Format du document : text/plain
Prévisualisation
Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 01-01-2017
Executado por Lucimar (06-01-2017 20:39:39)
Executando a partir de C:\Users\Lucimar\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-08-01 02:57:35)
Modo da Inicialização: Normal
==========================================================
==================== Contas: =============================
Administrador (S-1-5-21-2705312239-909248705-17524377-500 - Administrator - Disabled)
Convidado (S-1-5-21-2705312239-909248705-17524377-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2705312239-909248705-17524377-1002 - Limited - Enabled)
Lucimar (S-1-5-21-2705312239-909248705-17524377-1000 - Administrator - Enabled) => C:\Users\Lucimar
==================== Central de Segurança ========================
(Se uma entrada for incluÃda na fixlist, será removida.)
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Programas Instalados ======================
(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)
4500G510af_Ent (x32 Version: 000.0.425.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
AD_Install (x32 Version: 000.0.425.000 - HP) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Any Video Converter 5.9.1 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
bnains version 1.0 (HKLM-x32\...\{305B36CF-E7A6-4ACC-9207-9BE09314259C}_is1) (Version: 1.0 - )
bnains version 1.0 (HKLM-x32\...\{B552B283-6EBC-457E-8187-01682C83F26C}_is1) (Version: 1.0 - )
Booking.com version 1.1.0.5019 (HKLM-x32\...\{958A475F-037D-401A-AC05-209725973E11}_is1) (Version: 1.1.0.5019 - Booking.com) <==== ATENÃÃO
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 2.5.0.0 - Byte Technologies LLC) <==== ATENÃÃO
CALL - Vs5 (HKLM-x32\...\CALL_VS5) (Version: 5 - CCAA)
CALL Vs.5 (x32 Version: 5 - CCAA) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
GBBD Caixa Economica Federal (HKLM-x32\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: 3.12.0.2 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{07B5B07B-3A6A-43F0-93B9-5EF934A73C7A}) (Version: 12.2.8.17 - Hewlett-Packard Company)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 74 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Macromedia Flash Player 8 (HKLM-x32\...\ShockwaveFlash) (Version: 8 - Macromedia)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Módulo de Proteção - Banco Santander (Brasil) S.A. (HKLM-x32\...\{83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1) (Version: 3.12.1.2 - )
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.2.28 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 1.0.40 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.) Hidden
Mozilla Firefox 50.1.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 pt-BR)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Pacote de Driver do Windows - ZTE Corporation (ZTEusbmdm6k) Modem (11/04/2008 1.2050.0.9) (HKLM\...\717476F752ECD35068D55A70ADAB74C0865D0604) (Version: 11/04/2008 1.2050.0.9 - ZTE Corporation)
Pacote de Driver do Windows - ZTE Corporation (ZTEusbnmea) Ports (11/04/2008 1.2050.0.9) (HKLM\...\4E1D8DC4BABC15A9FC505FC75418239342464F92) (Version: 11/04/2008 1.2050.0.9 - ZTE Corporation)
Pacote de Driver do Windows - ZTE Corporation (ZTEusbser6k) Ports (11/04/2008 1.2050.0.9) (HKLM\...\960D2AF39B6968A9203A2E0B2A33256C2830F016) (Version: 11/04/2008 1.2050.0.9 - ZTE Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Extended PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
SafeZone Stable 1.51.2220.53 (x32 Version: 1.51.2220.53 - Avast Software) Hidden
simpliclean (HKLM-x32\...\simplitec POWER SUITE_is1) (Version: 2.4.6.195 - simplitec GmbH)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype⢠7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Some PDF to Word Converter 2.0 (HKLM-x32\...\Some PDF to Word Converter_is1) (Version: - SomePDF.com)
Velox3G.exe (HKLM-x32\...\oigsm_is1) (Version: 1.0.1.332 - )
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
Yahoo! Powered (HKLM-x32\...\winsearch) (Version: - )
==================== Exame Personalizado CLSID (Whitelisted): ==========================
(Se uma entrada for incluÃda na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
CustomCLSID: HKU\S-1-5-21-2705312239-909248705-17524377-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0001}\InprocServer32 -> C:\Users\Lucimar\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-2705312239-909248705-17524377-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\Lucimar\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-2705312239-909248705-17524377-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0001}\InprocServer32 -> C:\Users\Lucimar\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-2705312239-909248705-17524377-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\Lucimar\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-2705312239-909248705-17524377-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Lucimar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2705312239-909248705-17524377-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Lucimar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2705312239-909248705-17524377-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Lucimar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2705312239-909248705-17524377-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Lucimar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2705312239-909248705-17524377-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Lucimar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Tarefas Agendadas (Whitelisted) =============
(Se uma entrada for incluÃda na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
Task: {08FD459A-C931-4610-B4B9-C1AEA096EF1F} - \SPDriver -> Nenhum Arquivo <==== ATENÃÃO
Task: {0C750A8C-92C2-4623-AF80-78E1629FD192} - System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => C:\Users\Lucimar\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe [2015-05-15] () <==== ATENÃÃO
Task: {0FBA7A36-F7CA-42FC-A371-475CD254C480} - System32\Tasks\avastBCLRestartS-1-5-21-2705312239-909248705-17524377-1000 => Chrome.exe
Task: {1B3DD710-38E2-4E05-ACBE-B3F6F73F10B0} - \WSE_Vosteran -> Nenhum Arquivo <==== ATENÃÃO
Task: {1F669842-68F4-4ABD-BC29-FC6EE63B7D1C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {2738935E-C353-4A2E-9C1D-C1C51AB18E7F} - System32\Tasks\Opera scheduled Autoupdate 1421884442 => C:\Program Files (x86)\Opera\launcher.exe
Task: {27C992A5-6A97-4AAE-8993-5BF5E16813B6} - System32\Tasks\{4AABF285-0673-4368-B270-CD521B09B1F2} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {3CA85F9C-407E-4ACC-9877-BDADF05CC6D2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {41BCA0F2-3BC9-44BC-89A8-B6805F952A1E} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2705312239-909248705-17524377-1000
Task: {424336A4-F0EF-4F41-8E92-9AD6D9B7CC22} - \Run_Bobby_Browser -> Nenhum Arquivo <==== ATENÃÃO
Task: {44D16CCC-9D61-4F5F-A76E-31A9FDEDED30} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2015-06-01] (YTDownloader) <==== ATENÃÃO
Task: {464A631C-65FF-4B81-BD30-D95EA1232E0F} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2016-08-27] (Byte Technologies LLC) <==== ATENÃÃO
Task: {48F29ED2-2792-42F3-8F28-E3F0C09417F7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-26] (AVAST Software)
Task: {4A13C254-4838-4DDE-B0EC-36BF3199E0AC} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] ()
Task: {4A74678F-F73E-4F03-B9A3-42A265529AA0} - \SPBIW_UpdateTask_Time_323031363839313439342d34784145552a2a3423326c57 -> Nenhum Arquivo <==== ATENÃÃO
Task: {4D60C6FC-A09E-4627-8E28-6086FBC4D4FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {4DA1F0FB-638A-4B38-9E8E-7A02C3974B4C} - System32\Tasks\Yahoo! Powered nosar => Wscript.exe "C:\ProgramData\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993}\tomi.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b45334241323644392d363946382d414331462d454633452d3332354437353743423939337d5c726964616665" "433a5c50726f6772616d446174615c7b45334241323644392d363946382d414331462d454633 (a entrada de dados tem 78 mais caracteres).
Task: {63D662ED-C65D-493F-83FB-48BB20B69954} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATENÃÃO
Task: {7742B9E4-41DC-459B-8D05-B9B254538DA8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {81023610-D0C0-4F64-AC87-44C5CC0CCA2E} - \ShopperPro -> Nenhum Arquivo <==== ATENÃÃO
Task: {8416AF03-2C01-45D7-9212-33244A3F7726} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2016-08-27] (Byte Technologies LLC) <==== ATENÃÃO
Task: {9BC5C81B-C8EF-47E0-8ECE-97A79C373A9E} - \Vosteran caco -> Nenhum Arquivo <==== ATENÃÃO
Task: {A13F4B11-D336-4530-9607-B65E85184BBA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe [2016-12-18] (Adobe Systems Incorporated)
Task: {A1724AA0-BA41-42A6-887A-41BC5E20588C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {A3442B28-79C1-4B33-BEC7-42540A227994} - System32\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89} => C:\Users\Lucimar\AppData\Roaming\{8AA5B~1\UPDATE~1.EXE [2016-12-05] () <==== ATENÃÃO
Task: {ABED58D6-26A4-481D-B317-80847CDD7CFD} - System32\Tasks\{47F08505-6350-4694-84D3-FE9503043E39} => pcalua.exe -a C:\Users\Lucimar\Downloads\OJ4500vG510a-f_corporate_64bit_13.exe -d C:\Users\Lucimar\Downloads
Task: {ADFB3328-714D-4012-B146-D4354C08EC48} - System32\Tasks\{D11EAD46-8D5B-4C3C-B5F5-E67B4B3C7841} => pcalua.exe -a C:\Users\Lucimar\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=bxk1 <==== ATENÃÃO
Task: {B80F0E14-4EE6-4118-B0AA-6FF668870963} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] ()
Task: {C4DFFD43-86F8-4D98-AC77-6C8903FD75F4} - System32\Tasks\SafeZone scheduled Autoupdate 1455541173 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
Task: {C8573C03-7CE3-422B-896C-F0658E5ED0A1} - System32\Tasks\{BD1E4D7D-29B0-46D5-8651-DB5A90EFF5A4} => pcalua.exe -a C:\ProgramData\ZombieNews\uninstall.exe -c /kb=y /ic=1
Task: {DAFD8B6D-8E44-4860-9D7E-78E70A4F6D0B} - System32\Tasks\Gnorujsepe => C:\ProgramData\Gnorujsepe\1.0.1.0\onioluog.exe <==== ATENÃÃO
Task: {DCE77CD0-231A-49F3-9781-D3ABA7375031} - \SPBIW_UpdateTask_Time_323031363839313439342d785b233457414a45415a506c -> Nenhum Arquivo <==== ATENÃÃO
Task: {DE81D6F9-6501-45D4-A718-920621D835FB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-18] (Adobe Systems Incorporated)
Task: {E15C7FA4-567C-46F6-AEF3-6C24131C88D2} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] ()
Task: {E6CDCEAF-FD51-4FA0-A71E-962A96F6DC95} - \ShopperProJSUpd -> Nenhum Arquivo <==== ATENÃÃO
Task: {ECDDEC66-68DB-4BB9-90B6-F05AED0D4F8F} - System32\Tasks\PostPoneInstall => C:\Users\Lucimar\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ATENÃÃO
Task: {EDB553A0-7787-42E1-A2FC-66073558B91B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {F825CEBD-CF9E-45F4-A03F-8DEA43C1C7C5} - System32\Tasks\{035B222F-2403-4A93-B1E6-4F8E855990F4} => pcalua.exe -a C:\Users\Lucimar\Downloads\iGBPCEFsf.exe -d C:\Users\Lucimar\Downloads
Task: {FB98754A-A3E9-476A-9648-C965E27BC77A} - \{3B7FD029-D932-411b-AF15-C96CF8EF0C18}{19F8DB95-4D78-4ddb-AC71-C610654FE37F} -> Nenhum Arquivo <==== ATENÃÃO
Task: {FF2CA29B-FA49-4991-B749-C193DCC87FC9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-12] (AVAST Software)
(Se uma entrada for incluÃda na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Yahoo! Powered nosar.job => Wscript.exe C:\ProgramData\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993}\tomi.txt <==== ATENÃÃO
Task: C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => C:\Users\Lucimar\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe Â-RunCheckUpdate C:\Users\Lucimar\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe <==== ATENÃÃO
Task: C:\Windows\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89}.job => C:\Users\Lucimar\AppData\Roaming\{8AA5B~1\UPDATE~1.EXE <==== ATENÃÃO
==================== Atalhos =============================
(As entradas podem ser listadas para serem restauradas ou removidas.)
ShortcutWithArgument: C:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678
ShortcutWithArgument: C:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678
ShortcutWithArgument: C:\Users\Lucimar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678
==================== Módulos Carregados (Whitelisted) ==============
2015-06-01 07:22 - 2015-06-01 07:22 - 00112560 _____ () C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe
2015-08-13 09:50 - 2015-07-08 22:26 - 00173088 _____ () C:\Users\Lucimar\AppData\Roaming\NetService\netservice.exe
2016-09-21 13:53 - 2016-10-01 15:40 - 00254280 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
2016-01-03 02:47 - 2015-12-16 06:21 - 04845408 _____ () C:\Users\Lucimar\AppData\Roaming\WinNetSvc\WinNetSvc.exe
2016-03-21 12:07 - 2016-07-11 15:40 - 05098760 _____ () C:\Users\Lucimar\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
2016-09-21 13:53 - 2016-10-01 15:40 - 00565064 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
2016-12-06 11:09 - 2016-12-06 11:09 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll
2016-09-26 13:55 - 2016-09-26 13:55 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-01-06 18:10 - 2017-01-06 18:10 - 03138056 _____ () C:\Program Files\AVAST Software\Avast\defs\17010601\algo.dll
2016-09-26 13:55 - 2016-09-26 13:55 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-03 02:47 - 2015-11-28 06:45 - 00083456 _____ () C:\Users\Lucimar\AppData\Roaming\WinNetSvc\Interface.dll
2015-03-30 06:51 - 2015-03-30 06:51 - 00141856 _____ () C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5841\zlib1.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\pt_br\acrotray.ptb
2016-09-26 13:56 - 2016-09-26 13:56 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(Se uma entrada for incluÃda na fixlist, somente o ADS será removido.)
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\Windows\System32:F13278F6_Abn.gbp [2]
AlternateDataStreams: C:\Windows\System32:F13278F6_Bb.gbp [2]
AlternateDataStreams: C:\Windows\System32:F13278F6_Cef.gbp [2]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1198]
AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]
AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10]
==================== Modo de Segurança (Whitelisted) ===================
(Se uma entrada for incluÃda na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)
==================== Associação (Whitelisted) ===============
(Se uma entrada for incluÃda na fixlist, o Ãtem no Registro será restaurado para o padrão ou removido.)
==================== Internet Explorer confiável/restrito ===============
(Se uma entrada for incluÃda na fixlist, será removida do Registro.)
IE trusted site: HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\bancobrasil.com.br -> www.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\bancoreal.com.br -> hxxp://www.bancoreal.com.br
IE trusted site: HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\bancosantander.com.br -> hxxp://www.bancosantander.com.br
IE trusted site: HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\bancosantander.com.br -> hxxps://www.bancosantander.com.br
IE trusted site: HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\bb.com.br -> hxxps://seg.bb.com.br
IE trusted site: HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\caixa.gov.br -> imagem.caixa.gov.br
IE trusted site: HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br
IE trusted site: HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\realsecureweb.com.br -> hxxps://www.realsecureweb.com.br
IE trusted site: HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\santander.com.br -> www.santander.com.br
IE trusted site: HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\santander.com.br -> hxxp://www.santander.com.br
IE trusted site: HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\santanderempresarial.com.br -> www.santanderempresarial.com.br
IE trusted site: HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\santanderempresarial.com.br -> hxxp://www.santanderempresarial.com.br
IE trusted site: HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\santandernet.com.br -> www.santandernet.com.br
IE trusted site: HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\santandernet.com.br -> hxxps://www.santandernet.com.br
IE trusted site: HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\santandernetibe.com.br -> www.santandernetibe.com.br
IE trusted site: HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\santandernetibe.com.br -> hxxps://www.santandernetibe.com.br
IE trusted site: HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\secureweb.com.br -> hxxps://www.secureweb.com.br
==================== Hosts Conteúdo: ==========================
(Se necessário, a diretiva Hosts: pode ser incluÃda na fixlist para redefinir o Hosts.)
2009-07-13 23:34 - 2017-01-06 20:30 - 00002022 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
Existem ainda 4 mais linhas.
==================== Outras Ãreas ============================
(Atualmente não há nenhuma correção automática para esta seção.)
HKU\S-1-5-21-2705312239-909248705-17524377-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.
==================== MSCONFIG/TASK MANAGER Ãtens desabilitados ==
MSCONFIG\startupreg: 3D BubbleSound => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
MSCONFIG\startupreg: DriverUpdaterPro => C:\Program Files (x86)\oTweak\DriverUpdaterPro\DriverUpdaterPro.exe /ot /as /ss
MSCONFIG\startupreg: SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2284\jsdrv.exe
MSCONFIG\startupreg: YTDownloader => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
==================== Regras do Firewall (Whitelisted) ===============
(Se uma entrada for incluÃda na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
FirewallRules: [{C8C2D2F8-E4AF-42F3-BD3B-4C3DDEC0C818}] => C:\Users\Lucimar\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{D9F687BF-4E89-4244-83E0-52D3A76F202A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EA8B08B5-976E-4BC8-B27E-FDD881975572}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8669FDE0-8FD0-48F3-BE21-0A9CD65BC3F2}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BE8D5A38-242F-48BD-8328-D8D13D6B9102}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D6BB17B7-5A86-4A48-BFB2-83E0F576E46C}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{440874E2-C034-45C6-9527-67C90A42819D}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Pontos de Restauração =========================
23-10-2016 12:47:17 ASU_MSI_TRAN
27-10-2016 10:52:42 ASU_MSI_TRAN
23-11-2016 21:43:45 ASU_MSI_TRAN
06-01-2017 18:33:57 Windows Update
==================== Dispositivos Apresentando Falhas No Gerenciador =============
Name: Dispositivo do sistema básico
Description: Dispositivo do sistema básico
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Dispositivo do sistema básico
Description: Dispositivo do sistema básico
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Adaptador de Túnel Teredo da Microsoft
Description: Adaptador de Túnel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Warsaw - Driver (PP)
Description: Warsaw - Driver (PP)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: wsddpp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Controlador Ethernet
Description: Controlador Ethernet
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Erros no Log de eventos: =========================
Erros em Aplicativos:
==================
Error: (01/06/2017 08:30:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe".
Assembly dependente Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.
Error: (01/06/2017 06:44:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe".
Assembly dependente Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.
Error: (01/06/2017 06:06:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe".
Assembly dependente Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.
Error: (01/05/2017 12:57:06 PM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (4552) WebCacheLocal: Erro -1032 (0xfffffbf8) ao abrir o arquivo de log C:\Users\Lucimar\AppData\Local\Microsoft\Windows\WebCache\V01.log.
Error: (01/05/2017 12:57:05 PM) (Source: ESENT) (EventID: 489) (User: )
Description: DllHost (4552) WebCacheLocal: Uma tentativa de abrir o arquivo "C:\Users\Lucimar\AppData\Local\Microsoft\Windows\WebCache\V01.log" para acesso somente leitura falhou com o erro de sistema 32 (0x00000020): "O arquivo já está sendo usado por outro processo. ". A operação para abrir o arquivo falhará com o erro -1032 (0xfffffbf8).
Error: (01/05/2017 12:45:38 PM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (484) WebCacheLocal: Erro -1032 (0xfffffbf8) ao abrir o arquivo de log C:\Users\Lucimar\AppData\Local\Microsoft\Windows\WebCache\V01.log.
Error: (01/05/2017 12:45:38 PM) (Source: ESENT) (EventID: 489) (User: )
Description: DllHost (484) WebCacheLocal: Uma tentativa de abrir o arquivo "C:\Users\Lucimar\AppData\Local\Microsoft\Windows\WebCache\V01.log" para acesso somente leitura falhou com o erro de sistema 32 (0x00000020): "O arquivo já está sendo usado por outro processo. ". A operação para abrir o arquivo falhará com o erro -1032 (0xfffffbf8).
Error: (01/05/2017 12:45:24 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (484) WebCacheLocal: Falha ao tentar abrir o arquivo "C:\Users\Lucimar\AppData\Local\Microsoft\Windows\WebCache\V01.chk" para acesso de leitura/gravação com o erro de sistema 32 (0x00000020): "O arquivo já está sendo usado por outro processo. ". A operação de abertura do arquivo falhará com o erro -1032 (0xfffffbf8).
Error: (01/05/2017 09:23:19 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe".
Assembly dependente Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.
Error: (01/04/2017 04:44:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe".
Assembly dependente Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.
Erros de Sistema:
=============
Error: (01/06/2017 08:34:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possÃvel iniciar o serviço Gbpddreg svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.
Error: (01/06/2017 08:34:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possÃvel iniciar o serviço Warsaw File Access svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.
Error: (01/06/2017 08:34:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possÃvel iniciar o serviço Warsaw File Access svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.
Error: (01/06/2017 08:34:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possÃvel iniciar o serviço Gbpddreg svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.
Error: (01/06/2017 08:34:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possÃvel iniciar o serviço Warsaw File Access svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.
Error: (01/06/2017 08:34:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possÃvel iniciar o serviço Warsaw File Access svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.
Error: (01/06/2017 08:31:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possÃvel iniciar o serviço Gbpddreg svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.
Error: (01/06/2017 08:31:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possÃvel iniciar o serviço Gbpddreg svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.
Error: (01/06/2017 08:30:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possÃvel iniciar o serviço Warsaw File Access svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.
Error: (01/06/2017 08:30:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de inÃcio do sistema ou de inicialização:
gbpddfac
gbpddreg
wsddfac
==================== Informações da Memória ===========================
Processador: AMD C-60 APU with Radeon(tm) HD Graphics
Percentagem de memória em uso: 39%
RAM física total: 3548.15 MB
RAM física disponível: 2150.07 MB
Virtual Total: 7094.49 MB
Virtual disponível: 5590.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:353.4 GB) NTFS
==================== MBR & Tabela de Partições ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9611BDF3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== Fim de Addition.txt ============================