Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
marlonbeckham

Lentidão e alguns programas que fecham repentinamente

Recommended Posts

Boa noite.

 

Notei que ao iniciar o Chrome, meu computador tem tido dificuldades de executar outras tarefas, como ouvir música (player em segundo plano ou até mesmo no chrome). Alguns programas recentemente começaram a fechar sozinhos repentinamente, como jogos (nada online, só jogos comuns de emuladores de SNES mesmo). 

 

Podem dar uma olhada no log pra mim por favor?
 

Desde já, obrigado!

 

 

ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites
diego_moicano    473

Caro @marlonbeckham

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

 

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

# Etapa nº 1 #
 
Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop)

Execute o arquivo adwcleaner.exe Como Administrador

  • Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome"
  • Clique no botão Verificar e aguarde o exame finalizar.
  • Clique no botão Limpar.
  • Abrirá um bloco de notas com o resultado.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.
  • O log também será salvo em C:\AdwCleaner


NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar.
 
# Etapa nº 2 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Junkware Removal Tool (JRT) e salve em sua Área de trabalho (Desktop)

 

Execute o jrt.exe Como Administrador

  • A ferramenta começará o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Ao final um log se abrirá. Será salvo no desktop com o nome de JRT.txt.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 
# Etapa nº 3 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

 

Execute o arquivo ZHPCleaner.exe Como Administrador

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
marlonbeckham    0
  • Autor do tópico
  • Log do AdwCleaner

     

    # AdwCleaner 7.0.2.1 - Logfile created on Mon Sep 11 15:44:49 2017
    # Updated on 2017/29/08 by Malwarebytes 
    # Running on Windows 7 Ultimate (X86)
    # Mode: clean
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    No malicious services deleted.

    ***** [ Folders ] *****

    Deleted: C:\Users\win7\AppData\Roaming\AdvertismentImages


    ***** [ Files ] *****

    No malicious files deleted.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks deleted.

    ***** [ Registry ] *****

    No malicious registry entries deleted.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries deleted.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries deleted.

    *************************

    ::Tracing keys deleted
    ::TCP/IP settings cleared
    ::IE policies deleted
    ::Additional Actions: 0

    *************************

    C:/AdwCleaner/AdwCleaner[S0].txt - [992 B] - [2017/9/11 15:43:45]


    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

     

     

    Log do JRT

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.4 (07.09.2017)
    Operating System: Windows 7 Ultimate x86 
    Ran by win7 (Administrator) on 11/09/2017 at 12:53:21,30
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    File System: 12 

    Successfully deleted: C:\Users\win7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RB0KVKO (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\win7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G3R7QORG (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\win7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZNERTSN (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\win7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1TGJU5T (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\win7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X15TEOGD (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\win7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YP6L325L (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RB0KVKO (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G3R7QORG (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZNERTSN (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1TGJU5T (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X15TEOGD (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YP6L325L (Temporary Internet Files Folder) 

    Registry: 0 

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 11/09/2017 at 12:56:06,11
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

     

    Log do ZHPCleaner

     

     

    ~ ZHPCleaner v2017.9.11.154 by Nicolas Coolman (2017/09/11)
    ~ Run by win7 (Administrator)  (11/09/2017 13:27:47)
    ~ Web: https://www.nicolascoolman.com
    ~ Blog: https://nicolascoolman.eu/
    ~ Facebook : https://www.facebook.com/nicolascoolman1
    ~ State version : Version OK
    ~ Certificate ZHPCleaner: Legal
    ~ Type : Reparo
    ~ Report : C:\Users\win7\Desktop\ZHPCleaner.txt
    ~ Quarantine : C:\Users\win7\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
    ~ UAC : Activate
    ~ Boot Mode : Normal (Normal boot)
    Windows 7 Ultimate, 32-bit  (Build 7600)


    ---\\  Serviços (0)
    ~ Nenhum ítem malicioso o desnecessários foi encontrado.


    ---\\  Navegadores de Internet (0)
    ~ Nenhum ítem malicioso o desnecessários foi encontrado.


    ---\\  Arquivo hosts (1)
    ~ O arquivo hosts é legítimo (22)


    ---\\  Tarefas automáticas agendadas. (1)
    SUPRIMIDO tarefas: [AutoKMS] [C:\Windows\Tasks\AutoKMS.job (Not File) ]  =>HackTool.AutoKMS


    ---\\  Explorer ( Arquivos, Pastas) (7)
    MOVIDO pasta: C:\Windows\Tasks\AutoKMS.job    =>HackTool.AutoKMS
    MOVIDO pasta: C:\Windows\AutoKMS.exe [CODYQX4 - AutoKMS]  =>HackTool.AutoKMS
    MOVIDO pasta*: C:\Windows\System32\Tasks\AutoKMS    =>HackTool.AutoKMS
    MOVIDO pasta: C:\Windows\AutoKMS\AutoKMS.exe [CODYQX4 - AutoKMS]  =>HackTool.AutoKMS
    MOVIDO pasta: C:\Windows\AutoKMS\AutoKMS.log    =>HackTool.AutoKMS
    MOVIDO arquivo: C:\ProgramData\Microsoft Toolkit  =>HackTool.AutoKMS
    MOVIDO arquivo: C:\Windows\AutoKMS  =>HackTool.AutoKMS


    ---\\  Registro ( Chaves, Valores, Dados ) (2)
    SUPRIMIDO chave^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02A2D22C-99ED-4D22-936E-D2C0BC69B14D} [C:\Windows\AutoKMS.exe (Not File)]  =>HackTool.AutoKMS
    SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\KMService []  =>PUP.Optional.Office


    ---\\  Resumo dos elementos encontrados na sua estação de trabalho (2)
    https://nicolascoolman.eu/2017/02/02/hacktool-autokms/  =>HackTool.AutoKMS
    https://www.nicolascoolman.com/fr/hijacker-office/  =>PUP.Optional.Office


    ---\\  Dodatkowe oczyszczenie. (5)
    ~ Chave de registro Tracing Supprimido (5)
    ~ Remover os relatórios antigos ZHPCleaner. (0)


    ---\\ Resultado de reparação
    Reparação efectuada com sucesso
    ~ O sistema foi reiniciado.


    ---\\ Estatísticas
    ~ Items scan : 927
    ~ Items encontrado : 0
    ~ items cancelados : 0
    ~ Items réparo : 10


    ~ End of clean in 00h00mn25s
    ~====================
    ZHPCleaner-[R]-11092017-13_28_12.txt
    ZHPCleaner--11092017-13_13_44.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    473

    Caro @marlonbeckham

     

    Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

     

    Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop).


    32 bit (x86) ou 64 bit (x64)

    • Clique com o botão direito e escolha Executar como Administrador;
    • Marque a caixa Arquivos 90 dias,  e clique no botão Examinar;
    • Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop);
    • Selecione, copie e cole o conteúdo do log  FRST.txt em sua próxima resposta;
    • Anexe o log Addition.txt.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    marlonbeckham    0
  • Autor do tópico
  • Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 12-09-2017
    Executado por win7 (administrador) em WIN7-PC (13-09-2017 11:49:53)
    Executando a partir de C:\Users\win7\Desktop
    Perfis Carregados: win7 (Perfis Disponíveis: win7)
    Platform: Microsoft Windows 7 Ultimate  (X86) Idioma: Português (Brasil)
    Internet Explorer Versão 8 (Navegador padrão: Chrome)
    Modo da Inicialização: Normal
    Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processos (Whitelisted) =================

    (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\afwServ.exe
    (Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
    (Intel Corporation) C:\Program Files\Intel\AMT\atchk.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    (Flux Software LLC) C:\Users\win7\AppData\Local\FluxSoftware\Flux\flux.exe
    (Spotify Ltd) C:\Users\win7\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (Intel) C:\Program Files\Intel\AMT\LMS.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
    () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
    (Intel) C:\Program Files\Intel\AMT\UNS.exe
    (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
    (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    (Secunia) C:\Program Files\Secunia\PSI\sua.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

    ==================== Registro (Whitelisted) ====================

    (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

    HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12111576 1999-12-31] (Realtek Semiconductor)
    HKLM\...\Run: [atchk] => C:\Program Files\Intel\AMT\atchk.exe [401408 1999-12-31] (Intel Corporation)
    HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-08-24] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [289248 2017-09-06] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
    HKU\S-1-5-21-2662874997-491916432-370945938-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-05-16] (Nero AG)
    HKU\S-1-5-21-2662874997-491916432-370945938-1000\...\Run: [f.lux] => C:\Users\win7\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-05] (Flux Software LLC)
    HKU\S-1-5-21-2662874997-491916432-370945938-1000\...\Run: [Spotify Web Helper] => C:\Users\win7\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1579120 2017-08-02] (Spotify Ltd)
    HKU\S-1-5-21-2662874997-491916432-370945938-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [4556048 2015-02-27] (Disc Soft Ltd)
    HKU\S-1-5-21-2662874997-491916432-370945938-1000\...\MountPoints2: E - E:\Setup.exe
    HKU\S-1-5-21-2662874997-491916432-370945938-1000\...\MountPoints2: {16f2f309-764f-11e7-812e-001d7dfd436a} - E:\setup.exe
    HKU\S-1-5-21-2662874997-491916432-370945938-1000\...\MountPoints2: {28ddda2f-795e-11e7-9a5f-001d7dfd436a} - E:\_aom.exe
    HKU\S-1-5-21-2662874997-491916432-370945938-1000\...\MountPoints2: {28ddda32-795e-11e7-9a5f-001d7dfd436a} - F:\_aom.exe

    ==================== Internet (Whitelisted) ====================

    (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

    Hosts: 127.0.0.1       WORK # LMS GENERATED LINE
    Tcpip\Parameters: [DhcpNameServer] 201.17.128.76 201.17.128.71
    Tcpip\..\Interfaces\{18359647-A516-45C2-8103-558060C1F095}: [DhcpNameServer] 201.17.128.76 201.17.128.71

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2662874997-491916432-370945938-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-09-11] (Oracle Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-11] (Oracle Corporation)

    FireFox:
    ========
    FF DefaultProfile: 
    FF ProfilePath: C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\3qjcdrtu.default-1487307534723 [2017-09-13]
    FF Extension: (Click-to-Play staged rollout) - C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\3qjcdrtu.default-1487307534723\features\{8330f968-c587-4f9d-9bfe-0c1932335f0e}\clicktoplay-rollout@mozilla.org.xpi [2017-09-11]
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
    FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-11] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-11] (Oracle Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2662874997-491916432-370945938-1000: SkypePlugin -> C:\Users\win7\AppData\Local\SkypePlugin\7.31.0.51\npGatewayNpapi.dll [2017-01-12] (Skype Technologies S.A.)

    Chrome: 
    =======
    CHR DefaultProfile: Profile 1
    CHR Profile: C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default [2017-09-11]
    CHR Extension: (AVG SafePrice) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2017-06-15]
    CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-15]
    CHR Extension: (Chrome Media Router) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-15]
    CHR Profile: C:\Users\win7\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-09-13]
    CHR Extension: (Google Tradutor) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-07-30]
    CHR Extension: (Google Apresentações) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-12]
    CHR Extension: (Google Docs) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-12]
    CHR Extension: (Google Drive) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-12]
    CHR Extension: (YouTube) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-12]
    CHR Extension: (Adobe Acrobat) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-12]
    CHR Extension: (Planilhas do Google) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-12]
    CHR Extension: (Documentos Google off-line) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-12]
    CHR Extension: (AVG SafePrice) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2017-09-13]
    CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
    CHR Extension: (Economia de dados) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pfmgfdlgomnbgkofeojodiodmgpgmkac [2017-05-12]
    CHR Extension: (Gmail) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-12]
    CHR Extension: (Chrome Media Router) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
    CHR Profile: C:\Users\win7\AppData\Local\Google\Chrome\User Data\Profile 1B [2017-05-12] <==== ATENÇÃO
    CHR Extension: (Adobe Acrobat) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Profile 1B\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-12]
    CHR Extension: (AVG SafePrice) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Profile 1B\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2017-05-12]
    CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Profile 1B\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-12]
    CHR Extension: (Economia de dados) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Profile 1B\Extensions\pfmgfdlgomnbgkofeojodiodmgpgmkac [2017-05-12]
    CHR Extension: (Chrome Media Router) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Profile 1B\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
    CHR Profile: C:\Users\win7\AppData\Local\Google\Chrome\User Data\Profile1 [2017-05-12] <==== ATENÇÃO
    CHR Extension: (Economia de dados) - C:\Users\win7\AppData\Local\Google\Chrome\User Data\Profile1\Extensions\pfmgfdlgomnbgkofeojodiodmgpgmkac [2017-05-12]
    CHR Profile: C:\Users\win7\AppData\Local\Google\Chrome\User Data\System Profile [2017-06-29]
    CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2662874997-491916432-370945938-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx

    ==================== Serviços (Whitelisted) ====================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [176128 1999-12-31] (Intel Corporation) [Arquivo não assinado]
    R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [276328 2017-09-06] (AVG Technologies CZ, s.r.o.)
    R2 AVG Firewall; C:\Program Files\AVG\Antivirus\afwServ.exe [324096 2017-09-11] (AVG Technologies CZ, s.r.o.)
    S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5881008 2017-09-06] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-08-24] (AVG Technologies CZ, s.r.o.)
    S4 BstHdAndroidSvc; C:\Program Files\Bluestacks\HD-Service.exe [445976 2016-08-03] (BlueStack Systems, Inc.)
    S4 BstHdLogRotatorSvc; C:\Program Files\Bluestacks\HD-LogRotatorService.exe [425496 2016-08-03] (BlueStack Systems, Inc.)
    S4 BstHdPlusAndroidSvc; C:\Program Files\Bluestacks\HD-Plus-Service.exe [462360 2016-08-03] (BlueStack Systems, Inc.)
    R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1030928 2015-02-27] (Disc Soft Ltd)
    S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [396952 2016-06-08] ()
    R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [188472 2016-05-18] (Intel Corporation)
    R2 LMS; C:\Program Files\Intel\AMT\LMS.exe [102400 1999-12-31] (Intel) [Arquivo não assinado]
    S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
    S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-30] (SteelWerX) [Arquivo não assinado]
    S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
    R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
    R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
    R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [2519040 1999-12-31] (Intel) [Arquivo não assinado]
    S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [396952 2016-06-08] ()
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    R1 avgbdisk; C:\Windows\system32\drivers\avgbdiskx.sys [135872 2017-09-06] (AVG Technologies CZ, s.r.o.)
    R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdriverx.sys [261128 2017-09-06] (AVG Technologies CZ, s.r.o.)
    R0 avgbidsh; C:\Windows\system32\drivers\avgbidshx.sys [151024 2017-09-06] (AVG Technologies CZ, s.r.o.)
    R0 avgblog; C:\Windows\system32\drivers\avgblogx.sys [270344 2017-09-06] (AVG Technologies CZ, s.r.o.)
    R0 avgbuniv; C:\Windows\system32\drivers\avgbunivx.sys [43992 2017-09-06] (AVG Technologies CZ, s.r.o.)
    S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [35264 2017-09-06] (AVG Technologies CZ, s.r.o.)
    R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [117368 2017-09-06] (AVG Technologies CZ, s.r.o.)
    R3 avgNetNd6; C:\Windows\System32\DRIVERS\avgNetNd6.sys [28408 2017-09-11] (AVG Technologies CZ, s.r.o.)
    R1 avgNetSec; C:\Windows\system32\drivers\avgNetSec.sys [400488 2017-09-11] (AVG Technologies CZ, s.r.o.)
    R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [91976 2017-09-06] (AVG Technologies CZ, s.r.o.)
    R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [63280 2017-09-06] (AVG Technologies CZ, s.r.o.)
    R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [766216 2017-09-06] (AVG Technologies CZ, s.r.o.)
    R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [492552 2017-09-06] (AVG Technologies CZ, s.r.o.)
    S2 avgStm; C:\Windows\system32\drivers\avgStm.sys [140136 2017-09-06] (AVG Technologies CZ, s.r.o.)
    R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [289240 2017-09-06] (AVG Technologies CZ, s.r.o.)
    S3 BstHdDrv; C:\Program Files\Bluestacks\HD-Hypervisor-x86.sys [139360 2016-08-03] (BlueStack Systems)
    S3 BstkDrv; C:\Program Files\Bluestacks\BstkDrv.sys [250936 2016-07-28] (Bluestack System Inc. )
    S3 cmnxusbser; C:\Windows\System32\DRIVERS\cmnxusbser.sys [130296 2015-11-24] (Wireless Data Device)
    R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25104 2017-07-31] (Disc Soft Ltd)
    R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [232312 2012-10-30] (Intel Corporation)
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59904 2017-03-24] ()
    S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-13] (VIA Technologies, Inc. )
    R3 JMCF; C:\Windows\System32\DRIVERS\jmcf.sys [68720 1999-12-31] (JMicron Technology Corporation)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [220088 2017-07-20] (Malwarebytes)
    S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2016-02-02] (Secunia)
    S3 catchme; \??\C:\Users\win7\AppData\Local\Temp\catchme.sys [X]
    S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]
    S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X]
    S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


    ==================== Três Meses Criados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-09-13 11:49 - 2017-09-13 11:50 - 000017178 _____ C:\Users\win7\Desktop\FRST.txt
    2017-09-13 11:49 - 2017-09-13 11:49 - 000000000 ____D C:\FRST
    2017-09-13 11:46 - 2017-09-13 11:47 - 001793024 _____ (Farbar) C:\Users\win7\Desktop\FRST.exe
    2017-09-11 14:16 - 2017-09-11 14:16 - 000000000 ____D C:\Program Files\Common Files\Java
    2017-09-11 14:04 - 2017-05-06 04:16 - 000000126 _____ C:\Users\win7\Downloads\www.itunesexclusive.com.url
    2017-09-11 14:04 - 2017-04-21 20:02 - 000000135 _____ C:\Users\win7\Downloads\www.twitter.com.url
    2017-09-11 14:04 - 2017-01-21 21:16 - 000000136 _____ C:\Users\win7\Downloads\www.facebook.com_itune5music.url
    2017-09-11 13:35 - 2017-09-11 13:35 - 000001093 _____ C:\Users\Public\Desktop\Navegador Opera.lnk
    2017-09-11 13:35 - 2017-09-11 13:35 - 000001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
    2017-09-11 13:35 - 2017-09-11 13:35 - 000000000 ____D C:\Users\win7\AppData\Roaming\Opera Software
    2017-09-11 13:35 - 2017-09-11 13:35 - 000000000 ____D C:\Users\win7\AppData\Local\Opera Software
    2017-09-11 13:34 - 2017-09-11 13:35 - 000000000 ____D C:\Program Files\Opera
    2017-09-11 13:13 - 2017-09-11 13:28 - 000002757 _____ C:\Users\win7\Desktop\ZHPCleaner.txt
    2017-09-11 12:56 - 2017-09-11 12:56 - 000002512 _____ C:\Users\win7\Desktop\JRT.txt
    2017-09-11 12:53 - 2017-09-11 12:52 - 000400488 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetSec.sys
    2017-09-11 12:53 - 2017-09-06 12:33 - 000305936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
    2017-09-11 12:52 - 2017-09-11 12:52 - 000028408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetNd6.sys
    2017-09-11 12:33 - 2017-09-11 12:33 - 002880384 _____ C:\Users\win7\Downloads\ZHPCleaner.exe
    2017-09-11 12:32 - 2017-09-11 12:33 - 008182736 _____ (Malwarebytes) C:\Users\win7\Downloads\adwcleaner_7.0.2.1.exe
    2017-09-11 12:32 - 2017-09-11 12:33 - 001790024 _____ (Malwarebytes) C:\Users\win7\Downloads\JRT.exe
    2017-09-08 23:38 - 2017-09-08 23:38 - 000016661 _____ C:\ZA-Scan.txt
    2017-09-08 23:12 - 2017-09-08 23:12 - 000023406 _____ C:\Users\win7\Downloads\ZA-Scan1.txt
    2017-09-06 23:24 - 2017-09-06 23:24 - 002611672 _____ C:\Users\win7\Downloads\FB_VIDEO_SD_1504650324334 (1).mp4
    2017-09-06 00:27 - 2017-09-06 00:27 - 002611672 _____ C:\Users\win7\Downloads\FB_VIDEO_SD_1504650324334.mp4
    2017-09-04 01:30 - 2017-09-04 01:30 - 000000000 ____D C:\Users\win7\AppData\Roaming\RenPy
    2017-09-02 18:16 - 2017-09-02 18:16 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1964.lnk
    2017-09-02 18:16 - 2017-09-02 18:16 - 000000000 ____D C:\Program Files\1964
    2017-08-31 02:53 - 2017-08-31 02:54 - 109795833 _____ C:\Users\win7\Downloads\Hidden_Citizens_-_Reawakenings_2016__mp3_320_kbps.7z
    2017-08-24 23:13 - 2017-08-24 23:13 - 000199273 _____ C:\Users\win7\Downloads\OEFoQC8.mp4
    2017-08-22 23:35 - 2017-08-22 23:36 - 000000000 ____D C:\Users\win7\AppData\Roaming\PhotoFiltre Studio X
    2017-08-22 23:35 - 2017-08-22 23:35 - 000001054 _____ C:\Users\win7\Desktop\PhotoFiltre Studio X.lnk
    2017-08-22 23:35 - 2017-08-22 23:35 - 000000000 ____D C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre Studio X
    2017-08-22 23:35 - 2017-08-22 23:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre Studio X
    2017-08-22 23:35 - 2017-08-22 23:35 - 000000000 ____D C:\Program Files\PhotoFiltre Studio X
    2017-08-20 00:30 - 2017-08-20 00:30 - 003308190 _____ C:\Users\win7\Downloads\video-1503198190.mp4
    2017-08-19 13:28 - 2017-08-19 13:29 - 000000323 _____ C:\Users\win7\Downloads\20993398_10209762901090094_1732416974_o.pfi
    2017-08-17 14:35 - 2017-08-23 16:55 - 000000195 _____ C:\Users\win7\Downloads\aaaaj.txt
    2017-08-16 21:40 - 2017-08-16 21:40 - 000000000 ____D C:\Users\win7\.BestSoft
    2017-08-14 23:07 - 2017-08-14 23:08 - 116704915 _____ C:\Users\win7\Downloads\Selena Gomez - Same Old Love (Live at AMAs 2015).mp4
    2017-08-08 00:40 - 2017-08-08 00:40 - 000022286 _____ C:\Users\win7\Downloads\Semanal-2017.xlsx
    2017-08-05 00:10 - 2017-08-05 00:10 - 000000000 ____D C:\Users\win7\Documents\My Games
    2017-08-04 23:57 - 2017-08-04 23:57 - 000002087 _____ C:\Users\Public\Desktop\Age of Mythology - The Titans Expansion.lnk
    2017-08-04 23:53 - 2017-08-04 23:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
    2017-08-04 23:53 - 2017-08-04 23:53 - 000002078 _____ C:\Users\Public\Desktop\Age of Mythology.lnk
    2017-08-04 23:47 - 2017-08-04 23:47 - 000000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
    2017-08-04 23:44 - 2017-08-04 23:45 - 000000000 ____D C:\Users\win7\AppData\Roaming\DAEMON Tools Lite
    2017-08-04 23:44 - 2017-08-04 23:45 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
    2017-08-04 23:44 - 2017-08-04 23:44 - 000001896 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
    2017-08-04 23:44 - 2017-08-04 23:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
    2017-08-04 23:43 - 2017-08-04 23:54 - 000000000 ____D C:\Users\Todos os Usuários\DAEMON Tools Lite
    2017-08-04 23:43 - 2017-08-04 23:54 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
    2017-08-04 21:58 - 2017-08-04 22:01 - 000000000 ____D C:\Users\win7\Downloads\Age Of Mythology Br
    2017-08-01 00:01 - 2017-08-01 02:20 - 000000000 ____D C:\HD EXTERNO
    2017-07-31 22:56 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
    2017-07-31 22:56 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
    2017-07-31 22:56 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
    2017-07-31 22:56 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
    2017-07-31 22:56 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
    2017-07-31 22:56 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
    2017-07-31 22:56 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
    2017-07-31 22:56 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
    2017-07-31 22:56 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
    2017-07-31 22:56 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
    2017-07-31 22:56 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
    2017-07-31 22:56 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
    2017-07-31 22:56 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
    2017-07-31 22:56 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
    2017-07-31 22:56 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
    2017-07-31 22:56 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
    2017-07-31 22:56 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
    2017-07-31 22:56 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
    2017-07-31 22:56 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
    2017-07-31 22:56 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
    2017-07-31 22:56 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
    2017-07-31 22:56 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
    2017-07-31 22:56 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
    2017-07-31 22:56 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
    2017-07-31 22:56 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
    2017-07-31 22:56 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
    2017-07-31 22:56 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
    2017-07-31 22:56 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
    2017-07-31 22:56 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
    2017-07-31 22:56 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
    2017-07-31 22:56 - 2008-10-10 04:52 - 004379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
    2017-07-31 22:56 - 2008-10-10 04:52 - 002036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
    2017-07-31 22:56 - 2008-10-10 04:52 - 000452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
    2017-07-31 22:56 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
    2017-07-31 22:56 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
    2017-07-31 22:56 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
    2017-07-31 22:56 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
    2017-07-31 22:56 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
    2017-07-31 22:56 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
    2017-07-31 22:56 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
    2017-07-31 22:56 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
    2017-07-31 22:56 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
    2017-07-31 22:56 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
    2017-07-31 22:56 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
    2017-07-31 22:56 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
    2017-07-31 22:56 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
    2017-07-31 22:56 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
    2017-07-31 22:56 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
    2017-07-31 22:56 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
    2017-07-31 22:56 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
    2017-07-31 22:56 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
    2017-07-31 22:56 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
    2017-07-31 22:56 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
    2017-07-31 22:56 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
    2017-07-31 22:56 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
    2017-07-31 22:56 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
    2017-07-31 22:56 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
    2017-07-31 22:56 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
    2017-07-31 22:56 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
    2017-07-31 22:56 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
    2017-07-31 22:56 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
    2017-07-31 22:56 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
    2017-07-31 22:56 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
    2017-07-31 22:56 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
    2017-07-31 22:56 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
    2017-07-31 22:56 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
    2017-07-31 22:56 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
    2017-07-31 22:56 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
    2017-07-31 22:56 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
    2017-07-31 22:56 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
    2017-07-31 22:56 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
    2017-07-31 22:56 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
    2017-07-31 22:56 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
    2017-07-31 22:56 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
    2017-07-31 22:56 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
    2017-07-31 22:56 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
    2017-07-31 22:56 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
    2017-07-31 22:56 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
    2017-07-31 22:56 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
    2017-07-31 22:56 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
    2017-07-31 22:56 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
    2017-07-31 22:56 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
    2017-07-31 22:56 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
    2017-07-31 22:56 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
    2017-07-31 22:56 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
    2017-07-31 22:56 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
    2017-07-31 22:56 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
    2017-07-31 22:56 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
    2017-07-31 22:56 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
    2017-07-31 22:54 - 2017-07-31 22:56 - 000000000 ____D C:\Windows\system32\directx
    2017-07-31 22:54 - 2017-07-31 22:55 - 000000000 ___HD C:\Windows\msdownld.tmp
    2017-07-31 22:30 - 2017-07-31 22:30 - 000025104 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
    2017-07-22 20:53 - 2017-07-22 20:53 - 000000000 ____D C:\Users\win7\AppData\Local\com.gamehouse.acid
    2017-07-20 20:07 - 2017-07-20 20:07 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
    2017-07-20 19:57 - 2017-07-20 19:57 - 000077824 _____ C:\Windows\KMService.exe
    2017-07-20 19:57 - 2017-07-20 19:57 - 000008192 _____ C:\Windows\system32\srvany.exe
    2017-07-20 19:53 - 2017-07-20 19:53 - 000000135 _____ C:\Windows\AutoKMS.ini
    2017-07-20 19:22 - 2017-07-20 19:23 - 000000000 ___SD C:\ComboFix
    2017-07-20 19:22 - 2011-06-26 03:45 - 000256000 _____ C:\Windows\PEV.exe
    2017-07-20 19:22 - 2010-11-07 14:20 - 000208896 _____ C:\Windows\MBR.exe
    2017-07-20 19:22 - 2000-08-30 21:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2017-07-20 19:22 - 2000-08-30 21:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2017-07-20 19:22 - 2000-08-30 21:00 - 000098816 _____ C:\Windows\sed.exe
    2017-07-20 19:22 - 2000-08-30 21:00 - 000080412 _____ C:\Windows\grep.exe
    2017-07-20 19:22 - 2000-08-30 21:00 - 000068096 _____ C:\Windows\zip.exe
    2017-07-20 19:15 - 2009-04-20 01:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2017-07-20 19:05 - 2017-07-20 19:15 - 000149068 _____ C:\Windows\ntbtlog.txt
    2017-07-20 18:05 - 2017-07-20 18:05 - 000023981 _____ C:\Users\win7\Downloads\PL 289-17 -  Inicial.PDF
    2017-07-20 18:05 - 2017-07-20 18:05 - 000021590 _____ C:\Users\win7\Downloads\PL 296-17 -  Inicial.PDF
    2017-07-20 17:57 - 2017-07-20 17:57 - 000102842 _____ C:\Users\win7\Downloads\PL 274-17 - Inicial.PDF
    2017-07-09 17:04 - 2017-09-01 00:09 - 000000000 _____ C:\Windows\system32\last.dump
    2017-07-06 14:43 - 2017-07-06 14:43 - 000116334 _____ C:\Users\win7\Downloads\2ZD4ZVA.pdf
    2017-07-05 02:48 - 2017-07-05 02:48 - 000079448 _____ C:\Users\win7\Downloads\Extreme.Movie.2008.STV.DVDRip.XviD-MOTION-resync.srt
    2017-07-05 00:06 - 2017-07-05 00:06 - 001113091 _____ C:\Users\win7\Downloads\Harry Potter e a Crianca Amaldi - J. K. Rowling (1).pdf
    2017-06-30 21:02 - 2017-07-12 01:05 - 000109154 _____ C:\Users\win7\Downloads\21 and over-legendafilmes.com.br.srt
    2017-06-26 23:05 - 2017-06-26 23:05 - 054111471 _____ C:\Users\win7\Downloads\video do drive.mp4
    2017-06-24 13:28 - 2017-06-24 13:29 - 004639998 _____ C:\Users\win7\Downloads\It_ A coisa - Stephen King.pdf
    2017-06-19 20:08 - 2017-06-19 20:08 - 066057174 _____ C:\Users\win7\Downloads\Untidtled.mp4
    2017-06-16 02:05 - 2017-06-16 06:59 - 000092430 _____ C:\Users\win7\Downloads\And.Now.For.Something.Completely.Different.1971.720p.BRrip.x264.YIFY-pob.srt

    ==================== Três Meses Modificados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-09-13 11:49 - 2017-03-17 12:30 - 000000000 ____D C:\Users\win7\AppData\LocalLow\Mozilla
    2017-09-13 11:46 - 2009-07-14 01:34 - 000017136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-09-13 11:46 - 2009-07-14 01:34 - 000017136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-09-13 11:39 - 2016-04-12 19:42 - 000000000 ____D C:\Users\win7\AppData\Roaming\FileAdvisor
    2017-09-13 11:38 - 2009-07-14 01:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2017-09-12 17:23 - 2009-07-14 01:53 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2017-09-12 13:37 - 2016-04-22 17:18 - 000000000 ____D C:\Users\win7\Desktop\IAMX
    2017-09-12 13:37 - 2016-04-12 19:33 - 000000000 ____D C:\Users\win7\AppData\Roaming\Mp3tag
    2017-09-12 13:36 - 2016-11-30 16:07 - 000000000 ____D C:\Users\win7\Desktop\Sweet Love
    2017-09-11 14:17 - 2017-02-02 10:52 - 000000000 ____D C:\Users\Todos os Usuários\Oracle
    2017-09-11 14:17 - 2017-02-02 10:52 - 000000000 ____D C:\ProgramData\Oracle
    2017-09-11 14:17 - 2017-02-02 10:51 - 000000000 ____D C:\Program Files\Java
    2017-09-11 14:16 - 2017-02-02 10:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2017-09-11 14:15 - 2017-02-02 10:52 - 000095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2017-09-11 13:52 - 2016-04-12 16:51 - 000000000 ____D C:\Users\win7
    2017-09-11 13:50 - 2016-09-23 11:44 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
    2017-09-11 13:28 - 2017-04-11 18:52 - 000000000 ____D C:\Users\win7\AppData\Roaming\ZHP
    2017-09-11 13:01 - 2017-04-11 18:52 - 000000828 _____ C:\Users\win7\Desktop\ZHPCleaner.lnk
    2017-09-11 12:54 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\inf
    2017-09-11 12:44 - 2016-08-08 18:40 - 000000000 ____D C:\AdwCleaner
    2017-09-06 12:33 - 2017-05-29 14:12 - 000492552 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
    2017-09-06 12:33 - 2017-05-29 14:12 - 000289240 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
    2017-09-06 12:33 - 2017-05-29 14:12 - 000140136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
    2017-09-06 12:33 - 2017-05-29 14:12 - 000117368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
    2017-09-06 12:33 - 2017-05-29 14:12 - 000091976 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
    2017-09-06 12:33 - 2017-05-29 14:12 - 000063280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
    2017-09-06 12:33 - 2017-05-29 14:12 - 000035264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
    2017-09-06 12:32 - 2017-05-29 14:12 - 000766216 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
    2017-09-06 12:32 - 2017-05-29 14:12 - 000270344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblogx.sys
    2017-09-06 12:32 - 2017-05-29 14:12 - 000261128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriverx.sys
    2017-09-06 12:32 - 2017-05-29 14:12 - 000151024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidshx.sys
    2017-09-06 12:32 - 2017-05-29 14:12 - 000135872 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiskx.sys
    2017-09-06 12:32 - 2017-05-29 14:12 - 000043992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbunivx.sys
    2017-09-04 13:26 - 2017-05-29 14:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2017-09-04 13:26 - 2017-05-29 14:09 - 000000978 _____ C:\Users\Public\Desktop\AVG.lnk
    2017-09-02 17:59 - 2017-03-16 21:43 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2017-09-02 17:59 - 2016-07-06 23:20 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
    2017-08-31 23:22 - 2016-04-12 20:40 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-08-28 21:30 - 2016-04-22 21:43 - 000000000 ____D C:\Users\win7\AppData\Roaming\uTorrent
    2017-08-28 21:29 - 2016-04-22 21:44 - 000000000 ___SD C:\Users\win7\AppData\LocalLow\Temp
    2017-08-28 17:55 - 2016-09-23 12:23 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-08-28 17:55 - 2016-09-23 12:23 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-08-25 00:52 - 2016-05-14 14:55 - 000000000 ____D C:\Users\win7\AppData\Local\Spotify
    2017-08-25 00:47 - 2016-05-14 14:55 - 000000000 ____D C:\Users\win7\AppData\Roaming\Spotify
    2017-08-24 20:04 - 2016-04-27 19:35 - 000000000 ____D C:\Users\win7\AppData\Local\Microsoft Help
    2017-08-24 19:43 - 2017-05-27 08:09 - 000000000 ____D C:\Users\win7\Downloads\MinhaBox
    2017-08-23 18:25 - 2016-04-12 18:32 - 000088208 _____ C:\Users\win7\AppData\Local\GDIPFONTCACHEV1.DAT
    2017-08-23 13:26 - 2009-07-14 01:33 - 000376848 _____ C:\Windows\system32\FNTCACHE.DAT

    ==================== Arquivos na raiz de alguns diretórios =======

    2016-09-23 11:46 - 2016-09-23 11:46 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

    Alguns arquivos em TEMP:
    ====================
    2017-07-20 19:23 - 2017-07-20 19:23 - 000053248 _____ () C:\Users\win7\AppData\Local\Temp\catchme.dll
    2017-05-20 15:38 - 2017-07-29 23:17 - 000003584 _____ () C:\Users\win7\AppData\Local\Temp\dateinj01.dll
    2002-10-20 18:05 - 2002-10-20 18:05 - 001020000 ____N (Microsoft Corporation) C:\Users\win7\AppData\Local\Temp\EBU327A.exe
    2002-10-20 18:24 - 2002-10-20 18:24 - 002117632 ____N (Microsoft Corporation) C:\Users\win7\AppData\Local\Temp\EBU3C1B.DLL
    2017-09-11 14:15 - 2017-09-11 14:15 - 000740416 _____ (Oracle Corporation) C:\Users\win7\AppData\Local\Temp\jre-8u144-windows-au.exe
    2017-04-11 19:26 - 2006-03-02 23:42 - 000073728 _____ () C:\Users\win7\AppData\Local\Temp\pv.exe
    2017-04-11 19:26 - 2006-11-27 02:34 - 000049152 _____ () C:\Users\win7\AppData\Local\Temp\vfind.exe
    2017-04-04 14:23 - 2017-04-04 14:23 - 007178424 _____ (VS Revo Group                                               ) C:\Users\win7\AppData\Local\Temp\VSUSetup.exe

    ==================== Bamital & volsnap ======================

    (Não há correção automática para arquivos que não passaram na verificação.)

    C:\Windows\explorer.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

    LastRegBack: 2017-09-10 16:17

    ==================== Fim de FRST.txt ============================

     

     

     

     

     

    Addition.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    473

    Caro @marlonbeckham

     

    Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

     

    Baixe o arquivo (fixlist.txt) no anexo deste post e salve-o na Área de Trabalho (Desktop).

    Execute o FRST.exe (ou FRST64.exe) e clique no botão Corrigir.

    Aguarde... ao final será gerado o log Fixlog.txt  salvo em sua Área de Trabalho (Desktop).

    Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

     

    Abraços :D

    fixlist.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    marlonbeckham    0
  • Autor do tópico
  • Resultado da Correção pela Farbar Recovery Scan Tool (x86) Versão: 14-09-2017 01
    Executado por win7 (14-09-2017 19:08:16) Run:1
    Executando a partir de C:\Users\win7\Desktop
    Perfis Carregados: win7 (Perfis Disponíveis: win7)
    Modo da Inicialização: Normal

    ==============================================

    fixlist Conteúdo:
    *****************

    CreateRestorePoint:
    CloseProcesses:
    CMD: bitsadmin /util /setieproxy localsystem NO_PROXY RESET
    HKU\S-1-5-21-2662874997-491916432-370945938-1000\...\Run: [f.lux] => C:\Users\win7\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-05] (Flux Software LLC)
    HKU\S-1-5-21-2662874997-491916432-370945938-1000\...\MountPoints2: E - E:\Setup.exe
    HKU\S-1-5-21-2662874997-491916432-370945938-1000\...\MountPoints2: {16f2f309-764f-11e7-812e-001d7dfd436a} - E:\setup.exe
    HKU\S-1-5-21-2662874997-491916432-370945938-1000\...\MountPoints2: {28ddda2f-795e-11e7-9a5f-001d7dfd436a} - E:\_aom.exe
    HKU\S-1-5-21-2662874997-491916432-370945938-1000\...\MountPoints2: {28ddda32-795e-11e7-9a5f-001d7dfd436a} - F:\_aom.exe
    CHR DefaultProfile: Profile 1
    CHR Profile: C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default [2017-09-11]
    CHR Profile: C:\Users\win7\AppData\Local\Google\Chrome\User Data\Profile 1B [2017-05-12] <==== ATENÇÃO
    S3 catchme; \??\C:\Users\win7\AppData\Local\Temp\catchme.sys [X]
    S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]
    S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X]
    S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]
    2016-09-23 11:46 - 2016-09-23 11:46 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
    2017-07-20 19:23 - 2017-07-20 19:23 - 000053248 _____ () C:\Users\win7\AppData\Local\Temp\catchme.dll
    2017-05-20 15:38 - 2017-07-29 23:17 - 000003584 _____ () C:\Users\win7\AppData\Local\Temp\dateinj01.dll
    2002-10-20 18:05 - 2002-10-20 18:05 - 001020000 ____N (Microsoft Corporation) C:\Users\win7\AppData\Local\Temp\EBU327A.exe
    2002-10-20 18:24 - 2002-10-20 18:24 - 002117632 ____N (Microsoft Corporation) C:\Users\win7\AppData\Local\Temp\EBU3C1B.DLL
    2017-09-11 14:15 - 2017-09-11 14:15 - 000740416 _____ (Oracle Corporation) C:\Users\win7\AppData\Local\Temp\jre-8u144-windows-au.exe
    2017-04-11 19:26 - 2006-03-02 23:42 - 000073728 _____ () C:\Users\win7\AppData\Local\Temp\pv.exe
    2017-04-11 19:26 - 2006-11-27 02:34 - 000049152 _____ () C:\Users\win7\AppData\Local\Temp\vfind.exe
    2017-04-04 14:23 - 2017-04-04 14:23 - 007178424 _____ (VS Revo Group                                               ) C:\Users\win7\AppData\Local\Temp\VSUSetup.exe
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Nenhum Arquivo
    ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Nenhum Arquivo
    CMD: ipconfig /flushdns
    EmptyTemp:

    *****************

    Ponto de Restauração criado com sucesso.
    Processos fechados com sucesso.

    ========= bitsadmin /util /setieproxy localsystem NO_PROXY RESET =========


    BITSADMIN version 3.0 [ 7.5.7600 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    Internet proxy settings for account localsystem set to NO_PROXY.
    (connection = default)


    ========= Fim de CMD: =========

    HKU\S-1-5-21-2662874997-491916432-370945938-1000\Software\Microsoft\Windows\CurrentVersion\Run\\f.lux => valor removido (a) com sucesso.
    HKU\S-1-5-21-2662874997-491916432-370945938-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E => chave removido (a) com sucesso.
    HKU\S-1-5-21-2662874997-491916432-370945938-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16f2f309-764f-11e7-812e-001d7dfd436a} => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{16f2f309-764f-11e7-812e-001d7dfd436a} => chave não encontrado (a). 
    HKU\S-1-5-21-2662874997-491916432-370945938-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28ddda2f-795e-11e7-9a5f-001d7dfd436a} => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{28ddda2f-795e-11e7-9a5f-001d7dfd436a} => chave não encontrado (a). 
    HKU\S-1-5-21-2662874997-491916432-370945938-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28ddda32-795e-11e7-9a5f-001d7dfd436a} => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{28ddda32-795e-11e7-9a5f-001d7dfd436a} => chave não encontrado (a). 

    ========================= CHR DefaultProfile: Profile 1 ========================

    "CHR DefaultProProfile 1" => não encontrado (a).
    ====== Fim de File: ======

    C:\Users\win7\AppData\Local\Google\Chrome\User Data\Default => movido com sucesso
    C:\Users\win7\AppData\Local\Google\Chrome\User Data\Profile 1B => movido com sucesso
    HKLM\System\CurrentControlSet\Services\catchme => chave removido (a) com sucesso.
    catchme => serviço removido (a) com sucesso.
    HKLM\System\CurrentControlSet\Services\MBAMFarflt => chave removido (a) com sucesso.
    MBAMFarflt => serviço removido (a) com sucesso.
    HKLM\System\CurrentControlSet\Services\MBAMProtection => chave removido (a) com sucesso.
    MBAMProtection => serviço removido (a) com sucesso.
    HKLM\System\CurrentControlSet\Services\MBAMWebProtection => chave removido (a) com sucesso.
    MBAMWebProtection => serviço removido (a) com sucesso.
    C:\ProgramData\DP45977C.lfl => movido com sucesso
    C:\Users\win7\AppData\Local\Temp\catchme.dll => movido com sucesso
    C:\Users\win7\AppData\Local\Temp\dateinj01.dll => movido com sucesso
    C:\Users\win7\AppData\Local\Temp\EBU327A.exe => movido com sucesso
    C:\Users\win7\AppData\Local\Temp\EBU3C1B.DLL => movido com sucesso
    C:\Users\win7\AppData\Local\Temp\jre-8u144-windows-au.exe => movido com sucesso
    C:\Users\win7\AppData\Local\Temp\pv.exe => movido com sucesso
    C:\Users\win7\AppData\Local\Temp\vfind.exe => movido com sucesso
    C:\Users\win7\AppData\Local\Temp\VSUSetup.exe => movido com sucesso
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => chave não encontrado (a). 
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => chave não encontrado (a). 
    HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => chave não encontrado (a). 

    ========= ipconfig /flushdns =========


    Configura‡Æo de IP do Windows

    Libera‡Æo do Cache do DNS Resolver bem-sucedida.

    ========= Fim de CMD: =========


    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 64398421 B
    Java, Flash, Steam htmlcache => 492 B
    Windows/system/drivers => 229027015 B
    Edge => 0 B
    Chrome => 1368144494 B
    Firefox => 386718583 B
    Opera => 7980910 B

    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 0 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 17842 B
    LocalService => 132244 B
    NetworkService => 66812 B
    win7 => 85666987 B

    RecycleBin => 5484146710 B
    EmptyTemp: => 7.1 GB de dados temporários Removidos.

    ================================


    O sistema precisou ser reiniciado.

    ==== Fim de Fixlog 19:12:32 ====

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    473

    Caro @marlonbeckham

     

    Acesse o site Malwarebytes, clique em Download Gratuito e baixe o arquivo para sua Área de Trabalho (Desktop).

     

    Desative antivírus, antispywares, enfim, programas de prevenção para não causar conflitos.

     

    Clique com o botão direito do mouse no arquivo setup.exe e escolha: Executar como Administrador

     

    • Siga os passos para a instalação;
    • Ao clicar em Concluir aguarde o programa ser aberto;
    • No alto à direita clique em Atualizar agora;
    • O navegador irá abrir, pode fechá-lo e aguarde o término das atualizações;
    • No painel à esquerda clique em Configurações;
    • Na aba Proteção ative Procurar rootkits;
    • Depois clique em Análise no painel à esquerda;
    • Então clique no botão Iniciar Análise e aguarde;
    • Quando o scan terminar uma janela irá se abrir próximo ao relógio;
    • Nela clique em Ver Resultado;
    • Deixe todas as entradas marcadas e clique no botão Colocar em Quarentena;
    • Na janela que abrir clique em Sim para que o computador seja reiniciado;
    • Uma vez reiniciado, abra novamente o Malwarebytes e clique em Histórico e cliquem em Excluir Tudo (opcional);
    • O log será salvo automaticamente pelo programa.
    • Para exportá-lo, clique na aba Histórico > Registros do aplicativo na janela principal do programa;
    • Clique duas vezes em cima do log mais atual e exporte em .TXT;
    • Poste em sua próxima resposta.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    473

    Caro @marlonbeckham

     

    Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

    Baixe o Stinger e salve em sua Área de trabalho (Desktop).
    32 bit (x86) ou 64 bit (x64)

    • Execute o arquivo Stinger.exe como Administrador.
    • Clique no botão “I Accept”


    Stinger%20a.png

    Na nova janela clique em “Advanced” e depois “Settings”

    Stinger%20b.png

    Na janela configurações deixe conforme imagem abaixo e clique no botão “Save”

    9hnsyu.png

    Clique em “Customize my Scan”

    Stinger%20f.png

    Selecione as unidades do sistema e em seguida clique no botão “Scan”

    Stinger%20g.png

    Ao final clique em “View log”, será aberto uma janela com o log em seu navegador.
    Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    marlonbeckham    0
  • Autor do tópico
  • Oi Diego, tudo bem? Aqui está:

     

    Ah, uma coisa que eu notei no resultado do log foi a parte onde diz "Rootkit scan result: Not Scanned". A opção de scannear rootkits estava marcada, como no exemplo.

    ___

     

    McAfee Stinger Scan Results

    McAfee® Labs Stinger™ Version 12.1.0.2500 built on Sep 19 2017 at 00:31:03

    Copyright© 2015, McAfee, Inc. All Rights Reserved.

     

    AV Engine version v5900.7806 for Windows.

    Virus data file v1000.0 created on Sep 19, 2017

    Ready to scan for 10225 viruses, trojans and variants.

     

    Custom scan initiated on terça-feira, setembro 19, 2017 15:36:51

     

    Rootkit scan result : Not Scanned.

     

    C:\Users\win7\AppData\Roaming\ZHP\Quarantine\zoek-delete.exe [MD5:cc7aa7b42cf418fc3d926913490048f8] is infected with Artemis!CC7AA7B42CF4

    C:\Users\win7\AppData\Roaming\ZHP\Quarantine\zoek-delete.exe has been Deleted

    C:\Windows\KMService.exe [MD5:82865ff17bc664c711efa674759f9991] is infected with Generic.ss!aad C:\Windows\KMService.exe has been Deleted

     

    Summary Report on C:

    I: File(s)

    TotalFiles:............ 340946

    Clean:................. 181815

    Not Scanned:........... 159129

    Possibly Infected:..... 2

     

    Time: 01:32:08

    Scan completed on terça-feira, setembro 19, 2017 17:08:59

     

     

    Abraços

    Editado por marlonbeckham

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    473

    Caro @marlonbeckham

     

    Citação

    Ah, uma coisa que eu notei no resultado do log foi a parte onde diz "Rootkit scan result: Not Scanned". A opção de scannear rootkits estava marcada, como no exemplo.

     

    Não tem problema, pois o MBAM fez um scan por eles... mas é bom saber! ;)

     

    Baixe Security Check, by glax24 e salve em sua Área de trabalho (Desktop).

     

    Execute o arquivo como Administrador

    • Aguarde enquanto a ferramenta faz o exame.
    • Ao final salve log como SecurityCheck.html
    • Abra o arquivo com o bloco de notas;
    • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    marlonbeckham    0
  • Autor do tópico
  • SecurityCheck by glax24 & Severnyj v.1.4.0.52 [25.07.17]
    WebSite: www.safezone.cc
    DateLog: 23.09.2017 20:22:00
    Path starting: C:\Users\win7\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
    Log directory: C:\SecurityCheck\
    IsAdmin: True
    User: win7
    VersionXML: 4.64is-23.09.2017
    ___________________________________________________________________________

    Windows 7(6.1.7600) (x86) Ultimate Lang: Portuguese(0416)
    Installation date OS: 12.04.2016 19:38:28
    LicenseStatus: Windows(R) 7, Ultimate edition The machine is permanently activated.
    Boot Mode: Normal
    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
    SystemDrive: C: FS: [NTFS] Capacity: [465.7 Gb] Used: [59 Gb] Free: [406.7 Gb]
    ------------------------------- [ Windows ] -------------------------------
    Service Pack not Installed Warning! Download Update
    Possible re-activation of Windows will be needed.
    Internet Explorer 8.0.7600.16385 Warning! Download Update
    Online installation. Last version available when Windows update is enabled throught the Internet.
    User Account Control enabled
    Notify before download
    Date install updates: 2016-06-04 15:39:36
    Windows Update (wuauserv) - The service is running
    Central de Segurança (wscsvc) - The service is running
    Registro remoto (RemoteRegistry) - The service has stopped
    Descoberta SSDP (SSDPSRV) - The service is running
    Serviços de Área de Trabalho Remota (TermService) - The service has stopped
    Serviço de Publicação da World Wide Web (W3SVC) - The service is running
    Windows Remote Management (WS-Management) (WinRM) - The service has stopped
    ------------------------------ [ MS Office ] ------------------------------
    Microsoft Office 2010 x86 v.14.0.4763.1000
    ---------------------------- [ Antivirus_WMI ] ----------------------------
    Malwarebytes (enabled and up to date)
    AVG Antivirus (disabled and up to date)
    ---------------------------- [ Firewall_WMI ] -----------------------------
    AVG Antivirus (disabled)
    --------------------------- [ AntiSpyware_WMI ] ---------------------------
    Malwarebytes (enabled and up to date)
    Windows Defender (disabled and out of date)
    AVG Antivirus (disabled and up to date)
    ---------------------- [ AntiVirusFirewallInstall ] -----------------------
    AVG Internet Security v.17.6.3029
    -------------------------- [ SecurityUtilities ] --------------------------
    Secunia PSI (3.0.0.11005) v.3.0.0.11005
    Malwarebytes versão 3.2.2.2029 v.3.2.2.2029
    --------------------------- [ OtherUtilities ] ----------------------------
    WinRAR 5.31 (32-bit) v.5.31.0 Warning! Download Update
    --------------------------------- [ P2P ] ---------------------------------
    µTorrent v.3.5.0.43916 Warning! P2P-client.
    -------------------------------- [ Java ] ---------------------------------
    Java 8 Update 144 v.8.0.1440.1
    --------------------------- [ AppleProduction ] ---------------------------
    QuickTime 7 v.7.79.80.95 Warning! This software is no longer supported. Please uninstall it and use another software.
    --------------------------- [ AdobeProduction ] ---------------------------
    Adobe AIR v.21.0.0.215 Warning! Download Update
    Adobe Shockwave Player 12.2 v.12.2.4.194 Warning! Download Update
    Adobe Acrobat Reader DC - Português v.17.012.20098
    ------------------------------- [ Browser ] -------------------------------
    Google Chrome v.60.0.3112.113 Warning! Download Update
    Mozilla Firefox 55.0.3 (x86 pt-BR) v.55.0.3
    Opera Stable 47.0.2631.80 v.47.0.2631.80
    ----------------------------- [ EmailClient ] -----------------------------
    Mozilla Thunderbird 45.8.0 (x86 pt-BR) v.45.8.0 Warning! Download Update
    --------------------------- [ RunningProcess ] ----------------------------
    C:\Program Files\Google\Chrome\Application\chrome.exe v.60.0.3112.113
    ------------------ [ AntivirusFirewallProcessServices ] -------------------
    C:\Program Files\AVG\Antivirus\afwServ.exe v.17.6.3625.0
    AVG Antivirus (AVG Antivirus) - The service is running
    C:\Program Files\AVG\Antivirus\AVGSvc.exe v.17.6.3625.0
    AVG Service (avgsvc) - The service is running
    AVG Service (avgsvc) - The service is running
    C:\Program Files\AVG\Framework\Common\avgsvcx.exe v.1.224.3.14229
    C:\Program Files\AVG\Antivirus\avgui.exe v.17.6.3625.218
    C:\Program Files\AVG\Framework\Common\avguix.exe v.1.224.3.14229
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.3.0.0.1169
    Malwarebytes Service (MBAMService) - The service is running
    C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.556
    McAfee Validation Trust Protection Service (mfevtp) - The service is running
    C:\Windows\System32\mfevtps.exe v.15.6.0.1870
    Windows Defender (WinDefend) - The service has stopped
    ----------------------------- [ End of Log ] ------------------------------
     

     

    Abraços, Diego!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Crie uma conta ou entre para comentar

    Você precisar ser um membro para fazer um comentário






    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×