Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
poy

remover win64:adware-gen

Recommended Posts

Ao executar uma varredura com o Avast ele acusou a presença do  win64:adware-gen. O antivirus tem as opções auto, delete, repair, chest e nothing. Escolhi cada uma dessas  opções mas nada acontece.

Tentei seguir o caminho indicado pelo avast mas não consigo achar a pasta indicada (estou exibindo todas pastas ocultas).
O pior é que a varredura do Avast sempre para quando encontra esse item e não segue adiante.
Como consigo remover esse cara ?

tela avast.jpg

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Diego,

     

    tentei executar o ZA-Scan varias vezes e ele cancela com a mensagem "DaS21 parou de funcionar"

    O que mais posso fazer ?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @poy

     

    Ok!

     

    Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

     

    Por favor, atente para o seguinte:

    • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
    • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
    • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
    • Sempre coloque suas respostas neste tópico... Não abra outro!
    • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
    • Respeite a ordem das instruções passadas.

    Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

     

    # Etapa nº 1 #
     
    Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop)

    Execute o arquivo adwcleaner.exe

     

    Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

    • Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome"
    • Clique no botão Verificar e aguarde o exame finalizar.
    • Clique no botão Limpar.
    • Abrirá um bloco de notas com o resultado.
    • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.
    • O log também será salvo em C:\AdwCleaner


    NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar.
     
    # Etapa nº 2 #
     
    Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

    Baixe o Junkware Removal Tool (JRT) e salve em sua Área de trabalho (Desktop)

     

    Clique duas vezes para executar o jrt.exe.
     

    Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

    • A ferramenta começará o exame do seu sistema.
    • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
    • Ao final um log se abrirá. Será salvo no desktop com o nome de JRT.txt.
    • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

     
    # Etapa nº 3 #
     
    Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

    Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

     

    Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

    • Clique no botão Scanner.
    • A ferramenta começara o exame do seu sistema.
    • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
    • Em seguida clique no botão Reparar.
    • Será gerado um log chamado ZHPCleaner.txt
    • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • seguem os logs:

    # AdwCleaner v6.045 - Relatório criado 08/04/2017 às 12:05:58
    # Atualizado em 28/03/2017 por Malwarebytes
    # Banco de dados : 2017-04-06.1 [Local]
    # Sistema operacional : Windows 7 Home Basic Service Pack 1 (X86)
    # Usuário : Sergio - SERGIO-PC
    # Executando de : C:\Users\Sergio\Desktop\adwcleaner_6.045.exe
    # Modo: Limpo
    # Apoio : https://www.malwarebytes.com/support

    ***** [ Serviços ] *****

    ***** [ Pastas ] *****

    ***** [ Arquivos ] *****

    ***** [ DLL ] *****

    ***** [ WMI ] *****

    ***** [ Atalhos ] *****

    ***** [ Atividades agendadas ] *****

    ***** [ Registro ] *****

    ***** [ Verificando navegadores ... ] *****

    [-] [C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Eliminado:br.ask.com


    *************************

    :: Chaves "Tracing" excluídas
    :: Configurações Winsock restauradas
    :: Políticas do IE excluídas
    :: Políticas do Chrome excluídas

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [17837 Bytes] - [27/03/2017 20:39:29]
    C:\AdwCleaner\AdwCleaner[C2].txt - [1085 Bytes] - [08/04/2017 12:05:58]
    C:\AdwCleaner\AdwCleaner[S0].txt - [17100 Bytes] - [27/03/2017 20:34:09]
    C:\AdwCleaner\AdwCleaner[S1].txt - [1530 Bytes] - [08/04/2017 12:05:08]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1305 Bytes] ##########

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.2 (03.10.2017)
    Operating System: Windows 7 Home Basic x86
    Ran by Sergio (Administrator) on 08/04/2017 at 12:16:34,73
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    File System: 33

    Failed to delete: C:\Windows\System32\wscm32.dll (File)
    Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
    Successfully deleted: C:\Users\Sergio\AppData\Local\{8EEC4A8C-2939-49F7-8C4F-3A4DD8DEBA81} (Empty Folder)
    Successfully deleted: C:\Users\Sergio\AppData\Local\{E76F86D2-F5DC-41FA-9A74-1302932A40F1} (Empty Folder)
    Successfully deleted: C:\Users\Sergio\AppData\Local\cre (Folder)
    Successfully deleted: C:\Users\Sergio\AppData\Roaming\getrighttogo (Folder)
    Successfully deleted: C:\Users\Sergio\AppData\Roaming\new version available (Folder)
    Successfully deleted: C:\Users\Sergio\Documents\1click.cfg (File)
    Successfully deleted: C:\Windows\wininit.ini (File)
    Successfully deleted: C:\Users\Sergio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2VWYS7QU (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Sergio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3XR7W7J1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Sergio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5HBE3JB7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Sergio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6O65ZV3F (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Sergio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXZ8QG9D (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Sergio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFKTWVYU (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Sergio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EUJBTZXN (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Sergio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GSBUQD9A (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Sergio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEU36R6H (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Sergio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I2626Z5T (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Sergio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UN2VJB1I (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Sergio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WKMYZZUR (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2VWYS7QU (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3XR7W7J1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5HBE3JB7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6O65ZV3F (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXZ8QG9D (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFKTWVYU (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EUJBTZXN (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GSBUQD9A (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEU36R6H (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I2626Z5T (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UN2VJB1I (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WKMYZZUR (Temporary Internet Files Folder)

    user_pref(browser.startup.homepage, hxxps://br.search.yahoo.com/?type=435371&fr=spigot-yhp-ff);

    Registry: 5

    Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\BrowserPlugInHelper (Registry Value)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F397F02-B7E3-4EE7-8F24-988C1BE6E0A5} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{6B896ADB-4A82-46e2-858C-13134782CE34} (Registry Value)


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 08/04/2017 at 13:00:28,11
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    ~ ZHPCleaner v2017.4.8.61 by Nicolas Coolman (2017/04/08)
    ~ Run by Sergio (Administrator)  (08/04/2017 13:19:01)
    ~ Web: https://www.nicolascoolman.com
    ~ Blog: https://nicolascoolman.eu/
    ~ Facebook : https://www.facebook.com/nicolascoolman1
    ~ State version : Version OK
    ~ Type : Reparo
    ~ Report : C:\Users\Sergio\Desktop\ZHPCleaner.txt
    ~ Quarantine : C:\Users\Sergio\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
    ~ UAC : Deactivate
    ~ Boot Mode : Normal (Normal boot)
    Windows 7 Home Basic, 32-bit Service Pack 1 (Build 7601)


    ---\\  Serviços (0)
    ~ Nenhum ítem malicioso o desnecessários foi encontrado.


    ---\\  Navegadores de Internet (0)
    ~ Nenhum ítem malicioso o desnecessários foi encontrado.


    ---\\  Arquivo hosts (1)
    ~ O arquivo hosts é legítimo (20)


    ---\\  Tarefas automáticas agendadas. (0)
    ~ Nenhum ítem malicioso o desnecessários foi encontrado.


    ---\\  Explorer ( Arquivos, Pastas) (150)
    MOVIDO pasta: C:\Windows\Installer\wix{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}.SchedServiceConfig.rmi    =>.Superfluous.Empty
    MOVIDO pasta: C:\Windows\Installer\wix{15A0A9A6-6CF0-4EEE-8E12-096B33F92CA7}.SchedServiceConfig.rmi    =>.Superfluous.Empty
    MOVIDO pasta: C:\Windows\Installer\wix{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}.SchedServiceConfig.rmi    =>.Superfluous.Empty
    MOVIDO pasta: C:\Windows\Installer\wix{235EBB33-3DA1-46DF-AADE-9955123409CB}.SchedServiceConfig.rmi    =>.Superfluous.Empty
    MOVIDO pasta: C:\Windows\Installer\wix{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}.SchedServiceConfig.rmi    =>.Superfluous.Empty
    MOVIDO pasta: C:\Windows\Installer\wix{459699C3-9430-4381-964B-4248D87B49F9}.SchedServiceConfig.rmi    =>.Superfluous.Empty
    MOVIDO pasta: C:\Windows\Installer\wix{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}.SchedServiceConfig.rmi    =>.Superfluous.Empty
    MOVIDO pasta: C:\Windows\Installer\wix{5CFFD58D-A8EB-439C-B3FD-A8862C886C55}.SchedServiceConfig.rmi    =>.Superfluous.Empty
    MOVIDO pasta: C:\Windows\Installer\wix{85991ED2-010C-4930-96FA-52F43C2CE98A}.SchedServiceConfig.rmi    =>.Superfluous.Empty
    MOVIDO pasta: C:\Windows\Installer\wix{90B7F915-6343-43CE-9DA7-E79E5BAC6673}.SchedServiceConfig.rmi    =>.Superfluous.Empty
    MOVIDO pasta: C:\Windows\Installer\wix{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}.SchedServiceConfig.rmi    =>.Superfluous.Empty
    MOVIDO pasta: C:\Windows\Installer\wix{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}.SchedServiceConfig.rmi    =>.Superfluous.Empty
    MOVIDO pasta: C:\Windows\Installer\wix{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}.SchedServiceConfig.rmi    =>.Superfluous.Empty
    MOVIDO pasta: C:\Windows\Installer\wix{D9F3D66A-9885-4DDD-A800-9DDF488359A1}.SchedServiceConfig.rmi    =>.Superfluous.Empty
    MOVIDO pasta: C:\Windows\Installer\wix{E14ADE0E-75F3-4A46-87E5-26692DD626EC}.SchedServiceConfig.rmi    =>.Superfluous.Empty
    MOVIDO pasta: C:\Windows\Installer\wix{E1DB0812-2D60-43DB-AE09-6C7027D93B28}.SchedServiceConfig.rmi    =>.Superfluous.Empty
    MOVIDO pasta: C:\Windows\Installer\wix{F53D678E-238F-4A71-9742-08BB6774E9DC}.SchedServiceConfig.rmi    =>.Superfluous.Empty
    MOVIDO pasta: C:\ProgramData\InstallMate\{C507AD6B-49C0-486A-AA81-01E21EE48F9D}\Setup.exe [Tarma Software Research Pty Ltd - InstallMate® Setup]  =>.Superfluous.Tarma
    MOVIDO pasta: C:\ProgramData\InstallMate\{C507AD6B-49C0-486A-AA81-01E21EE48F9D}\TsuDll.dll [Tarma Software Research Pty Ltd - InstallMate® Setup Library]  =>.Superfluous.Tarma
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\2318611.od    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\7za.exe    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\appdata.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\batch.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\chromelook.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\chrome_installer.log    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\chromium.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\CProgram Filesavast softwareSZBrowser3.55.2393.596SZBrowser_autoupdate.download.lock    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\CProgram Filesavast softwareSZBrowser3.55.2393.596SZBrowser_autoupdate.metrics.lock    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\custom.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\CVR6113.tmp.cvr    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\DaS_21.exe [E Dev - DaS21]  =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\delete.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\DeleteOnReboot.bat    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\delregkeys.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\desktop.txt    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\downloads.txt    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\export.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\F892.tmp    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\fakeprofile.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\ffprofiles.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\firefox.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\firefoxlook.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\folderview.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\hijackthis.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\htr7608.tmp    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\iedefaults.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\javafolders.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\localappdata.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\log.txt    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\path.txt    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\PEVZ.EXE    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\process.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\registry.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\registry64.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\regsearch.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\regsearch2.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\remove.exe    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\sample.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\search.ico    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\sed.exe    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\service.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\services.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\shortcut.exe [Optimum X - Creates, modifies or queries Windows shell]  =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\startupall.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\subfolderview.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\swreg.exe [SteelWerX - Freeware implementation of REG.EXE]  =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\swxcacls.exe [SteelWerX - Freeware implementation of XCACLS]  =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\tempfolders.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\test9.bat    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\urlzoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\users.zoek    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\WER6789.tmp.WERInternalMetadata.xml    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\WER67A8.tmp.WERInternalMetadata.xml    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\WERD568.tmp.WERInternalMetadata.xml    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\wmplog00.sqm    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\wmplog01.sqm    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\wmplog02.sqm    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\wmplog03.sqm    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\wmplog04.sqm    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\yy82A1B.tmp    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\ZA-Scan    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\ZAscan    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\ZAScan.exe [E Dev - SplashLite]  =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\zoek-delete.exe    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\zoek.bat    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\zoek.hta    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\zoekrun.bat    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\zoekrun.hta    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Temp\~DF270BF7B7BA47020C.TMP    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ol.at.atwola.com_0.localstorage    =>.Superfluous.Atwola
    MOVIDO pasta: C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ol.at.atwola.com_0.localstorage-journal    =>.Superfluous.Atwola
    MOVIDO arquivo: C:\Program Files\Freemake  =>.Superfluous.Empty
    MOVIDO arquivo: C:\Program Files\Common Files\Common Share  =>PUP.Optional.CommonShare
    MOVIDO arquivo: C:\ProgramData\InstallMate  =>.Superfluous.Tarma
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\scoped_dir_1800_23079  =>.Superfluous.Temporary.Steam
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\scoped_dir_7836_19179  =>.Superfluous.Temporary.Steam
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\scoped_dir_7836_22666  =>.Superfluous.Temporary.Steam
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\scoped_dir_7836_27854  =>.Superfluous.Temporary.Steam
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\scoped_dir_8084_8032  =>.Superfluous.Temporary.Steam
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\scoped_dir_864_10676  =>.Superfluous.Temporary.Steam
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\scoped_dir_864_11065  =>.Superfluous.Temporary.Steam
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\scoped_dir_864_18624  =>.Superfluous.Temporary.Steam
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\scoped_dir_864_19150  =>.Superfluous.Temporary.Steam
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\scoped_dir_864_2218  =>.Superfluous.Temporary.Steam
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\scoped_dir_864_29423  =>.Superfluous.Temporary.Steam
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-1  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-10  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-11  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-12  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-13  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-14  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-15  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-16  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-17  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-18  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-19  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-2  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-20  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-21  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-22  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-23  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-24  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-25  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-26  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-27  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-28  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-29  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-3  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-30  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-31  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-32  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-33  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-34  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-35  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-36  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-37  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-38  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-39  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-4  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-40  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-5  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-6  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-7  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-8  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\Temp\plugtmp-9  =>.Superfluous.Empty.PluginViewer
    MOVIDO arquivo: C:\Users\Convidado\AppData\Local\Temp\scoped_dir_3220_28482  =>.Superfluous.Temporary.Steam
    MOVIDO arquivo: C:\Program Files\QuickTime  =>Riskware.QuickTime
    MOVIDO arquivo: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime  =>Riskware.QuickTime
    MOVIDO arquivo: C:\Users\Sergio\AppData\Local\{C9F1B12D-C81D-4EC6-9A67-C7C96E0AD500}  =>.Superfluous.Empty


    ---\\  Registro ( Chaves, Valores, Dados ) (25)
    SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-2703107185-878268938-2787040127-1000\SOFTWARE\Xmlbar []  =>Toolbar.Agent
    SUPRIMIDO chave: HKCU\Software\Xmlbar []  =>Toolbar.Agent
    SUPRIMIDO chave*: HKCU\Software\AppDataLow\Software\Smartbar []  =>PUP.Optional.QuickShare
    SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16375353-6A42-4707-A7BC-139C8A3449C} [C:\Program Files\I - Cinema (Not File)]  =>Adware.CrossRider
    SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BCC4E99-7667-4A43-B27-E9B9533347B} [C:\Program Files\I - Cinema (Not File)]  =>Adware.CrossRider
    SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{372115DA-B84E-4864-B6D6-A243B51E527A} [C:\Program Files\I - Cinema (Not File)]  =>Adware.CrossRider
    SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F882015-EF1E-423C-A8B8-8372534ECB} [C:\Program Files\I - Cinema (Not File)]  =>Adware.CrossRider
    SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3FB53E2D-FE8F-4635-AABE-BFA950BBA46} [C:\Program Files\I - Cinema (Not File)]  =>Adware.CrossRider
    SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{441CBE5-2EC5-4477-83A3-43F699EA8A7} [C:\Program Files\I - Cinema (Not File)]  =>Adware.CrossRider
    SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60DFD61-C98F-47B7-BCFA-E4C765C37E57} [C:\Program Files\I - Cinema (Not File)]  =>Adware.CrossRider
    SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6215D7C0-FCB4-483C-8FA2-93707CF250B7} [C:\Program Files\I - Cinema (Not File)]  =>Adware.CrossRider
    SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72491B56-1584-4B88-A531-22F9ED8A6AF} [C:\Program Files\I - Cinema (Not File)]  =>Adware.CrossRider
    SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78A57D3-F5A4-4AEC-90F-A1C4FB61BA6B} [C:\Program Files\I - Cinema (Not File)]  =>Adware.CrossRider
    SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85359F8A-1E9D-49A7-8674-3238D3C6984B} [C:\Program Files\I - Cinema (Not File)]  =>Adware.CrossRider
    SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CA8B986-1B51-423E-B67B-CD21F7B5AEFE} [C:\Program Files\I - Cinema (Not File)]  =>Adware.CrossRider
    SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2966553-60BB-4A90-9B65-5D7EFE23DC74} [C:\Program Files\I - Cinema (Not File)]  =>Adware.CrossRider
    SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF48F390-C1B4-4A03-809E-58EFDFF1F3} [C:\Program Files\I - Cinema (Not File)]  =>Adware.CrossRider
    SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D191DA64-D807-4FD5-A186-BC2291F81F9A} [C:\Program Files\I - Cinema (Not File)]  =>Adware.CrossRider
    SUPRIMIDO chave*: HKLM\SOFTWARE\TermBlazer_1.10.0.16 []  =>PUP.Optional.TermBlazer
    SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Xmlbar FlvJoiner [Video Joiner (xmlbar) (remover somente)]  =>Toolbar.Agent
    SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.]  =>Heuristic.Suspect
    SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2284CA6-2214-47DB-B3F5-E05AF75F2D58} [C:\Program Files\uTorrentBar_PT (Not File)]  =>.Superfluous.Conduit
    SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C676939D-C86E-4f8f-B1EB-4641F9ACD474} [C:\Program Files\Xmlbar\Video Joiner]  =>Toolbar.Agent
    SUPRIMIDO valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{6D08490E-7C96-4487-9056-1351B68EACED}C:\users\sergio\appdata\roaming\torntv.com\torntv downloader.exe [C:\users\sergio\appdata\roaming\torntv.com\torntv downloader.exe]  =>PUP.Optional.TornTV
    SUPRIMIDO valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{06035104-711E-4B5E-B85A-C29E845A6B19}C:\users\sergio\appdata\roaming\torntv.com\torntv downloader.exe [C:\users\sergio\appdata\roaming\torntv.com\torntv downloader.exe]  =>PUP.Optional.TornTV


    ---\\  Resumo dos elementos encontrados na sua estação de trabalho (15)
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Empty
    https://www.nicolascoolman.com/fr/pup-tarma/ =>.Superfluous.Tarma
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Temporary.Empty
    https://nicolascoolman.eu/2017/02/04/superfluous-atwola/ =>.Superfluous.Atwola
    https://www.nicolascoolman.com/fr/pup-commonshare/ =>PUP.Optional.CommonShare
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Temporary.Steam
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Empty.PluginViewer
    https://nicolascoolman.eu/2017/01/15/riskware-quicktime/ =>Riskware.QuickTime
    https://www.nicolascoolman.com/fr/?p=5143 =>Toolbar.Agent
    https://www.nicolascoolman.com/fr/pup-quickshare/ =>PUP.Optional.QuickShare
    https://nicolascoolman.eu/2017/03/11/pup-optional-crossrider/ =>Adware.CrossRider
    https://www.nicolascoolman.com/fr/pup-termblozer/ =>PUP.Optional.TermBlazer
    https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect
    https://nicolascoolman.eu/2017/02/06/superfluous-conduit/ =>.Superfluous.Conduit
    https://www.nicolascoolman.com/fr/hijacker-torntv/ =>PUP.Optional.TornTV


    ---\\  Dodatkowe oczyszczenie. (2)
    ~ Chave de registro Tracing Supprimido (2)
    ~ Remover os relatórios antigos ZHPCleaner. (0)


    ---\\ Resultado de reparação
    Reparação efectuada com sucesso
    ~ Este navegador está faltando ! (Opera Software)


    ---\\ Estatísticas
    ~ Items scan : 927
    ~ Items encontrado : 0
    ~ items cancelados : 0
    ~ Items réparo : 175


    ~ End of clean in 00h01mn57s
    ~====================
    ZHPCleaner-[R]-08042017-13_20_58.txt
    ZHPCleaner--08042017-13_14_54.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @poy

     

    Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

     

    Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop).


    32 bit (x86) ou 64 bit (x64)

     

    • Clique duas vezes para executar a ferramenta.
      • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
    • Marque a caixa Arquivos 90 dias,  e clique no botão Examinar.
    • Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop).
    • Selecione, copie e cole o conteúdo do log  FRST.txt em sua próxima resposta.
    • Anexe o log Addition.txt

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Conforme seu pedido:

    Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 15-03-2017
    Executado por Sergio (administrador) em SERGIO-PC (10-04-2017 15:17:45)
    Executando a partir de C:\Users\Sergio\Downloads
    Perfis Carregados: Sergio (Perfis Disponíveis: Sergio & Convidado)
    Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) Idioma: Português (Brasil)
    Internet Explorer Versão 11 (Navegador padrão: FF)
    Modo da Inicialização: Normal
    Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processos (Whitelisted) =================

    (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

    (GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
    (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe
    (FSPro Labs) C:\Windows\System32\fsproflt2.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
    (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
    (Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (FSPro Labs) C:\Program Files\Hide Folders 2012\hf.exe
    (GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
    (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    (Microsoft) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
    (Mega Limited) C:\Users\Sergio\AppData\Local\MEGAsync\MEGAsync.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

    ==================== Registro (Whitelisted) ====================

    (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1602856 2010-01-08] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-04-07] (IDT, Inc.)
    HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
    HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
    HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [206336 2010-05-20] (Microsoft)
    HKLM\...\Run: [NBKeyScan] => "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    HKLM\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe [1174016 2010-11-20] (Microsoft Corporation)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-03-16] (Apple Inc.)
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [621616 2016-05-11] (GAS Tecnologia LTDA)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [267064 2017-03-22] (Apple Inc.)
    HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [219800 2017-03-23] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [263088 2017-03-31] (AVG Technologies CZ, s.r.o.)
    Winlogon\Notify\ GbPluginUni: C:\Program Files\GbPlugin\gbiehUni.dll [2016-11-18] (Banco Itaú Unibanco)
    Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
    HKU\S-1-5-21-2703107185-878268938-2787040127-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
    HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)
    ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES\GbPlugin\gbiehuni.dll [1951968 2016-11-18] (Banco Itaú Unibanco)
    ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Sergio\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
    ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Sergio\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
    ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Sergio\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} =>  -> Nenhum Arquivo
    Startup: C:\Users\Sergio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-04-07]
    ShortcutTarget: MEGAsync.lnk -> C:\Users\Sergio\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
    BootExecute: autocheck autochk * sdnclean.exe

    ==================== Internet (Whitelisted) ====================

    (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

    Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 201.17.1.90 201.17.1.157
    Tcpip\..\Interfaces\{FFF8BA8F-AE0F-4E57-9AB5-CFBBC3326CE8}: [DhcpNameServer] 201.17.1.90 201.17.1.157

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2703107185-878268938-2787040127-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> Backup.Old.DefaultScope {1F397F02-B7E3-4EE7-8F24-988C1BE6E0A5}
    SearchScopes: HKLM -> {2F9D9072-904D-04B0-633A-056C45103E83} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2703107185-878268938-2787040127-1000 -> Backup.Old.DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    SearchScopes: HKU\S-1-5-21-2703107185-878268938-2787040127-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://br.search.yahoo.com/search?p={searchTerms}&fr=chr-linksys
    BHO: ssh2 Class -> {2E3C3651-B19C-4DD9-A979-901EC3E930AF} -> C:\Program Files\Scpad\scpsssh2.dll [2010-09-13] (Scopus Tecnologia Ltda)
    BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll => Nenhum Arquivo
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-03-22] (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => Nenhum Arquivo
    BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll => Nenhum Arquivo
    BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\PROGRAM FILES\GBPLUGIN\gbiehuni.dll [2016-11-18] (Banco Itaú Unibanco)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-22] (Oracle Corporation)
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab
    DPF: {CAFEEFAC-0018-0000-00111-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724
    Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll Nenhum Arquivo
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-12-03] (Microsoft Corporation)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\97vadjci.default-1475185434381 [2017-04-10]
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\97vadjci.default-1475185434381 -> Yahoo!
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\97vadjci.default-1475185434381 -> Yahoo!
    FF Homepage: Mozilla\Firefox\Profiles\97vadjci.default-1475185434381 -> hxxps://www.google.com.br/?gws_rd=ssl
    FF Extension: (Clear Cache) - C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\97vadjci.default-1475185434381\Extensions\clearcache@michel.de.almeida.xpi [2016-10-27]
    FF Extension: (Disable Prefetch) - C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\97vadjci.default-1475185434381\features\{aff550fd-3af9-43f2-97cf-87a7f6ef1f47}\disable-prefetch@mozilla.org.xpi [2017-04-04]
    FF Extension: (Site Deployment Checker) - C:\Program Files\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-28] [não assinado]
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => não encontrado (a)
    FF HKU\S-1-5-21-2703107185-878268938-2787040127-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Sergio\AppData\Local\GAS Tecnologia\GBBD\uni\xpi => não encontrado (a)
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-15] ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.)
    FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-22] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-22] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-21] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-21] (RealNetworks, Inc.)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin: @virtools.com/3DviaPlayer -> C:\Program Files\Virtools\3D Life Player\npvirtools.dll [2012-04-05] (Dassault Systèmes)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
    FF Plugin: Sony Corporation/PMCADownloader -> C:\ProgramData\Sony Corporation\PMCADownloader\1.2.0.13221\npPMCADownloader.dll [2012-10-17] (Sony Network Entertainment International LLC)
    FF Plugin: Sony Corporation/PMCADownloaderHelper -> C:\ProgramData\Sony Corporation\PMCADownloader\1.2.0.13221\PMCADownloaderHelper.exe [2012-10-17] (Sony Network Entertainment International LLC)
    FF Plugin: Sony Corporation/PMCADownloaderLib -> C:\ProgramData\Sony Corporation\PMCADownloader\1.2.0.13221\PMCADownloaderLib.dll [2012-10-17] (Sony Network Entertainment International LLC)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR Profile: C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default [2017-03-30]
    CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-02]
    CHR Extension: (PlayMemories Camera Apps Downloader) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlghnkgcadghcdodlcjfhogekonhdei [2016-12-20]
    CHR Extension: (Chrome Media Router) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-30]
    CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

    ==================== Serviços (Whitelisted) ====================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    "Warsaw Technology" => serviço foi desbloqueado. <===== ATENÇÃO

    R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [262696 2017-03-31] (AVG Technologies CZ, s.r.o.)
    S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5808784 2017-03-31] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189744 2017-03-23] (AVG Technologies CZ, s.r.o.)
    R2 fsproflt2; C:\Windows\system32\fsproflt2.exe [49512 2012-07-12] (FSPro Labs)
    R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [590048 2016-11-18] (GAS Tecnologia)
    S2 scpVista; C:\Program Files\Scpad\scpVista.exe [136496 2009-07-10] (Scopus Tecnologia Ltda)
    S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
    R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7757040 2017-02-02] (TeamViewer GmbH)
    R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [4677904 2017-02-21] (AVG Technologies CZ, s.r.o.)
    R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [621616 2016-05-11] (GAS Tecnologia LTDA)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    R1 avgbdisk; C:\Windows\system32\drivers\avgbdiskx.sys [135384 2017-03-31] (AVG Technologies CZ, s.r.o.)
    R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdriverx.sys [257504 2017-03-31] (AVG Technologies CZ, s.r.o.)
    R0 avgbidsh; C:\Windows\system32\drivers\avgbidshx.sys [150536 2017-03-31] (AVG Technologies CZ, s.r.o.)
    R0 avgblog; C:\Windows\system32\drivers\avgblogx.sys [269856 2017-03-31] (AVG Technologies CZ, s.r.o.)
    R0 avgbuniv; C:\Windows\system32\drivers\avgbunivx.sys [43504 2017-03-31] (AVG Technologies CZ, s.r.o.)
    S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [35128 2017-03-31] (AVG Technologies CZ, s.r.o.)
    R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [107888 2017-03-31] (AVG Technologies CZ, s.r.o.)
    R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [91328 2017-03-31] (AVG Technologies CZ, s.r.o.)
    R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [63136 2017-03-31] (AVG Technologies CZ, s.r.o.)
    R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [765048 2017-03-31] (AVG Technologies CZ, s.r.o.)
    R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [473752 2017-03-31] (AVG Technologies CZ, s.r.o.)
    S2 avgStm; C:\Windows\system32\drivers\avgStm.sys [119784 2017-03-31] (AVG Technologies CZ, s.r.o.)
    R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [280784 2017-03-31] (AVG Technologies CZ, s.r.o.)
    R0 FSProFilter2; C:\Windows\System32\Drivers\FSPFltd2.sys [51760 2011-06-03] (FSPro Labs)
    R0 gbpddreg; C:\Windows\System32\drivers\gbpddreg32.sys [25848 2017-04-10] (GAS Tecnologia)
    R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [49496 2015-12-04] (GAS Tecnologia)
    S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [89600 2009-08-10] (Gemalto) [Arquivo não assinado]
    R1 Ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2015-07-18] (GAS Tecnologia)
    S3 NdisrdMP; C:\Windows\System32\DRIVERS\gbpndisrd.sys [31088 2015-07-18] (GbPlugin NDIS Device Driver)
    R3 RDPDISPM; C:\Windows\System32\DRIVERS\rdpdispm.sys [15488 2010-09-22] (Microsoft Corporation)
    R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2015-11-16] (TeamViewer GmbH)
    R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [31792 2017-02-21] (AVG Netherlands B.V.)
    R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert32.sys [31448 2015-07-07] (Basil)
    R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [80728 2017-04-10] (GAS Tecnologia)
    R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [79064 2015-03-18] (GAS Tecnologia)
    S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
    S0 Lbd; system32\DRIVERS\Lbd.sys [X]
    S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
    S4 LMIRfsClientNP; não ImagePath
    S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\SDSDefs\20170328.001\NAVENG.SYS [X]
    S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\SDSDefs\20170328.001\NAVEX15.SYS [X]
    S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
    S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
    S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


    ==================== Três Meses Criados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-04-10 15:17 - 2017-04-10 15:19 - 00022341 _____ C:\Users\Sergio\Downloads\FRST.txt
    2017-04-10 15:17 - 2017-04-10 15:17 - 00000000 ____D C:\FRST
    2017-04-10 15:15 - 2017-04-10 15:15 - 01766912 _____ (Farbar) C:\Users\Sergio\Downloads\FRST.exe
    2017-04-10 12:18 - 2017-04-10 12:18 - 00000000 ____D C:\Users\Sergio\AppData\Local\{FB87E4F5-F937-4D56-BAF0-EDB90C349B6A}
    2017-04-08 13:14 - 2017-04-08 13:20 - 00023000 _____ C:\Users\Sergio\Desktop\ZHPCleaner.txt
    2017-04-08 13:02 - 2017-04-08 13:20 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\ZHP
    2017-04-08 13:02 - 2017-04-08 13:02 - 00000000 ____D C:\Users\Sergio\AppData\Local\ZHP
    2017-04-08 13:00 - 2017-04-08 13:00 - 00005953 _____ C:\Users\Sergio\Desktop\JRT.txt
    2017-04-08 12:09 - 2017-04-08 12:09 - 00001387 _____ C:\Users\Sergio\Desktop\AdwCleaner[C2].txt
    2017-04-08 11:59 - 2017-04-08 11:59 - 00002077 _____ C:\Users\Sergio\Desktop\limpeza.txt
    2017-04-08 11:56 - 2017-04-08 11:56 - 02758656 _____ C:\Users\Sergio\Desktop\ZHPCleaner.exe
    2017-04-08 11:55 - 2017-04-08 11:55 - 01663904 _____ (Malwarebytes) C:\Users\Sergio\Desktop\JRT.exe
    2017-04-08 11:54 - 2017-04-08 11:55 - 04089296 _____ C:\Users\Sergio\Desktop\adwcleaner_6.045.exe
    2017-04-07 20:09 - 2017-04-07 20:09 - 00000000 ____D C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú
    2017-04-07 20:03 - 2017-04-07 20:03 - 13286592 _____ (MEGA Limited) C:\Users\Sergio\Downloads\MEGAsyncSetup.exe
    2017-04-07 20:03 - 2017-04-07 20:03 - 00001060 _____ C:\Users\Sergio\Desktop\MEGAsync.lnk
    2017-04-07 19:46 - 2017-04-07 19:46 - 08245437 _____ C:\Users\Sergio\Desktop\pesquisa-periferia-fpa-04042017.pdf
    2017-04-07 13:15 - 2017-04-07 13:15 - 00007047 _____ C:\Users\Convidado\Downloads\BOLETO_3348649_1491569748432.pdf
    2017-04-06 17:02 - 2017-04-06 17:02 - 00000028 _____ C:\aplic c r i.txt
    2017-04-05 11:33 - 2017-04-06 15:53 - 00000410 _____ C:\runcheck.txt
    2017-04-05 11:31 - 2017-04-05 11:31 - 00000000 ____D C:\zoek_backup
    2017-04-05 11:28 - 2017-04-05 11:28 - 01370112 _____ C:\Users\Sergio\Downloads\ZA-Scan.exe
    2017-03-31 13:31 - 2017-03-31 13:31 - 00002496 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
    2017-03-31 13:31 - 2017-03-31 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
    2017-03-31 13:31 - 2017-02-21 09:29 - 00049936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe
    2017-03-31 13:31 - 2017-02-21 09:25 - 00042256 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll
    2017-03-31 11:35 - 2017-03-31 11:35 - 00331240 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
    2017-03-29 10:53 - 2017-03-29 10:53 - 00000000 ____D C:\Users\Convidado\AppData\Roaming\AVG
    2017-03-29 10:47 - 2017-03-29 10:47 - 00000000 ____D C:\Users\Convidado\AppData\Local\Avg
    2017-03-28 21:38 - 2017-03-29 10:33 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2017-03-28 21:09 - 2017-03-28 21:09 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\AVG
    2017-03-28 21:07 - 2017-03-31 11:35 - 00765048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
    2017-03-28 21:07 - 2017-03-31 11:35 - 00473752 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
    2017-03-28 21:07 - 2017-03-31 11:35 - 00280784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
    2017-03-28 21:07 - 2017-03-31 11:35 - 00269856 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblogx.sys
    2017-03-28 21:07 - 2017-03-31 11:35 - 00257504 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriverx.sys
    2017-03-28 21:07 - 2017-03-31 11:35 - 00150536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidshx.sys
    2017-03-28 21:07 - 2017-03-31 11:35 - 00135384 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiskx.sys
    2017-03-28 21:07 - 2017-03-31 11:35 - 00119784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
    2017-03-28 21:07 - 2017-03-31 11:35 - 00107888 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
    2017-03-28 21:07 - 2017-03-31 11:35 - 00091328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
    2017-03-28 21:07 - 2017-03-31 11:35 - 00063136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
    2017-03-28 21:07 - 2017-03-31 11:35 - 00043504 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbunivx.sys
    2017-03-28 21:07 - 2017-03-31 11:35 - 00035128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
    2017-03-28 21:03 - 2017-04-03 10:23 - 00000978 _____ C:\Users\Public\Desktop\AVG.lnk
    2017-03-28 21:03 - 2017-04-03 10:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2017-03-28 16:16 - 2017-03-28 16:16 - 00000000 ____D C:\Users\Sergio\AppData\Local\NPE
    2017-03-28 12:45 - 2017-03-28 13:01 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
    2017-03-28 12:45 - 2017-03-28 12:45 - 00000000 ____D C:\Users\Public\Downloads\Norton
    2017-03-28 12:06 - 2017-03-28 12:46 - 00000000 ____D C:\Users\TEMP
    2017-03-27 23:03 - 2017-03-31 13:31 - 00000000 ____D C:\Program Files\AVG
    2017-03-27 23:01 - 2017-03-31 13:32 - 00000000 ____D C:\Users\Sergio\AppData\Local\AvgSetupLog
    2017-03-27 23:01 - 2017-03-31 13:31 - 00000000 ____D C:\Users\Todos os Usuários\Avg
    2017-03-27 23:01 - 2017-03-31 13:31 - 00000000 ____D C:\Users\Sergio\AppData\Local\Avg
    2017-03-27 23:01 - 2017-03-31 13:31 - 00000000 ____D C:\ProgramData\Avg
    2017-03-27 20:29 - 2017-04-08 12:05 - 00000000 ____D C:\AdwCleaner
    2017-03-24 15:22 - 2017-03-24 15:22 - 00001715 _____ C:\Users\Public\Desktop\iTunes.lnk
    2017-03-24 15:22 - 2017-03-24 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2017-03-24 15:20 - 2017-03-24 15:22 - 00000000 ____D C:\Program Files\iTunes
    2017-03-24 15:14 - 2017-03-24 15:14 - 00000000 ____D C:\Program Files\Apple Software Update
    2017-03-22 20:37 - 2017-03-22 20:37 - 00000000 ____D C:\Program Files\Common Files\Java
    2017-03-21 20:05 - 2017-03-08 01:22 - 02953216 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2017-03-21 20:05 - 2017-03-08 01:22 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2017-03-21 20:05 - 2017-03-08 01:18 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2017-03-21 20:05 - 2017-03-08 01:07 - 02091008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2017-03-21 20:05 - 2017-03-08 01:07 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2017-03-21 20:05 - 2017-03-08 01:06 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2017-03-21 20:05 - 2017-03-08 01:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2017-03-21 20:05 - 2017-03-08 01:06 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2017-03-21 20:05 - 2017-03-08 01:06 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2017-03-21 20:05 - 2017-03-08 01:06 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2017-03-21 20:05 - 2017-03-08 01:06 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2017-03-21 20:05 - 2017-02-14 13:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2017-03-21 20:05 - 2017-02-11 13:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2017-03-21 20:05 - 2017-02-09 13:14 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
    2017-03-21 20:05 - 2017-02-09 13:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2017-03-21 19:26 - 2017-03-04 13:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-03-21 19:26 - 2017-03-04 01:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-03-21 19:26 - 2017-03-04 00:28 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-03-21 19:26 - 2017-03-02 15:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-03-21 19:26 - 2017-03-02 15:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-03-21 19:26 - 2017-03-02 15:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-03-21 19:26 - 2017-03-02 15:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-03-21 19:26 - 2017-03-02 15:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-03-21 19:26 - 2017-03-02 15:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-03-21 19:26 - 2017-03-02 14:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-03-21 19:26 - 2017-03-02 14:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-03-21 19:26 - 2017-03-02 14:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-03-21 19:26 - 2017-03-02 14:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-03-21 19:26 - 2017-03-02 14:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-03-21 19:26 - 2017-03-02 14:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-03-21 19:26 - 2017-03-02 14:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-03-21 19:26 - 2017-03-02 14:44 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-03-21 19:26 - 2017-03-02 14:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-03-21 19:26 - 2017-03-02 14:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-03-21 19:26 - 2017-03-02 14:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-03-21 19:26 - 2017-03-02 14:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-03-21 19:26 - 2017-03-02 14:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-03-21 19:26 - 2017-03-02 14:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-03-21 19:26 - 2017-03-02 14:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-03-21 19:26 - 2017-03-02 14:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-03-21 19:26 - 2017-03-02 14:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-03-21 19:26 - 2017-03-02 14:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-03-21 19:26 - 2017-03-02 14:19 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-03-21 19:26 - 2017-03-02 14:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-03-21 19:26 - 2017-03-02 14:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-03-21 19:26 - 2017-03-02 14:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-03-21 19:26 - 2017-03-02 13:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-03-21 19:26 - 2017-03-02 13:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-03-21 19:26 - 2017-03-02 13:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-03-21 19:25 - 2017-03-02 15:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-03-21 19:25 - 2017-02-11 12:50 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2017-03-21 19:25 - 2017-02-11 12:50 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2017-03-21 19:25 - 2017-02-11 12:50 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2017-03-21 19:25 - 2017-02-10 13:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2017-03-21 19:25 - 2017-02-10 13:17 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2017-03-21 19:25 - 2017-02-10 11:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2017-03-21 19:25 - 2017-02-10 11:33 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2017-03-21 19:25 - 2017-02-09 13:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2017-03-21 19:25 - 2017-02-09 13:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2017-03-21 19:25 - 2017-02-09 13:19 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2017-03-21 19:25 - 2017-02-09 13:19 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2017-03-21 19:25 - 2017-02-09 13:16 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2017-03-21 19:25 - 2017-02-09 12:53 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2017-03-21 19:25 - 2017-02-09 12:53 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2017-03-21 19:25 - 2017-02-09 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2017-03-21 19:25 - 2017-02-09 12:53 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2017-03-21 19:25 - 2017-02-09 12:53 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2017-03-21 19:25 - 2017-02-09 12:52 - 02400256 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-03-21 19:25 - 2017-02-09 12:51 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2017-03-21 19:25 - 2017-02-09 12:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
    2017-03-21 19:25 - 2017-02-09 12:49 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2017-03-21 19:25 - 2017-02-09 12:49 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2017-03-21 19:25 - 2017-02-09 12:49 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2017-03-21 19:25 - 2017-02-09 12:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2017-03-21 19:25 - 2017-02-09 12:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2017-03-21 19:25 - 2017-02-09 12:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2017-03-21 19:25 - 2017-02-09 12:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2017-03-21 19:25 - 2017-02-06 13:03 - 00497152 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
    2017-03-21 19:25 - 2017-01-13 14:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2017-03-21 19:25 - 2017-01-13 14:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
    2017-03-21 19:25 - 2017-01-11 14:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2017-03-21 19:25 - 2017-01-11 14:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2017-03-21 19:25 - 2017-01-06 14:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2017-03-21 19:19 - 2017-02-22 20:29 - 00071400 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2017-03-21 19:19 - 2017-02-22 20:24 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2017-03-21 19:19 - 2017-02-18 11:05 - 01331200 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2017-03-21 19:19 - 2017-02-18 11:05 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2017-03-21 19:19 - 2016-12-31 12:36 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2017-03-21 19:19 - 2016-12-31 12:36 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2017-03-21 19:19 - 2016-12-31 12:36 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2017-03-21 19:19 - 2016-12-31 12:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2017-03-21 19:19 - 2016-12-31 12:36 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2017-03-20 18:07 - 2017-03-20 18:07 - 00000014 _____ C:\Users\Sergio\Desktop\adaptador.txt
    2017-03-20 16:29 - 2017-03-20 16:29 - 00007077 _____ C:\Users\Convidado\Downloads\BOLETO_3335233_1490021015514.pdf
    2017-03-20 11:15 - 2017-03-20 11:16 - 00131072 _____ C:\Windows\Minidump\032017-29343-01.dmp
    2017-03-20 10:46 - 2017-03-20 10:46 - 00135216 _____ C:\Windows\Minidump\032017-36036-01.dmp
    2017-03-17 18:45 - 2017-03-17 18:45 - 00000000 ___RD C:\Program Files\Skype
    2017-03-17 18:45 - 2017-03-17 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2017-03-17 18:45 - 2017-03-17 18:45 - 00000000 ____D C:\Program Files\Common Files\Skype
    2017-03-14 17:44 - 2017-03-14 21:48 - 00000000 ____D C:\Users\Sergio\.irpf
    2017-03-09 15:01 - 2017-03-09 15:01 - 00200798 _____ C:\Users\Convidado\Desktop\recibo.xps
    2017-03-08 11:56 - 2017-03-08 11:56 - 00000777 _____ C:\Users\Convidado\Desktop\bookmark.htm
    2017-03-03 17:11 - 2017-03-03 17:16 - 00000000 ____D C:\Users\Convidado\AppData\LocalLow\Mozilla
    2017-03-03 17:11 - 2017-03-03 17:11 - 00000000 ____D C:\Users\Convidado\AppData\Roaming\Mozilla
    2017-03-03 17:11 - 2017-03-03 17:11 - 00000000 ____D C:\Users\Convidado\AppData\Local\Mozilla
    2017-03-03 12:17 - 2017-03-03 12:17 - 00001726 _____ C:\Users\Public\Desktop\irpf 2017.lnk
    2017-03-03 12:17 - 2017-03-03 12:17 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2017
    2017-03-03 12:17 - 2017-03-03 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2017
    2017-03-03 11:53 - 2017-03-03 11:53 - 00186727 _____ C:\Users\Convidado\Desktop\leide ir 2017.xps
    2017-02-22 21:17 - 2017-02-22 21:17 - 00254987 _____ C:\Users\Sergio\Desktop\reserva cartagena.xps
    2017-02-21 18:30 - 2017-03-03 23:27 - 00000994 _____ C:\Users\Sergio\Desktop\cartagena.txt
    2017-02-19 16:25 - 2017-03-03 23:26 - 00000298 _____ C:\lembretes.txt
    2017-02-19 15:48 - 2017-02-19 15:49 - 00000000 ____D C:\Balé 2016
    2017-02-16 16:56 - 2017-02-25 12:22 - 03657728 _____ C:\SIFIGER.MDB
    2017-02-16 16:56 - 2017-02-24 11:27 - 01540096 _____ C:\Sifiger_Dados.mdb
    2017-02-15 15:14 - 2016-07-22 11:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2017-02-15 15:07 - 2017-02-15 15:07 - 00100675 _____ C:\Users\Convidado\Desktop\Lamina_Comercial_Personnalite @.pdf
    2017-02-15 15:07 - 2017-02-15 14:55 - 00101388 _____ C:\Users\Convidado\Desktop\Lamina_Comercial_Personnalite.pdf
    2017-02-03 19:59 - 2017-02-28 12:55 - 00000226 _____ C:\Users\Sergio\Desktop\hwmonitorw.ini
    2017-02-03 19:28 - 2017-02-03 19:58 - 00000000 ____D C:\Users\Sergio\Downloads\hwmonitor_1.30
    2017-02-03 19:11 - 2017-02-03 19:11 - 00000000 ____D C:\Users\Sergio\Downloads\hwmonitor_1.28
    2017-01-31 15:13 - 2017-02-04 13:01 - 00000000 ____D C:\Pão de Açucar e outros
    2017-01-31 14:20 - 2017-04-07 20:09 - 00002176 _____ C:\Users\Convidado\Desktop\Itaú.lnk
    2017-01-27 14:44 - 2017-01-27 14:44 - 00131072 _____ C:\Windows\Minidump\012717-22854-01.dmp
    2017-01-20 11:00 - 2017-01-20 11:00 - 00000000 ____D C:\Users\Convidado\AppData\Roaming\Sun
    2017-01-14 10:13 - 2017-01-14 10:13 - 00007054 _____ C:\Users\Convidado\Downloads\BOLETO_3302899_1483696226343 (1).pdf
    2017-01-10 16:41 - 2017-01-10 16:41 - 13402710 _____ C:\Users\Convidado\Downloads\VID-20160710-WA0001.mp4

    ==================== Três Meses Modificados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-04-10 15:16 - 2010-09-05 18:05 - 00000000 ____D C:\Users\Sergio\AppData\Local\CrashDumps
    2017-04-10 15:13 - 2016-11-21 15:05 - 00000000 ____D C:\Users\Sergio\AppData\LocalLow\Mozilla
    2017-04-10 15:12 - 2010-08-21 16:49 - 00000000 ____D C:\Users\Sergio\Tracing
    2017-04-10 13:58 - 2009-07-14 01:34 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-04-10 13:58 - 2009-07-14 01:34 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-04-10 13:50 - 2016-08-29 20:12 - 00080728 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
    2017-04-10 13:49 - 2016-08-22 20:39 - 00025848 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddreg32.sys
    2017-04-10 13:48 - 2010-12-05 11:00 - 00065536 _____ C:\Windows\system32\Ikeext.etl
    2017-04-10 13:48 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-04-10 12:58 - 2010-09-06 17:44 - 00000000 ____D C:\Users\Sergio\Desktop\Filmes Gravar
    2017-04-10 12:15 - 2012-05-10 21:57 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
    2017-04-10 12:15 - 2012-05-10 21:57 - 00000000 ____D C:\ProgramData\GbPlugin
    2017-04-08 17:37 - 2011-08-27 18:59 - 00000000 ____D C:\Program Files\TeamViewer
    2017-04-08 15:15 - 2016-10-06 21:40 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\uTorrent
    2017-04-08 13:42 - 2012-01-05 17:26 - 00000000 ____D C:\Users\Convidado\AppData\Roaming\Apple Computer
    2017-04-07 21:16 - 2012-08-17 22:19 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\vlc
    2017-04-07 20:09 - 2016-10-02 12:15 - 00000000 ____D C:\Users\Convidado\AppData\Local\Aplicativo Itau
    2017-04-07 20:06 - 2017-01-05 14:44 - 00010190 _____ C:\Users\Sergio\Desktop\cc leide.xlsx
    2017-04-07 20:03 - 2016-11-14 20:18 - 00000000 ____D C:\Users\Sergio\AppData\Local\MEGAsync
    2017-04-06 19:37 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\rescache
    2017-04-06 18:37 - 2011-01-20 18:30 - 00002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-04-04 17:43 - 2012-02-28 12:50 - 00000000 ____D C:\Users\Convidado\AppData\Local\CrashDumps
    2017-04-02 11:10 - 2009-07-14 01:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2017-03-31 13:33 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf
    2017-03-30 18:41 - 2010-08-09 15:57 - 01643726 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-03-30 18:41 - 2009-07-14 05:31 - 00708928 _____ C:\Windows\system32\prfh0416.dat
    2017-03-30 18:41 - 2009-07-14 05:31 - 00148708 _____ C:\Windows\system32\prfc0416.dat
    2017-03-30 18:29 - 2009-07-14 01:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2017-03-29 20:52 - 2011-04-18 18:50 - 00000000 ____D C:\Users\Sergio\.receitanet
    2017-03-29 12:44 - 2012-05-02 19:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2017-03-28 21:26 - 2013-12-03 15:01 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
    2017-03-28 21:26 - 2013-12-03 15:01 - 00000000 ____D C:\ProgramData\AVAST Software
    2017-03-28 21:25 - 2015-12-03 11:30 - 00000000 ____D C:\Program Files\Common Files\AV
    2017-03-28 21:25 - 2015-05-25 11:00 - 00000000 ____D C:\Program Files\avast software
    2017-03-28 16:24 - 2010-08-09 16:09 - 00000000 ____D C:\Users\Todos os Usuários\Norton
    2017-03-28 16:24 - 2010-08-09 16:09 - 00000000 ____D C:\ProgramData\Norton
    2017-03-27 20:38 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\tracing
    2017-03-27 10:38 - 2016-04-01 11:31 - 00000000 ____D C:\NET
    2017-03-24 16:18 - 2016-10-02 13:53 - 00000009 _____ C:\Ipod.txt
    2017-03-24 15:21 - 2016-10-01 13:30 - 00000000 ____D C:\Program Files\iPod
    2017-03-24 15:20 - 2010-08-18 19:34 - 00000000 ____D C:\Program Files\Common Files\Apple
    2017-03-24 15:14 - 2010-08-18 19:34 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2017-03-22 21:22 - 2015-12-28 11:42 - 00000000 ____D C:\Mastercard
    2017-03-22 20:36 - 2016-11-23 12:47 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2017-03-22 20:36 - 2013-09-15 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2017-03-22 20:35 - 2010-08-09 15:54 - 00000000 ____D C:\Program Files\Java
    2017-03-22 20:34 - 2011-01-22 21:01 - 00000000 ____D C:\Windows\system32\Adobe
    2017-03-22 20:34 - 2010-09-04 09:50 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2017-03-22 20:34 - 2010-09-04 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2017-03-22 20:34 - 2010-09-04 09:49 - 00000000 ____D C:\Program Files\WinRAR
    2017-03-21 19:50 - 2009-07-14 01:33 - 00423432 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-03-21 19:49 - 2010-08-09 16:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2017-03-21 19:47 - 2015-03-11 13:44 - 00000000 ____D C:\Windows\system32\appraiser
    2017-03-21 19:47 - 2014-09-30 22:38 - 00000000 ___SD C:\Windows\system32\CompatTel
    2017-03-21 19:43 - 2010-09-10 17:41 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
    2017-03-21 19:39 - 2014-09-30 21:50 - 00000000 ____D C:\Windows\system32\MRT
    2017-03-21 19:32 - 2010-08-15 12:37 - 135706696 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-03-21 19:30 - 2010-09-02 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2017-03-20 11:15 - 2015-10-26 13:46 - 457888461 _____ C:\Windows\MEMORY.DMP
    2017-03-20 11:15 - 2011-10-03 21:04 - 00000000 ____D C:\Windows\Minidump
    2017-03-17 18:45 - 2010-08-18 19:22 - 00000000 ____D C:\Users\Todos os Usuários\Skype
    2017-03-17 18:45 - 2010-08-18 19:22 - 00000000 ____D C:\ProgramData\Skype
    2017-03-17 18:42 - 2014-09-22 18:47 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
    2017-03-17 18:42 - 2014-09-22 18:47 - 00000000 ____D C:\ProgramData\Package Cache
    2017-03-17 12:05 - 2012-01-08 12:50 - 00000000 ____D C:\Users\Convidado\Desktop\leide
    2017-03-15 16:29 - 2012-04-03 21:43 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2017-03-15 16:29 - 2011-05-20 22:17 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2017-03-15 16:29 - 2010-08-09 15:53 - 00000000 ____D C:\Windows\system32\Macromed
    2017-03-14 17:44 - 2010-08-12 21:41 - 00000000 ____D C:\Users\Sergio

    ==================== Arquivos na raiz de alguns diretórios =======

    2011-03-28 22:52 - 2011-03-28 23:13 - 0000189 _____ () C:\Users\Sergio\AppData\Roaming\burnaware.ini
    2013-12-22 14:27 - 2014-01-04 16:27 - 0000073 _____ () C:\Users\Sergio\AppData\Roaming\WB.CFG
    2013-05-23 21:00 - 2013-10-23 20:35 - 0008192 _____ () C:\Users\Sergio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-01-05 10:57 - 2015-01-05 10:57 - 0000227 _____ () C:\ProgramData\bc.ini
    2010-08-12 21:43 - 2010-08-12 21:48 - 0000376 _____ () C:\ProgramData\hpzinstall.log

    Alguns arquivos em TEMP:
    ====================
    2012-03-04 18:56 - 2001-09-28 17:00 - 0164864 _____ () C:\Users\Convidado\AppData\Local\Temp\GLB1A2B.EXE
    2012-08-11 13:35 - 2012-08-11 13:35 - 0910128 _____ (Sun Microsystems, Inc.) C:\Users\Convidado\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
    2015-02-17 12:37 - 2015-02-17 12:38 - 0641448 _____ (Oracle Corporation) C:\Users\Convidado\AppData\Local\Temp\jre-8u31-windows-au.exe
    2016-05-03 14:34 - 2016-05-03 14:35 - 45296544 _____ (Google Inc.) C:\Users\Convidado\AppData\Local\Temp\{4D722ECD-C22B-40D3-96F1-7FAB3D63F367}-50.0.2661.94_chrome_installer.exe
    2016-10-25 14:47 - 2016-10-25 14:50 - 44295032 _____ (Google Inc.) C:\Users\Convidado\AppData\Local\Temp\{63E49E6C-026A-4AF4-B636-6B1636D6389C}-54.0.2840.71_chrome_installer.exe
    2016-09-16 21:46 - 2016-09-16 21:47 - 16333400 _____ (Google Inc.) C:\Users\Convidado\AppData\Local\Temp\{84789B04-83D3-4D75-A83D-A8997B9296B8}-53.0.2785.116_52.0.2743.116_chrome_updater.exe
    2017-04-05 11:32 - 2017-04-06 15:41 - 0388608 _____ (Trend Micro Inc.) C:\Users\Sergio\AppData\Local\Temp\hijackthis.exe
    2017-04-05 11:32 - 2017-04-06 15:41 - 0030720 _____ (NirSoft) C:\Users\Sergio\AppData\Local\Temp\NirCmd.exe
    2017-04-05 11:32 - 2017-04-06 15:41 - 0154232 _____ (Noël Danjou) C:\Users\Sergio\AppData\Local\Temp\wget.exe

    ==================== Bamital & volsnap ======================

    (Não há correção automática para arquivos que não passaram na verificação.)

    C:\Windows\explorer.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

    LastRegBack: 2017-04-05 12:54

    ==================== Fim de FRST.txt ============================

    Addition.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @poy

     

    O FRST deve ser executado diretamente da Área de Trabalho (Desktop), no entanto você executou da pasta:

     

    Executando a partir de C:\Users\Sergio\Downloads

     

    Delete-o daí, baixe um novo para o Desktop, execute o FRST, marque a opção Addition e clique no botão Examinar. Anexe os logs.

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @poy

     

    Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

     

    Baixe o arquivo (fixlist.txt) no anexo deste post e salve-o na Área de Trabalho (Desktop).

    Execute o FRST.exe (ou FRST64.exe) e clique no botão Corrigir.

    Aguarde... ao final será gerado o log Fixlog.txt  salvo em sua Área de Trabalho (Desktop).

    Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

     

    Abraços :D

    fixlist.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Conforme pedido.
    Muito obrigado

    Resultado da Correção pela Farbar Recovery Scan Tool (x86) Versão: 15-03-2017
    Executado por Sergio (14-04-2017 11:50:12) Run:1
    Executando a partir de C:\Users\Sergio\Desktop
    Perfis Carregados: Sergio (Perfis Disponíveis: Sergio & Convidado)
    Modo da Inicialização: Normal

    ==============================================

    fixlist Conteúdo:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} =>  -> Nenhum Arquivo
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> Backup.Old.DefaultScope {1F397F02-B7E3-4EE7-8F24-988C1BE6E0A5}
    SearchScopes: HKLM -> {2F9D9072-904D-04B0-633A-056C45103E83} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2703107185-878268938-2787040127-1000 -> Backup.Old.DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    SearchScopes: HKU\S-1-5-21-2703107185-878268938-2787040127-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://br.search.yahoo.com/search?p={searchTerms}&fr=chr-linksys
    S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
    S0 Lbd; system32\DRIVERS\Lbd.sys [X]
    S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
    S4 LMIRfsClientNP; não ImagePath
    S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\SDSDefs\20170328.001\NAVENG.SYS [X]
    S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\SDSDefs\20170328.001\NAVEX15.SYS [X]
    File: C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\SDSDefs\20170328.001\NAVENG.SYS
    File: C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\SDSDefs\20170328.001\NAVEX15.SYS
    Folder: C:\Program Files\Norton Security
    S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
    S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
    S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
    2012-03-04 18:56 - 2001-09-28 17:00 - 0164864 _____ () C:\Users\Convidado\AppData\Local\Temp\GLB1A2B.EXE
    2012-08-11 13:35 - 2012-08-11 13:35 - 0910128 _____ (Sun Microsystems, Inc.) C:\Users\Convidado\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
    2015-02-17 12:37 - 2015-02-17 12:38 - 0641448 _____ (Oracle Corporation) C:\Users\Convidado\AppData\Local\Temp\jre-8u31-windows-au.exe
    2016-05-03 14:34 - 2016-05-03 14:35 - 45296544 _____ (Google Inc.) C:\Users\Convidado\AppData\Local\Temp\{4D722ECD-C22B-40D3-96F1-7FAB3D63F367}-50.0.2661.94_chrome_installer.exe
    2016-10-25 14:47 - 2016-10-25 14:50 - 44295032 _____ (Google Inc.) C:\Users\Convidado\AppData\Local\Temp\{63E49E6C-026A-4AF4-B636-6B1636D6389C}-54.0.2840.71_chrome_installer.exe
    2016-09-16 21:46 - 2016-09-16 21:47 - 16333400 _____ (Google Inc.) C:\Users\Convidado\AppData\Local\Temp\{84789B04-83D3-4D75-A83D-A8997B9296B8}-53.0.2785.116_52.0.2743.116_chrome_updater.exe
    2017-04-05 11:32 - 2017-04-06 15:41 - 0388608 _____ (Trend Micro Inc.) C:\Users\Sergio\AppData\Local\Temp\hijackthis.exe
    2017-04-05 11:32 - 2017-04-06 15:41 - 0030720 _____ (NirSoft) C:\Users\Sergio\AppData\Local\Temp\NirCmd.exe
    2017-04-05 11:32 - 2017-04-06 15:41 - 0154232 _____ (Noël Danjou) C:\Users\Sergio\AppData\Local\Temp\wget.exe
    Task: {38F570B3-95DD-4241-A848-E70E5C804B7C} - \94A46359-5537-4201-BEFD-1EC63DFD0943 -> Nenhum Arquivo <==== ATENÇÃO
    Task: {64CF0DAD-A80B-4C3C-B0B3-AE1C8549975F} - \PostPoneInstall -> Nenhum Arquivo <==== ATENÇÃO
    Task: {EDA18BDD-6F86-468C-9969-F58CC2B43B74} - \060184C3-9766-46a0-B258-F4518A0B2633 -> Nenhum Arquivo <==== ATENÇÃO
    2017-03-28 12:45 - 2017-03-28 13:01 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
    2017-03-28 12:45 - 2017-03-28 12:45 - 00000000 ____D C:\Users\Public\Downloads\Norton
    2017-03-28 16:24 - 2010-08-09 16:09 - 00000000 ____D C:\Users\Todos os Usuários\Norton
    2017-03-28 16:24 - 2010-08-09 16:09 - 00000000 ____D C:\ProgramData\Norton
    CMD:ipconfig /flushdns
    EmptyTemp:

    *****************

    Ponto de Restauração criado com sucesso.
    Processos fechados com sucesso.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => chave removido (a) com sucesso.
    HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => chave não encontrado (a).
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock => chave removido (a) com sucesso.
    HKCR\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => chave não encontrado (a).
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => valor removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2F9D9072-904D-04B0-633A-056C45103E83} => chave removido (a) com sucesso.
    HKCR\CLSID\{2F9D9072-904D-04B0-633A-056C45103E83} => chave não encontrado (a).
    HKU\S-1-5-21-2703107185-878268938-2787040127-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => valor removido (a) com sucesso.
    HKU\S-1-5-21-2703107185-878268938-2787040127-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => chave removido (a) com sucesso.
    HKCR\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => chave não encontrado (a).
    HKLM\System\CurrentControlSet\Services\Lavasoft Kernexplorer => chave removido (a) com sucesso.
    Lavasoft Kernexplorer => serviço removido (a) com sucesso.
    HKLM\System\CurrentControlSet\Services\Lbd => chave removido (a) com sucesso.
    Lbd => serviço removido (a) com sucesso.
    HKLM\System\CurrentControlSet\Services\LMIInfo => chave removido (a) com sucesso.
    LMIInfo => serviço removido (a) com sucesso.
    HKLM\System\CurrentControlSet\Services\LMIRfsClientNP => chave removido (a) com sucesso.
    LMIRfsClientNP => serviço removido (a) com sucesso.
    HKLM\System\CurrentControlSet\Services\NAVENG => chave removido (a) com sucesso.
    NAVENG => serviço removido (a) com sucesso.
    HKLM\System\CurrentControlSet\Services\NAVEX15 => chave removido (a) com sucesso.
    NAVEX15 => serviço removido (a) com sucesso.

    ========================= File: C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\SDSDefs\20170328.001\NAVENG.SYS ========================

    "C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\SDSDefs\20170328.001\NAVENG.SYS" => não encontrado (a).
    ====== Fim de File: ======


    ========================= File: C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\SDSDefs\20170328.001\NAVEX15.SYS ========================

    "C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\SDSDefs\20170328.001\NAVEX15.SYS" => não encontrado (a).
    ====== Fim de File: ======


    ========================= Folder: C:\Program Files\Norton Security ========================

    não encontrado (a).

    ====== Fim de Folder: ======

    HKLM\System\CurrentControlSet\Services\usbbus => chave removido (a) com sucesso.
    usbbus => serviço removido (a) com sucesso.
    HKLM\System\CurrentControlSet\Services\UsbDiag => chave removido (a) com sucesso.
    UsbDiag => serviço removido (a) com sucesso.
    HKLM\System\CurrentControlSet\Services\USBModem => chave removido (a) com sucesso.
    USBModem => serviço removido (a) com sucesso.
    C:\Users\Convidado\AppData\Local\Temp\GLB1A2B.EXE => movido com sucesso
    C:\Users\Convidado\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe => movido com sucesso
    C:\Users\Convidado\AppData\Local\Temp\jre-8u31-windows-au.exe => movido com sucesso
    C:\Users\Convidado\AppData\Local\Temp\{4D722ECD-C22B-40D3-96F1-7FAB3D63F367}-50.0.2661.94_chrome_installer.exe => movido com sucesso
    C:\Users\Convidado\AppData\Local\Temp\{63E49E6C-026A-4AF4-B636-6B1636D6389C}-54.0.2840.71_chrome_installer.exe => movido com sucesso
    C:\Users\Convidado\AppData\Local\Temp\{84789B04-83D3-4D75-A83D-A8997B9296B8}-53.0.2785.116_52.0.2743.116_chrome_updater.exe => movido com sucesso
    C:\Users\Sergio\AppData\Local\Temp\hijackthis.exe => movido com sucesso
    C:\Users\Sergio\AppData\Local\Temp\NirCmd.exe => movido com sucesso
    C:\Users\Sergio\AppData\Local\Temp\wget.exe => movido com sucesso
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{38F570B3-95DD-4241-A848-E70E5C804B7C} => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38F570B3-95DD-4241-A848-E70E5C804B7C} => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\94A46359-5537-4201-BEFD-1EC63DFD0943 => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64CF0DAD-A80B-4C3C-B0B3-AE1C8549975F} => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64CF0DAD-A80B-4C3C-B0B3-AE1C8549975F} => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PostPoneInstall => chave não encontrado (a).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EDA18BDD-6F86-468C-9969-F58CC2B43B74} => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDA18BDD-6F86-468C-9969-F58CC2B43B74} => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633 => chave removido (a) com sucesso.
    C:\Users\Sergio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton => movido com sucesso
    C:\Users\Public\Downloads\Norton => movido com sucesso
    C:\Users\Todos os Usuários\Norton => movido com sucesso
    "C:\ProgramData\Norton" => não encontrado (a).

    ========= ipconfig /flushdns =========


    Configura‡Æo de IP do Windows

    Libera‡Æo do Cache do DNS Resolver bem-sucedida.

    ========= Fim de CMD: =========


    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 43049070 B
    Java, Flash, Steam htmlcache => 506 B
    Windows/system/drivers => 484785120 B
    Edge => 0 B
    Chrome => 257191822 B
    Firefox => 12921383 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 66228 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 92944 B
    LocalService => 132244 B
    NetworkService => 1005456 B
    Sergio => 54353168 B
    LogMeInRemoteUser => 66228 B
    Convidado => 137224212 B

    RecycleBin => 5874694055 B
    EmptyTemp: => 6.4 GB de dados temporários Removidos.

    ================================


    O sistema precisou ser reiniciado.

    ==== Fim de Fixlog 11:58:56 ====

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @poy

     

    Baixe a Malwarebytes Anti-Malware (MBAM).
     
    Clique duas vezes no mbam-setup.exe para instalar o programa.

    • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
    • Se houver atualizações a serem feitas, serão baixadas e instaladas..
    • Clique em Configurações, clique em Detecção e proteção, marque Verificar por Rootkits.
    • Volte ao Painel e por fim clique em Verificar agora.
    • Começará então o exame. Aguarde, pois pode demorar.
    • Ao acabar o exame, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas
    • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
    • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Registros do aplicativo na janela principal do programa.
    • Clique duas vezes no log (Registro de verificação). Utilize o formato .txt para exportar o log.
    • O log de Proteção é desnecessário para a análise, exporte sempre o log correto.
    • Selecione, copie e cole o conteúdo deste log em sua próxima resposta.

     

    NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • segue o log

    Malwarebytes
    www.malwarebytes.com

    -Detalhes de registro-
    Data da análise: 17/04/17
    Hora da análise: 13:49
    Arquivo de registro: relatorio malware.txt
    Administrador: Sim

    -Informação do software-
    Versão: 3.0.6.1469
    Versão de componentes: 1.0.103
    Versão do pacote de definições: 1.0.1748
    Licença: Versão de avaliação

    -Informação do sistema-
    Sistema operacional: Windows 7 Service Pack 1
    CPU: x86
    Sistema de arquivos: NTFS
    Usuário: Sergio-PC\Sergio

    -Resumo da análise-
    Tipo de análise: Análise de Ameaças
    Resultado: Concluído
    Objetos verificados: 355545
    Tempo decorrido: 15 min, 52 seg

    -Opções da análise-
    Memória: Habilitado
    Inicialização: Habilitado
    Sistema de arquivos: Habilitado
    Arquivos compactados: Habilitado
    Rootkits: Habilitado
    Heurística: Habilitado
    PUP: Habilitado
    PUM: Habilitado

    -Detalhes da análise-
    Processo: 0
    (Nenhum item malicioso detectado)

    Módulo: 0
    (Nenhum item malicioso detectado)

    Chave de registro: 1
    PUP.Optional.TornTV.OL, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Torntv, Excluir ao reiniciar, [1649], [339894],1.0.1748

    Valor de registro: 0
    (Nenhum item malicioso detectado)

    Dados de registro: 0
    (Nenhum item malicioso detectado)

    Fluxo de dados: 0
    (Nenhum item malicioso detectado)

    Pasta: 0
    (Nenhum item malicioso detectado)

    Arquivo: 4
    PUP.Optional.Spigot, C:\USERS\SERGIO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GCN7YLSJ.DEFAULT-1426014015201\PREFS.JS, Falha ao remover, [587], [303258],1.0.1748
    PUP.Optional.InstallCore, C:\PROGRAM FILES\FREE AVI MPEG WMV MP4 FLV VIDEO JOINER\FREEAVIMPEGWMVMP4FLVVIDEOJOINER.EXE, Excluir ao reiniciar, [2], [334528],1.0.1748
    PUP.Optional.Boost, C:\USERS\CONVIDADO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\https_static.boostsaves.com_0.localstorage, Excluir ao reiniciar, [3595], [235933],1.0.1748
    PUP.Optional.Boost, C:\USERS\CONVIDADO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\https_static.boostsaves.com_0.localstorage-journal, Excluir ao reiniciar, [3595], [235933],1.0.1748

    Setor físico: 0
    (Nenhum item malicioso detectado)


    (end)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @poy

     

    Faça um novo log com o FRST, porém antes de clicar no botão Examinar, marque a opção Addition.

     

    Anexe os logs, por favor.

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Diego,

    Segue o log abaixo

    Após o exame desinstalei o Avast e instalei uma nova versão e deixou de acusar o problema. eria um "bug" do Avast ?

    Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 17-04-2017 01
    Executado por Sergio (administrador) em SERGIO-PC (18-04-2017 09:59:14)
    Executando a partir de C:\Users\Sergio\Desktop\Hardwarw
    Perfis Carregados: Sergio (Perfis Disponíveis: Sergio & Convidado)
    Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) Idioma: Português (Brasil)
    Internet Explorer Versão 11 (Navegador padrão: FF)
    Modo da Inicialização: Normal
    Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processos (Whitelisted) =================

    (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

    (GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
    (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe
    (FSPro Labs) C:\Windows\System32\fsproflt2.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (FSPro Labs) C:\Program Files\Hide Folders 2012\hf.exe
    (GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
    (Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
    (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    (Microsoft) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

    ==================== Registro (Whitelisted) ====================

    (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1602856 2010-01-08] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-04-07] (IDT, Inc.)
    HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
    HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
    HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [206336 2010-05-20] (Microsoft)
    HKLM\...\Run: [NBKeyScan] => "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    HKLM\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe [1174016 2010-11-20] (Microsoft Corporation)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-03-16] (Apple Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
    HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [814640 2017-02-16] (GAS Tecnologia LTDA)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-17] (AVAST Software)
    Winlogon\Notify\ GbPluginUni: C:\Program Files\GbPlugin\gbiehUni.dll [2016-11-18] (Banco Itaú Unibanco)
    HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)
    ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES\GbPlugin\gbiehuni.dll [1951968 2016-11-18] (Banco Itaú Unibanco)
    ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Sergio\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
    ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Sergio\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
    ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Sergio\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-04-17] (AVAST Software)
    BootExecute: autocheck autochk * sdnclean.exe

    ==================== Internet (Whitelisted) ====================

    (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

    Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 201.17.1.90 201.17.1.157
    Tcpip\..\Interfaces\{FFF8BA8F-AE0F-4E57-9AB5-CFBBC3326CE8}: [DhcpNameServer] 201.17.1.90 201.17.1.157

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2703107185-878268938-2787040127-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: ssh2 Class -> {2E3C3651-B19C-4DD9-A979-901EC3E930AF} -> C:\Program Files\Scpad\scpsssh2.dll [2010-09-13] (Scopus Tecnologia Ltda)
    BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll => Nenhum Arquivo
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-03-22] (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-17] (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => Nenhum Arquivo
    BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll => Nenhum Arquivo
    BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\PROGRAM FILES\GBPLUGIN\gbiehuni.dll [2016-11-18] (Banco Itaú Unibanco)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-22] (Oracle Corporation)
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab
    DPF: {CAFEEFAC-0018-0000-00111-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724
    Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll Nenhum Arquivo
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-12-03] (Microsoft Corporation)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\97vadjci.default-1475185434381 [2017-04-18]
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\97vadjci.default-1475185434381 -> Yahoo!
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\97vadjci.default-1475185434381 -> Yahoo!
    FF Homepage: Mozilla\Firefox\Profiles\97vadjci.default-1475185434381 -> hxxps://www.google.com.br/?gws_rd=ssl
    FF Extension: (Clear Cache) - C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\97vadjci.default-1475185434381\Extensions\clearcache@michel.de.almeida.xpi [2016-10-27]
    FF Extension: (Disable Prefetch) - C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\97vadjci.default-1475185434381\features\{aff550fd-3af9-43f2-97cf-87a7f6ef1f47}\disable-prefetch@mozilla.org.xpi [2017-04-04]
    FF Extension: (Site Deployment Checker) - C:\Program Files\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-28] [não assinado]
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => não encontrado (a)
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
    FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-17]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
    FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-17]
    FF HKU\S-1-5-21-2703107185-878268938-2787040127-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Sergio\AppData\Local\GAS Tecnologia\GBBD\uni\xpi => não encontrado (a)
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-11] ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.)
    FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-22] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-22] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-21] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-21] (RealNetworks, Inc.)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin: @virtools.com/3DviaPlayer -> C:\Program Files\Virtools\3D Life Player\npvirtools.dll [2012-04-05] (Dassault Systèmes)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
    FF Plugin: Sony Corporation/PMCADownloader -> C:\ProgramData\Sony Corporation\PMCADownloader\1.2.0.13221\npPMCADownloader.dll [2012-10-17] (Sony Network Entertainment International LLC)
    FF Plugin: Sony Corporation/PMCADownloaderHelper -> C:\ProgramData\Sony Corporation\PMCADownloader\1.2.0.13221\PMCADownloaderHelper.exe [2012-10-17] (Sony Network Entertainment International LLC)
    FF Plugin: Sony Corporation/PMCADownloaderLib -> C:\ProgramData\Sony Corporation\PMCADownloader\1.2.0.13221\PMCADownloaderLib.dll [2012-10-17] (Sony Network Entertainment International LLC)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR Profile: C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default [2017-04-14]
    CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-02]
    CHR Extension: (PlayMemories Camera Apps Downloader) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlghnkgcadghcdodlcjfhogekonhdei [2016-12-20]
    CHR Extension: (Chrome Media Router) - C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-30]
    CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

    ==================== Serviços (Whitelisted) ====================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    "Warsaw Technology" => serviço foi desbloqueado. <===== ATENÇÃO

    S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5758120 2017-04-17] (AVAST Software s.r.o.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-17] (AVAST Software)
    R2 fsproflt2; C:\Windows\system32\fsproflt2.exe [49512 2012-07-12] (FSPro Labs)
    R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [590048 2016-11-18] (GAS Tecnologia)
    S2 scpVista; C:\Program Files\Scpad\scpVista.exe [136496 2009-07-10] (Scopus Tecnologia Ltda)
    S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7757040 2017-02-02] (TeamViewer GmbH)
    R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [814640 2017-02-16] (GAS Tecnologia LTDA)
    S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [255184 2017-04-17] (AVAST Software s.r.o.)
    R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [148208 2017-04-17] (AVAST Software s.r.o.)
    R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [267528 2017-04-17] (AVAST Software s.r.o.)
    R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [41176 2017-04-17] (AVAST Software s.r.o.)
    S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-04-17] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [31064 2017-04-17] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [106904 2017-04-17] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [90336 2017-04-17] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [62152 2017-04-17] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [764064 2017-04-17] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [472760 2017-04-17] (AVAST Software)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118800 2017-04-17] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [279800 2017-04-17] (AVAST Software)
    R0 FSProFilter2; C:\Windows\System32\Drivers\FSPFltd2.sys [51760 2011-06-03] (FSPro Labs)
    R0 gbpddreg; C:\Windows\System32\drivers\gbpddreg32.sys [25848 2017-04-18] (GAS Tecnologia)
    R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [49496 2015-12-04] (GAS Tecnologia)
    S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [89600 2009-08-10] (Gemalto) [Arquivo não assinado]
    R1 Ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2015-07-18] (GAS Tecnologia)
    S3 NdisrdMP; C:\Windows\System32\DRIVERS\gbpndisrd.sys [31088 2015-07-18] (GbPlugin NDIS Device Driver)
    R3 RDPDISPM; C:\Windows\System32\DRIVERS\rdpdispm.sys [15488 2010-09-22] (Microsoft Corporation)
    R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2015-11-16] (TeamViewer GmbH)
    R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [22744 2017-04-18] (GAS Tecnologia)
    R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [31864 2017-02-16] (GAS Tecnologia)
    S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [22624 2017-02-16] (GAS Tecnologia)
    S3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [22624 2017-02-16] (GAS Tecnologia)
    U3 aswbdisk; não ImagePath
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


    ==================== Um Mês Criados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-04-18 09:37 - 2017-04-18 09:37 - 00000000 ____D C:\Users\Todos os Usuários\SWCUTemp
    2017-04-18 09:37 - 2017-04-18 09:37 - 00000000 ____D C:\ProgramData\SWCUTemp
    2017-04-17 20:20 - 2017-04-17 20:21 - 00000079 _____ C:\Windows\wininit.ini
    2017-04-17 20:06 - 2017-04-17 20:06 - 00000000 ____D C:\Users\Convidado\AppData\Roaming\AVAST Software
    2017-04-17 14:40 - 2017-04-17 14:40 - 00001086 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2017-04-17 14:39 - 2017-04-17 14:39 - 00031064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2017-04-17 14:36 - 2017-04-17 14:36 - 00002037 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2017-04-17 14:36 - 2017-04-17 14:36 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\AVAST Software
    2017-04-17 14:36 - 2017-04-17 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2017-04-17 14:35 - 2017-04-17 14:35 - 00472760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2017-04-17 14:35 - 2017-04-17 14:35 - 00279800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2017-04-17 14:35 - 2017-04-17 14:35 - 00118800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2017-04-17 14:35 - 2017-04-17 14:35 - 00106904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2017-04-17 14:35 - 2017-04-17 14:35 - 00090336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2017-04-17 14:35 - 2017-04-17 14:35 - 00062152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2017-04-17 14:35 - 2017-04-17 14:35 - 00034136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2017-04-17 14:35 - 2017-04-17 14:34 - 00764064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2017-04-17 14:35 - 2017-04-17 14:34 - 00330256 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2017-04-17 14:35 - 2017-04-17 14:34 - 00267528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
    2017-04-17 14:35 - 2017-04-17 14:34 - 00255184 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
    2017-04-17 14:35 - 2017-04-17 14:34 - 00148208 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
    2017-04-17 14:35 - 2017-04-17 14:34 - 00041176 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
    2017-04-17 14:31 - 2017-04-17 14:39 - 00000000 ____D C:\Program Files\AVAST Software
    2017-04-17 14:23 - 2017-04-17 14:23 - 00002164 _____ C:\Users\Sergio\Desktop\Registro de Verificação.txt
    2017-04-17 13:46 - 2017-04-17 13:47 - 60107896 _____ (Malwarebytes ) C:\Users\Sergio\Downloads\mb3-setup-consumer-3.0.6.1469-10103(1).exe
    2017-04-17 12:08 - 2017-04-17 12:08 - 00161216 _____ (Malwarebytes) C:\Windows\system32\Drivers\7DA30EB7.sys
    2017-04-17 11:32 - 2017-04-17 11:32 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-04-17 11:31 - 2017-04-17 11:31 - 60107896 _____ (Malwarebytes ) C:\Users\Sergio\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
    2017-04-17 11:17 - 2017-04-17 11:17 - 06903192 _____ (AVAST Software) C:\Users\Sergio\Downloads\avast_free_antivirus_setup_online.exe
    2017-04-16 12:43 - 2017-04-16 12:43 - 00669184 _____ C:\Users\Convidado\Downloads\Sobreviventes.pps
    2017-04-15 21:45 - 2017-04-15 21:45 - 01655808 _____ C:\Users\Convidado\Downloads\NaoestanoAurelio.pps
    2017-04-14 21:34 - 2017-04-18 09:59 - 00000000 ____D C:\Users\Sergio\Desktop\Hardwarw
    2017-04-14 11:47 - 2017-04-14 11:48 - 00003741 _____ C:\Users\Sergio\Downloads\fixlist.txt
    2017-04-14 11:42 - 2017-04-14 11:42 - 00000000 ____D C:\Users\Sergio\AppData\Local\{20479219-ED8B-4E74-9739-C3D853F24922}
    2017-04-13 11:02 - 2017-04-18 09:37 - 00022744 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
    2017-04-13 11:02 - 2017-02-16 17:41 - 00031864 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddntf.sys
    2017-04-13 11:02 - 2017-02-16 17:41 - 00022624 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddprm.sys
    2017-04-13 11:02 - 2017-02-16 17:41 - 00022624 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddpp.sys
    2017-04-13 11:02 - 2017-02-16 17:41 - 00008811 _____ C:\Windows\system32\Drivers\wsddntf.cat
    2017-04-13 11:01 - 2017-04-13 11:01 - 00000000 ____D C:\Users\Sergio\AppData\Local\{A1B9BCAA-9C70-466C-A315-150DB18D25BC}
    2017-04-12 09:41 - 2017-04-12 09:41 - 00000000 ____D C:\Users\Sergio\AppData\Local\{E726C2A8-A7CE-4D99-89D7-1A8ABF3FCBCE}
    2017-04-11 11:58 - 2017-04-11 11:58 - 00000000 ____D C:\Users\Sergio\AppData\Local\{D7F0281F-91BB-4906-95D9-7BF634B3B977}
    2017-04-10 15:20 - 2017-04-10 15:21 - 00052837 _____ C:\Users\Sergio\Downloads\Addition.txt
    2017-04-10 15:17 - 2017-04-18 09:59 - 00000000 ____D C:\FRST
    2017-04-10 15:17 - 2017-04-10 15:21 - 00057564 _____ C:\Users\Sergio\Downloads\FRST.txt
    2017-04-10 12:18 - 2017-04-10 12:18 - 00000000 ____D C:\Users\Sergio\AppData\Local\{FB87E4F5-F937-4D56-BAF0-EDB90C349B6A}
    2017-04-08 13:02 - 2017-04-08 13:20 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\ZHP
    2017-04-08 13:02 - 2017-04-08 13:02 - 00000000 ____D C:\Users\Sergio\AppData\Local\ZHP
    2017-04-07 20:09 - 2017-04-07 20:09 - 00000000 ____D C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú
    2017-04-07 20:03 - 2017-04-07 20:03 - 13286592 _____ (MEGA Limited) C:\Users\Sergio\Downloads\MEGAsyncSetup.exe
    2017-04-07 19:46 - 2017-04-07 19:46 - 08245437 _____ C:\Users\Sergio\Desktop\pesquisa-periferia-fpa-04042017.pdf
    2017-04-07 13:15 - 2017-04-07 13:15 - 00007047 _____ C:\Users\Convidado\Downloads\BOLETO_3348649_1491569748432.pdf
    2017-04-06 17:02 - 2017-04-06 17:02 - 00000028 _____ C:\aplic c r i.txt
    2017-04-05 11:33 - 2017-04-06 15:53 - 00000410 _____ C:\runcheck.txt
    2017-04-05 11:31 - 2017-04-05 11:31 - 00000000 ____D C:\zoek_backup
    2017-04-05 11:28 - 2017-04-05 11:28 - 01370112 _____ C:\Users\Sergio\Downloads\ZA-Scan.exe
    2017-03-29 10:47 - 2017-04-11 12:47 - 00000000 ____D C:\Users\Convidado\AppData\Local\Avg
    2017-03-28 21:38 - 2017-03-29 10:33 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2017-03-28 16:16 - 2017-03-28 16:16 - 00000000 ____D C:\Users\Sergio\AppData\Local\NPE
    2017-03-28 12:06 - 2017-03-28 12:46 - 00000000 ____D C:\Users\TEMP
    2017-03-27 23:03 - 2017-04-17 11:29 - 00000000 ____D C:\Program Files\AVG
    2017-03-27 23:01 - 2017-04-17 11:29 - 00000000 ____D C:\Users\Todos os Usuários\Avg
    2017-03-27 23:01 - 2017-04-17 11:29 - 00000000 ____D C:\ProgramData\Avg
    2017-03-27 23:01 - 2017-04-17 11:28 - 00000000 ____D C:\Users\Sergio\AppData\Local\AvgSetupLog
    2017-03-27 23:01 - 2017-03-31 13:31 - 00000000 ____D C:\Users\Sergio\AppData\Local\Avg
    2017-03-27 20:29 - 2017-04-08 12:05 - 00000000 ____D C:\AdwCleaner
    2017-03-24 15:22 - 2017-03-24 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2017-03-24 15:20 - 2017-03-24 15:22 - 00000000 ____D C:\Program Files\iTunes
    2017-03-24 15:14 - 2017-03-24 15:14 - 00000000 ____D C:\Program Files\Apple Software Update
    2017-03-22 20:37 - 2017-03-22 20:37 - 00000000 ____D C:\Program Files\Common Files\Java
    2017-03-21 20:05 - 2017-03-08 01:22 - 02953216 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2017-03-21 20:05 - 2017-03-08 01:22 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2017-03-21 20:05 - 2017-03-08 01:18 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2017-03-21 20:05 - 2017-03-08 01:07 - 02091008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2017-03-21 20:05 - 2017-03-08 01:07 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2017-03-21 20:05 - 2017-03-08 01:06 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2017-03-21 20:05 - 2017-03-08 01:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2017-03-21 20:05 - 2017-03-08 01:06 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2017-03-21 20:05 - 2017-03-08 01:06 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2017-03-21 20:05 - 2017-03-08 01:06 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2017-03-21 20:05 - 2017-03-08 01:06 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2017-03-21 20:05 - 2017-02-14 13:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2017-03-21 20:05 - 2017-02-11 13:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2017-03-21 20:05 - 2017-02-09 13:14 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
    2017-03-21 20:05 - 2017-02-09 13:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2017-03-21 20:05 - 2017-01-18 12:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2017-03-21 19:26 - 2017-03-04 13:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-03-21 19:26 - 2017-03-04 01:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-03-21 19:26 - 2017-03-04 00:28 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-03-21 19:26 - 2017-03-02 15:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-03-21 19:26 - 2017-03-02 15:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-03-21 19:26 - 2017-03-02 15:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-03-21 19:26 - 2017-03-02 15:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-03-21 19:26 - 2017-03-02 15:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-03-21 19:26 - 2017-03-02 15:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-03-21 19:26 - 2017-03-02 14:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-03-21 19:26 - 2017-03-02 14:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-03-21 19:26 - 2017-03-02 14:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-03-21 19:26 - 2017-03-02 14:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-03-21 19:26 - 2017-03-02 14:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-03-21 19:26 - 2017-03-02 14:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-03-21 19:26 - 2017-03-02 14:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-03-21 19:26 - 2017-03-02 14:44 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-03-21 19:26 - 2017-03-02 14:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-03-21 19:26 - 2017-03-02 14:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-03-21 19:26 - 2017-03-02 14:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-03-21 19:26 - 2017-03-02 14:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-03-21 19:26 - 2017-03-02 14:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-03-21 19:26 - 2017-03-02 14:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-03-21 19:26 - 2017-03-02 14:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-03-21 19:26 - 2017-03-02 14:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-03-21 19:26 - 2017-03-02 14:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-03-21 19:26 - 2017-03-02 14:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-03-21 19:26 - 2017-03-02 14:19 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-03-21 19:26 - 2017-03-02 14:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-03-21 19:26 - 2017-03-02 14:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-03-21 19:26 - 2017-03-02 14:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-03-21 19:26 - 2017-03-02 13:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-03-21 19:26 - 2017-03-02 13:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-03-21 19:26 - 2017-03-02 13:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-03-21 19:25 - 2017-03-02 15:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-03-21 19:25 - 2017-02-11 12:50 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2017-03-21 19:25 - 2017-02-11 12:50 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2017-03-21 19:25 - 2017-02-11 12:50 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2017-03-21 19:25 - 2017-02-10 13:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2017-03-21 19:25 - 2017-02-10 13:17 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2017-03-21 19:25 - 2017-02-10 11:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2017-03-21 19:25 - 2017-02-10 11:33 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2017-03-21 19:25 - 2017-02-09 13:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2017-03-21 19:25 - 2017-02-09 13:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2017-03-21 19:25 - 2017-02-09 13:19 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2017-03-21 19:25 - 2017-02-09 13:19 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2017-03-21 19:25 - 2017-02-09 13:16 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2017-03-21 19:25 - 2017-02-09 13:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2017-03-21 19:25 - 2017-02-09 12:53 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2017-03-21 19:25 - 2017-02-09 12:53 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2017-03-21 19:25 - 2017-02-09 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2017-03-21 19:25 - 2017-02-09 12:53 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2017-03-21 19:25 - 2017-02-09 12:53 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2017-03-21 19:25 - 2017-02-09 12:52 - 02400256 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-03-21 19:25 - 2017-02-09 12:51 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2017-03-21 19:25 - 2017-02-09 12:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
    2017-03-21 19:25 - 2017-02-09 12:49 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2017-03-21 19:25 - 2017-02-09 12:49 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2017-03-21 19:25 - 2017-02-09 12:49 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2017-03-21 19:25 - 2017-02-09 12:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2017-03-21 19:25 - 2017-02-09 12:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2017-03-21 19:25 - 2017-02-09 12:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2017-03-21 19:25 - 2017-02-09 12:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2017-03-21 19:25 - 2017-02-06 13:03 - 00497152 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
    2017-03-21 19:25 - 2017-01-13 14:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2017-03-21 19:25 - 2017-01-13 14:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
    2017-03-21 19:25 - 2017-01-11 14:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2017-03-21 19:25 - 2017-01-11 14:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2017-03-21 19:25 - 2017-01-06 14:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2017-03-21 19:19 - 2017-02-22 20:29 - 00071400 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2017-03-21 19:19 - 2017-02-22 20:24 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2017-03-21 19:19 - 2017-02-18 11:05 - 01331200 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2017-03-21 19:19 - 2017-02-18 11:05 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2017-03-21 19:19 - 2016-12-31 12:36 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2017-03-21 19:19 - 2016-12-31 12:36 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2017-03-21 19:19 - 2016-12-31 12:36 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2017-03-21 19:19 - 2016-12-31 12:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2017-03-21 19:19 - 2016-12-31 12:36 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2017-03-20 18:07 - 2017-03-20 18:07 - 00000014 _____ C:\Users\Sergio\Desktop\adaptador.txt
    2017-03-20 16:29 - 2017-03-20 16:29 - 00007077 _____ C:\Users\Convidado\Downloads\BOLETO_3335233_1490021015514.pdf
    2017-03-20 11:15 - 2017-03-20 11:16 - 00131072 _____ C:\Windows\Minidump\032017-29343-01.dmp
    2017-03-20 10:46 - 2017-03-20 10:46 - 00135216 _____ C:\Windows\Minidump\032017-36036-01.dmp

    ==================== Um Mês Modificados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-04-18 09:47 - 2009-07-14 01:34 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-04-18 09:47 - 2009-07-14 01:34 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-04-18 09:39 - 2016-11-21 15:05 - 00000000 ____D C:\Users\Sergio\AppData\LocalLow\Mozilla
    2017-04-18 09:39 - 2012-05-10 21:57 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
    2017-04-18 09:39 - 2012-05-10 21:57 - 00000000 ____D C:\ProgramData\GbPlugin
    2017-04-18 09:37 - 2016-08-22 20:39 - 00025848 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddreg32.sys
    2017-04-18 09:37 - 2010-12-05 11:00 - 00065536 _____ C:\Windows\system32\Ikeext.etl
    2017-04-18 09:36 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-04-17 20:30 - 2016-05-17 21:39 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
    2017-04-17 20:20 - 2016-05-17 21:39 - 00000000 ____D C:\Users\Todos os Usuários\Spybot - Search & Destroy
    2017-04-17 20:20 - 2016-05-17 21:39 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2017-04-17 17:58 - 2016-10-06 21:40 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\uTorrent
    2017-04-17 14:39 - 2013-12-03 15:01 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
    2017-04-17 14:39 - 2013-12-03 15:01 - 00000000 ____D C:\ProgramData\AVAST Software
    2017-04-17 14:35 - 2015-12-03 11:30 - 00000000 ____D C:\Program Files\Common Files\AV
    2017-04-17 13:47 - 2014-01-25 12:07 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
    2017-04-17 13:47 - 2014-01-25 12:07 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-04-17 12:56 - 2010-09-05 18:05 - 00000000 ____D C:\Users\Sergio\AppData\Local\CrashDumps
    2017-04-17 11:42 - 2010-09-06 17:44 - 00000000 ____D C:\Users\Sergio\Desktop\Filmes Gravar
    2017-04-17 11:41 - 2012-08-17 22:19 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\vlc
    2017-04-14 21:34 - 2010-08-21 16:49 - 00000000 ____D C:\Users\Sergio\Tracing
    2017-04-14 18:03 - 2011-08-27 18:59 - 00000000 ____D C:\Program Files\TeamViewer
    2017-04-14 11:55 - 2016-04-26 18:56 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-04-14 11:55 - 2012-05-27 12:45 - 00000000 ____D C:\Users\Convidado\AppData\LocalLow\Temp
    2017-04-14 11:54 - 2012-05-19 10:56 - 00000000 ____D C:\Users\Sergio\AppData\LocalLow\Temp
    2017-04-13 13:49 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf
    2017-04-11 11:36 - 2012-04-03 21:43 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2017-04-11 11:36 - 2011-05-20 22:17 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2017-04-11 11:36 - 2010-08-09 15:53 - 00000000 ____D C:\Windows\system32\Macromed
    2017-04-08 13:42 - 2012-01-05 17:26 - 00000000 ____D C:\Users\Convidado\AppData\Roaming\Apple Computer
    2017-04-07 20:09 - 2017-01-31 14:20 - 00002176 _____ C:\Users\Convidado\Desktop\Itaú.lnk
    2017-04-07 20:09 - 2016-10-02 12:15 - 00000000 ____D C:\Users\Convidado\AppData\Local\Aplicativo Itau
    2017-04-07 20:06 - 2017-01-05 14:44 - 00010190 _____ C:\Users\Sergio\Desktop\cc leide.xlsx
    2017-04-07 20:03 - 2016-11-14 20:18 - 00000000 ____D C:\Users\Sergio\AppData\Local\MEGAsync
    2017-04-06 19:37 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\rescache
    2017-04-06 18:37 - 2011-01-20 18:30 - 00002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-04-04 17:43 - 2012-02-28 12:50 - 00000000 ____D C:\Users\Convidado\AppData\Local\CrashDumps
    2017-04-02 11:10 - 2009-07-14 01:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2017-03-30 18:41 - 2010-08-09 15:57 - 01643726 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-03-30 18:41 - 2009-07-14 05:31 - 00708928 _____ C:\Windows\system32\prfh0416.dat
    2017-03-30 18:41 - 2009-07-14 05:31 - 00148708 _____ C:\Windows\system32\prfc0416.dat
    2017-03-30 18:29 - 2009-07-14 01:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2017-03-29 20:52 - 2011-04-18 18:50 - 00000000 ____D C:\Users\Sergio\.receitanet
    2017-03-29 12:44 - 2012-05-02 19:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2017-03-27 20:38 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\tracing
    2017-03-27 10:38 - 2016-04-01 11:31 - 00000000 ____D C:\NET
    2017-03-24 16:18 - 2016-10-02 13:53 - 00000009 _____ C:\Ipod.txt
    2017-03-24 15:21 - 2016-10-01 13:30 - 00000000 ____D C:\Program Files\iPod
    2017-03-24 15:20 - 2010-08-18 19:34 - 00000000 ____D C:\Program Files\Common Files\Apple
    2017-03-24 15:14 - 2010-08-18 19:34 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2017-03-22 21:22 - 2015-12-28 11:42 - 00000000 ____D C:\Mastercard
    2017-03-22 20:36 - 2016-11-23 12:47 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2017-03-22 20:36 - 2013-09-15 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2017-03-22 20:35 - 2010-08-09 15:54 - 00000000 ____D C:\Program Files\Java
    2017-03-22 20:34 - 2011-01-22 21:01 - 00000000 ____D C:\Windows\system32\Adobe
    2017-03-22 20:34 - 2010-09-04 09:50 - 00000000 ____D C:\Users\Sergio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2017-03-22 20:34 - 2010-09-04 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2017-03-22 20:34 - 2010-09-04 09:49 - 00000000 ____D C:\Program Files\WinRAR
    2017-03-21 19:50 - 2009-07-14 01:33 - 00423432 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-03-21 19:49 - 2010-08-09 16:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2017-03-21 19:47 - 2015-03-11 13:44 - 00000000 ____D C:\Windows\system32\appraiser
    2017-03-21 19:47 - 2014-09-30 22:38 - 00000000 ___SD C:\Windows\system32\CompatTel
    2017-03-21 19:43 - 2010-09-10 17:41 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
    2017-03-21 19:39 - 2014-09-30 21:50 - 00000000 ____D C:\Windows\system32\MRT
    2017-03-21 19:32 - 2010-08-15 12:37 - 135706696 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-03-21 19:30 - 2010-09-02 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2017-03-20 11:15 - 2015-10-26 13:46 - 457888461 _____ C:\Windows\MEMORY.DMP
    2017-03-20 11:15 - 2011-10-03 21:04 - 00000000 ____D C:\Windows\Minidump

    ==================== Arquivos na raiz de alguns diretórios =======

    2011-03-28 22:52 - 2011-03-28 23:13 - 0000189 _____ () C:\Users\Sergio\AppData\Roaming\burnaware.ini
    2013-12-22 14:27 - 2014-01-04 16:27 - 0000073 _____ () C:\Users\Sergio\AppData\Roaming\WB.CFG
    2013-05-23 21:00 - 2013-10-23 20:35 - 0008192 _____ () C:\Users\Sergio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-01-05 10:57 - 2015-01-05 10:57 - 0000227 _____ () C:\ProgramData\bc.ini
    2010-08-12 21:43 - 2010-08-12 21:48 - 0000376 _____ () C:\ProgramData\hpzinstall.log

    ==================== Bamital & volsnap ======================

    (Não há correção automática para arquivos que não passaram na verificação.)

    C:\Windows\explorer.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

    LastRegBack: 2017-04-05 12:54

    ==================== Fim de FRST.txt ============================

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @poy

     

    Novamente...

     

    O FRST deve ser executado diretamente da Área de Trabalho (Desktop), no entanto você executou da pasta:

     

    Executando a partir de C:\Users\Sergio\Desktop\Hardwarw

     

    Delete-o daí, baixe um novo para o Desktop, execute o FRST, marque a opção Addition e clique no botão Examinar. Anexe os logs.

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @poy

     

    Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

    Baixe o Stinger e salve em sua Área de trabalho (Desktop).
    32 bit (x86) ou 64 bit (x64)

    • Execute o arquivo Stinger.exe
      • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
    • Clique no botão “I Accept”


    Stinger%20a.png

    Na nova janela clique em “Advanced” e depois “Settings”

    Stinger%20b.png

    Na janela configurações deixe conforme imagem abaixo e clique no botão “Save”

    9hnsyu.png

    Clique em “Customize my Scan”

    Stinger%20f.png

    Selecione as unidades do sistema e em seguida clique no botão “Scan”

    Stinger%20g.png

    Ao final clique em “View log”, será aberto uma janela com o log em seu navegador.
    Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • segue o log

    McAfee Stinger Scan Results

    McAfee® Labs Stinger™ Version 12.1.0.2345 built on Apr 20 2017 at 23:35:16 Copyright© 2015, McAfee, Inc. All Rights Reserved. AV Engine version v5900.7806 for Windows. Virus data file v1000.0 created on Apr 21, 2017 Ready to scan for 10092 viruses, trojans and variants. Custom scan initiated on domingo, abril 23, 2017 20:04:56 Rootkit scan result : Not Scanned. C:\Program Files\uTorrent\uTorrent.exe [MD5:bb7245420097b251d1271f5b6f0c9f02] is infected with Artemis!BB7245420097 C:\Program Files\uTorrent\uTorrent.exe has been Deleted C:\Users\Sergio\AppData\Roaming\ZHP\Quarantine\zoek-delete.exe [MD5:cc7aa7b42cf418fc3d926913490048f8] is infected with Artemis!CC7AA7B42CF4 C:\Users\Sergio\AppData\Roaming\ZHP\Quarantine\zoek-delete.exe has been Deleted Summary Report on C: File(s) TotalFiles:............ 900239 Clean:................. 211465 Not Scanned:........... 688772 Possibly Infected:..... 2 Time: 03:45:30 Scan completed on domingo, abril 23, 2017 23:50:26

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @poy

     

    Baixe Security Check, by glax24 e salve em sua Área de trabalho (Desktop).

     

    Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

    • Aguarde enquanto a ferramenta faz o exame.
    • Ao final salve log como SecurityCheck.html
    • Abra o arquivo com o bloco de notas;
    • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • SecurityCheck by glax24 & Severnyj v.1.4.0.49 [15.04.17]
    WebSite: www.safezone.cc
    DateLog: 26.04.2017 11:08:53
    Path starting: C:\Users\Sergio\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
    Log directory: C:\SecurityCheck\
    IsAdmin: True
    User: Sergio
    VersionXML: 4.14is-23.04.2017
    ___________________________________________________________________________

    Windows 7(6.1.7601) Service Pack 1 (x86) HomeBasic Lang: Portuguese(0416)
    Installation date OS: 13.08.2010 00:41:42
    LicenseStatus: Windows(R) 7, HomeBasic edition The machine is permanently activated.
    Boot Mode: Normal
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    SystemDrive: C: FS: [NTFS] Capacity: [457 Gb] Used: [266.2 Gb] Free: [190.8 Gb]
    ------------------------------- [ Windows ] -------------------------------
    Internet Explorer 11.0.9600.18617 Warning! Download Update
    Online installation. Last version available when Windows update is enabled throught the Internet.
    User Account Control disabled
    The elevation prompt for administrators disabled
    ^It is recommended to enable: Win+R typing UserAccountControlSettings and Enter^
    Notify before download
    Date install updates: 2017-03-21 23:07:23
    Windows Update (wuauserv) - The service is running
    Central de Segurança (wscsvc) - The service is running
    Registro remoto (RemoteRegistry) - The service has stopped
    Descoberta SSDP (SSDPSRV) - The service is running
    Serviços de Área de Trabalho Remota (TermService) - The service has stopped
    Windows Remote Management (WS-Management) (WinRM) - The service has stopped
    ------------------------------ [ MS Office ] ------------------------------
    Microsoft Office 2007 v.12.0.6612.1000
    ---------------------------- [ Antivirus_WMI ] ----------------------------
    Avast Antivirus (enabled and up to date)
    --------------------------- [ FirewallWindows ] ---------------------------
    Firewall do Windows (MpsSvc) - The service is running
    Disabled the standard profile for Windows Firewall
    --------------------------- [ AntiSpyware_WMI ] ---------------------------
    Windows Defender (disabled and out of date)
    Avast Antivirus (enabled and up to date)
    ---------------------- [ AntiVirusFirewallInstall ] -----------------------
    Avast Free Antivirus v.17.3.2291
    -------------------------- [ SecurityUtilities ] --------------------------
    Eraser 6.0.10.2620 v.6.0.2620
    --------------------------- [ OtherUtilities ] ----------------------------
    TeamViewer 11 v.11.0.73909 Warning! Download Update
    VLC media player v.2.2.4
    WinRAR 5.40 (32-bit) v.5.40.0
    Microsoft Silverlight v.5.1.50905.0 Warning! Download Update
    TeamViewer 11 (TeamViewer) - The service has stopped
    --------------------------------- [ IM ] ----------------------------------
    Skype™ 7.33 v.7.33.105 Warning! Download Update
    ^Optional update.^
    --------------------------------- [ P2P ] ---------------------------------
    µTorrent v.3.4.9.42606 Warning! P2P-client.
    -------------------------------- [ Java ] ---------------------------------
    Java 8 Update 111 v.8.0.1110.14 Warning! Download Update
    Uninstall old version and install new one (jre-8u131-windows-i586.exe).
    Java 8 Update 121 v.8.0.1210.13 Warning! Download Update
    Uninstall old version and install new one (jre-8u131-windows-i586.exe).
    --------------------------- [ AppleProduction ] ---------------------------
    iTunes v.12.6.0.100
    Bonjour v.3.1.0.1
    QuickTime 7 v.7.79.80.95 Warning! This software is no longer supported. Please uninstall it and use another software.
    Serviço do Bonjour (Bonjour Service) - The service is running
    --------------------------- [ AdobeProduction ] ---------------------------
    Adobe Flash Player 25 ActiveX v.25.0.0.148
    Adobe Flash Player 25 NPAPI v.25.0.0.148
    Adobe Shockwave Player 12.2 v.12.2.8.198
    Adobe Acrobat Reader DC - Português v.17.009.20044
    ------------------------------- [ Browser ] -------------------------------
    Google Chrome v.57.0.2987.133 Warning! Download Update
    Mozilla Firefox 53.0 (x86 pt-BR) v.53.0
    ----------------------------- [ EmailClient ] -----------------------------
    Windows Live Mail v.15.4.3502.0922 Warning! This software is no longer supported.
    --------------------------- [ RunningProcess ] ----------------------------
    C:\Program Files\Mozilla Firefox\firefox.exe v.53.0.0.6312
    ------------------ [ AntivirusFirewallProcessServices ] -------------------
    Avast Antivirus (avast! Antivirus) - The service is running
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe v.17.3.3443.0
    aswbIDSAgent (aswbIDSAgent) - The service is running
    C:\Program Files\AVAST Software\Avast\aswidsagent.exe v.17.3.2.64257
    C:\Program Files\AVAST Software\Avast\AvastUI.exe v.17.3.3443.0
    McAfee Validation Trust Protection Service (mfevtp) - The service is running
    C:\Windows\System32\mfevtps.exe v.15.4.0.543
    Windows Defender (WinDefend) - The service has stopped
    ----------------------------- [ End of Log ] ------------------------------

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @poy

     

    Como está seu Windows?

     

    # Etapa nº 1 #

     

    Baixe o Delfix by Xplode e salve na sua área de trabalho.

     

    Clique duas vezes no delfix.exe para executá-lo. Marque as caixas conforme imagem.

     

    ** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo delfix.exe, depois clique em execadmin.png.

     

    2mez6ld.png

     

    Clique no botão Executar.

     

    Ao final será gerado um log, mas não é necessário postar.

    # Etapa nº 2 #

    imageproxy.php?img=http%3A%2F%2Fi65.tiny Versões antigas de programas têm vulnerabilidades que alguns malwares podem usar para infectar o seu sistema.

    Por isso, é recomendável atualizar os programas que o Security Check apontou como desatualizados (os updates opcionais ficam ao seu critério).

    Basta clicar no Download Update de cada aviso (post acima), que irá para o site do desenvolvedor.

    <<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

     

    # Etapa nº 3 #

     

    O Ccleaner é um excelente utilitário de limpeza para o computador.

     

    Faça o download dele aqui Ccleaner

     

    • Após a instalação vá até o local onde o programa foi instalado, geralmente em C:\Arquivos de programas\CCleaner.
    • Clique duas vezes nesta pasta;
    • Numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta;
    • Coloque o nome de backups.
    • Abra o programa e clique em Executar Limpeza;
    • Clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
    • Observação: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Açoes realizadas. Obrigado pela atenção

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Problema resolvido!

     

    Caso o autor necessite, o mesmo será reaberto, para isso deverá entrar em contato com um Analista de Segurança solicitando o desbloqueio

     

    Turco

    diego_moicano

     

    .

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×