Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
CLAUDIO RD

PC reiniciando sozinho..TELA AZUL, KERNELL..

Recommended Posts

CLAUDIO RD    0

Alguém tem alguma experiência? Soube da possibilidade de malware. É pouco frequente, mas receio q aumente..

Vou ver se consigo fotografar...é um aviso tipo do windows..

 

Foi só postar ACABOU DE DAR DE NOVO 

KERNELL SECURITY CHEK FAILURE!!

 

Lenovo

 

obrigado

 

claudio

Editado por CLAUDIO RD

Compartilhar este post


Link para o post
Compartilhar em outros sites

@CLAUDIO RD

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • IMPORTANTE: Caso tenha programas de ativação do windows ou de compartilhamento de torrent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do forum;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas;
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Ao invés de criar um novo tópico, peço que continue com este e faça uma resposta anexando o log do ZA-Scan, de acordo com as instruções do link abaixo.


http://www.clubedohardware.com.br/forums/topic/558719-leia-antes-de-postar/
  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites
CLAUDIO RD    0
  • Autor do tópico
  • " voce nao tem permissão de enviar mensagens privadas" Me avisa o "Clube do Hardware" meu nobre Elias Pereira

    >> não tenho formação acadêmica nem técnica sobre tecnologia da computação. Sinceramente não gostaria de scannear (a princípio) e passar o "log" por aqui, como vagamente observou e não entrou em nenhum detalhe do Za-Scan, mesmo porque a primeira q entrei aqui vi um dialogo extremamente desgastante entre usuaria e tecnico com trocentas atitudes desgantes q depois a propria usuaria acabou tomando a atitude por conta propria porque não conseguia resolver (eram mil termos tecnicos, acho q a usuária tinha formação nesse sentido, e eu não tenho...).

     

    Baixei um anti malware malwarebytes e voltou a re-iniciar sozinho

    Outra pista o BB me bloqueou no modulo de segurança deles atestando:

    "Seu computador foi bloqueado de forma preventiva pelo Módulo de Segurança em virtude de alerta de equipamento com script/artefato malicioso"

     

    Achei você "muito vago nas suas explicações". Li o link que repetiu 2 vezes tb nada esclarecedor. Inclusive (repito) sem dar detalhes como scannear

     

    você abre o dialogo comigo c a seguinte frase: "Este é um espaço privado, não público. Seu uso é um privilégio, não um direito"

    Depois diz que duvidas é por MP, coisa que eu não tenho acesso...

    Estranho..

     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    CLAUDIO RD    0
  • Autor do tópico
  • Em 04/09/2017 às 12:36, Elias Pereira disse:

    @CLAUDIO RD

     

    Somente irei prosseguir analise se o log for postado.

     

     

     

    Se me dizer como faz isso...link por obséquio

    Esse q me direcionou por DUAS VEZES é omisso..não sei fazer isso..pode explicar COM PACIÊNCIA?

     

     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @CLAUDIO RD

     

    Citação

    Se me dizer como faz isso...link por obséquio
    Esse q me direcionou por DUAS VEZES é omisso..não sei fazer isso..pode explicar COM PACIÊNCIA?

     

    Bom, ate agora o único que não teve paciência e nem respeito foi você.

     

    Você leu ate o final as instruções do link que lhe passei? Acredito que não, pois se tivesse lido, iria perceber que o link está na palavra "AQUI". A frase toda é essa abaixo:

    Citação

    Uma vez lido as regras e estando de acordo com elas, acesse  >>>> AQUI <<<< para ler como criar seu tópico. 

     

    Acesse o link novamente e clique no "AQUI", por gentileza. Peço que tenha mais paciência e respeito, pois nos prontificamos em ajudar sem nada em troca. Como dizem, "totalmente grátis"!!! A unica coisa que gostaria de receber em troca e o respeito pelo usuário.

     

    No mais, no aguardo do log.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    CLAUDIO RD    0
  • Autor do tópico
  • Em 06/09/2017 às 22:04, Elias Pereira disse:

    @CLAUDIO RD

     

     

    Bom, ate agora o único que não teve paciência e nem respeito foi você.

     

    Você leu ate o final as instruções do link que lhe passei? Acredito que não, pois se tivesse lido, iria perceber que o link está na palavra "AQUI". A frase toda é essa abaixo:

     

    Acesse o link novamente e clique no "AQUI", por gentileza. Peço que tenha mais paciência e respeito, pois nos prontificamos em ajudar sem nada em troca. Como dizem, "totalmente grátis"!!! A unica coisa que gostaria de receber em troca e o respeito pelo usuário.

     

    No mais, no aguardo do log.

    Ta bom, aponta aonde te desrespeite (pode ser em negrito)

     

    Bom o note voltou a re-iniciar...

    Vou escannear então

     

    Estava de mudança de residencia

    Alias ainda estou na fase de desempacotar coisas

    Assim q possível (mais breve) retornarei c olog

    Abs

    adicionado 49 minutos depois
    Em 06/09/2017 às 22:04, Elias Pereira disse:

    @CLAUDIO RD

     

     

    Bom, ate agora o único que não teve paciência e nem respeito foi você.

     

    Você leu ate o final as instruções do link que lhe passei? Acredito que não, pois se tivesse lido, iria perceber que o link está na palavra "AQUI". A frase toda é essa abaixo:

     

    Acesse o link novamente e clique no "AQUI", por gentileza. Peço que tenha mais paciência e respeito, pois nos prontificamos em ajudar sem nada em troca. Como dizem, "totalmente grátis"!!! A unica coisa que gostaria de receber em troca e o respeito pelo usuário.

     

    No mais, no aguardo do log.

    Ta bom, aponta aonde te desrespeite (pode ser em negrito)

     

    Bom o note voltou a re-iniciar...

    Vou escannear então

    Estava de mudança de residencia

    Alias ainda estou na fase de desempacotar coisas

    Assim q possível (mais breve) retornarei c olog

    Abs

    ============

    Seu (meu) LOG:

    ZA-Scan.txt

    Editado por CLAUDIO RD

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @CLAUDIO RD

     

    Siga os passos abaixo:

    ETAPA 1

    Baixe o Malwarebytes Anti-Malware (MBAM) do link abaixo e salve no seu desktop.
    https://downloads.malwarebytes.org/file/mbam_current/
     
    Clique duas vezes no mbam-setup.exe e siga o solicitado para instalar o programa.

    • Na aba Análise > Analise Personalizada marque a opção Procurar rootkits e as entradas referente a instalação do sistema operacional. Normalmente é o drive C:;
    • Clique em Analisar Agora. Aguarde, pois o scan pode demorar;
    • Ao acabar o scan, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas ou Colocar em Quarentena;
    • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo);
    • Caso o mbam não seja executado automaticamente após a reinicialização, execute manualmente;
    • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Relatórios na janela principal do programa;
    • Clique duas vezes no log (Registro de verificação). Clique no botão Exportar e utilize o formato .txt para exportar o log. Salve na Área de Trabalho;
    • Abra o arquivo, selecione tudo, copie e cole o conteúdo deste log em sua próxima resposta.



    NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

    ETAPA 2

    Faça o download do AdwCleaner de um dos links abaixo e salve no desktop.
    https://toolslib.net/downloads/viewdownload/1-adwcleaner/
    http://www.bleepingcomputer.com/download/adwcleaner/

    Clique em DOWNLOAD NOW para baixar o arquivo.

    Execute o adwcleaner.exe

    OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em VRIfczU.png

    Clique em EXAMINAR. Após o termino clique em LIMPAR e aguarde.

    Será aberto o bloco de notas com o resultado.

    Selecione, copie e cole o seu conteúdo na próxima resposta.

    ETAPA 3

    Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

    Baixe jrt.exe do link abaixo e salve no desktop.
    http://www.bleepingcomputer.com/download/junkware-removal-tool/

    Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

    OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo jrt.exe, depois clique em VRIfczU.png

    A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

    Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

    Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

     

     

    Editado por Elias Pereira

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    CLAUDIO RD    0
  • Autor do tópico
  • Já tinha passado o MBAM, deu milhares de ameaças. Já tinha limpado

    Te copio o log deles

    vou partir pras etapas 2, 3

    Desabilito o MBAM ao baixar os demais (o Adwcleaner e por conseguinte o Junkware)??

    MBAM.txt

    adicionado 26 minutos depois

     

     

    AdwareCleaner [CO].txt

     

     

    # AdwCleaner 7.0.2.1 - Logfile created on Wed Sep 13 00:22:06 2017
    # Updated on 2017/29/08 by Malwarebytes 
    # Running on Windows 8.1 Single Language (X64)
    # Mode: clean
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    No malicious services deleted.

    ***** [ Folders ] *****

    Deleted: C:\Users\claudio\AppData\Local\3DM
    Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\YSearchUtil
    Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
    Deleted: C:\Users\claudio\AppData\Local\YSearchUtil
    Deleted: C:\Program Files (x86)\Yahoo!\yset
    Deleted: C:\Users\Convidado\AppData\Local\Temp\apn


    ***** [ Files ] *****

    Deleted: C:\Users\All Users\Documents\\report.dat
    Deleted: C:\Users\Public\Documents\\report.dat
    Deleted: C:\Users\Todos os Usuários\Documents\\report.dat
    Deleted: C:\Users\All Users\Documents\\temp.dat
    Deleted: C:\Users\Public\Documents\\temp.dat
    Deleted: C:\Users\Todos os Usuários\Documents\\temp.dat
    Deleted: C:\Users\claudio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ScreenShot.lnk


    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks deleted.

    ***** [ Registry ] *****

    Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
    Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
    Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|SNARE
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
    Deleted: [Key] - HKLM\SOFTWARE\InterSect Alliance
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98FD652EB4839214E97B69DD8EEA1D29
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
    Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D2A425F405350054677A7A857BC0D100
    Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\D2A425F405350054677A7A857BC0D100
    Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\D2A425F405350054677A7A857BC0D100
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
    Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaaiabcopkplhgaedhbloeejhhankf
    Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|WinSAPSvc
    Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|3DM
    Deleted: [Key] - HKLM\SOFTWARE\ScreenShot
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScreenShot


    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries deleted.

    ***** [ Chromium (and derivatives) ] *****

    SearchProvider deleted: Ask Search - websearch.ask.com
    SearchProvider deleted: 4shared.com Customized Web Search - search.conduit.com
    SearchProvider deleted: Search  - unitech llc


    *************************

    ::Tracing keys deleted
    ::Winsock settings cleared
    ::Additional Actions: 0

    *************************

    C:/AdwCleaner/AdwCleaner[S0].txt - [6767 B] - [2017/9/13 0:20:21]


    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

    adicionado 38 minutos depois

     

    Adware [SO].txt

     

    # AdwCleaner 7.0.2.1 - Logfile created on Wed Sep 13 00:20:21 2017
    # Updated on 2017/29/08 by Malwarebytes 
    # Database: 09-12-2017.1
    # Running on Windows 8.1 Single Language (X64)
    # Mode: scan
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    Adware.Elex, C:\Users\claudio\AppData\Local\3DM
    PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\Local\YSearchUtil
    PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
    PUP.Optional.Legacy, C:\Users\claudio\AppData\Local\YSearchUtil
    PUP.Optional.Legacy, C:\Program Files (x86)\Yahoo!\yset
    Rogue.ForcedExtension, C:\Users\Convidado\AppData\Local\Temp\apn


    ***** [ Files ] *****

    PUP.Optional.Legacy, C:\Users\All Users\Documents\report.dat
    PUP.Optional.Legacy, C:\Users\Public\Documents\report.dat
    PUP.Optional.Legacy, C:\Users\Todos os Usuários\Documents\report.dat
    PUP.Optional.Legacy, C:\Users\All Users\Documents\temp.dat
    PUP.Optional.Legacy, C:\Users\Public\Documents\temp.dat
    PUP.Optional.Legacy, C:\Users\Todos os Usuários\Documents\temp.dat
    PUP.Optional.Legacy, C:\Users\claudio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ScreenShot.lnk


    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    adicionado 53 minutos depois

     

     

     

    JRT.tx

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.4 (07.09.2017)
    Operating System: Windows 8.1 Single Language x64 
    Ran by Claudio Ricardo (Administrator) on 12/09/2017 at 21:51:54,69
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    File System: 1 

    Successfully deleted: C:\ProgramData\ammyy (Folder) 

    Registry: 2 

    Successfully deleted: HKLM\Software\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo (Registry Key) 
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 12/09/2017 at 22:00:47,09
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

    Editado por CLAUDIO RD

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @CLAUDIO RD

     

    Faça o download do RogueKiller by Tigzy, e salve na sua área de trabalho (Desktop).
    roguekiller.exe (x64) << link

    • Feche todos os programas
    • Execute RogueKiller.exe.
      ** Usuários do Windows Vista, Windows 7, 8, 8.1 e Windows 10:
      Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em VRIfczU.png.
    • Quando a janela da Eula aparecer, clique em Accept.
    • Selecione a aba SCAN
    • Clique em START SCAN
    • Aguarde ate que o scan termine...
    • Clique no botão OPEN REPORT
    • Clique na opção EXPORT TXT e salve na Área de Trabalho com o nome de roguekiller.txt
    • Clique em OK e feche o RogueKiller.

     


    Atente para abrir o arquivo, copiar e colar todo o conteúdo na sua próxima resposta

     

    Editado por Elias Pereira

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    CLAUDIO RD    0
  • Autor do tópico
  • RogueKiller V12.11.14.0 (x64) [Sep 11 2017] (Free) por Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Site : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Sistema Operacional : Windows 8.1 (6.3.9600) 64 bits version
    Iniciou : Modo normal
    Usuário : Claudio Ricardo [Administrador]
    Started from : C:\Users\claudio\Downloads\RogueKiller_portable64.exe
    Modo : Escanear -- Data : 09/13/2017 16:28:52 (Duration : 01:04:15)

    ¤¤¤ Processos : 0 ¤¤¤

    ¤¤¤ Registro : 43 ¤¤¤
    [PUP.Ghokswa] (X64) HKEY_USERS\S-1-5-21-3778889357-92937078-2251873288-1001\Software\Firefox -> Encontrado
    [PUP.Ghokswa] (X86) HKEY_USERS\S-1-5-21-3778889357-92937078-2251873288-1001\Software\Firefox -> Encontrado
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3778889357-92937078-2251873288-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Encontrado
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3778889357-92937078-2251873288-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4AD49019-C7CE-4DAA-AB23-654AE6326E69} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS632F\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {17BEA4CF-C12F-4E86-9BC3-C395BD16A9E7} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS632F\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3939ED51-BD5B-4F72-A506-EC24521F393C} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS71C7\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EF338700-1384-4E9A-906E-392CEE390747} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS71C7\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E987D43F-771A-4DD6-B92F-473D744AC16C} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS1570\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E23F473E-4D7D-4BEE-A8B8-1BB56F1B3B73} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS1570\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A7C401C8-2BE1-4AAD-A446-F35E97D9B2F3} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS1A74\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {27D52D8B-64C4-4E4C-96D2-89A41D63A0AF} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS1A74\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D505D248-0ABB-41EC-8C16-CF984A93347C} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS0400\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0ECA4999-77D4-4843-A08F-3B6F81791847} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS0400\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E22DE6BB-6DEB-40B8-AEAC-75C9AEDDB2D9} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS10A5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F01B08E9-4C1C-4D03-9A0F-B969DB26DE03} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS10A5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6ADEE18C-B44C-4113-9BCC-41D3FAD6853F} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS3FB1\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A9B11B67-F50D-4869-B302-44309D588A76} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS3FB1\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {47842382-4660-4F77-A73A-7A7686B8EB68} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS40B0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {87F91B77-B67D-481B-8935-0430D139FB7E} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS40B0\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F8BA5CC5-9652-4AC3-997C-D80D3D7688FC} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS469B\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A3E2B74C-1058-46E0-876E-BA2B1131F1E3} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS469B\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1B52A8BC-36B1-466D-A62F-F6D02AD1B7FE} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS5109\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1304C189-A282-49D5-B542-343BD5CC4753} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS5109\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CC4800A3-E38D-4B88-BE5E-EFB5C71B4C13} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS525F\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {89134457-7935-43D0-913A-E4B923DD7DBB} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS525F\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {83FCF201-2101-4BB0-8060-556154610DF7} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS7825\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EA5EE2BA-F1BD-46A7-B740-D38557AC5D07} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS7825\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1BEF0168-210E-4A3C-8ED5-CBFCBB2982BF} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS78B2\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {58CD7CFA-3503-4AD6-A160-D78A879A9B9D} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS78B2\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {60BD0FE0-2731-4266-B07E-3383D2CA8B90} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS334C\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A5C40786-371C-4755-9F1E-AE2C4DF123A6} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS334C\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A05F0493-2176-45A2-92CE-647CBD32FCC3} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS36B1\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0F42D503-3203-4E9B-BC95-7C5608B0FC14} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS36B1\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1688D082-6D49-4D6D-97E9-8D28843E59B3} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS0177\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EC368299-BCC3-4BF5-A131-5D7B52C07FF5} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS0177\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B3976A30-9843-4995-BBF7-D5865CF05C1C} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS6C73\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {26B04727-F212-4184-8BA7-77F4E7A20549} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS6C73\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [PUP.Ghokswa] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A65B0C37-36B1-4D97-98E1-4E9EADCC3AFC} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Firefox\Firefox.exe|Name=Firefox browser| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9CA4E7E3-AA54-4A7A-945F-4812807BD64A} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS3605\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B7EB4451-8C6E-499B-BFE4-FBD08F4B4896} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\claudio\AppData\Local\Temp\7zS3605\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Encontrado
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Encontrado
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Encontrado

    ¤¤¤ Tarefas : 1 ¤¤¤
    [Suspicious.Path] \Rerun Warsaw's CoreFixer -- C:\WINDOWS\TEMP\is-TSK3C.tmp\corefixer.exe (/norerun) -> Encontrado

    ¤¤¤ Arquivos : 1 ¤¤¤
    [PUP.HPDefender][Pasta] C:\Users\claudio\AppData\Local\Kitty -> Encontrado

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Arquivos de hosts : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

    ¤¤¤ Navegadores : 0 ¤¤¤

    ¤¤¤ Verificação da MBR : ¤¤¤
    +++++ PhysicalDrive0: WDC WD5000LPCX-24C6HT0 +++++
    --- User ---
    [MBR] 19343d737e6c3fa3eb7bfde68b43abaa
    [BSP] 40bad82cfa9541ba6ef4925ca01ad8aa : Empty|VT.Unknown MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB
    1 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
    2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2582528 | Size: 1000 MB
    3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4630528 | Size: 128 MB
    4 - Basic data partition | Offset (sectors): 4892672 | Size: 435988 MB
    5 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 897796096 | Size: 450 MB
    6 - Basic data partition | Offset (sectors): 898717696 | Size: 25600 MB
    7 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 951146496 | Size: 12513 MB
    User = LL1 ... OK
    User = LL2 ... OK

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    CLAUDIO RD    0
  • Autor do tópico
  • Elias você esqueceu de dizer se eu teria que se teria q remover essas ameaças ou colocar em quarentena. Na dúvida eu removi. Não consigo mais abrir o Malwarebytes (dá um aviso de "enable to open"), se bem que iria expirar esses dias o período gratuito. Pra proteção em tempo real voltei pro Avast. Sugere algum outro? O MB tem um modo um modo gratuito pelo menos para escannear malwares periodicamente, pensei.. (mas repito, ele não está mais abrindo - acho que depois que baixei o tal Roguekiller). Uma das ameaças que o RK identificou foi no modulo de segurança do arquivo do banco, tal de Warsaw, que tentei desinstalar, e não consigo.

    A noticia ruim é que abrir o note hoje, 14/09 voltou a dar o problema, tela azul e reinicia sozinho..

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    CLAUDIO RD    0
  • Autor do tópico
  • .

    Editado por CLAUDIO RD

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @CLAUDIO RD

     

    Citação

    Elias você esqueceu de dizer se eu teria que se teria q remover essas ameaças ou colocar em quarentena.

    Ok.

     

    Citação

    Não consigo mais abrir o Malwarebytes (dá um aviso de "enable to open"), se bem que iria expirar esses dias o período gratuito. Pra proteção em tempo real voltei pro Avast. Sugere algum outro? O MB tem um modo um modo gratuito pelo menos para escannear malwares periodicamente, pensei.. (mas repito, ele não está mais abrindo - acho que depois que baixei o tal Roguekiller).

    Para escaneamentos periódicos não necessita do modulo de proteção. Desinstale ele e volte a instalar.

     

    Citação

    Uma das ameaças que o RK identificou foi no modulo de segurança do arquivo do banco, tal de Warsaw, que tentei desinstalar, e não consigo.

     

    Deixe o modulo do warsaw assim por enquanto.

     

    Baixe o Farbar Recovery Scan do link abaixo e salve na sua área de trabalho.
    https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

    ** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:
    Clique com o direito sobre o arquivo FRST64.EXE, depois clique em VRIfczU.png .
    Aceite o contrato e depois clique no botão Scan.

    Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

    Selecione, copie e cole o conteúdo do FRST.txt em sua próxima resposta e anexe o Addition.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    CLAUDIO RD    0
  • Autor do tópico
  • Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 14-09-2017 01
    Executado por Claudio Ricardo (administrador) em LENOVO-PC (14-09-2017 20:16:26)
    Executando a partir de C:\Users\claudio\Downloads
    Perfis Carregados: Claudio Ricardo (Perfis Disponíveis: Claudio Ricardo & Convidado)
    Platform: Windows 8.1 Single Language (Update) (X64) Idioma: Português (Brasil)
    Internet Explorer Versão 11 (Navegador padrão: Chrome)
    Modo da Inicialização: Normal
    Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processos (Whitelisted) =================

    (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

    (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SRV_TSW_STARTISS\MSSQL\Binn\sqlservr.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
    (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (Realtek semiconductor) C:\Windows\RTFTrack.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
    (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (© 2015 Microsoft Corporation) C:\Users\claudio\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    (Spotify Ltd) C:\Users\claudio\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
    (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
    (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
    (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
    (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Farbar) C:\Users\claudio\Downloads\FRST64 (1).exe

    ==================== Registro (Whitelisted) ====================

    (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6339656 2013-04-10] (Realtek semiconductor)
    HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe
    HKLM\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-11-13] (Lenovo (Beijing) Limited)
    HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-11-13] (Lenovo(beijing) Limited)
    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-15] (Conexant Systems, Inc.)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [239856 2017-08-31] (AVAST Software)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
    HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
    HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-07-13] (Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
    Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-18] (Banco do Brasil)
    Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2016-11-18] (Banco Itaú Unibanco)
    HKU\S-1-5-21-3778889357-92937078-2251873288-1001\...\Run: [Google Update] => C:\Users\claudio\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-27] (Google Inc.)
    HKU\S-1-5-21-3778889357-92937078-2251873288-1001\...\Run: [BingSvc] => C:\Users\claudio\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-3778889357-92937078-2251873288-1001\...\Run: [Microsoft Excel] => wscript.exe //D "C:\Users\claudio\AppData\Roaming\Microsoft Office\\Microsoft Excel.WsF" --restore-last-session
    HKU\S-1-5-21-3778889357-92937078-2251873288-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
    HKU\S-1-5-21-3778889357-92937078-2251873288-1001\...\Run: [Spotify Web Helper] => C:\Users\claudio\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1580144 2017-08-22] (Spotify Ltd)
    HKU\S-1-5-21-3778889357-92937078-2251873288-1001\...\Run: [Spotify] => C:\Users\claudio\AppData\Roaming\Spotify\Spotify.exe [15866480 2017-08-22] (Spotify Ltd)
    IFEO\taskmgr.exe: [Debugger] 
    ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1947872 2016-06-18] (Banco do Brasil)
    ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehuni.dll [1951968 2016-11-18] (Banco Itaú Unibanco)
    Startup: C:\Users\claudio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-01-30]
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-07-18]
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    GroupPolicy: Restrição <==== ATENÇÃO

    ==================== Internet (Whitelisted) ====================

    (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

    Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 181.213.132.2 181.213.132.3
    Tcpip\..\Interfaces\{498B625B-1074-49C7-BB89-557152AF2C0B}: [DhcpNameServer] 181.213.132.2 181.213.132.3

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    HKU\S-1-5-21-3778889357-92937078-2251873288-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
    HKU\S-1-5-21-3778889357-92937078-2251873288-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
    SearchScopes: HKLM -> DefaultScope valor está ausente
    SearchScopes: HKU\S-1-5-21-3778889357-92937078-2251873288-1001 -> {9CE08815-7037-4E20-A697-11FCDDD51365} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-08-31] (AVAST Software)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-19] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-08-31] (AVAST Software)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-18] (Banco do Brasil)
    BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll [2016-11-18] (Banco Itaú Unibanco)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-19] (Oracle Corporation)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-11-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-11-06] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-19] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-19] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-3778889357-92937078-2251873288-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\claudio\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-3778889357-92937078-2251873288-1001: @talk.google.com/O1DPlugin -> C:\Users\claudio\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-3778889357-92937078-2251873288-1001: @tools.google.com/Google Update;version=3 -> C:\Users\claudio\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3778889357-92937078-2251873288-1001: @tools.google.com/Google Update;version=9 -> C:\Users\claudio\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3778889357-92937078-2251873288-1001: gastecnologia.com.br/sf/bb64 -> C:\Users\claudio\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [Nenhum Arquivo]
    FF Plugin ProgramFiles/Appdata: C:\Users\claudio\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\claudio\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
    CHR Profile: C:\Users\claudio\AppData\Local\Google\Chrome\User Data\Default [2017-09-14]
    CHR Extension: (Google Docs) - C:\Users\claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
    CHR Extension: (Google Drive) - C:\Users\claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
    CHR Extension: (YouTube) - C:\Users\claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
    CHR Extension: (Google Search) - C:\Users\claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
    CHR Extension: (Documentos Google off-line) - C:\Users\claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
    CHR Extension: (Unfriend Alerts) - C:\Users\claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgbeldbnadmemecalekdfnffgobkpafc [2014-07-14]
    CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
    CHR Extension: (Gmail) - C:\Users\claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
    CHR Extension: (Chrome Media Router) - C:\Users\claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
    CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3778889357-92937078-2251873288-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3778889357-92937078-2251873288-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <não encontrado (a)>
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
    HKU\S-1-5-21-3778889357-92937078-2251873288-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Eastness\Application\chrome.exe <==== ATENÇÃO

    ==================== Serviços (Whitelisted) ====================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
    S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
    S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7452288 2017-08-31] (AVAST Software s.r.o.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [275208 2017-08-31] (AVAST Software)
    R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2017-09-13] (GAS Tecnologia)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
    S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
    S4 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
    S4 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [161736 2013-04-15] (Intel Corporation)
    S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-11-06] (Intel Corporation)
    S4 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-03] ()
    R2 MSSQL$SRV_TSW_STARTISS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SRV_TSW_STARTISS\MSSQL\Binn\sqlservr.exe [43128496 2014-07-10] (Microsoft Corporation)
    S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
    S4 SQLAgent$SRV_TSW_STARTISS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SRV_TSW_STARTISS\MSSQL\Binn\SQLAGENT.EXE [381104 2014-07-10] (Microsoft Corporation)
    R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [1056304 2017-07-07] (GAS Tecnologia LTDA)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
    S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)
    S4 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

    ===================== Drivers (Whitelisted) ======================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [320528 2017-08-31] (AVAST Software s.r.o.)
    R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-08-31] (AVAST Software s.r.o.)
    R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343296 2017-08-31] (AVAST Software s.r.o.)
    R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-08-31] (AVAST Software s.r.o.)
    S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47016 2017-08-31] (AVAST Software)
    R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-08-31] (AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147784 2017-08-31] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-08-31] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-08-31] (AVAST Software)
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1016384 2017-08-31] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [590880 2017-08-31] (AVAST Software)
    R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [199312 2017-08-31] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-08-31] (AVAST Software)
    R3 btmhsf; C:\WINDOWS\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
    R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-23] (GAS Tecnologia)
    R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
    R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [8243272 2013-04-10] (Realtek Semiconductor Corp.)
    R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-10-31] (GAS Tecnologia LTDA)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
    R1 wsddfac; C:\WINDOWS\System32\drivers\wsddfac.sys [28376 2017-09-14] (GAS Tecnologia)
    R1 wsddntf; C:\WINDOWS\system32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia)
    R1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [25184 2016-06-08] (GAS Tecnologia)
    R3 wsddprm; C:\WINDOWS\system32\drivers\wsddprm.sys [25184 2016-11-07] (GAS Tecnologia)
    S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
    S1 ESProtectionDriver; \??\C:\WINDOWS\system32\drivers\mbae64.sys [X]
    S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
    S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
    S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
    S3 MBAMFarflt; \SystemRoot\system32\DRIVERS\farflt.sys [X]
    S3 MBAMProtection; \??\C:\WINDOWS\system32\drivers\mbam.sys [X]
    S0 MBAMSwissArmy; system32\drivers\MBAMSwissArmy.sys [X]
    S3 MBAMWebProtection; \??\C:\WINDOWS\system32\drivers\mwac.sys [X]
    U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
    S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
    S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


    ==================== Um Mês Criados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-09-14 20:16 - 2017-09-14 20:17 - 000025088 _____ C:\Users\claudio\Downloads\FRST.txt
    2017-09-14 20:15 - 2017-09-14 20:16 - 000000000 ____D C:\FRST
    2017-09-14 20:15 - 2017-09-14 20:15 - 002398208 _____ (Farbar) C:\Users\claudio\Downloads\FRST64 (1).exe
    2017-09-14 15:53 - 2017-09-14 15:53 - 002398208 _____ (Farbar) C:\Users\claudio\Downloads\FRST64.exe
    2017-09-14 10:41 - 2017-09-14 15:54 - 000000000 ____D C:\Users\claudio\AppData\Local\CrashDumps
    2017-09-13 17:35 - 2017-09-13 17:35 - 000030230 _____ C:\Users\claudio\Desktop\RogueKiller.txt
    2017-09-13 16:28 - 2017-09-14 09:21 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2017-09-13 16:28 - 2017-09-13 17:41 - 000000000 ____D C:\Users\Todos os Usuários\RogueKiller
    2017-09-13 16:28 - 2017-09-13 17:41 - 000000000 ____D C:\ProgramData\RogueKiller
    2017-09-13 16:27 - 2017-09-13 16:27 - 026685000 _____ C:\Users\claudio\Downloads\RogueKiller_portable64.exe
    2017-09-13 16:12 - 2017-09-13 16:12 - 000004441 _____ C:\Users\claudio\Desktop\CBS.log - Atalho.lnk
    2017-09-13 09:55 - 2017-09-13 09:56 - 007887920 _____ (Banco do Brasil SA) C:\Users\claudio\Downloads\DiagnosticoBB (1).exe
    2017-09-13 09:43 - 2017-09-13 09:43 - 000001131 _____ C:\Users\claudio\Desktop\Diagnóstico BB.log - Atalho.lnk
    2017-09-13 09:38 - 2017-09-13 09:38 - 007887920 _____ (Banco do Brasil SA) C:\Users\claudio\Downloads\DiagnosticoBB (2).exe
    2017-09-12 22:47 - 2017-09-14 20:12 - 000028376 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddfac.sys
    2017-09-12 22:47 - 2016-11-07 14:54 - 000025184 ____N (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddprm.sys
    2017-09-12 22:47 - 2016-06-08 18:43 - 000025184 ____N (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddpp.sys
    2017-09-12 22:46 - 2017-09-12 22:46 - 000000000 ___HD C:\Program Files (x86)\GAS Tecnologia
    2017-09-12 22:46 - 2017-09-12 22:46 - 000000000 ___HD C:\Program Files (x86)\Diebold
    2017-09-12 22:00 - 2017-09-12 22:03 - 000000866 _____ C:\Users\claudio\Desktop\JRT.txt
    2017-09-12 21:51 - 2017-09-12 21:51 - 001790024 _____ (Malwarebytes) C:\Users\claudio\Downloads\JRT.exe
    2017-09-12 21:36 - 2017-09-12 21:36 - 000001506 _____ C:\Users\claudio\Downloads\MBAM.txt
    2017-09-12 21:16 - 2017-09-12 21:22 - 000000000 ____D C:\AdwCleaner
    2017-09-12 21:14 - 2017-09-12 21:14 - 008182736 _____ (Malwarebytes) C:\Users\claudio\Downloads\adwcleaner_7.0.2.1.exe
    2017-09-12 21:05 - 2017-09-12 21:05 - 000001506 _____ C:\Users\claudio\Desktop\MBAM.txt
    2017-09-11 21:38 - 2017-09-11 21:38 - 000028357 _____ C:\Users\claudio\Downloads\ZA-Scan.txt
    2017-09-11 21:32 - 2017-09-11 21:32 - 000028357 _____ C:\Users\claudio\Documents\ZA-Scan.txt
    2017-09-11 21:31 - 2017-09-11 21:31 - 000028357 _____ C:\ZA-Scan.txt
    2017-09-11 21:02 - 2017-09-11 21:02 - 000000000 ____D C:\zoek_backup
    2017-09-11 21:01 - 2017-09-11 21:01 - 001370112 _____ C:\Users\claudio\Downloads\ZA-Scan.exe
    2017-09-04 13:12 - 2017-09-04 13:12 - 000274825 _____ C:\Users\claudio\Downloads\fatura-201708.pdf
    2017-09-04 13:10 - 2017-09-04 13:10 - 000000028 _____ C:\Users\claudio\Documents\CEG SENHA.txt
    2017-09-03 21:40 - 2017-09-03 21:44 - 155379992 _____ (Microsoft Corporation) C:\Users\claudio\Downloads\msert (1).exe
    2017-09-03 21:31 - 2017-09-03 21:35 - 155379992 _____ (Microsoft Corporation) C:\Users\claudio\Downloads\msert.exe
    2017-09-03 21:23 - 2017-09-03 21:24 - 046661328 _____ (Microsoft Corporation) C:\Users\claudio\Downloads\Windows-KB890830-x64-V5.51.exe
    2017-09-02 19:15 - 2017-09-02 19:15 - 000000173 _____ C:\Users\claudio\Documents\Kernell.txt
    2017-09-01 21:03 - 2017-09-01 21:03 - 000000000 ____D C:\Program Files\Malwarebytes
    2017-09-01 21:01 - 2017-09-01 21:02 - 066347240 _____ (Malwarebytes ) C:\Users\claudio\Downloads\mb3-setup-consumer-3.2.2.2018.exe
    2017-08-31 18:50 - 2017-08-31 18:50 - 000093658 _____ C:\Users\claudio\Downloads\DARF 08-17.pdf
    2017-08-31 18:43 - 2017-08-31 18:43 - 000401488 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2017-08-31 02:59 - 2017-08-31 02:59 - 000008940 _____ C:\Users\claudio\Downloads\441421_a538206fa5f0ebc106e26c79011823bf.xml
    2017-08-29 19:18 - 2017-08-29 19:18 - 002562490 _____ C:\Users\claudio\Downloads\Proposta (II) de Credenciamento - Indicação 227458 - 290817115352708.zip
    2017-08-28 13:39 - 2017-08-28 13:39 - 000001727 _____ C:\Users\claudio\Downloads\CEF Claudia.pdf
    2017-08-23 01:26 - 2017-07-28 21:03 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2017-08-23 01:26 - 2017-07-28 21:03 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2017-08-22 22:41 - 2017-04-21 18:53 - 000029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
    2017-08-22 22:41 - 2017-04-21 18:50 - 000030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
    2017-08-22 22:40 - 2017-04-21 18:53 - 000018600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
    2017-08-22 22:40 - 2017-04-21 18:50 - 000018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
    2017-08-22 22:40 - 2017-04-11 15:27 - 000485576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
    2017-08-22 22:40 - 2017-03-15 15:15 - 000690008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
    2017-08-22 22:39 - 2017-04-11 15:27 - 000987840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
    2017-08-22 22:39 - 2017-03-15 15:15 - 000993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
    2017-08-22 22:35 - 2017-07-21 10:40 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
    2017-08-22 22:35 - 2017-07-21 10:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
    2017-08-22 22:35 - 2017-07-14 03:49 - 025733632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-08-22 22:35 - 2017-07-14 03:44 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2017-08-22 22:35 - 2017-07-14 03:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2017-08-22 22:35 - 2017-07-14 02:35 - 005981184 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2017-08-22 22:35 - 2017-07-14 02:26 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2017-08-22 22:35 - 2017-07-14 02:10 - 000806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2017-08-22 22:35 - 2017-07-14 01:40 - 015254016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2017-08-22 22:35 - 2017-07-14 01:23 - 003240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2017-08-22 22:35 - 2017-07-14 01:07 - 001545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2017-08-22 22:35 - 2017-07-14 00:58 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2017-08-22 22:35 - 2017-07-13 23:54 - 020270080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-08-22 22:35 - 2017-07-13 23:48 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2017-08-22 22:35 - 2017-07-13 23:38 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2017-08-22 22:35 - 2017-07-13 23:17 - 004546048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2017-08-22 22:35 - 2017-07-13 23:17 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2017-08-22 22:35 - 2017-07-13 23:12 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2017-08-22 22:35 - 2017-07-13 23:09 - 013663744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2017-08-22 22:35 - 2017-07-13 22:53 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2017-08-22 22:35 - 2017-07-13 22:50 - 001314816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2017-08-22 22:35 - 2017-07-13 22:48 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2017-08-22 22:35 - 2017-07-08 17:14 - 000376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2017-08-22 22:35 - 2017-07-08 16:12 - 004169728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2017-08-22 22:35 - 2017-07-08 14:45 - 007078912 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
    2017-08-22 22:35 - 2017-07-08 14:05 - 003631616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2017-08-22 22:35 - 2017-07-08 13:39 - 005274624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
    2017-08-22 22:35 - 2017-07-08 13:37 - 007797248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2017-08-22 22:35 - 2017-07-08 13:23 - 002749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2017-08-22 22:35 - 2017-07-08 12:59 - 005270016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2017-08-22 22:35 - 2017-07-08 00:16 - 007440728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2017-08-22 22:35 - 2017-07-08 00:16 - 001674520 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2017-08-22 22:35 - 2017-07-08 00:16 - 001534072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2017-08-22 22:35 - 2017-07-08 00:16 - 001499920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2017-08-22 22:35 - 2017-07-08 00:16 - 001370328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2017-08-22 22:35 - 2017-07-08 00:16 - 000086360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
    2017-08-22 22:35 - 2017-07-01 10:47 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
    2017-08-22 22:35 - 2017-07-01 10:47 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
    2017-08-22 22:35 - 2017-07-01 10:47 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
    2017-08-22 22:35 - 2017-07-01 10:47 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
    2017-08-22 22:35 - 2017-07-01 10:47 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
    2017-08-22 22:35 - 2017-07-01 10:47 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
    2017-08-22 22:35 - 2017-07-01 10:47 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2017-08-22 22:35 - 2017-07-01 10:47 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
    2017-08-22 22:35 - 2017-07-01 10:47 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
    2017-08-22 22:35 - 2017-07-01 10:47 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
    2017-08-22 22:35 - 2017-07-01 10:47 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
    2017-08-22 22:35 - 2017-07-01 10:47 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
    2017-08-22 22:35 - 2017-07-01 10:47 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
    2017-08-22 22:35 - 2017-06-24 13:46 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprapi.dll
    2017-08-22 22:35 - 2017-06-24 13:16 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprapi.dll
    2017-08-22 22:35 - 2017-06-15 19:02 - 000990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2017-08-22 22:35 - 2017-06-15 11:17 - 002551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2017-08-22 22:35 - 2017-06-15 11:16 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2017-08-22 22:35 - 2017-06-13 14:51 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2017-08-22 22:35 - 2017-06-13 14:23 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
    2017-08-22 22:35 - 2017-06-13 11:17 - 000656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
    2017-08-22 22:35 - 2017-06-13 11:16 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
    2017-08-22 22:35 - 2017-06-13 06:09 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2017-08-22 22:35 - 2017-06-13 05:22 - 001436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2017-08-22 22:35 - 2017-06-13 04:50 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2017-08-22 22:35 - 2017-06-11 18:15 - 001436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
    2017-08-22 22:35 - 2017-06-11 18:08 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
    2017-08-22 22:35 - 2017-06-11 18:00 - 000962560 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2017-08-22 22:35 - 2017-06-11 17:40 - 001323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
    2017-08-22 22:35 - 2017-06-11 17:35 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
    2017-08-22 22:35 - 2017-06-11 17:31 - 000781312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2017-08-22 22:35 - 2017-06-11 17:13 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\umrdp.dll
    2017-08-22 22:35 - 2017-06-11 17:11 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
    2017-08-22 22:35 - 2017-06-11 17:02 - 002778112 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2017-08-22 22:35 - 2017-06-11 17:02 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
    2017-08-22 22:35 - 2017-06-11 16:52 - 002463744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2017-08-22 22:35 - 2017-06-11 12:15 - 002013528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2017-08-22 22:35 - 2017-06-09 10:47 - 000448629 _____ C:\WINDOWS\system32\ApnDatabase.xml
    2017-08-22 22:35 - 2017-06-08 14:01 - 001737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2017-08-22 22:35 - 2017-06-08 14:01 - 001502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2017-08-22 22:35 - 2017-06-07 22:48 - 002457936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2017-08-22 22:35 - 2017-06-06 17:52 - 003120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
    2017-08-22 22:35 - 2017-06-06 17:42 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
    2017-08-22 22:35 - 2017-06-06 17:35 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
    2017-08-22 22:35 - 2017-06-06 16:11 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
    2017-08-22 22:35 - 2017-06-06 16:08 - 002712576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
    2017-08-22 22:35 - 2017-06-06 16:03 - 000837632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
    2017-08-22 22:35 - 2017-06-06 15:56 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
    2017-08-22 22:35 - 2017-06-06 15:38 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2017-08-22 22:35 - 2017-06-06 15:02 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
    2017-08-22 22:35 - 2017-06-06 14:44 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
    2017-08-22 22:35 - 2017-06-03 13:27 - 002346496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2017-08-22 22:35 - 2017-06-03 13:03 - 001549312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2017-08-22 22:35 - 2017-06-02 09:15 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
    2017-08-22 22:35 - 2017-06-02 09:12 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
    2017-08-22 22:35 - 2017-06-02 09:12 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
    2017-08-22 22:35 - 2017-06-02 09:06 - 001001984 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
    2017-08-22 22:35 - 2017-06-02 09:01 - 000774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
    2017-08-22 22:35 - 2017-06-02 08:03 - 000903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
    2017-08-22 22:35 - 2017-06-02 07:25 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
    2017-08-22 22:35 - 2017-06-02 07:24 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
    2017-08-22 22:35 - 2017-06-02 07:17 - 000699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
    2017-08-22 22:35 - 2017-06-02 06:43 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
    2017-08-22 22:35 - 2017-05-27 13:42 - 001115136 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
    2017-08-22 22:35 - 2017-05-27 13:38 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdsdwmdr.dll
    2017-08-22 22:35 - 2017-05-14 17:19 - 001364040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2017-08-22 22:35 - 2017-05-12 13:16 - 001084928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2017-08-22 22:35 - 2017-05-12 13:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2017-08-22 22:35 - 2017-05-11 23:58 - 001985536 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2017-08-22 22:35 - 2017-05-11 23:48 - 001377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2017-08-22 22:35 - 2017-05-11 23:18 - 003714560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2017-08-22 22:35 - 2017-05-11 20:36 - 022361848 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2017-08-22 22:35 - 2017-05-11 20:32 - 019788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2017-08-22 22:35 - 2017-05-09 11:37 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
    2017-08-22 22:35 - 2017-05-09 11:35 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
    2017-08-22 22:35 - 2017-05-06 13:05 - 001094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2017-08-22 22:35 - 2017-05-06 13:04 - 000865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2017-08-22 22:35 - 2017-05-02 15:31 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
    2017-08-22 22:35 - 2017-04-27 22:13 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
    2017-08-22 22:35 - 2017-04-27 22:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
    2017-08-22 22:35 - 2017-04-06 13:46 - 000434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2017-08-22 22:35 - 2017-04-06 13:35 - 001362432 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
    2017-08-22 22:35 - 2017-04-06 13:15 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2017-08-22 22:35 - 2017-02-10 16:06 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
    2017-08-22 22:35 - 2017-02-01 16:44 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2017-08-22 22:35 - 2017-02-01 16:42 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2017-08-22 22:34 - 2017-08-02 00:17 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
    2017-08-22 22:34 - 2017-07-15 07:10 - 000536688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2017-08-22 22:34 - 2017-07-15 07:10 - 000140016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
    2017-08-22 22:34 - 2017-07-15 07:06 - 000449840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
    2017-08-22 22:34 - 2017-07-15 07:06 - 000136832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
    2017-08-22 22:34 - 2017-07-14 17:08 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
    2017-08-22 22:34 - 2017-07-14 15:44 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
    2017-08-22 22:34 - 2017-07-08 00:46 - 000377688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgrx.sys
    2017-08-22 22:34 - 2017-07-06 05:52 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
    2017-08-22 22:34 - 2017-06-13 14:19 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
    2017-08-22 22:34 - 2017-06-13 14:16 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
    2017-08-22 22:34 - 2017-06-13 14:11 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
    2017-08-22 22:34 - 2017-06-13 14:07 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
    2017-08-22 22:34 - 2017-06-13 06:47 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2017-08-22 22:34 - 2017-06-13 05:16 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
    2017-08-22 22:34 - 2017-06-13 05:10 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
    2017-08-22 22:34 - 2017-06-13 05:07 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
    2017-08-22 22:34 - 2017-06-13 05:03 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
    2017-08-22 22:34 - 2017-06-13 04:54 - 000374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
    2017-08-22 22:34 - 2017-06-11 21:14 - 000276320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
    2017-08-22 22:34 - 2017-06-11 19:21 - 000590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wvc.dll
    2017-08-22 22:34 - 2017-06-11 18:43 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
    2017-08-22 22:34 - 2017-06-11 18:25 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wvc.dll
    2017-08-22 22:34 - 2017-06-11 18:07 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysmon.ocx
    2017-08-22 22:34 - 2017-06-11 17:58 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
    2017-08-22 22:34 - 2017-06-07 01:25 - 000428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2017-08-22 22:34 - 2017-06-06 17:38 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\cnvfat.dll
    2017-08-22 22:34 - 2017-06-06 17:36 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\uudf.dll
    2017-08-22 22:34 - 2017-06-06 17:36 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\convert.exe
    2017-08-22 22:34 - 2017-06-06 16:13 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ulib.dll
    2017-08-22 22:34 - 2017-06-06 16:11 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutil.dll
    2017-08-22 22:34 - 2017-06-06 16:11 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ufat.dll
    2017-08-22 22:34 - 2017-06-06 16:11 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\uexfat.dll
    2017-08-22 22:34 - 2017-06-06 15:59 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cnvfat.dll
    2017-08-22 22:34 - 2017-06-06 15:57 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uudf.dll
    2017-08-22 22:34 - 2017-06-06 15:03 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ulib.dll
    2017-08-22 22:34 - 2017-06-06 15:02 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ifsutil.dll
    2017-08-22 22:34 - 2017-06-06 15:02 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ufat.dll
    2017-08-22 22:34 - 2017-06-06 15:02 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uexfat.dll
    2017-08-22 22:34 - 2017-05-31 18:20 - 000470360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
    2017-08-22 22:34 - 2017-05-15 19:09 - 000057688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
    2017-08-22 22:34 - 2017-05-15 17:03 - 000379744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2017-08-22 22:34 - 2017-05-15 16:58 - 000121184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
    2017-08-22 22:34 - 2017-05-14 16:04 - 000315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2017-08-22 22:34 - 2017-05-14 16:03 - 000373080 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2017-08-22 22:34 - 2017-05-14 15:13 - 000136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2017-08-22 22:34 - 2017-05-12 14:05 - 000035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2017-08-22 22:34 - 2017-05-12 12:51 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
    2017-08-22 22:34 - 2017-05-12 12:50 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
    2017-08-22 22:34 - 2017-05-12 12:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2017-08-22 22:34 - 2017-05-12 12:47 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2017-08-22 22:34 - 2017-05-12 01:10 - 000044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2017-08-22 22:34 - 2017-05-11 23:11 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
    2017-08-22 22:34 - 2017-05-11 23:10 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
    2017-08-22 22:34 - 2017-05-11 23:07 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
    2017-08-22 22:34 - 2017-05-11 23:06 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2017-08-22 22:34 - 2017-05-11 23:04 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2017-08-22 22:34 - 2017-05-11 23:00 - 002240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
    2017-08-22 22:34 - 2017-05-10 15:19 - 000101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
    2017-08-22 22:34 - 2017-05-09 11:29 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
    2017-08-22 22:34 - 2017-05-09 11:29 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
    2017-08-22 22:34 - 2017-05-09 11:28 - 000193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
    2017-08-22 22:34 - 2017-05-09 11:28 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
    2017-08-22 22:34 - 2017-05-02 17:09 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2017-08-22 22:34 - 2017-05-02 17:08 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
    2017-08-22 22:34 - 2017-05-02 17:08 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
    2017-08-22 22:34 - 2017-05-02 15:41 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
    2017-08-22 22:34 - 2017-05-02 15:31 - 000207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\smbwmiv2.dll
    2017-08-22 22:34 - 2017-05-02 14:35 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
    2017-08-22 22:34 - 2017-04-30 13:48 - 000080078 _____ C:\WINDOWS\system32\normidna.nls
    2017-08-22 22:34 - 2017-04-06 14:16 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
    2017-08-22 22:34 - 2017-04-06 12:44 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
    2017-08-22 22:34 - 2017-04-02 11:49 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
    2017-08-22 22:29 - 2017-05-03 20:11 - 000103600 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2017-08-22 22:29 - 2017-05-03 10:43 - 001555968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2017-08-22 22:29 - 2017-05-03 10:43 - 001206272 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2017-08-22 22:29 - 2017-05-03 10:43 - 000620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2017-08-22 22:29 - 2017-05-03 10:43 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2017-08-22 22:29 - 2017-05-03 10:43 - 000325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2017-08-22 22:29 - 2017-05-03 10:43 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
    2017-08-22 22:29 - 2017-05-03 10:43 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2017-08-22 22:29 - 2017-05-03 10:43 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2017-08-22 11:11 - 2017-08-22 11:11 - 000000118 _____ C:\Users\claudio\Documents\telefone interodonto.txt
    2017-08-22 10:53 - 2017-08-22 10:53 - 000000122 _____ C:\Users\claudio\Documents\TCI INTERODONTO.txt
    2017-08-18 10:16 - 2017-08-17 13:35 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2017-08-18 09:56 - 2017-09-14 08:56 - 000000000 ____D C:\WINDOWS\Minidump
    2017-08-17 13:31 - 2017-08-17 13:31 - 000088674 _____ C:\Users\claudio\Downloads\ProcessadosPorPeriodo_08-2017.pdf
    2017-08-17 13:30 - 2017-08-17 13:30 - 000087768 _____ C:\Users\claudio\Downloads\CapaProtocoloSimplificado (4).pdf
    2017-08-16 13:51 - 2017-08-16 13:51 - 000011376 _____ C:\Users\claudio\Downloads\CRONOGRAMA 2017 - 2º SEMESTRE  BENEFÍCIO ODONTOLÓGICO (AGOSTO) - PORTAL.pdf

    ==================== Um Mês Modificados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-09-14 15:59 - 2014-10-24 18:16 - 000000000 ____D C:\Users\Todos os Usuários\GbPlugin
    2017-09-14 15:59 - 2014-10-24 18:16 - 000000000 ____D C:\ProgramData\GbPlugin
    2017-09-14 14:10 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\Inf
    2017-09-14 10:56 - 2017-05-06 17:32 - 000000000 ____D C:\Users\claudio\AppData\Local\Spotify
    2017-09-14 10:56 - 2017-05-06 17:31 - 000000000 ____D C:\Users\claudio\AppData\Roaming\Spotify
    2017-09-14 10:49 - 2014-10-24 18:16 - 000000000 ____D C:\Program Files (x86)\GbPlugin
    2017-09-14 10:49 - 2013-08-22 11:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-09-14 10:47 - 2014-12-27 19:11 - 000000000 ____D C:\Users\claudio
    2017-09-14 10:33 - 2014-12-27 22:21 - 000003842 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3A728F70-4E0E-4913-BA03-28523A52D9AD}
    2017-09-14 10:30 - 2014-07-14 21:18 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3778889357-92937078-2251873288-1001
    2017-09-14 08:56 - 2014-07-14 17:47 - 000141672 ____N C:\WINDOWS\Minidump\091417-27531-01.dmp
    2017-09-14 00:23 - 2015-03-20 18:36 - 000000000 ____D C:\Users\claudio\AppData\Roaming\HpUpdate
    2017-09-13 17:38 - 2015-08-22 19:11 - 000000000 ____D C:\Users\claudio\AppData\Roaming\Skype
    2017-09-13 14:06 - 2014-07-14 17:47 - 000137886 ____N C:\WINDOWS\Minidump\091317-166046-01.dmp
    2017-09-13 09:42 - 2013-11-13 22:00 - 000000000 ____D C:\Users\Todos os Usuários\Temp
    2017-09-13 09:42 - 2013-11-13 22:00 - 000000000 ____D C:\ProgramData\Temp
    2017-09-12 22:49 - 2013-08-22 11:44 - 000418184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-09-12 21:23 - 2013-08-22 10:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
    2017-09-12 21:21 - 2015-07-17 17:56 - 000000000 ____D C:\Program Files (x86)\Yahoo!
    2017-09-11 20:40 - 2013-08-22 12:36 - 000000000 ____D C:\WINDOWS\AppReadiness
    2017-09-07 10:42 - 2014-07-14 17:47 - 000131432 ____N C:\WINDOWS\Minidump\090717-43953-01.dmp
    2017-09-05 15:17 - 2015-08-22 19:11 - 000000000 ____D C:\Users\Todos os Usuários\Skype
    2017-09-05 15:17 - 2015-08-22 19:11 - 000000000 ____D C:\ProgramData\Skype
    2017-09-05 15:16 - 2017-03-16 17:49 - 000000000 ___RD C:\Program Files (x86)\Skype
    2017-09-05 10:24 - 2017-02-20 09:02 - 000000000 ____D C:\Users\claudio\Downloads\Extrato Bien Manger
    2017-09-03 21:25 - 2014-07-16 11:16 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-09-02 18:53 - 2017-03-13 22:27 - 000000060 _____ C:\Users\claudio\Documents\SENHA Clube do Hardware.txt
    2017-09-02 18:13 - 2017-04-19 19:59 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
    2017-09-02 18:13 - 2014-07-14 17:47 - 000134504 ____N C:\WINDOWS\Minidump\090217-39234-01.dmp
    2017-09-02 18:12 - 2017-04-19 20:00 - 000152235 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
    2017-09-01 22:36 - 2017-04-19 20:00 - 000006509 _____ C:\WINDOWS\ZAM.krnl.trace
    2017-09-01 21:46 - 2017-03-12 14:02 - 000000000 ____D C:\Program Files (x86)\ScreenShot
    2017-08-31 19:12 - 2016-03-24 12:29 - 000003900 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458833381
    2017-08-31 19:12 - 2016-03-24 12:29 - 000001070 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2017-08-31 19:08 - 2015-12-04 12:39 - 000000000 ____D C:\Program Files\Common Files\AV
    2017-08-31 18:44 - 2017-02-12 19:19 - 000003914 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
    2017-08-31 18:43 - 2014-09-13 00:56 - 000590880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2017-08-31 18:43 - 2014-09-13 00:56 - 000361336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2017-08-31 18:43 - 2014-09-13 00:56 - 000199312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2017-08-31 18:43 - 2014-09-13 00:56 - 000147784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2017-08-31 18:43 - 2014-09-13 00:56 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2017-08-31 18:43 - 2014-09-13 00:56 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2017-08-31 18:43 - 2014-09-13 00:56 - 000047016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2017-08-31 18:42 - 2017-02-12 19:19 - 000343296 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
    2017-08-31 18:42 - 2017-02-12 19:19 - 000320528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
    2017-08-31 18:42 - 2017-02-12 19:19 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
    2017-08-31 18:42 - 2017-02-12 19:19 - 000057736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
    2017-08-31 18:42 - 2016-03-24 12:29 - 000041832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
    2017-08-31 18:42 - 2014-09-13 00:56 - 001016384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2017-08-31 15:21 - 2014-09-24 11:04 - 001987662 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-08-31 15:21 - 2014-09-24 10:19 - 000842344 _____ C:\WINDOWS\system32\prfh0416.dat
    2017-08-31 15:21 - 2014-09-24 10:19 - 000184446 _____ C:\WINDOWS\system32\prfc0416.dat
    2017-08-28 19:30 - 2017-04-17 21:54 - 000002212 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-08-28 19:30 - 2014-07-14 21:58 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-08-23 08:20 - 2013-08-22 12:36 - 000000000 ____D C:\WINDOWS\system32\NDF
    2017-08-23 01:15 - 2014-12-12 23:52 - 000000000 ____D C:\WINDOWS\system32\appraiser
    2017-08-23 01:15 - 2013-08-22 12:36 - 000000000 ___RD C:\WINDOWS\ToastData
    2017-08-22 23:59 - 2014-09-20 13:20 - 000000000 ____D C:\Users\Todos os Usuários\Microsoft Help
    2017-08-22 23:55 - 2012-07-26 04:59 - 000000000 ____D C:\WINDOWS\CbsTemp
    2017-08-22 23:25 - 2014-07-16 11:16 - 000000000 ____D C:\WINDOWS\system32\MRT
    2017-08-22 20:31 - 2014-12-27 19:11 - 000000000 ____D C:\Users\Convidado
    2017-08-18 10:17 - 2013-08-22 10:25 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM
    2017-08-18 10:10 - 2014-09-13 00:56 - 000146696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.150306183060907
    2017-08-18 10:08 - 2014-09-13 00:56 - 000146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.150306182470303
    2017-08-16 15:28 - 2014-07-14 18:52 - 000001133 _____ C:\Users\claudio\Desktop\Cyberlink Power2Go.lnk

    ==================== Arquivos na raiz de alguns diretórios =======

    2015-12-10 15:17 - 2015-12-10 15:17 - 000000132 _____ () C:\Users\claudio\AppData\Roaming\Preferências do Formato PNG do Adobe CS6
    2017-02-19 22:05 - 2017-02-19 22:05 - 000001456 _____ () C:\Users\claudio\AppData\Local\Adobe Salvar para Web 13.0 Prefs
    2017-06-03 21:33 - 2017-06-03 21:33 - 000003584 _____ () C:\Users\claudio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2016-01-08 09:20 - 2016-01-08 09:20 - 000000000 _____ () C:\Users\claudio\AppData\Local\{EEB4E9FC-19D0-4C92-BD00-FDD4B86CF2E6}
    2015-03-20 18:35 - 2015-03-20 18:35 - 000000057 _____ () C:\ProgramData\Ament.ini
    2013-11-13 21:39 - 2013-11-13 21:39 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

    Alguns arquivos em TEMP:
    ====================
    2017-09-13 16:28 - 2017-06-08 14:01 - 001737600 _____ (Microsoft Corporation) C:\Users\claudio\AppData\Local\Temp\dllnt_dump.dll

    ==================== Bamital & volsnap ======================

    (Não há correção automática para arquivos que não passaram na verificação.)

    C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

     

    =============================================================

     

    Addition.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @CLAUDIO RD

     

    Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    GroupPolicy: Restrição <==== ATENÇÃO
    CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <não encontrado (a)>
    HKU\S-1-5-21-3778889357-92937078-2251873288-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Eastness\Application\chrome.exe <==== ATENÇÃO
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\claudio\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\claudio\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\claudio\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\claudio\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\claudio\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\claudio\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\claudio\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\claudio\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\claudio\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\claudio\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\claudio\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\claudio\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\claudio\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Nenhum Arquivo
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Nenhum Arquivo
    AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
    AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
    AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]
    AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10]
    VirusTotal: C:\Program Files (x86)\Eastness\Application\chrome.exe
    CMD: ipconfig /flushdns
    RemoveProxy:
    EmptyTemp:
    CreateRestorePoint:

    Salve este arquivo na na sua área de trabalho com o nome fixlist

    OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

    Clique no botão Fix.

    Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

    Anexe o log na sua próxima resposta

     

    Caso ocorra novamente, tire uma foto da tela azul e poste na sua próxima resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    CLAUDIO RD    0
  • Autor do tópico
  • OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

    Fiz isso

    Clique no botão Fix.

    Aonde??

    Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

    Anexe o log na sua próxima resposta

     

    Caso ocorra novamente, tire uma foto da tela azul e poste na sua próxima resposta.

     

     

    kernel II.jpg

    kernel III.jpg

    Editado por CLAUDIO RD

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @CLAUDIO RD

     

    O erro KERNEL_SECURITY_CHECK_FAILURE pode ser um problema com seu disco rígido, memória ou drivers. Após a nossa analise sobre malware, sugiro você a postar na área de programas.

     

    Citação

    Clique no botão Fix.
    Aonde??

     

    Esquecia de mencionar no procedimento para executar o FRST.exe.

     

    ** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:
    Clique com o direito sobre o arquivo FRST.EXE, depois clique em VRIfczU.png.

    Clique no botão Fix.

    Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

    Anexe o log na sua próxima resposta

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    CLAUDIO RD    0
  • Autor do tópico
  • Clique no botão Fix.
    Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

     

    >> O que o FRST.exe gera é o Addition.txt e o FRST.txt, que já colei e volto a colá-los. quando executo o FRST.exe, não há diálogo referente ao "botão fix" (colo imagem)

     

    Addition.txt

    FRST.txt

    FRST.png

    Editado por CLAUDIO RD

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    CLAUDIO RD    0
  • Autor do tópico
  • CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    GroupPolicy: Restrição <==== ATENÇÃO
    CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <não encontrado (a)>
    HKU\S-1-5-21-3778889357-92937078-2251873288-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Eastness\Application\chrome.exe <==== ATENÇÃO
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\claudio\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\claudio\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\claudio\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\claudio\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\claudio\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\claudio\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\claudio\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\claudio\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\claudio\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\claudio\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\claudio\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\claudio\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3778889357-92937078-2251873288-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\claudio\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Nenhum Arquivo
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Nenhum Arquivo
    AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
    AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
    AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]
    AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10]
    VirusTotal: C:\Program Files (x86)\Eastness\Application\chrome.exe
    CMD: ipconfig /flushdns
    RemoveProxy:
    EmptyTemp:
    CreateRestorePoint:

    Editado por CLAUDIO RD

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×