task: {3851A1EB-9639-4144-82E0-EB369B33157F} - \Driver Booster SkipUAC (Glauber Segalla) -> Nenhum Arquivo <==== ATENÇÃO
Task: {4712524E-0CD7-4FDD-AB2C-AC73E607A9DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-21] (Google Inc.)
Task: {4A0834F0-04D8-4FA7-BC55-4F0EEFEDBD9F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {5DE343ED-AE3D-4439-9278-F5D06D0466FD} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate]
Task: {624C6824-6849-4D42-874F-48B12C1C3FB5} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe
Task: {6761F371-8B06-4B72-A0C9-93ED5BBEA402} - \GoogleUpdateTaskUserS-1-5-21-1751273365-4100181127-1669670999-1001Core -> Nenhum Arquivo <==== ATENÇÃO
Task: {7148030C-B323-4944-8B4D-F0E947A3CCA4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.)
Task: {78F7243A-71B0-4733-8887-3D4BFDA1B373} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-02-01] (Microsoft Corporation)
Task: {7D70E7CE-AEF6-4050-AE98-7205FC776E78} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {8160B53C-A315-44CC-87D6-8C5641E9119C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-21] (Google Inc.)
Task: {894FEEE1-9D90-4A7A-8B1F-FDE81401FFBB} - System32\Tasks\eM Client Database Backup => C:\Program Files (x86)\eM Client\DbBackup.exe [2016-02-29] ()
Task: {984FEEB7-E9CD-4C15-BAE9-26912C4D2534} - \GoogleUpdateTaskUserS-1-5-21-1751273365-4100181127-1669670999-1001UA -> Nenhum Arquivo <==== ATENÇÃO
Task: {B1E76703-46E4-4EC5-BBF7-6C4872B274B4} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {B2434A79-2406-4F19-851C-52AC21BE90D4} - \HPCustParticipation HP Deskjet 2050 J510 series -> Nenhum Arquivo <==== ATENÇÃO
Task: {BE048A81-2FEE-444F-96B7-8DB6F666E778} - System32\Tasks\HPCeeScheduleForGlauber Segalla => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {C02DD486-EEF4-41F2-A2BC-2A5733A605A0} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {CA0DA0C6-309D-430B-B224-2BE3B093A2F4} - \AutoPico Daily Restart -> Nenhum Arquivo <==== ATENÇÃO
Task: {CE139996-C045-47E4-912A-0FA9C7E0D729} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {D0EBB4F5-D223-4574-A9A8-910791293FB0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {D8C5FCBA-737D-4E6C-A395-CF017770D5D9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-07] (Microsoft Corporation)
Task: {E6ADB660-847C-4D2D-90C2-A0628EE88049} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-11] (Adobe Systems Incorporated)
Task: {ED98C084-262D-4FAD-AA12-6AE3287575BB} - \YCMServiceAgent -> Nenhum Arquivo <==== ATENÇÃO
Task: {FF53B911-1751-4564-BF41-EB10C77DB7E2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\HPCeeScheduleForGlauber Segalla.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\HPCeeScheduleForGlauber.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Atalhos =============================

(As entradas podem ser listadas para serem restauradas ou removidas.)

ShortcutWithArgument: C:\Users\Glauber Segalla\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Paciência Online.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=cahbledjpnekmjeglfnelmnjfnmmemob
ShortcutWithArgument: C:\Users\Glauber Segalla\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\45de30f3c04d11bc\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=clototyjozerghpribeward

==================== Módulos Carregados (Whitelisted) ==============

2017-01-05 18:17 - 2016-01-22 17:57 - 00089008 _____ () C:\windows\System32\cpwmon64.dll
2016-01-12 16:04 - 2016-01-07 06:13 - 00162472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-04-22 17:04 - 2014-04-14 23:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-04-15 18:13 - 2015-04-15 18:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-02-07 15:37 - 2014-02-07 15:37 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2015-12-15 15:17 - 2015-12-15 15:17 - 00618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)


==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"

==================== Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)


==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)

IE trusted site: HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\localhost -> localhost

==================== Hosts Conteúdo: ===============================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2013-08-22 11:25 - 2016-07-07 13:13 - 00000905 ____A C:\windows\system32\Drivers\etc\hosts


==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
DNS Servers: 200.189.80.122 - 200.189.80.108
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

MSCONFIG\Services: KMS-R@1n => 2
MSCONFIG\startupreg: SunJavaUpdateSched => "c:\program files (x86)\common files\java\java update\jusched.exe"
HKLM\...\StartupApproved\StartupFolder: => "CodecPackTrayMenu.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "cmsc"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\StartupApproved\StartupFolder: => "Nova mensagem.exe"
HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\StartupApproved\Run: => "Codec Pack Update Checker"

==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{E2C8C811-775F-4033-89E4-9ADBD7A34998}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{C127456D-C0A2-463D-82DE-5A58122BE652}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{B335C940-9F92-485B-A02F-FF5E159CC1FF}] => C:\Users\Glauber Segalla\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{4A4FBA05-41D8-4A5D-8C81-F13ECD77E4C8}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D8AE678B-2176-4C74-8D16-1EE04C53F513}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{0E59543B-048A-431F-B11F-802C151CA8C6}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{FA431B2E-C855-4CB5-8F1E-A71C2D33AE46}] => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{C8E23603-0B96-437D-86C3-6F14D64EF892}] => C:\Users\Glauber Segalla\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{11607F51-34DE-4369-B5F8-21800BAF2902}] => C:\Users\Glauber Segalla\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DADB4D0B-DD97-488E-8EE0-CEFD5E8A044E}] => %systemroot%\system32\alg.exe
FirewallRules: [{79F1725F-D82D-460D-9AA4-5D3FD1622EEF}] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe
FirewallRules: [{6F86D8C4-F951-43DC-A1AB-061745562E8B}] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe
FirewallRules: [{03871F7E-1485-430D-A061-0568C0B972F6}] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe
FirewallRules: [{62359765-F52D-4FD1-B18C-B2FED25C3D1C}] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe
FirewallRules: [{DFD327F6-50E2-43FB-A455-31A4BFF004C1}] => C:\Users\Glauber Segalla\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E0DCBE0B-B7C6-4E6D-B096-FAD94B99E946}] => C:\Users\Glauber Segalla\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7182DC0A-020E-4677-A15C-E3F16F249018}] => LPort=8317
FirewallRules: [{80DB4E56-8901-4A3A-BBE0-ECDBF91AEDFE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0C3BA93D-1422-40CD-8EF5-47EA67C5176D}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{016DC2D8-6611-415F-8C92-EF545BD8353D}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Pontos de Restauração =========================

28-12-2016 19:21:08 Revo Uninstaller's restore point - CutePDF Writer 3.1
03-01-2017 02:58:27 Revo Uninstaller's restore point - Google Chrome Canary
05-01-2017 17:59:58 Revo Uninstaller's restore point - Adobe Acrobat Reader DC - Português
05-01-2017 18:11:33 Revo Uninstaller's restore point - Wise Program Uninstaller 1.97
05-01-2017 20:42:01 após desinstalar o adobe e apagar perfil glalla2017
08-01-2017 01:32:28 Revo Uninstaller's restore point - Pale Moon 27.0.3 (x86 en-US)
10-01-2017 02:11:59 Revo Uninstaller's restore point - Outlook Express 6
10-01-2017 03:01:20 Revo Uninstaller's restore point - Outlook Express 6
10-01-2017 03:17:29 Revo Uninstaller's restore point - Outlook Express Backup Restore
15-01-2017 20:15:34 Revo Uninstaller's restore point - Malwarebytes versão 3.0.5.1299
15-01-2017 20:34:22 JRT Pre-Junkware Removal
16-01-2017 00:27:50 Revo Uninstaller's restore point - Start Menu Reviver
16-01-2017 00:34:02 Desinstalado com Total Uninstall "Start Menu Reviver"

==================== Dispositivos Apresentando Falhas No Gerenciador =============


==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (01/16/2017 10:50:01 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Falha no Procedimento Open para o serviço ".NETFramework" na DLL "C:\windows\system32\mscoree.dll". Os dados de desempenho para este serviço não estarão disponíveis. Os primeiros quatro bytes (DWORD) da seção de Dados contêm o código do erro.

Error: (01/16/2017 12:27:49 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {816f77f1-12cb-49ab-8215-b2511d167666}

Error: (01/15/2017 08:46:26 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Falha do Windows Search Service ao processar a lista de locais incluídos e excluídos com o erro <30, 0x80040d07, "file:///B:\[4c7094c2-2448-4ed5-b53f-9e8ad9b269f3]\Vídeos\">.

Error: (01/15/2017 08:46:26 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Falha do Windows Search Service ao processar a lista de locais incluídos e excluídos com o erro <30, 0x80040d07, "file:///B:\[4c7094c2-2448-4ed5-b53f-9e8ad9b269f3]\Shows\">.

Error: (01/15/2017 08:46:26 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Falha do Windows Search Service ao processar a lista de locais incluídos e excluídos com o erro <30, 0x80040d07, "file:///B:\[4c7094c2-2448-4ed5-b53f-9e8ad9b269f3]\Revistas\">.

Error: (01/15/2017 08:46:26 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Falha do Windows Search Service ao processar a lista de locais incluídos e excluídos com o erro <30, 0x80040d07, "file:///B:\[4c7094c2-2448-4ed5-b53f-9e8ad9b269f3]\Perfil Navegadores e Outlook Express\">.

Error: (01/15/2017 08:46:26 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Falha do Windows Search Service ao processar a lista de locais incluídos e excluídos com o erro <30, 0x80040d07, "file:///B:\[4c7094c2-2448-4ed5-b53f-9e8ad9b269f3]\PERFIL FIREFOX NOVO 13 JANEIRO 2016\">.

Error: (01/15/2017 08:46:26 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Falha do Windows Search Service ao processar a lista de locais incluídos e excluídos com o erro <30, 0x80040d07, "file:///B:\[4c7094c2-2448-4ed5-b53f-9e8ad9b269f3]\Músicas\">.

Error: (01/15/2017 08:46:26 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Falha do Windows Search Service ao processar a lista de locais incluídos e excluídos com o erro <30, 0x80040d07, "file:///B:\[4c7094c2-2448-4ed5-b53f-9e8ad9b269f3]\Loterias\">.

Error: (01/15/2017 08:46:26 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Falha do Windows Search Service ao processar a lista de locais incluídos e excluídos com o erro <30, 0x80040d07, "file:///B:\[4c7094c2-2448-4ed5-b53f-9e8ad9b269f3]\Imagens\">.


Erros de Sistema:
=============
Error: (01/15/2017 08:47:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Start Menu Logon Manager devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (01/15/2017 08:47:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço LiveUpdate devido ao seguinte erro:
O sistema não pode encontrar o caminho especificado.

Error: (01/15/2017 08:46:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Windows Search devido ao seguinte erro:
O sistema não pode encontrar o caminho especificado.

Error: (01/15/2017 08:46:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Serviço de Compartilhamento de Rede do Windows Media Player depende do serviço Windows Search, mas não foi possível iniciá-lo devido ao seguinte erro:
O sistema não pode encontrar o caminho especificado.

Error: (01/15/2017 08:46:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Windows Search devido ao seguinte erro:
O sistema não pode encontrar o caminho especificado.

Error: (01/15/2017 08:46:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Windows Search devido ao seguinte erro:
O sistema não pode encontrar o caminho especificado.

Error: (01/15/2017 08:46:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Windows Search foi finalizado inesperadamente. Isto aconteceu 2 vez(es). A seguinte ação corretiva será tomada em 30000 milissegundos: Reiniciar o serviço.

Error: (01/15/2017 08:46:19 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: O serviço Windows Search terminou com o seguinte erro específico de serviço:
%%2147749126

Error: (01/15/2017 08:46:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Serviço de Compartilhamento de Rede do Windows Media Player foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 30000 milissegundos: Reiniciar o serviço.

Error: (01/15/2017 08:46:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço HP Support Solutions Framework Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es).


==================== Informações da Memória ===========================

Processador: AMD E1-6010 APU with AMD Radeon R2 Graphics
Percentagem de memória em uso: 36%
RAM física total: 3774.09 MB
RAM física disponível: 2382.95 MB
Virtual Total: 7614.09 MB
Virtual disponível: 6046.84 MB

==================== Drives ================================

Drive b: (Arquivos) (Fixed) (Total:117.19 GB) (Free:67.84 GB) NTFS
Drive c: (Windows ) (Fixed) (Total:332.64 GB) (Free:183.51 GB) NTFS ==>[sistema com componentes de inicialização (obtido através de drive)]
Drive d: (Recovery Image) (Fixed) (Total:14.46 GB) (Free:1.79 GB) NTFS ==>[sistema com componentes de inicialização (obtido através de drive)]

==================== MBR & Tabela de Partições ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 55E3917C)

Partition: GPT.

==================== Fim de Addition.txt ============================
joram
joram Highlander Registrado
5.4K Mensagens 2.5K Curtidas
#15 Por joram
16/01/2017 - 12:18
/_ Boa Tarde! glalla _\

> Copie estas informações que estão no spoiler,para o Bloco de Notas.
> Salve-as,com o nome fixlist. << Texto!
> Salve-as no desktop! ( Área de trabalho ... )

[spoiler]start
CloseProcesses:
AutoConfigURL: [S-1-5-21-1751273365-4100181127-1669670999-1001] => hxxp://noblockweb.net/wpad.dat?75bf99f57d20c269bed3260f4914685723699845
ManualProxies: 0hxxp://noblockweb.net/wpad.dat?75bf99f57d20c269bed3260f4914685723699845
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/17
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/17
HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/17
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1751273365-4100181127-1669670999-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Sem Nome -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> Nenhum Arquivo
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - Nenhum Arquivo
S2 LiveUpdateSvc; não ImagePath
2017-01-15 20:39 - 2017-01-15 20:39 - 00001316 _____ C:\Users\Glauber Segalla\Desktop\JRT.txt
2017-01-15 20:28 - 2017-01-15 20:28 - 01663040 _____ (Malwarebytes) C:\Users\Glauber Segalla\Desktop\JRT.exe
2017-01-15 16:28 - 2017-01-15 20:19 - 00000000 ____D C:\Users\Glauber Segalla\AppData\Local\ESET
2017-01-15 16:21 - 2017-01-15 16:21 - 00030114 _____ C:\Users\Glauber Segalla\Desktop\relatório mbam arquivos enviados para quarentena 15-01-17.txt
2017-01-15 16:10 - 2017-01-15 16:10 - 00033326 _____ C:\Users\Glauber Segalla\Desktop\relatório mbam 15-01-17.txt
2017-01-15 02:56 - 2017-01-15 02:56 - 16769244 _____ C:\Users\Glauber Segalla\Desktop\How to remove browser redirects (browser hijackers)-.mp4
2017-01-02 02:10 - 2017-01-02 02:11 - 0007680 _____ () C:\Users\Glauber Segalla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-16 02:29 - 2016-01-16 02:29 - 0000057 _____ () C:\ProgramData\Ament.ini
Task: {1FF17B92-39B4-4202-85B1-6927F676845A} - \Microsoft OneDrive Auto Update Task-S-1-5-21-1751273365-4100181127-1669670999-1001 -> Nenhum Arquivo <==== ATENÇÃO
Task: {6761F371-8B06-4B72-A0C9-93ED5BBEA402} - \GoogleUpdateTaskUserS-1-5-21-1751273365-4100181127-1669670999-1001Core -> Nenhum Arquivo <==== ATENÇÃO
Task: {984FEEB7-E9CD-4C15-BAE9-26912C4D2534} - \GoogleUpdateTaskUserS-1-5-21-1751273365-4100181127-1669670999-1001UA -> Nenhum Arquivo <==== ATENÇÃO
Task: {CA0DA0C6-309D-430B-B224-2BE3B093A2F4} - \AutoPico Daily Restart -> Nenhum Arquivo <==== ATENÇÃO
Task: {E6ADB660-847C-4D2D-90C2-A0628EE88049} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-11] (Adobe Systems Incorporated)
Task: {ED98C084-262D-4FAD-AA12-6AE3287575BB} - \YCMServiceAgent -> Nenhum Arquivo <==== ATENÇÃO
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
ShortcutWithArgument: C:\Users\Glauber Segalla\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Paciência Online.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=cahbledjpnekmjeglfnelmnjfnmmemob
ShortcutWithArgument: C:\Users\Glauber Segalla\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\45de30f3c04d11bc\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=clototyjozerghpribeward
CMD: sfc /scannow
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end[/spoiler]

> Execute FRST/FRST64 >> Clique "Corrigir" << Aguarde!
> Na mensagem,clique Executar.
> Poste o relatório! (Fixlog.txt)
> Este e outros relatórios,podem ser encontrados na pasta: Disco Local (C) > FRST > Logs

Imagem
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! >

[Abs]
Moderador - iMasters Fóruns - Segurança & Malwares
Administrador - Fórum SecSecurity
Administrador - Fórum PC Brasil
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal