Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
vozdoseven

Vírus Gerenciador de Tarefas

Recommended Posts

Cumprimentos

Creio ser vírus.  Por mero acaso, porque nada tinha notado no computador, tentei abrir o "gerenciador de tarefas", quer por alt+ctrl+del, quer através do iniciar,  mas não consegui... dá indicações de que a janela vai abrir, mas nada acontece.  Tentei fazer pesquisa no google, mas fecha-se toda a página que eu tente abrir em que esteja escrito "gerenciador de tarefas" [acredito eu]. Todas as páginas que tenha abertas se fecham.  Afirmo o que acabei de dizer, porque se escrever "gerenciador de dispositivos" já não se fecham. Acontece quer no Chrome, quer no IE.

Segue o "log" pedido.

Agradecendo

António Neves

Post - scriptum --- peço desculpa por fazer esta edição, mas acontece que ao enviar o tópico, as páginas que tinham abertas fecharam-se imediatamente [afinal o problema que acuso]. Verifiquei depois que o tópico tinha seguido, mas fiquei sem acesso... estou a fazer a edição no "modo de segurança".... 

ZA-Scan.txt

Editado por vozdoseven

Compartilhar este post


Link para o post
Compartilhar em outros sites

@vozdoseven

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • IMPORTANTE: Caso tenha programas de ativação do windows ou de compartilhamento de torrent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do forum;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas;
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Siga os passos abaixo:

ETAPA 1

Baixe o Malwarebytes Anti-Malware (MBAM) do link abaixo e salve no seu desktop.
https://downloads.malwarebytes.org/file/mbam_current/
 
Clique duas vezes no mbam-setup.exe e siga o solicitado para instalar o programa.

  • Na aba Análise > Analise Personalizada marque a opção Procurar rootkits e as entradas referente a instalação do sistema operacional. Normalmente é o drive C:;
  • Clique em Analisar Agora. Aguarde, pois o scan pode demorar;
  • Ao acabar o scan, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas ou Colocar em Quarentena;
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo);
  • Caso o mbam não seja executado automaticamente após a reinicialização, execute manualmente;
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Relatórios na janela principal do programa;
  • Clique duas vezes no log (Registro de verificação). Clique no botão Exportar e utilize o formato .txt para exportar o log. Salve na Área de Trabalho;
  • Abra o arquivo, selecione tudo, copie e cole o conteúdo deste log em sua próxima resposta.



NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

ETAPA 2

Faça o download do AdwCleaner de um dos links abaixo e salve no desktop.
https://toolslib.net/downloads/viewdownload/1-adwcleaner/
http://www.bleepingcomputer.com/download/adwcleaner/

Clique em DOWNLOAD NOW para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em VRIfczU.png

Clique em EXAMINAR. Após o termino clique em LIMPAR e aguarde.

Será aberto o bloco de notas com o resultado.

Selecione, copie e cole o seu conteúdo na próxima resposta.

ETAPA 3

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe jrt.exe do link abaixo e salve no desktop.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo jrt.exe, depois clique em VRIfczU.png

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Cumprimentos

    Realizei as tarefas que me recomendou [em "modo de segurança" porque não consigo acessar esta página normalmente] e vou colocar os "logs" . Não sei se será importante referir que após ter feito todos os procedimentos, experimentei acessar normalmente esta mesma página onde escrevo e fiquei feliz por conseguir, contudo, hoje de manhã vi, com tristeza, que voltou à primeira forma... só consigo acessar em modo de segurança.

    O problema mantem-se. 

    Agradecendo 

    António Neves

     

    Malwarebytes
    www.malwarebytes.com

    -Detalhes de registro-
    Data da análise: 19/09/17
    Hora da análise: 16:46
    Arquivo de registro: 3bc7a7c4-9d73-11e7-8e99-382c4a8d39ff.json
    Administrador: Sim

    -Informação do software-
    Versão: 3.2.2.2029
    Versão de componentes: 1.0.188
    Versão do pacote de definições: 1.0.2844
    Licença: Versão de Avaliação

    -Informação do sistema-
    Sistema operacional: Windows 7 Service Pack 1
    CPU: x64
    Sistema de arquivos: NTFS
    Usuário: Neves-PC\Neves

    -Resumo da análise-
    Tipo de análise: Análise Customizada
    Resultado: Concluído
    Objetos verificados: 278753
    Ameaças detectadas: 32
    Ameaças em quarentena: 30
    Tempo decorrido: 4 hr, 6 min, 46 seg

    -Opções da análise-
    Memória: Habilitado
    Inicialização: Habilitado
    Sistema de arquivos: Habilitado
    Arquivos compactados: Habilitado
    Rootkits: Habilitado
    Heurística: Habilitado
    PUP: Detectar
    PUM: Detectar

    -Detalhes da análise-
    Processo: 0
    (Nenhum item malicioso detectado)

    Módulo: 0
    (Nenhum item malicioso detectado)

    Chave de registro: 2
    PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\CRSBRWSHTML, Quarentena, [5989], [237102],1.0.2844
    PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarentena, [83], [-1],0.0.0

    Valor de registro: 4
    PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, Quarentena, [5989], [251993],1.0.2844
    PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Falha ao remover, [83], [-1],0.0.0
    PUP.Optional.Wajam, HKU\S-1-5-21-3906829491-772124867-3683219445-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [83], [-1],0.0.0
    PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Falha ao remover, [83], [-1],0.0.0

    Dados de registro: 0
    (Nenhum item malicioso detectado)

    Fluxo de dados: 0
    (Nenhum item malicioso detectado)

    Pasta: 8
    PUP.Optional.Smeazymo, C:\Program Files\Dripkick\packages, Quarentena, [1986], [181654],1.0.2844
    PUP.Optional.Smeazymo, C:\Program Files\Dripkick, Quarentena, [1986], [181654],1.0.2844
    PUP.Optional.Wajam, C:\Program Files (x86)\WaNetworkEnhancer\WaNetworkEnhancer Internet Enhancer, Quarentena, [83], [181964],1.0.2844
    PUP.Optional.Wajam, C:\Program Files (x86)\WaNetworkEnhancer\Logos, Quarentena, [83], [181964],1.0.2844
    PUP.Optional.Wajam, C:\Program Files (x86)\WaNetworkEnhancer, Quarentena, [83], [181964],1.0.2844
    PUP.Optional.CrossAd.Gen, C:\Users\Neves\AppData\Local\Image Rest\{D68860D4-9C0A-D804-26DD-390ABDFC412A}, Quarentena, [8940], [301775],1.0.2844
    PUP.Optional.CrossAd.Gen, C:\Users\Neves\AppData\Local\Image Rest\Component, Quarentena, [8940], [301775],1.0.2844
    PUP.Optional.CrossAd.Gen, C:\USERS\NEVES\APPDATA\LOCAL\IMAGE REST, Quarentena, [8940], [301775],1.0.2844

    Arquivo: 18
    PUP.Optional.Smeazymo, C:\Program Files\Dripkick\config.conf, Quarentena, [1986], [181654],1.0.2844
    PUP.Optional.IdleKMS, C:\PROGRAM FILES\KMSPICO\AUTOPICO.EXE, Quarentena, [9696], [156330],1.0.2844
    PUP.Optional.Wajam, C:\Program Files (x86)\WaNetworkEnhancer\WaNetworkEnhancer Internet Enhancer\099572561671ea972077fb1e141ecbd1, Quarentena, [83], [181964],1.0.2844
    PUP.Optional.Wajam, C:\Program Files (x86)\WaNetworkEnhancer\WaNetworkEnhancer Internet Enhancer\2cc5746e309595e72aa57d2594148707, Quarentena, [83], [181964],1.0.2844
    PUP.Optional.Wajam, C:\Program Files (x86)\WaNetworkEnhancer\WaNetworkEnhancer Internet Enhancer\365ba1b5a1d701653ee9c7190feef5b7, Quarentena, [83], [181964],1.0.2844
    PUP.Optional.Wajam, C:\Program Files (x86)\WaNetworkEnhancer\WaNetworkEnhancer Internet Enhancer\45d2b3c35022619e1f0869f7c5155c67, Quarentena, [83], [181964],1.0.2844
    PUP.Optional.Wajam, C:\Program Files (x86)\WaNetworkEnhancer\WaNetworkEnhancer Internet Enhancer\b0fc26332a481db9e8f05806e5a8b1ed, Quarentena, [83], [181964],1.0.2844
    PUP.Optional.Wajam, C:\Program Files (x86)\WaNetworkEnhancer\WaNetworkEnhancer Internet Enhancer\b5959453377990c59562d0934a7a3570, Quarentena, [83], [181964],1.0.2844
    PUP.Optional.Wajam, C:\Program Files (x86)\WaNetworkEnhancer\WaNetworkEnhancer Internet Enhancer\cd2bdae12f2dec2beb4a02b8567f155c, Quarentena, [83], [181964],1.0.2844
    PUP.Optional.Wajam, C:\Program Files (x86)\WaNetworkEnhancer\WaNetworkEnhancer Internet Enhancer\lan-proxy-settings.dat, Quarentena, [83], [181964],1.0.2844
    PUP.Optional.Wajam, C:\Program Files (x86)\WaNetworkEnhancer\WaNetworkEnhancer Internet Enhancer\WJManifest, Quarentena, [83], [181964],1.0.2844
    PUP.Optional.CrossAd.Gen, C:\USERS\NEVES\APPDATA\LOCAL\IMAGE REST\COMPONENT\CONFIG.JSON, Quarentena, [8940], [301775],1.0.2844
    PUP.Optional.CrossAd.Gen, C:\Users\Neves\AppData\Local\Image Rest\Component\manifest.json, Quarentena, [8940], [301775],1.0.2844
    PUP.Optional.CrossAd.Gen, C:\Users\Neves\AppData\Local\Image Rest\Component\uconfig.json, Quarentena, [8940], [301775],1.0.2844
    PUP.Optional.CrossAd.Gen, C:\Users\Neves\AppData\Local\Image Rest\{D68860D4-9C0A-D804-26DD-390ABDFC412A}\c.dat, Quarentena, [8940], [301775],1.0.2844
    Trojan.Floxif, C:\USERS\NEVES\DESKTOP\PHOTOBUCKET\CCSETUP533.EXE, Quarentena, [8822], [436382],1.0.2844
    PUP.Optional.InstallCore, C:\USERS\NEVES\DOWNLOADS\BAIXAKI_RECUVA.EXE, Quarentena, [2], [324268],1.0.2844
    PUP.Optional.InstallCore, C:\USERS\NEVES\DOWNLOADS\BAIXAKI_WINRAR_2548970528.EXE, Quarentena, [2], [406528],1.0.2844

    Setor físico: 0
    (Nenhum item malicioso detectado)


    (end)

     

     

    # AdwCleaner 7.0.2.1 - Logfile created on Wed Sep 20 00:29:34 2017
    # Updated on 2017/29/08 by Malwarebytes 
    # Database: 09-18-2017.1
    # Running on Windows 7 Professional (X64)
    # Mode: scan
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    PUP.Optional.Legacy, WtuSystemSupport


    ***** [ Folders ] *****

    PUP.Optional.Legacy, C:\Program Files\Common Files\AVG Secure Search
    PUP.Optional.Legacy, C:\Program Files (x86)\Common Files\AVG Secure Search
    PUP.Optional.Legacy, C:\Users\Neves\ext
    PUP.Optional.Legacy, C:\ProgramData\avg web tuneup
    PUP.Optional.Legacy, C:\ProgramData\Application Data\avg web tuneup
    PUP.Optional.Legacy, C:\Program Files (x86)\avg web tuneup
    PUP.Optional.Legacy, C:\Users\All Users\avg web tuneup
    PUP.Optional.Legacy, C:\Users\Neves\AppData\Local\avg web tuneup
    PUP.Optional.Legacy, C:\Users\Todos os Usuários\avg web tuneup
    PUP.Optional.Legacy, C:\ProgramData\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583
    PUP.Optional.Legacy, C:\ProgramData\Application Data\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583
    PUP.Optional.Legacy, C:\Users\All Users\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583
    PUP.Optional.Legacy, C:\Users\Todos os Usuários\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583


    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\AVG Tuneup
    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\MozillaPlugins\@avg.com\AVG SiteSafety plugin,version=11.0.0.1,application\x-avg-sitesafety-plugin
    PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
    PUP.Optional.CrossRider, [Key] - HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
    PUP.Optional.CrossRider, [Key] - HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_


    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries.

    *************************

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

     

     

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.4 (07.09.2017)
    Operating System: Windows 7 Professional x64 
    Ran by Neves (Administrator) on 19/09/2017 at 21:37:11,20
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    File System: 40 

    Successfully deleted: C:\Users\Neves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MAGF0IR (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Neves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20GX5VHM (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Neves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\32662SIN (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Neves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4334SNH0 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Neves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53GE3C1C (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Neves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MUU6H2P (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Neves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8XY9K2NT (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Neves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98CHL9DZ (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Neves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B0A2J9BU (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Neves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D0BS072B (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Neves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FLHNEC2Q (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Neves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G1X0PQ5V (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Neves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GVBOJO8M (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Neves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I78IKFSN (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Neves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JOUKB8A6 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Neves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUHS7SL3 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Neves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S85OCMD9 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Neves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\THY89PF4 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Neves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\USUJ3RE4 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Neves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLPFO9FS (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MAGF0IR (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20GX5VHM (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\32662SIN (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4334SNH0 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53GE3C1C (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MUU6H2P (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8XY9K2NT (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98CHL9DZ (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B0A2J9BU (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D0BS072B (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FLHNEC2Q (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G1X0PQ5V (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GVBOJO8M (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I78IKFSN (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JOUKB8A6 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUHS7SL3 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S85OCMD9 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\THY89PF4 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\USUJ3RE4 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLPFO9FS (Temporary Internet Files Folder) 

    Registry: 3 

    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)
    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 19/09/2017 at 21:46:00,44
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Peço desculpa pela edição, mas pode ser relevante

    ...  reparei que no "log" do malware, apareceu um arquivo malicioso do ccleaner. Sobre este programa tenho a dizer que, por vezes, hoje aconteceu-me outra vez, aparece, vindo do nada, logo quando eu abro o PC, uma janela a convidar-me para actualizar o programa. Eu recuso, mas provavelmente já teria aceite. Removi o ccleaner , mas há arquivos  que não desapareceram e em um deles, o primeiro que assinalo a vermelho na imagem que envio,  não me é permitido apagá-lo manualmente. Curioso é que a data é de ontem e não instalei nada do ccleaner.

    a localização do arquivo é C:\ProgramData\Avg\Antivirus\SWCUData\Cache\InstallLocation

    ccleaner.png

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @vozdoseven

     

    Está dentro da pasta do AVG. Acredito que seja teu antivírus que não deixa apagar a pasta.

     

    Faça o download do RogueKiller by Tigzy, e salve na sua área de trabalho (Desktop).
    roguekiller.exe (x64) << link

    • Feche todos os programas
    • Execute o RogueKiller.exe.
      ** Usuários do Windows Vista, Windows 7, 8, 8.1 e Windows 10:
      Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em VRIfczU.png.
    • Quando a janela da Eula aparecer, clique em Accept.
    • Selecione a aba SCAN
    • Clique em START SCAN
    • Aguarde ate que o scan termine...
    • Clique no botão OPEN REPORT
    • Clique na opção EXPORT TXT e salve na Área de Trabalho com o nome de roguekiller.txt
    • Clique em OK e feche o RogueKiller.

     


    Atente para abrir o arquivo, copiar e colar todo o conteúdo na sua próxima resposta

     

    Editado por Elias Pereira

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Cumprimentos Elias

    Fiz o scan com o "Rogue", segue o log

    Agradecendo

    António Neves

     

    RogueKiller V12.11.16.0 (x64) [Sep 18 2017] (Free) por Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Site : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Iniciou : Modo normal
    Usuário : Neves [Administrador]
    Started from : C:\Users\Neves\Desktop\RogueKiller_portable64.exe
    Modo : Escanear -- Data : 09/20/2017 11:21:57 (Duration : 00:28:00)

    ¤¤¤ Processos : 0 ¤¤¤

    ¤¤¤ Registro : 9 ¤¤¤
    [PUP.Gen0|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WtuSystemSupport ("C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe") -> Encontrado
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 201.6.2.173 201.6.2.113 ([Brazil][Brazil])  -> Encontrado
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 201.6.2.117 201.6.2.115 ([Brazil][-])  -> Encontrado
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 201.6.2.117 201.6.2.115 ([Brazil][-])  -> Encontrado
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FB1ED1A9-79E2-4151-B5DA-EB3A4E3103AB} | DhcpNameServer : 201.6.2.173 201.6.2.113 ([Brazil][Brazil])  -> Encontrado
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{FB1ED1A9-79E2-4151-B5DA-EB3A4E3103AB} | DhcpNameServer : 201.6.2.117 201.6.2.115 ([Brazil][-])  -> Encontrado
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{FB1ED1A9-79E2-4151-B5DA-EB3A4E3103AB} | DhcpNameServer : 201.6.2.117 201.6.2.115 ([Brazil][-])  -> Encontrado
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3906829491-772124867-3683219445-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Encontrado
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3906829491-772124867-3683219445-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Encontrado

    ¤¤¤ Tarefas : 1 ¤¤¤
    [PUP.HackTool] \AutoPico Daily Restart -- "C:\Program Files\KMSpico\AutoPico.exe" (/silent) -> Encontrado

    ¤¤¤ Arquivos : 7 ¤¤¤
    [Hj.Shortcut][Arquivo] C:\Users\Neves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe https://startme.online/?ei=qTNKGCjMhxlsXeuKtBTNUSgeIaVJaUN0U2%2Bs8bBWS2hYxvpSpchOuILpm3fmc%2BPEskuYqPrG8Wp88TYKbvcnrOQ%3D -> Encontrado
    [Hj.Shortcut][Arquivo] C:\Users\Neves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [LNK@] C:\PROGRA~2\INTERN~1\iexplore.exe https://startme.online/?ei=qTNKGCjMhxlsXeuKtBTNUSgeIaVJaUN0U2%2Bs8bBWS2hYxvpSpchOuILpm3fmc%2BPEskuYqPrG8Wp88TYKbvcnrOQ%3D -> Encontrado
    [Hj.Shortcut][Arquivo] C:\Users\Neves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe https://startme.online/?ei=qTNKGCjMhxlsXeuKtBTNUSgeIaVJaUN0U2%2Bs8bBWS2hYxvpSpchOuILpm3fmc%2BPEskuYqPrG8Wp88TYKbvcnrOQ%3D -> Encontrado
    [Hj.Shortcut][Arquivo] C:\Users\Neves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe https://startme.online/?ei=qTNKGCjMhxlsXeuKtBTNUSgeIaVJaUN0U2%2Bs8bBWS2hYxvpSpchOuILpm3fmc%2BPEskuYqPrG8Wp88TYKbvcnrOQ%3D -> Encontrado
    [Hidden.ADS][Stream] C:\Windows\System32:15B6DF22_Abn.gbp -> Encontrado
    [PUP.HackTool][Pasta] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico -> Encontrado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico -> Encontrado

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Arquivos de hosts : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

    ¤¤¤ Navegadores : 0 ¤¤¤

    ¤¤¤ Verificação da MBR : ¤¤¤
    +++++ PhysicalDrive0: WDC WD3200AAJS-00L7A0 ATA Device +++++
    --- User ---
    [MBR] a00d19c6c3ac00782a068ba21721ca57
    [BSP] ea446bceb0be53f8c26cbac00b1115b3 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 305143 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

     

     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @vozdoseven

     

    Feche todos os programas

    • Execute RogueKiller.exe.
      ** Usuários do Windows Vista, 7, 8/8.1 e windows 10:
      Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em VRIfczU.png
    • Quando a Eula aparecer, clique em Accept.
    • Selecione a aba SCAN e clique em START SCAN
    • Aguarde ate que o scan termine.
    • >>>>>>> Navegue entre as abas e marque todas as entradas encontradas <<<<<<<
    • Clique em REMOVE SELECTED
    • Aguarde ate que o programa termine de deletar as infecções.
    • Clique no botão OPEN REPORT e depois em EXPORT TXT
    • Salve como report.txt na sua Área de Trabalho

    Abra o arquivo report.txt salvo no sua Área de Trabalho, copie e cole todo o conteudo na sua próxima resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Boa noite caro Elias

    Segue o log do "Rogue" após limpeza

    Trabalhei com o PC em "modo normal", mas faço esta resposta em "modo de segurança". Não experimentei ainda se o problema desapareceu. Prefiro esperar por ordens.

    Agradecendo

    António Neves

     

    RogueKiller V12.11.16.0 (x64) [Sep 18 2017] (Free) por Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Site : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Iniciou : Modo normal
    Usuário : Neves [Administrador]
    Started from : C:\Users\Neves\Desktop\RogueKiller_portable64.exe
    Modo : Deletar -- Data : 09/20/2017 19:58:52 (Duration : 00:25:53)

    ¤¤¤ Processos : 0 ¤¤¤

    ¤¤¤ Registro : 9 ¤¤¤
    [PUP.Gen0|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WtuSystemSupport ("C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe") -> Deletado
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 201.6.2.173 201.6.2.113 ([Brazil][Brazil])  -> Substituído ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 201.6.2.117 201.6.2.115 ([Brazil][-])  -> Substituído ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 201.6.2.117 201.6.2.115 ([Brazil][-])  -> Substituído ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FB1ED1A9-79E2-4151-B5DA-EB3A4E3103AB} | DhcpNameServer : 201.6.2.173 201.6.2.113 ([Brazil][Brazil])  -> Substituído ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{FB1ED1A9-79E2-4151-B5DA-EB3A4E3103AB} | DhcpNameServer : 201.6.2.117 201.6.2.115 ([Brazil][-])  -> Substituído ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{FB1ED1A9-79E2-4151-B5DA-EB3A4E3103AB} | DhcpNameServer : 201.6.2.117 201.6.2.115 ([Brazil][-])  -> Substituído ()
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3906829491-772124867-3683219445-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Substituído (1)
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3906829491-772124867-3683219445-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Substituído (1)

    ¤¤¤ Tarefas : 1 ¤¤¤
    [PUP.HackTool] \AutoPico Daily Restart -- "C:\Program Files\KMSpico\AutoPico.exe" (/silent) -> Deletado

    ¤¤¤ Arquivos : 7 ¤¤¤
    [Hj.Shortcut][Arquivo] C:\Users\Neves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe https://startme.online/?ei=qTNKGCjMhxlsXeuKtBTNUSgeIaVJaUN0U2%2Bs8bBWS2hYxvpSpchOuILpm3fmc%2BPEskuYqPrG8Wp88TYKbvcnrOQ%3D -> Shortcut cleaned
    [Hj.Shortcut][Arquivo] C:\Users\Neves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [LNK@] C:\PROGRA~2\INTERN~1\iexplore.exe https://startme.online/?ei=qTNKGCjMhxlsXeuKtBTNUSgeIaVJaUN0U2%2Bs8bBWS2hYxvpSpchOuILpm3fmc%2BPEskuYqPrG8Wp88TYKbvcnrOQ%3D -> Shortcut cleaned
    [Hj.Shortcut][Arquivo] C:\Users\Neves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe https://startme.online/?ei=qTNKGCjMhxlsXeuKtBTNUSgeIaVJaUN0U2%2Bs8bBWS2hYxvpSpchOuILpm3fmc%2BPEskuYqPrG8Wp88TYKbvcnrOQ%3D -> Shortcut cleaned
    [Hj.Shortcut][Arquivo] C:\Users\Neves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe https://startme.online/?ei=qTNKGCjMhxlsXeuKtBTNUSgeIaVJaUN0U2%2Bs8bBWS2hYxvpSpchOuILpm3fmc%2BPEskuYqPrG8Wp88TYKbvcnrOQ%3D -> Shortcut cleaned
    [Hidden.ADS][Stream] C:\Windows\System32:15B6DF22_Abn.gbp -> Deletado
    [PUP.HackTool][Pasta] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico -> Deletado
    [PUP.HackTool][Arquivo] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk -> Deletado
    [PUP.HackTool][Arquivo] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Log KMSpico.lnk -> Deletado
    [PUP.HackTool][Arquivo] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Uninstall KMSpico.lnk -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\installAll.cmd -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Access\AccessVLReg32.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Access\AccessVLReg64.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Access\AccessVLRegWOW.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_KMS_Client.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_KMS_Client.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_KMS_Client.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_KMS_Client.RAC_Priv.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_KMS_Client.RAC_Pub.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2010\Access -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Excel\ExcelVLReg32.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Excel\ExcelVLReg64.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Excel\ExcelVLRegWOW.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_KMS_Client.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_KMS_Client.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_KMS_Client.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_KMS_Client.RAC_Priv.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_KMS_Client.RAC_Pub.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2010\Excel -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Groove\GrooveVLReg32.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Groove\GrooveVLReg64.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Groove\GrooveVLRegWOW.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_KMS_Client.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_KMS_Client.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_KMS_Client.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_KMS_Client.RAC_Priv.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_KMS_Client.RAC_Pub.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2010\Groove -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPathVLReg32.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPathVLReg64.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPathVLRegWOW.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.RAC_Priv.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.RAC_Pub.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNoteVLReg32.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNoteVLReg64.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNoteVLRegWOW.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_KMS_Client.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_KMS_Client.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_KMS_Client.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_KMS_Client.RAC_Priv.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_KMS_Client.RAC_Pub.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2010\OneNote -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\OutlookVLReg32.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\OutlookVLReg64.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\OutlookVLRegWOW.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_KMS_Client.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_KMS_Client.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_KMS_Client.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_KMS_Client.RAC_Priv.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_KMS_Client.RAC_Pub.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2010\Outlook -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPointVLReg32.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPointVLReg64.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPointVLRegWOW.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.RAC_Priv.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.RAC_Pub.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectProVLReg32.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectProVLReg64.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectProVLRegWOW.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.RAC_Priv.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.RAC_Pub.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStdVLReg32.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStdVLReg64.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStdVLRegWOW.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.RAC_Priv.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.RAC_Pub.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlusVLReg32.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlusVLReg64.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlusVLRegWOW.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.RAC_Priv.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.RAC_Pub.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\PublisherVLReg32.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\PublisherVLReg64.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\PublisherVLRegWOW.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_KMS_Client.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_KMS_Client.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_KMS_Client.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_KMS_Client.RAC_Priv.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_KMS_Client.RAC_Pub.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2010\Publisher -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasicsVLReg32.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasicsVLReg64.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasicsVLRegWOW.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.RAC_Priv.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.RAC_Pub.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Standard\StandardVLReg32.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Standard\StandardVLReg64.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Standard\StandardVLRegWOW.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_KMS_Client.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_KMS_Client.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_KMS_Client.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_KMS_Client.RAC_Priv.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_KMS_Client.RAC_Pub.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2010\Standard -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_KMS_Client.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_KMS_Client.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_KMS_Client.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_KMS_Client.RAC_Priv.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_KMS_Client.RAC_Pub.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_KMS_Client.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_KMS_Client.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_KMS_Client.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_KMS_Client.RAC_Priv.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_KMS_Client.RAC_Pub.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_KMS_Client.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_KMS_Client.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_KMS_Client.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_KMS_Client.RAC_Priv.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_KMS_Client.RAC_Pub.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioVLReg32.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioVLReg64.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioVLRegWOW.reg -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2010\Visio -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Word\WordVLReg32.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Word\WordVLReg64.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Word\WordVLRegWOW.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_KMS_Client.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_KMS_Client.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_KMS_Client.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_KMS_Client.RAC_Priv.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_KMS_Client.RAC_Pub.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2010\Word -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2010 -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Access\AccessVL_KMS_Client_OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Access\AccessVL_KMS_Client_PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Access\AccessVL_KMS_Client_PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2013\Access -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Excel\LicenseSetData._F7461D52_7C2B_43B2_8744_EA958E0BD09A.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Excel\LicenseSetData._F7461D52_7C2B_43B2_8744_EA958E0BD09A.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Excel\LicenseSetData._F7461D52_7C2B_43B2_8744_EA958E0BD09A.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2013\Excel -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\LicenseSetData._A30B8040_D68A_423F_B0B5_9CE292EA5A8F.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\LicenseSetData._A30B8040_D68A_423F_B0B5_9CE292EA5A8F.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\LicenseSetData._A30B8040_D68A_423F_B0B5_9CE292EA5A8F.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Lync\LicenseSetData._1B9F11E3_C85C_4E1B_BB29_879AD2C909E3.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Lync\LicenseSetData._1B9F11E3_C85C_4E1B_BB29_879AD2C909E3.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Lync\LicenseSetData._1B9F11E3_C85C_4E1B_BB29_879AD2C909E3.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2013\Lync -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\LicenseSetData._EFE1F3E6_AEA2_4144_A208_32AA872B6545.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\LicenseSetData._EFE1F3E6_AEA2_4144_A208_32AA872B6545.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\LicenseSetData._EFE1F3E6_AEA2_4144_A208_32AA872B6545.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2013\OneNote -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\LicenseSetData._771C3AFA_50C5_443F_B151_FF2546D863A0.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\LicenseSetData._771C3AFA_50C5_443F_B151_FF2546D863A0.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\LicenseSetData._771C3AFA_50C5_443F_B151_FF2546D863A0.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2013\Outlook -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\pkeyconfig-office.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\LicenseSetData._8C762649_97D1_4953_AD27_B7E2C25B972E.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\LicenseSetData._8C762649_97D1_4953_AD27_B7E2C25B972E.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\LicenseSetData._8C762649_97D1_4953_AD27_B7E2C25B972E.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\LicenseSetData._4A5D124A_E620_44BA_B6FF_658961B33B9A.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\LicenseSetData._4A5D124A_E620_44BA_B6FF_658961B33B9A.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\LicenseSetData._4A5D124A_E620_44BA_B6FF_658961B33B9A.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\LicenseSetData._427A28D1_D17C_4ABF_B717_32C780BA6F07.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\LicenseSetData._427A28D1_D17C_4ABF_B717_32C780BA6F07.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\LicenseSetData._427A28D1_D17C_4ABF_B717_32C780BA6F07.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\LicenseSetData._B322DA9C_A2E2_4058_9E4E_F59A6970BD69.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\LicenseSetData._B322DA9C_A2E2_4058_9E4E_F59A6970BD69.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\LicenseSetData._B322DA9C_A2E2_4058_9E4E_F59A6970BD69.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\proplus.reg -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\LicenseSetData._00C79FF1_6850_443D_BF61_71CDE0DE305F.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\LicenseSetData._00C79FF1_6850_443D_BF61_71CDE0DE305F.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\LicenseSetData._00C79FF1_6850_443D_BF61_71CDE0DE305F.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2013\Publisher -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Standard\LicenseSetData._B13AFB38_CD79_4AE5_9F7F_EED058D750CA.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Standard\LicenseSetData._B13AFB38_CD79_4AE5_9F7F_EED058D750CA.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Standard\LicenseSetData._B13AFB38_CD79_4AE5_9F7F_EED058D750CA.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2013\Standard -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\LicenseSetData._E13AC10E_75D0_4AFF_A0CD_764982CF541C.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\LicenseSetData._E13AC10E_75D0_4AFF_A0CD_764982CF541C.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\LicenseSetData._E13AC10E_75D0_4AFF_A0CD_764982CF541C.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\visio.reg -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\LicenseSetData._AC4EFAF0_F81F_4F61_BDF7_EA32B02AB117.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\LicenseSetData._AC4EFAF0_F81F_4F61_BDF7_EA32B02AB117.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\LicenseSetData._AC4EFAF0_F81F_4F61_BDF7_EA32B02AB117.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Word\LicenseSetData._D9F5B1C6_5386_495A_88F9_9AD6B41AC9B3.OOB.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Word\LicenseSetData._D9F5B1C6_5386_495A_88F9_9AD6B41AC9B3.PL.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2013\Word\LicenseSetData._D9F5B1C6_5386_495A_88F9_9AD6B41AC9B3.PPDLIC.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2013\Word -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2013 -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\Access\AccessVL_KMS_Client-ppd.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\Access\AccessVL_KMS_Client-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\Access\AccessVL_KMS_Client-ul.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2016\Access -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\client-issuance-bridge-office.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\client-issuance-root-bridge-test.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\client-issuance-root.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\client-issuance-stil.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\client-issuance-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\client-issuance-ul.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\Excel\ExcelVL_KMS_Client-ppd.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\Excel\ExcelVL_KMS_Client-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\Excel\ExcelVL_KMS_Client-ul.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2016\Excel -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\Mondo\MondoVL_KMS_Client-ppd.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\Mondo\MondoVL_KMS_Client-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\Mondo\MondoVL_KMS_Client-ul.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2016\Mondo -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\OneNote\OneNoteVL_KMS_Client-ppd.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\OneNote\OneNoteVL_KMS_Client-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\OneNote\OneNoteVL_KMS_Client-ul.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2016\OneNote -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\Outlook\OutlookVL_KMS_Client-ppd.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\Outlook\OutlookVL_KMS_Client-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\Outlook\OutlookVL_KMS_Client-ul.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2016\Outlook -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\pkeyconfig-office.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\PowerPoint\PowerPointVL_KMS_Client-ppd.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\PowerPoint\PowerPointVL_KMS_Client-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\PowerPoint\PowerPointVL_KMS_Client-ul.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2016\PowerPoint -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\ProjectPro\ProjectProVL_KMS_Client-ppd.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\ProjectPro\ProjectProVL_KMS_Client-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\ProjectPro\ProjectProVL_KMS_Client-ul.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2016\ProjectPro -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\ProjectStd\ProjectStdVL_KMS_Client-ppd.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\ProjectStd\ProjectStdVL_KMS_Client-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\ProjectStd\ProjectStdVL_KMS_Client-ul.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2016\ProjectStd -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\ProPlus\ProPlusVL_KMS_Client-ppd.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\ProPlus\ProPlusVL_KMS_Client-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\ProPlus\ProPlusVL_KMS_Client-ul.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2016\ProPlus -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\Publisher\PublisherVL_KMS_Client-ppd.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\Publisher\PublisherVL_KMS_Client-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\Publisher\PublisherVL_KMS_Client-ul.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2016\Publisher -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\SkypeforBusiness\SkypeforBusinessVL_KMS_Client-ppd.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\SkypeforBusiness\SkypeforBusinessVL_KMS_Client-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\SkypeforBusiness\SkypeforBusinessVL_KMS_Client-ul.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2016\SkypeforBusiness -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\Standard\StandardVL_KMS_Client-ppd.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\Standard\StandardVL_KMS_Client-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\Standard\StandardVL_KMS_Client-ul.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2016\Standard -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\VisioPro\VisioProVL_KMS_Client-ppd.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\VisioPro\VisioProVL_KMS_Client-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\VisioPro\VisioProVL_KMS_Client-ul.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2016\VisioPro -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\VisioStd\VisioStdVL_KMS_Client-ppd.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\VisioStd\VisioStdVL_KMS_Client-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\VisioStd\VisioStdVL_KMS_Client-ul.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2016\VisioStd -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\Word\WordVL_KMS_Client-ppd.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\Word\WordVL_KMS_Client-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscert2016\Word\WordVL_KMS_Client-ul.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2016\Word -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscert2016 -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW10\Core\Core-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW10\Core\Core-Volume-GVLK-1-ul-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW10\Core -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW10\Education\Education-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW10\Education\Education-Volume-GVLK-1-ul-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW10\Education -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW10\Enterprise\Enterprise-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW10\Enterprise\Enterprise-Volume-GVLK-1-ul-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW10\Enterprise -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW10\EnterpriseS\EnterpriseS-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW10\EnterpriseS\EnterpriseS-Volume-GVLK-1-ul-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW10\EnterpriseS\EnterpriseS-Volume-GVLK-2-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW10\EnterpriseS\EnterpriseS-Volume-GVLK-2-ul.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW10\EnterpriseS -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW10\pkeyconfig.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW10\Professional\Professional-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW10\Professional\Professional-Volume-GVLK-1-ul-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW10\Professional -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW10 -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-ul-phn.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-BYPASS-RAC-private.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-BYPASS-RAC-public.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-BYPASS-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-BYPASS-ul.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-KMS-pl.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-KMS-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-KMS-ul-phn.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-KMS1-pl.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-KMS1-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\Business\Security-Licensing-SLC-Component-SKU-Business-VL-KMS1-ul-phn.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW6\Business -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-ul-phn.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-BYPASS-RAC-private.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-BYPASS-RAC-public.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-BYPASS-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-BYPASS-ul.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-KMS-pl.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-KMS-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-KMS-ul-phn.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-KMS1-pl.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-KMS1-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-KMS1-ul-phn.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW6\BusinessN -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-ul-phn.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-BYPASS-RAC-private.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-BYPASS-RAC-public.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-BYPASS-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-BYPASS-ul.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-KMS-pl.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-KMS-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-KMS-ul-phn.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-KMS1-pl.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-KMS1-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise\Security-Licensing-SLC-Component-SKU-Enterprise-VL-KMS1-ul-phn.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW6\Enterprise -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW6\pkeyconfig.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW6 -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW7\Embedded\pkeyconfig-embedded.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW7\Embedded\Security-SPP-Component-SKU-Embedded-pl.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW7\Embedded\Security-SPP-Component-SKU-Embedded-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW7\Embedded\Security-SPP-Component-SKU-Embedded-ul-phn.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW7\Embedded\Security-SPP-Component-SKU-Embedded-VLBA-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW7\Embedded\Security-SPP-Component-SKU-Embedded-VLBA-ul.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW7\Embedded -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW7\Enterprise -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW7\Professional\pkeyconfig.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-ul-phn.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-RAC-private.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-RAC-public.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-ul.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-VLKMS1-pl.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-VLKMS1-ul-oob.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW7\Professional\Security-SPP-Component-SKU-Professional-VLKMS1-ul-phn.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW7\Professional -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW7 -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW8\Core\Core-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW8\Core\Core-Volume-GVLK-1-ul-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW8\Core -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW8\CoreN\CoreN-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW8\CoreN\CoreN-Volume-GVLK-1-ul-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW8\CoreN -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW8\CoreSingleLanguage\CoreSingleLanguage-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW8\CoreSingleLanguage\CoreSingleLanguage-Volume-GVLK-1-ul-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW8\CoreSingleLanguage -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW8\Enterprise\Enterprise-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW8\Enterprise\Enterprise-Volume-GVLK-1-ul-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW8\Enterprise -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW8\EnterpriseN\EnterpriseN-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW8\EnterpriseN\EnterpriseN-Volume-GVLK-1-ul-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW8\EnterpriseN -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW8\pkeyconfig.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW8\Professional\Professional-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW8\Professional\Professional-Volume-GVLK-1-ul-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW8\Professional -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW8\ProfessionalN\ProfessionalN-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW8\ProfessionalN\ProfessionalN-Volume-GVLK-1-ul-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW8\ProfessionalN -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW8\ProfessionalWMC\ProfessionalWMC-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW8\ProfessionalWMC\ProfessionalWMC-Volume-GVLK-1-ul-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW8\ProfessionalWMC -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW8 -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW81\Core\Core-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW81\Core\Core-Volume-GVLK-1-ul-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW81\Core -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW81\CoreConnectedSingleLanguage\CoreConnectedSingleLanguage-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW81\CoreConnectedSingleLanguage\CoreConnectedSingleLanguage-Volume-GVLK-1-ul-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW81\CoreConnectedSingleLanguage -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW81\EmbeddedIndustry\EmbeddedIndustry-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW81\EmbeddedIndustry\EmbeddedIndustry-Volume-GVLK-1-ul-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW81\EmbeddedIndustry -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW81\Enterprise\Enterprise-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW81\Enterprise\Enterprise-Volume-GVLK-1-ul-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW81\Enterprise -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW81\pkeyconfig.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW81\Professional\Professional-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW81\Professional\Professional-Volume-GVLK-1-ul-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW81\Professional -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW81\ProfessionalWMC\ProfessionalWMC-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW81\ProfessionalWMC\ProfessionalWMC-Volume-GVLK-1-ul-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW81\ProfessionalWMC -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW81\ServerDatacenter\ServerDatacenter-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW81\ServerDatacenter\ServerDatacenter-Volume-GVLK-1-ul-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW81\ServerDatacenter -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW81\ServerStandard\ServerStandard-Volume-GVLK-1-ul-oob-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\cert\kmscertW81\ServerStandard\ServerStandard-Volume-GVLK-1-ul-rtm.xrm-ms -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW81\ServerStandard -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert\kmscertW81 -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\cert -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\DevComponents.DotNetBar2.dll -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\driver\Cert.cmd -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\driver\certELDI.pfx -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\driver\OpenVPN.cer -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\driver\tap-windows-9.21.0.exe -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\driver\UnInstallDriver.cmd -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\driver -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\icons\Error.png -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\icons\Information.png -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\icons\Question.png -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\icons\Warning.png -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\icons -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\logs\AutoPico.log -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\logs\KMSELDI.log -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\logs\Service_KMS.log -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\logs -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\scripts\AddExceptionsWD.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\scripts\AddExceptions_Defender.cmd -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\scripts\DisableSmartScreen.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\scripts\EnableSmartScreen.cmd -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\scripts\EnableSmartScreen.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\scripts\Install_Service.cmd -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\scripts\Install_Task.cmd -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\scripts\Log.cmd -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\scripts\RemoveExceptionsWD.reg -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\scripts\Restore_Watermark.cmd -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\scripts\Silent.cmd -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\scripts\UnInstall_Service.cmd -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\scripts -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\sounds\affirmative.mp3 -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\sounds\begin.mp3 -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\sounds\complete.mp3 -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\sounds\diagnostic.mp3 -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\sounds\enterauthorizationcode.mp3 -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\sounds\incomingtransmission.mp3 -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\sounds\inputfailed.mp3 -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\sounds\inputok.mp3 -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\sounds\processing.mp3 -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\sounds\transfer.mp3 -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\sounds\verified.mp3 -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\sounds\warning.mp3 -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\sounds -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\TokensBackup\Keys.txt -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\TokensBackup\Office\Cache\cache.dat -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\TokensBackup\Office\Cache -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\TokensBackup\Office\tokens.dat -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\TokensBackup\Office -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\TokensBackup\Windows\Cache\cache.dat -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\TokensBackup\Windows\Cache -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\TokensBackup\Windows\pkeyconfig.xrm-ms -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\TokensBackup\Windows\tokens.dat -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\TokensBackup\Windows -> Deletado
    [PUP.HackTool][Pasta] C:\Program Files\KMSpico\TokensBackup -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\unins000.dat -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\unins000.exe -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\UninsHs.exe -> Deletado
    [PUP.HackTool][Arquivo] C:\Program Files\KMSpico\Vestris.ResourceLib.dll -> Deletado

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Arquivos de hosts : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

    ¤¤¤ Navegadores : 0 ¤¤¤

    ¤¤¤ Verificação da MBR : ¤¤¤
    +++++ PhysicalDrive0: WDC WD3200AAJS-00L7A0 ATA Device +++++
    --- User ---
    [MBR] a00d19c6c3ac00782a068ba21721ca57
    [BSP] ea446bceb0be53f8c26cbac00b1115b3 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 305143 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @vozdoseven

     

    Faça o download Zemana AntiMalware do seguinte local e salve-o em sua área de trabalho:
    https://www.zemana.com/download (sugiro a versão portable)

    • Uma vez baixado, feche todos os programas e janelas abertas no seu computador.
    • Agora clique duas vezes no ícone na área de trabalho Zemana.AntiMalware.Setup.exe
    • Isto irá iniciar a instalação do Zemana AntiMalware em seu computador.
    • Quando a instalação começar, continue seguindo as instruções, a fim de continuar com o processo de instalação. Não faça quaisquer alterações nas configurações padrão e quando o programa estiver instalado, Zemana irá iniciar e exibir a tela principal automaticamente.
    • Clique no botão SCAN
    • Zemana AntiMalware vai agora começar a varredura de malware no computador. Este processo pode demorar um pouco, por isso sugerimos que você fazer outra coisa e verificar periodicamente sobre o estado da verificação para ver quando ele for concluído.
    • Quando Zemana terminar o scan ele irá exibir uma tela com os malwareres que foram detectados. Por favor, note que as infecções encontradas pode ser diferente do que é mostrado na imagem abaixo.
      yeabests.cc-zemana.png
    • Verifique os resultados da verificação e, quando estiver pronto para continuar com o processo de limpeza, clique no botão para eliminar ou reparar todos os resultados selecionados. Depois de clicar no botão Avançar, Zemana irá remover quaisquer arquivos indesejados e corrigir quaisquer arquivos legítimos modificados. Se você receber um aviso de que Zemana precisa fechar seus navegadores abertos, por favor, feche todos e, em seguida, clique no OK para continuar.
    • Zemana agora irá criar um ponto de restauração e remover os arquivos detectados e reparar quaisquer arquivos que foram modificados.

    Poste o resultado no seu proximo post.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Boa tarde caro Elias

    ... a "varredura" detetou 5 infecções e, pelos vistos, limpou tudo. Não foi criado nenhum log. Apareceu isso [anexo] na tela da qual fiz um "print". 

    Com receio de que tivesse "saltado" algo, fiz novo scan e o Zemana nada detectou ... "congratulations", foi a mensagem... contudo tentei entrar nesta página em "modo normal" e o problema de fechar-se continua. Tal como não consigo abrir o Gerenciador de tarefas através de C+A+Del... aparece a janela, mas desaparece imediatamente. 

    Algo estranho apareceu quando abri o arquivo [em front page] onde guardo as suas mensagens lidas em modo segurança para depois trabalhar em modo normal. Ao clicar no arquivo onde guardo, abriu também outra janela cujo print envio

    Agradecendo

    António Neves 

    zemana.png

    zzzz.png

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Boa tarde Elias

    ... fiz a tarefa... segue o log. Não limpei, orque nada detectou. 

    Ant. Neves

     

     

    # AdwCleaner 7.0.2.1 - Logfile created on Fri Sep 22 14:57:06 2017
    # Updated on 2017/29/08 by Malwarebytes 
    # Database: 09-20-2017.1
    # Running on Windows 7 Professional (X64)
    # Mode: scan
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    No malicious folders found.

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    No malicious registry entries found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries.

    *************************

    C:/AdwCleaner/AdwCleaner[C0].txt - [2848 B] - [2017/9/20 0:30:24]
    C:/AdwCleaner/AdwCleaner[S0].txt - [2961 B] - [2017/9/20 0:29:34]


    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @vozdoseven

     

    Baixe Security Check by glax24 de um dos links abaixo, e salve-o em seu Desktop.
    http://safezone.cc/resources/security-check-by-glax24.25/download?version=631
    Clique duas vezes sobre o arquivo SecurityCheck.exe

    1. ** Usuários do Windows Vista, 7, 8/8.1 e windows 10:
      Clique com o direito sobre o arquivo SecurityCheck.exe, depois clique em VRIfczU.png
    2. Aguarde enquanto a ferramenta faz o exame;
    3. Ao final salve log como SecurityCheck.html;
    4. Abra o arquivo com o bloco de notas;
    5. Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Caro Elias, segue o log do "Security"

     

    SecurityCheck by glax24 & Severnyj v.1.4.0.52 [25.07.17]
    WebSite: www.safezone.cc
    DateLog: 22.09.2017 13:33:42
    Path starting: C:\Users\Neves\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
    Log directory: C:\SecurityCheck\
    IsAdmin: True
    User: Neves
    VersionXML: 4.63is-18.09.2017
    ___________________________________________________________________________

    Windows 7(6.1.7601) Service Pack 1 (x64) Professional Lang: Portuguese(0416)
    Installation date OS: 27.02.2015 14:01:53
    LicenseStatus: Windows(R) 7, Professional edition Initial grace period ends :18780 minutes
    Boot Mode: Normal
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    SystemDrive: C: FS: [NTFS] Capacity: [298 Gb] Used: [160.9 Gb] Free: [137.1 Gb]
    ------------------------------- [ Windows ] -------------------------------
    Internet Explorer 11.0.9600.18792
    User Account Control enabled
    Notify before download
    Date install updates: 2017-09-14 03:30:05
    Windows Update (wuauserv) - The service is running
    Central de Segurança (wscsvc) - The service is running
    Registro remoto (RemoteRegistry) - The service has stopped
    Descoberta SSDP (SSDPSRV) - The service is running
    Serviços de Área de Trabalho Remota (TermService) - The service has stopped
    Windows Remote Management (WS-Management) (WinRM) - The service has stopped
    ------------------------------ [ MS Office ] ------------------------------
    Microsoft Office XP v.10.0.6626.0
    Microsoft Office 2010 x64 v.14.0.7015.1000
    ---------------------------- [ Antivirus_WMI ] ----------------------------
    Malwarebytes (enabled and up to date)
    AVG Antivirus (enabled and up to date)
    --------------------------- [ FirewallWindows ] ---------------------------
    Firewall do Windows (MpsSvc) - The service is running
    --------------------------- [ AntiSpyware_WMI ] ---------------------------
    Malwarebytes (enabled and up to date)
    AVG Antivirus (enabled and up to date)
    ---------------------- [ AntiVirusFirewallInstall ] -----------------------
    AVG AntiVirus FREE v.17.6.3029
    ESET Online Scanner v3
    -------------------------- [ SecurityUtilities ] --------------------------
    Malwarebytes versão 3.2.2.2029 v.3.2.2.2029
    Unchecky v0.4 v.0.4
    --------------------------- [ OtherUtilities ] ----------------------------
    WinRAR 5.40 (64-bit) v.5.40.0 Warning! Download Update
    Microsoft Silverlight v.5.1.50907.0
    Foxit Reader v.7.2.8.1124 Warning! Download Update
    --------------------------------- [ IM ] ----------------------------------
    Skype™ 7.40 v.7.40.103
    -------------------------------- [ Java ] ---------------------------------
    Java 8 Update 141 v.8.0.1410.15 Warning! Download Update
    Uninstall old version and install new one (jre-8u144-windows-i586.exe).
    --------------------------- [ AdobeProduction ] ---------------------------
    Adobe Flash Player 26 ActiveX v.26.0.0.151 Warning! Download Update
    Adobe Flash Player 20 NPAPI v.20.0.0.235 Warning! Download Update
    Adobe Flash Player 27 PPAPI v.27.0.0.130
    Adobe Acrobat Reader DC v.17.012.20098
    ------------------------------- [ Browser ] -------------------------------
    Google Chrome v.60.0.3112.113 Warning! Download Update
    ------------------ [ AntivirusFirewallProcessServices ] -------------------
    AVG Antivirus (AVG Antivirus) - The service is running
    C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe v.17.6.3625.0
    AVG Service (avgsvc) - The service is running
    C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe v.1.224.3.14229
    AVG Service (avgsvc) - The service is running
    C:\Program Files (x86)\AVG\Antivirus\avgui.exe v.17.6.3625.218
    C:\Program Files (x86)\AVG\Framework\Common\avguix.exe v.1.224.3.14229
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.3.0.0.1169
    Malwarebytes Service (MBAMService) - The service is running
    C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.556
    Windows Defender (WinDefend) - The service has stopped
    ----------------------------- [ End of Log ] ------------------------------
     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @vozdoseven

     

    Atualize os programas com o warning do log acima.

     

    Pressione as teclas Windows tecla-windows.gif + R e digite: msconfig
     
    - Clique na guia Serviços, marque a opção Ocultar todos os serviços Microsoft e depois clique em Desativar tudo
    - Clique na guia Inicialização de Programas e clique em Desativar tudo
     
    Siga as mensagens ate que seja solicitado a reiniciar.

    Após isso me informe se os problemas em relação a malwares ainda persistem.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Boa noite 

    Fiz as atualizações, mas com o comando "msconfig" tive problemas. Tentei por três vezes e pára de responder [aparece na janela a informação "não responde"] após clicar em "ok" ou "aplicar".  Esperei um bom tempo, mas não dava resposta. Será que fui apressado? 

    O problema continua, o "gerenciador de tarefas" não abre.

    Outra coisa, Elias, reparei [e fiz um print] que na inicialização de programas no mscoonfig há um arquivo deveras estranho, esse tal "qyrzvnu.vbs". Será relevante? 

    A localização é C:\Users\Neves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

    Em propriedades vi: 

    113 bytes

    criado em 5/9/2017

    qyrzvnu.vbs

    Arquivo de script do VBScript (.vbs)

    abre em Microsoft ® Windows Based. 

    Como vi "fabricante desconhecido" até estive para o desativar e experimentar, mas tive receio. Curiosamente não aparece no CCleaner. 

    Agradecendo

    António Neves

    qyr.png

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @vozdoseven

     

    Baixe o Farbar Recovery Scan do link abaixo e salve na sua área de trabalho.
    https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

    ** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:
    Clique com o direito sobre o arquivo FRST64.EXE, depois clique em VRIfczU.png .
    Aceite o contrato e depois clique no botão Scan.

    Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

    Selecione, copie e cole o conteúdo do FRST.txt em sua próxima resposta e anexe o Addition.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 23-09-2017 02
    Executado por Neves (administrador) em NEVES-PC (23-09-2017 16:58:44)
    Executando a partir de C:\Users\Neves\Desktop
    Perfis Carregados: Neves (Perfis Disponíveis: Neves)
    Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
    Internet Explorer Versão 11 (Navegador padrão: Chrome)
    Modo da Inicialização: Normal
    Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processos (Whitelisted) =================

    (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

    (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
    (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
    (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
    (Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgui.exe
    (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Nikon Corporation) C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office10\FRONTPG.EXE
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registro (Whitelisted) ===========================

    (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

    HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-09-14] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [289248 2017-09-05] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-09-14] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\ GbPluginAbn: C:\Program Files (x86)\GbPlugin\gbiehAbn.dll [2014-11-18] (Banco Real)
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
    HKU\S-1-5-21-3906829491-772124867-3683219445-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
    ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll [1939512 2014-11-18] (Banco Real)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2015-02-28]
    ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    Startup: C:\Users\Neves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qyrzvnu.vbs [2017-09-05] ()

    ==================== Internet (Whitelisted) ====================

    (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

    Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 201.6.2.117 201.6.2.115
    Tcpip\..\Interfaces\{FB1ED1A9-79E2-4151-B5DA-EB3A4E3103AB}: [DhcpNameServer] 201.6.2.117 201.6.2.115

    Internet Explorer:
    ==================
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    HKU\S-1-5-21-3906829491-772124867-3683219445-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.br/
    SearchScopes: HKU\S-1-5-21-3906829491-772124867-3683219445-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F614EAC1-30D7-4C26-9578-FC0DBF2BBCEE}&mid=16431a91f0bb47cd96f0e9650c69d00c-79a06c580a20dcffa658e3501f6342136de8904d&lang=pt-br&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-06-09 13:14:04&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3906829491-772124867-3683219445-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3906829491-772124867-3683219445-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F614EAC1-30D7-4C26-9578-FC0DBF2BBCEE}&mid=16431a91f0bb47cd96f0e9650c69d00c-79a06c580a20dcffa658e3501f6342136de8904d&lang=pt-br&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-06-09 13:14:04&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java1\bin\ssv.dll [2017-09-22] (Oracle Corporation)
    BHO-x32: Auxiliar de Conexão de Conta da Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540007} -> C:\Program Files (x86)\GbPlugin\gbiehabn.dll [2014-11-18] (Banco Real)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java1\bin\jp2ssv.dll [2017-09-22] (Oracle Corporation)

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-22] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-22] ()
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java1\bin\dtplugin\npDeployJava1.dll [2017-09-22] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java1\bin\plugin2\npjp2.dll [2017-09-22] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3906829491-772124867-3683219445-1000: gastecnologia.com.br/sf/abn -> C:\Users\Neves\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll [Nenhum Arquivo]
    FF Plugin HKU\S-1-5-21-3906829491-772124867-3683219445-1000: gastecnologia.com.br/sf/abn64 -> C:\Users\Neves\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll [Nenhum Arquivo]

    Chrome: 
    =======
    CHR DefaultProfile: Default
    CHR Profile: C:\Users\Neves\AppData\Local\Google\Chrome\User Data\Default [2017-09-23]
    CHR Extension: (Google Apresentações) - C:\Users\Neves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-15]
    CHR Extension: (Flash Video Downloader) - C:\Users\Neves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-08-31]
    CHR Extension: (Google Docs) - C:\Users\Neves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-15]
    CHR Extension: (Google Drive) - C:\Users\Neves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-15]
    CHR Extension: (YouTube) - C:\Users\Neves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-15]
    CHR Extension: (Google Search) - C:\Users\Neves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-15]
    CHR Extension: (Planilhas do Google) - C:\Users\Neves\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-15]
    CHR Extension: (Documentos Google off-line) - C:\Users\Neves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
    CHR Extension: (AdBlock) - C:\Users\Neves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-09-21]
    CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Neves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
    CHR Extension: (Gmail) - C:\Users\Neves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-15]
    CHR Extension: (Chrome Media Router) - C:\Users\Neves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-23]
    CHR HKU\S-1-5-21-3906829491-772124867-3683219445-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [clgckgfbhciacomhlchmgdnplmdiadbj] - hxxps://clients2.google.com/service/update2/crx

    ==================== Serviços (Whitelisted) ====================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [276328 2017-09-05] (AVG Technologies CZ, s.r.o.)
    R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7502936 2017-09-05] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-09-14] (AVG Technologies CZ, s.r.o.)
    R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [555320 2014-10-31] (GAS Tecnologia)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
    R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2350064 2017-09-12] (IBM Corp.)
    S4 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [241400 2015-10-13] (RaMMicHaeL)
    S4 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [847160 2015-02-13] (GAS Tecnologia LTDA)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-09-05] (AVG Technologies CZ, s.r.o.)
    R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [314128 2017-09-05] (AVG Technologies CZ, s.r.o.)
    R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192584 2017-09-05] (AVG Technologies CZ, s.r.o.)
    R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336896 2017-09-05] (AVG Technologies CZ, s.r.o.)
    R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [51336 2017-09-05] (AVG Technologies CZ, s.r.o.)
    S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39424 2017-09-05] (AVG Technologies CZ, s.r.o.)
    R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [140192 2017-09-05] (AVG Technologies CZ, s.r.o.)
    R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102792 2017-09-05] (AVG Technologies CZ, s.r.o.)
    R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76832 2017-09-05] (AVG Technologies CZ, s.r.o.)
    R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1008800 2017-09-05] (AVG Technologies CZ, s.r.o.)
    R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [583288 2017-09-05] (AVG Technologies CZ, s.r.o.)
    R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [191720 2017-09-18] (AVG Technologies CZ, s.r.o.)
    R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [353744 2017-09-05] (AVG Technologies CZ, s.r.o.)
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-08-24] ()
    R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-09-23] (Malwarebytes)
    R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101824 2017-09-23] (Malwarebytes)
    R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-09-23] (Malwarebytes)
    R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-23] (Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-09-23] (Malwarebytes)
    S3 PAEAFLT.sys; C:\Windows\System32\DRIVERS\PAEAFLT.sys [9472 2007-09-26] (PixArt Imaging Incorporation)
    R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [382760 2017-09-12] (IBM Corp.)
    R1 RapportCerberus_1804074; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804074.sys [1269896 2017-09-20] (IBM Corp.)
    R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [583880 2017-09-12] (IBM Corp.)
    R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [252360 2017-09-12] (IBM Corp.)
    S3 RapportIaso; não ImagePath
    R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [506400 2017-09-12] (IBM Corp.)
    R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [609056 2017-09-12] (IBM Corp.)
    S3 SPC230NC; C:\Windows\System32\DRIVERS\SPC230NC.SYS [531968 2008-01-03] (PixArt Imaging Inc.)
    S3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-10-31] (GAS Tecnologia LTDA)
    R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-09-21] (Zemana Ltd.)
    R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-09-21] (Zemana Ltd.)

    ==================== NetSvcs (Whitelisted) ===================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


    ==================== Um Mês Criados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-09-23 16:55 - 2017-09-23 16:56 - 000033785 _____ C:\Users\Neves\Desktop\Addition.txt
    2017-09-23 16:54 - 2017-09-23 16:59 - 000018433 _____ C:\Users\Neves\Desktop\FRST.txt
    2017-09-23 16:52 - 2017-09-23 16:58 - 000000000 ____D C:\FRST
    2017-09-23 16:48 - 2017-09-23 16:48 - 002399744 _____ (Farbar) C:\Users\Neves\Desktop\FRST64.exe
    2017-09-22 23:24 - 2017-09-23 16:46 - 000112606 _____ C:\Windows\ntbtlog.txt
    2017-09-22 22:27 - 2017-09-22 22:26 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2017-09-22 22:26 - 2017-09-22 22:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2017-09-22 22:26 - 2017-09-22 22:27 - 000000000 ____D C:\Program Files (x86)\Java1
    2017-09-22 21:37 - 2017-09-22 21:37 - 000001351 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
    2017-09-22 21:37 - 2017-09-22 21:37 - 000000000 ____D C:\Users\Todos os Usuários\Foxit Software
    2017-09-22 21:37 - 2017-09-22 21:37 - 000000000 ____D C:\Users\Todos os Usuários\Foxit ContentPlatform
    2017-09-22 21:37 - 2017-09-22 21:37 - 000000000 ____D C:\Users\Public\Foxit Software
    2017-09-22 21:37 - 2017-09-22 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
    2017-09-22 21:37 - 2017-09-22 21:37 - 000000000 ____D C:\ProgramData\Foxit Software
    2017-09-22 21:37 - 2017-09-22 21:37 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform
    2017-09-22 21:36 - 2017-09-22 21:36 - 000000000 ____D C:\Program Files (x86)\Foxit Software
    2017-09-22 13:36 - 2017-09-22 13:36 - 000009350 _____ C:\Users\Neves\Desktop\SecurityCheck.txt
    2017-09-22 13:27 - 2017-09-22 13:27 - 000515639 _____ (glax24 (safezone.cc)) C:\Users\Neves\Desktop\SecurityCheck.exe
    2017-09-22 11:58 - 2017-09-22 11:58 - 000001086 _____ C:\Users\Neves\Desktop\AdwCleaner[S1].txt
    2017-09-21 13:38 - 2017-09-23 16:58 - 000043978 _____ C:\Windows\ZAM.krnl.trace
    2017-09-21 13:38 - 2017-09-23 16:58 - 000018523 _____ C:\Windows\ZAM_Guard.krnl.trace
    2017-09-21 13:38 - 2017-09-21 13:38 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
    2017-09-21 13:38 - 2017-09-21 13:38 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
    2017-09-21 13:38 - 2017-09-21 13:38 - 000000000 ____D C:\Users\Neves\AppData\Local\Zemana
    2017-09-21 13:30 - 2017-09-21 13:30 - 015808656 _____ (Copyright 2017.) C:\Users\Neves\Desktop\Zemana.AntiMalware.Portable.exe
    2017-09-21 08:02 - 2017-09-21 08:02 - 000002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2017-09-21 08:02 - 2017-09-21 08:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2017-09-21 08:02 - 2017-09-21 08:02 - 000000000 ____D C:\Program Files\CCleaner
    2017-09-21 08:01 - 2017-09-21 08:01 - 009809688 _____ (Piriform Ltd) C:\Users\Neves\Downloads\ccsetup535.exe
    2017-09-20 20:28 - 2017-09-20 20:28 - 000119736 _____ C:\Users\Neves\Desktop\rogue2.txt
    2017-09-20 11:51 - 2017-09-20 11:51 - 000009022 _____ C:\Users\Neves\Desktop\rogue.txt
    2017-09-20 11:21 - 2017-09-20 19:58 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2017-09-20 11:21 - 2017-09-20 11:51 - 000000000 ____D C:\Users\Todos os Usuários\RogueKiller
    2017-09-20 11:21 - 2017-09-20 11:51 - 000000000 ____D C:\ProgramData\RogueKiller
    2017-09-20 11:16 - 2017-09-20 11:17 - 026696776 _____ C:\Users\Neves\Desktop\RogueKiller_portable64.exe
    2017-09-20 08:39 - 2017-09-20 08:39 - 009826968 _____ (Piriform Ltd) C:\Users\Neves\Downloads\ccsetup534.exe
    2017-09-19 21:46 - 2017-09-19 21:46 - 000007571 _____ C:\Users\Neves\Desktop\JRT.txt
    2017-09-19 21:31 - 2017-09-19 21:31 - 000002964 _____ C:\Users\Neves\Desktop\AdwCleaner[S0].txt
    2017-09-19 21:24 - 2017-09-22 11:57 - 000000000 ____D C:\AdwCleaner
    2017-09-19 21:23 - 2017-09-19 21:23 - 000005559 _____ C:\Users\Neves\Desktop\malware.txt
    2017-09-19 16:42 - 2017-09-23 16:51 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-09-19 16:42 - 2017-09-23 16:51 - 000101824 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2017-09-19 16:42 - 2017-09-23 16:51 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2017-09-19 16:42 - 2017-09-23 16:51 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2017-09-19 16:42 - 2017-09-19 16:42 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-09-19 16:41 - 2017-09-19 16:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-09-19 16:41 - 2017-09-19 16:41 - 000000000 ____D C:\Program Files\Malwarebytes
    2017-09-19 16:41 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
    2017-09-19 15:57 - 2017-09-19 15:57 - 008182736 _____ (Malwarebytes) C:\Users\Neves\Desktop\AdwCleaner.exe
    2017-09-19 15:57 - 2017-09-19 15:57 - 001790024 _____ (Malwarebytes) C:\Users\Neves\Desktop\JRT.exe
    2017-09-19 15:56 - 2017-09-19 15:56 - 068408664 _____ (Malwarebytes ) C:\Users\Neves\Desktop\mb3-setup-consumer-3.2.2.2029.exe
    2017-09-19 15:56 - 2017-09-19 15:56 - 008182736 _____ (Malwarebytes) C:\Users\Neves\Desktop\adwcleaner_7.0.2.1.exe
    2017-09-19 15:51 - 2017-09-23 16:49 - 000107571 _____ C:\Users\Neves\Desktop\hardware.htm
    2017-09-18 20:15 - 2017-09-18 20:15 - 000022827 _____ C:\Users\Neves\Desktop\ZA-Scan.txt
    2017-09-18 20:14 - 2017-09-18 20:14 - 000022827 _____ C:\ZA-Scan.txt
    2017-09-18 20:07 - 2017-09-18 20:07 - 001370112 _____ C:\Users\Neves\Desktop\ZA-Scan.exe
    2017-09-14 17:17 - 2017-09-18 20:29 - 000001810 _____ C:\Users\Neves\Desktop\3 G.htm
    2017-09-13 13:46 - 2017-08-19 12:28 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
    2017-09-13 13:46 - 2017-08-19 12:10 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
    2017-09-13 13:46 - 2017-08-16 12:29 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2017-09-13 13:46 - 2017-08-16 12:10 - 000629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2017-09-13 13:46 - 2017-08-16 11:57 - 003224576 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-09-13 13:46 - 2017-08-15 22:10 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-09-13 13:46 - 2017-08-15 21:25 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2017-09-13 13:46 - 2017-08-15 12:29 - 014182400 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2017-09-13 13:46 - 2017-08-15 12:29 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2017-09-13 13:46 - 2017-08-15 12:10 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2017-09-13 13:46 - 2017-08-15 12:10 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2017-09-13 13:46 - 2017-08-15 11:06 - 015260160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-09-13 13:46 - 2017-08-15 11:01 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2017-09-13 13:46 - 2017-08-15 11:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2017-09-13 13:46 - 2017-08-15 11:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2017-09-13 13:46 - 2017-08-15 10:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2017-09-13 13:46 - 2017-08-14 14:35 - 003203584 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
    2017-09-13 13:46 - 2017-08-14 14:35 - 002150912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
    2017-09-13 13:46 - 2017-08-14 14:35 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll
    2017-09-13 13:46 - 2017-08-14 14:35 - 000303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcbase.dll
    2017-09-13 13:46 - 2017-08-14 14:35 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll
    2017-09-13 13:46 - 2017-08-14 14:35 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll
    2017-09-13 13:46 - 2017-08-14 14:35 - 000128512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcshext.dll
    2017-09-13 13:46 - 2017-08-14 14:34 - 000211968 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll
    2017-09-13 13:46 - 2017-08-13 18:37 - 002144256 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
    2017-09-13 13:46 - 2017-08-13 18:30 - 001401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
    2017-09-13 13:46 - 2017-08-13 15:58 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-09-13 13:46 - 2017-08-13 14:24 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-09-13 13:46 - 2017-08-13 14:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-09-13 13:46 - 2017-08-13 14:06 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-09-13 13:46 - 2017-08-13 14:05 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-09-13 13:46 - 2017-08-13 14:05 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-09-13 13:46 - 2017-08-13 14:05 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-09-13 13:46 - 2017-08-13 14:05 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-09-13 13:46 - 2017-08-13 14:04 - 002899968 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-09-13 13:46 - 2017-08-13 13:56 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-09-13 13:46 - 2017-08-13 13:55 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-09-13 13:46 - 2017-08-13 13:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2017-09-13 13:46 - 2017-08-13 13:52 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-09-13 13:46 - 2017-08-13 13:51 - 005981696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-09-13 13:46 - 2017-08-13 13:51 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-09-13 13:46 - 2017-08-13 13:51 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-09-13 13:46 - 2017-08-13 13:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-09-13 13:46 - 2017-08-13 13:50 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-09-13 13:46 - 2017-08-13 13:46 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2017-09-13 13:46 - 2017-08-13 13:41 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-09-13 13:46 - 2017-08-13 13:38 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-09-13 13:46 - 2017-08-13 13:30 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2017-09-13 13:46 - 2017-08-13 13:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2017-09-13 13:46 - 2017-08-13 13:29 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2017-09-13 13:46 - 2017-08-13 13:29 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2017-09-13 13:46 - 2017-08-13 13:29 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-09-13 13:46 - 2017-08-13 13:29 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2017-09-13 13:46 - 2017-08-13 13:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2017-09-13 13:46 - 2017-08-13 13:27 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-09-13 13:46 - 2017-08-13 13:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2017-09-13 13:46 - 2017-08-13 13:24 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-09-13 13:46 - 2017-08-13 13:23 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-09-13 13:46 - 2017-08-13 13:22 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2017-09-13 13:46 - 2017-08-13 13:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2017-09-13 13:46 - 2017-08-13 13:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-09-13 13:46 - 2017-08-13 13:19 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2017-09-13 13:46 - 2017-08-13 13:18 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-09-13 13:46 - 2017-08-13 13:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2017-09-13 13:46 - 2017-08-13 13:17 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2017-09-13 13:46 - 2017-08-13 13:17 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2017-09-13 13:46 - 2017-08-13 13:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-09-13 13:46 - 2017-08-13 13:04 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-09-13 13:46 - 2017-08-13 13:04 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-09-13 13:46 - 2017-08-13 13:02 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-09-13 13:46 - 2017-08-13 13:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-09-13 13:46 - 2017-08-13 13:01 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2017-09-13 13:46 - 2017-08-13 13:01 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2017-09-13 13:46 - 2017-08-13 13:00 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2017-09-13 13:46 - 2017-08-13 12:57 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2017-09-13 13:46 - 2017-08-13 12:53 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2017-09-13 13:46 - 2017-08-13 12:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2017-09-13 13:46 - 2017-08-13 12:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2017-09-13 13:46 - 2017-08-13 12:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2017-09-13 13:46 - 2017-08-13 12:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2017-09-13 13:46 - 2017-08-13 12:43 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2017-09-13 13:46 - 2017-08-13 12:40 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-09-13 13:46 - 2017-08-13 12:27 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-09-13 13:46 - 2017-08-13 12:18 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-09-13 13:46 - 2017-08-13 12:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2017-09-13 13:46 - 2017-08-13 12:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2017-09-13 13:46 - 2017-08-13 12:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2017-09-13 13:46 - 2017-08-11 03:42 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2017-09-13 13:46 - 2017-08-11 03:38 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2017-09-13 13:46 - 2017-08-11 03:38 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2017-09-13 13:46 - 2017-08-11 03:38 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2017-09-13 13:46 - 2017-08-11 03:38 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2017-09-13 13:46 - 2017-08-11 03:36 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 002065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2017-09-13 13:46 - 2017-08-11 03:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000971776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:24 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2017-09-13 13:46 - 2017-08-11 03:24 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2017-09-13 13:46 - 2017-08-11 03:21 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2017-09-13 13:46 - 2017-08-11 03:20 - 000071680 _____ C:\Windows\system32\PrintBrmUi.exe
    2017-09-13 13:46 - 2017-08-11 03:20 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
    2017-09-13 13:46 - 2017-08-11 03:20 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
    2017-09-13 13:46 - 2017-08-11 03:19 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winnsi.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nsi.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 03:12 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
    2017-09-13 13:46 - 2017-08-11 03:09 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
    2017-09-13 13:46 - 2017-08-11 03:07 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2017-09-13 13:46 - 2017-08-11 03:07 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2017-09-13 13:46 - 2017-08-11 03:07 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2017-09-13 13:46 - 2017-08-11 03:06 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2017-09-13 13:46 - 2017-08-11 03:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2017-09-13 13:46 - 2017-08-11 03:03 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
    2017-09-13 13:46 - 2017-08-11 03:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2017-09-13 13:46 - 2017-08-11 03:01 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
    2017-09-13 13:46 - 2017-08-11 03:00 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
    2017-09-13 13:46 - 2017-08-11 03:00 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2017-09-13 13:46 - 2017-08-11 03:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2017-09-13 13:46 - 2017-08-11 02:59 - 000460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2017-09-13 13:46 - 2017-08-11 02:59 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2017-09-13 13:46 - 2017-08-11 02:59 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2017-09-13 13:46 - 2017-08-11 02:59 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2017-09-13 13:46 - 2017-08-11 02:59 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2017-09-13 13:46 - 2017-08-11 02:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2017-09-13 13:46 - 2017-08-11 02:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2017-09-13 13:46 - 2017-08-11 02:58 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
    2017-09-13 13:46 - 2017-08-11 02:56 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2017-09-13 13:46 - 2017-08-11 02:56 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2017-09-13 13:46 - 2017-08-11 02:56 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2017-09-13 13:46 - 2017-08-11 02:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2017-09-13 13:46 - 2017-08-11 02:55 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2017-09-13 13:46 - 2017-08-11 02:55 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 02:55 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 02:55 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2017-09-13 13:46 - 2017-08-11 02:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2017-09-13 13:46 - 2017-07-07 12:29 - 001143296 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
    2017-09-13 13:46 - 2017-07-07 12:10 - 000973312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll
    2017-09-09 10:05 - 2017-09-09 10:06 - 011069485 _____ C:\Users\Neves\Desktop\20170909_103348.mp4
    2017-09-09 09:55 - 2017-09-09 09:55 - 033144432 _____ C:\Users\Neves\Desktop\20170909_102341.mp4
    2017-09-05 16:25 - 2017-09-05 16:25 - 000402608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
    2017-09-05 13:15 - 2017-09-05 13:15 - 000000000 ___HD C:\$AV_AVG
    2017-09-05 13:12 - 2017-09-05 13:12 - 000003060 _____ C:\Windows\System32\Tasks\AutoKMS
    2017-09-05 12:22 - 2017-09-05 12:22 - 002265066 _____ C:\Users\Neves\Desktop\Ativador 1 Office 2010 [Wesley Ferreira].rar
    2017-09-05 12:10 - 2017-09-05 12:10 - 000069776 _____ C:\Users\Neves\sr.vbe
    2017-09-05 12:10 - 2017-09-05 12:10 - 000000008 _____ C:\Users\Neves\98x
    2017-09-05 12:10 - 2017-09-05 12:10 - 000000000 ____D C:\Users\Neves\Chrome
    2017-09-05 11:42 - 2017-09-21 13:50 - 000000286 __RSH C:\Users\Todos os Usuários\ntuser.pol
    2017-09-05 11:42 - 2017-09-21 13:50 - 000000286 __RSH C:\ProgramData\ntuser.pol
    2017-09-05 11:26 - 2017-09-05 11:26 - 007738880 _____ C:\Users\Neves\Desktop\SANTA COMBA DÃO DE ANTANHO.pps
    2017-09-05 08:38 - 2017-09-05 08:38 - 005855694 _____ C:\Users\Neves\Desktop\[hd] Luis Campos.mp4
    2017-09-01 01:18 - 2017-09-01 01:18 - 000376832 _____ C:\Users\Neves\myinside.dll

    ==================== Um Mês Modificados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-09-23 16:50 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2017-09-23 16:46 - 2015-12-15 11:40 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2017-09-23 16:45 - 2009-07-14 01:45 - 000021024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-09-23 16:45 - 2009-07-14 01:45 - 000021024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-09-23 00:01 - 2016-09-20 21:38 - 000003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
    2017-09-22 23:26 - 2015-12-15 18:45 - 000000000 ____D C:\SecurityCheck
    2017-09-22 22:38 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
    2017-09-22 22:36 - 2015-02-27 11:50 - 000000000 ____D C:\Program Files (x86)\Java
    2017-09-22 22:27 - 2015-02-27 11:50 - 000000000 ____D C:\Users\Todos os Usuários\Oracle
    2017-09-22 22:27 - 2015-02-27 11:50 - 000000000 ____D C:\ProgramData\Oracle
    2017-09-22 22:10 - 2017-08-23 20:14 - 000000000 ____D C:\Users\Neves\Desktop\FUTEBOL
    2017-09-22 21:56 - 2016-12-12 07:12 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-09-22 21:51 - 2015-02-27 12:04 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-09-22 21:51 - 2015-02-27 12:04 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-09-22 21:51 - 2015-02-27 12:04 - 000000000 ____D C:\Windows\SysWOW64\Macromed
    2017-09-22 21:51 - 2015-02-27 12:04 - 000000000 ____D C:\Windows\system32\Macromed
    2017-09-22 21:38 - 2016-01-06 20:17 - 000000000 ____D C:\Users\Neves\AppData\Roaming\Foxit Software
    2017-09-22 21:35 - 2016-01-06 20:15 - 000000214 _____ C:\Users\Public\Documents\pre_fileassoc.tmp
    2017-09-22 21:23 - 2017-06-10 23:13 - 000000000 ____D C:\Users\Neves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2017-09-22 21:23 - 2017-06-10 23:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2017-09-22 21:23 - 2015-12-15 18:35 - 000000000 ____D C:\Program Files\WinRAR
    2017-09-21 13:52 - 2015-02-27 11:01 - 000000000 ____D C:\Users\Neves
    2017-09-20 11:21 - 2016-10-13 07:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer
    2017-09-20 08:31 - 2015-11-01 18:15 - 000000000 ____D C:\Users\Neves\AppData\Local\AvgSetupLog
    2017-09-19 21:17 - 2017-08-09 11:08 - 000000000 ____D C:\Users\Neves\Desktop\photobucket
    2017-09-19 16:41 - 2015-05-10 12:58 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes
    2017-09-19 16:41 - 2015-05-10 12:58 - 000000000 ____D C:\ProgramData\Malwarebytes
    2017-09-18 22:05 - 2016-04-03 21:02 - 000003704 _____ C:\Windows\System32\Tasks\Java Platform SE Auto Updater
    2017-09-18 22:05 - 2015-02-28 23:30 - 000000000 ____D C:\Users\Neves\AppData\Roaming\Skype
    2017-09-18 20:48 - 2015-02-27 20:11 - 000000000 ____D C:\Users\Neves\AppData\Local\ElevatedDiagnostics
    2017-09-18 13:09 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\rescache
    2017-09-18 12:05 - 2017-06-01 12:21 - 000191720 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys
    2017-09-17 23:50 - 2015-03-02 14:55 - 000000000 ____D C:\Windows\Minidump
    2017-09-16 07:11 - 2017-02-09 04:54 - 000004522 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
    2017-09-16 07:11 - 2015-02-27 12:02 - 000000000 ____D C:\Users\Neves\AppData\Local\Adobe
    2017-09-14 07:03 - 2011-01-27 20:29 - 000708378 _____ C:\Windows\system32\prfh0416.dat
    2017-09-14 07:03 - 2011-01-27 20:29 - 000148158 _____ C:\Windows\system32\prfc0416.dat
    2017-09-14 07:03 - 2009-07-14 02:13 - 001642390 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-09-14 06:56 - 2009-07-14 01:45 - 000409744 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-09-14 00:30 - 2015-02-27 20:49 - 000000000 ____D C:\Windows\system32\MRT
    2017-09-14 00:26 - 2015-02-27 20:48 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-09-14 00:20 - 2015-02-28 06:28 - 001606776 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2017-09-13 11:47 - 2015-02-27 11:03 - 000000000 ____D C:\Users\Todos os Usuários\Microsoft Help
    2017-09-13 11:43 - 2009-07-13 23:34 - 000000580 _____ C:\Windows\win.ini
    2017-09-12 14:27 - 2016-10-13 07:59 - 000506400 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
    2017-09-12 14:27 - 2016-10-13 07:59 - 000252360 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
    2017-09-10 07:21 - 2015-02-27 11:45 - 000000000 ____D C:\Users\Todos os Usuários\Skype
    2017-09-10 07:21 - 2015-02-27 11:45 - 000000000 ____D C:\ProgramData\Skype
    2017-09-10 07:20 - 2015-03-03 09:34 - 000000000 ___RD C:\Program Files (x86)\Skype
    2017-09-09 07:40 - 2017-04-18 13:24 - 000000000 ____D C:\Users\Neves\Desktop\procuração
    2017-09-08 19:42 - 2009-07-14 02:08 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2017-09-07 09:28 - 2015-02-27 11:19 - 000000000 ___SD C:\Users\Neves\Documents\Minhas Webs
    2017-09-06 11:28 - 2017-03-14 06:43 - 000000000 ____D C:\Users\Neves\AppData\Local\CrashDumps
    2017-09-06 00:20 - 2015-05-10 13:54 - 000001519 _____ C:\Users\Neves\Desktop\iexplore - Atalho.lnk
    2017-09-06 00:19 - 2015-02-27 11:02 - 000001009 _____ C:\Users\Neves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2017-09-05 23:45 - 2009-07-14 00:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
    2017-09-05 16:26 - 2017-06-01 12:21 - 000003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
    2017-09-05 16:25 - 2017-06-01 12:21 - 001008800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
    2017-09-05 16:25 - 2017-06-01 12:21 - 000583288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
    2017-09-05 16:25 - 2017-06-01 12:21 - 000353744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
    2017-09-05 16:25 - 2017-06-01 12:21 - 000336896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
    2017-09-05 16:25 - 2017-06-01 12:21 - 000314128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
    2017-09-05 16:25 - 2017-06-01 12:21 - 000192584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
    2017-09-05 16:25 - 2017-06-01 12:21 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
    2017-09-05 16:25 - 2017-06-01 12:21 - 000140192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
    2017-09-05 16:25 - 2017-06-01 12:21 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
    2017-09-05 16:25 - 2017-06-01 12:21 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
    2017-09-05 16:25 - 2017-06-01 12:21 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
    2017-09-05 16:25 - 2017-06-01 12:21 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
    2017-09-05 11:42 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
    2017-09-04 10:25 - 2017-07-17 23:14 - 000001008 _____ C:\Users\Public\Desktop\AVG.lnk
    2017-09-04 10:25 - 2017-06-01 12:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2017-08-29 17:06 - 2015-10-30 06:14 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-08-25 14:36 - 2015-02-27 11:08 - 000000000 ____D C:\Users\Neves\Desktop\fotos tiradas por mim

    ==================== Arquivos na raiz de alguns diretórios =======

    2017-07-31 22:39 - 2017-07-31 22:39 - 000000268 ___RH () C:\Users\Neves\AppData\Roaming\Image Manipulation
    2017-07-31 22:41 - 2017-07-31 22:41 - 000000268 ___RH () C:\Users\Neves\AppData\Roaming\Image Units
    2017-07-31 22:39 - 2017-07-31 22:39 - 000000268 ___RH () C:\Users\Neves\AppData\Roaming\Images
    2015-03-02 12:20 - 2015-10-27 12:22 - 000033787 _____ () C:\Users\Neves\AppData\Roaming\unins000.dat
    2015-04-05 07:05 - 2016-08-02 18:54 - 000003584 _____ () C:\Users\Neves\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2017-03-14 06:23 - 2017-03-14 06:23 - 000000036 _____ () C:\Users\Neves\AppData\Local\housecall.guid.cache
    2015-07-29 19:37 - 2015-08-03 20:45 - 000004096 ____H () C:\Users\Neves\AppData\Local\keyfile3.drm
    2015-11-15 20:44 - 2017-06-07 20:24 - 000007598 _____ () C:\Users\Neves\AppData\Local\resmon.resmoncfg
    2017-07-31 22:34 - 2017-07-31 22:36 - 000000000 _____ () C:\ProgramData\Halftone
    2017-07-31 22:34 - 2017-07-31 22:34 - 000000000 _____ () C:\ProgramData\Image Manipulation
    2017-07-31 22:36 - 2017-07-31 22:39 - 000000268 ___RH () C:\ProgramData\InkjetPrinter
    2017-07-31 22:34 - 2017-07-31 22:41 - 000000268 ___RH () C:\ProgramData\Installer Plugin
    2017-07-31 22:39 - 2017-07-31 22:39 - 000000268 ___RH () C:\ProgramData\Instrument Library
    2015-02-27 18:30 - 2017-07-31 22:41 - 000000020 ____H () C:\ProgramData\PKP_DLes.DAT
    2015-02-27 18:29 - 2017-07-31 22:44 - 000000020 ____H () C:\ProgramData\PKP_DLet.DAT
    2015-02-27 18:29 - 2017-08-08 14:51 - 000000020 ____H () C:\ProgramData\PKP_DLev.DAT

    Arquivos para serem movidos ou deletados:
    ====================
    C:\Users\Neves\myinside.dll


    Alguns arquivos em TEMP:
    ====================
    2017-09-22 21:34 - 2015-09-28 09:45 - 004990656 _____ (Foxit Corporation) C:\Users\Neves\AppData\Local\Temp\FoxitUpdater.exe

    ==================== Bamital & volsnap ======================

    (Não há correção automática para arquivos que não passaram na verificação.)

    C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
    C:\Windows\explorer.exe => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

    LastRegBack: 2017-09-20 17:08

    ==================== Fim de FRST.txt ============================

    Addition.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @vozdoseven

     

    Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

    CreateRestorePoint:
    CloseProcesses:
    CMD: type C:\Users\Neves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qyrzvnu.vbs
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
    Startup: C:\Users\Neves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qyrzvnu.vbs [2017-09-05] ()
    C:\Users\Neves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qyrzvnu.vbs
    HKU\S-1-5-21-3906829491-772124867-3683219445-1000\...\ChromeHTML: ->  <==== ATENÇÃO
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Nenhum Arquivo
    Task: {6B1395F4-CAFF-495E-837B-991223C83DDD} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{644A5AD1-B1A9-44D9-9339-59C4DA532819}_System Diagnostics => Command(1): C:\Windows\system32\rundll32.exe -> C:\Windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
    Task: {6B1395F4-CAFF-495E-837B-991223C83DDD} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{644A5AD1-B1A9-44D9-9339-59C4DA532819}_System Diagnostics => Command(2): C:\Windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{644A5AD1-B1A9-44D9-9339-59C4DA532819}_System Diagnostics"
    Shortcut: C:\Users\Neves\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
    ShortcutWithArgument: C:\Users\Neves\Desktop\Atalhos não utilizados da área de trabalho\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://startme.online/?ei=qTNKGCjMhxlsXeuKtBTNUSgeIaVJaUN0U2%2Bs8bBWS2hYxvpSpchOuILpm3fmc%2BPEskuYqPrG8Wp88TYKbvcnrOQ%3D
    ShortcutWithArgument: C:\Users\Neves\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ahfgeienlihckogmohjhadlkjgocpleb\Web Store.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ahfgeienlihckogmohjhadlkjgocpleb
    CMD: ipconfig /flushdns
    RemoveProxy:
    EmptyTemp:
    CreateRestorePoint:

    Salve este arquivo na na sua área de trabalho com o nome fixlist

    OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

    ** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:
    Clique com o direito sobre o arquivo FRST.EXE, depois clique em VRIfczU.png.

    Clique no botão Fix.

    Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

    Anexe o log na sua próxima resposta

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Boa tarde caro Elias

    Segue o "fixlog"

    Agradecendo

    António Neves

     

    Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 24-09-2017
    Executado por Neves (24-09-2017 18:28:59) Run:1
    Executando a partir de C:\Users\Neves\Desktop
    Perfis Carregados: Neves (Perfis Disponíveis: Neves)
    Modo da Inicialização: Normal
    ==============================================

    fixlist Conteúdo:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    CMD: type C:\Users\Neves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qyrzvnu.vbs
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restri��o <==== ATEN��O
    Startup: C:\Users\Neves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qyrzvnu.vbs [2017-09-05] ()
    C:\Users\Neves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qyrzvnu.vbs
    HKU\S-1-5-21-3906829491-772124867-3683219445-1000\...\ChromeHTML: ->  <==== ATEN��O
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Nenhum Arquivo
    Task: {6B1395F4-CAFF-495E-837B-991223C83DDD} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{644A5AD1-B1A9-44D9-9339-59C4DA532819}_System Diagnostics => Command(1): C:\Windows\system32\rundll32.exe -> C:\Windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
    Task: {6B1395F4-CAFF-495E-837B-991223C83DDD} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{644A5AD1-B1A9-44D9-9339-59C4DA532819}_System Diagnostics => Command(2): C:\Windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{644A5AD1-B1A9-44D9-9339-59C4DA532819}_System Diagnostics"
    Shortcut: C:\Users\Neves\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
    ShortcutWithArgument: C:\Users\Neves\Desktop\Atalhos n�o utilizados da �rea de trabalho\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://startme.online/?ei=qTNKGCjMhxlsXeuKtBTNUSgeIaVJaUN0U2%2Bs8bBWS2hYxvpSpchOuILpm3fmc%2BPEskuYqPrG8Wp88TYKbvcnrOQ%3D
    ShortcutWithArgument: C:\Users\Neves\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ahfgeienlihckogmohjhadlkjgocpleb\Web Store.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ahfgeienlihckogmohjhadlkjgocpleb
    CMD: ipconfig /flushdns
    RemoveProxy:
    EmptyTemp:
    CreateRestorePoint:
    *****************

    Ponto de Restauração criado com sucesso.
    Processos fechados com sucesso.

    ========= type C:\Users\Neves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qyrzvnu.vbs =========

    O sistema nÆo pode encontrar o arquivo especificado.
    Erro ao processar: C:\Users\Neves\AppData\Roaming\Microsoft\Windows\Start.
    O sistema nÆo pode encontrar o caminho especificado.

    ========= Fim de CMD: =========

    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => chave removido (a) com sucesso.
    C:\Users\Neves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qyrzvnu.vbs => movido com sucesso
    "C:\Users\Neves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qyrzvnu.vbs" => não encontrado (a).
    HKU\S-1-5-21-3906829491-772124867-3683219445-1000_Classes\ChromeHTML => chave removido (a) com sucesso.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => chave não encontrado (a). 
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B1395F4-CAFF-495E-837B-991223C83DDD} => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B1395F4-CAFF-495E-837B-991223C83DDD} => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeC:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{644A5AD1-B1A9-44D9-9339-59C4DA532819}_System Diagnostics => Command(1): C:\Windows\system32\rundll32.exe => chave não encontrado (a). 
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B1395F4-CAFF-495E-837B-991223C83DDD} => chave não encontrado (a). 
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeC:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{644A5AD1-B1A9-44D9-9339-59C4DA532819}_System Diagnostics => Command(2): C:\Windows\system32\schtasks.exe => chave não encontrado (a). 
    C:\Users\Neves\Favorites\NCH Software Download Site.lnk => movido com sucesso
    C:\Users\Neves\Desktop\Atalhos não utilizados da área de trabalho\Google Chrome.lnk => Atalho argumento removido (a) com sucesso..
    C:\Users\Neves\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ahfgeienlihckogmohjhadlkjgocpleb\Web Store.lnk => Atalho argumento removido (a) com sucesso..

    ========= ipconfig /flushdns =========


    Configura‡Æo de IP do Windows

    Libera‡Æo do Cache do DNS Resolver bem-sucedida.

    ========= Fim de CMD: =========


    ========= RemoveProxy: =========

    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
    HKU\S-1-5-21-3906829491-772124867-3683219445-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
    HKU\S-1-5-21-3906829491-772124867-3683219445-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.


    ========= Fim de RemoveProxy: =========

    Ponto de Restauração criado com sucesso.

    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14217243 B
    Java, Flash, Steam htmlcache => 2171 B
    Windows/system/drivers => 35048 B
    Edge => 0 B
    Chrome => 361390291 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 0 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 128 B
    systemprofile32 => 0 B
    LocalService => 0 B
    NetworkService => 4804 B
    Neves => 144176667 B

    RecycleBin => 347808322 B
    EmptyTemp: => 835.4 MB de dados temporários Removidos.

    ================================


    O sistema precisou ser reiniciado.

    ==== Fim de Fixlog 18:31:33 ====

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Bom dia Elias

    Só hoje me foi possível colocar os "logs".

     

    Malwarebytes
    www.malwarebytes.com

    -Detalhes de registro-
    Data da análise: 25/09/17
    Hora da análise: 19:51
    Arquivo de registro: 1584012d-a244-11e7-a3c5-382c4a8d39ff.json
    Administrador: Sim

    -Informação do software-
    Versão: 3.2.2.2029
    Versão de componentes: 1.0.188
    Versão do pacote de definições: 1.0.2885
    Licença: Versão de Avaliação

    -Informação do sistema-
    Sistema operacional: Windows 7 Service Pack 1
    CPU: x64
    Sistema de arquivos: NTFS
    Usuário: Neves-PC\Neves

    -Resumo da análise-
    Tipo de análise: Análise Customizada
    Resultado: Concluído
    Objetos verificados: 292190
    Ameaças detectadas: 0
    (Nenhum item malicioso detectado)
    Ameaças em quarentena: 0
    (Nenhum item malicioso detectado)
    Tempo decorrido: 4 hr, 1 min, 37 seg

    -Opções da análise-
    Memória: Habilitado
    Inicialização: Habilitado
    Sistema de arquivos: Habilitado
    Arquivos compactados: Habilitado
    Rootkits: Habilitado
    Heurística: Habilitado
    PUP: Detectar
    PUM: Detectar

    -Detalhes da análise-
    Processo: 0
    (Nenhum item malicioso detectado)

    Módulo: 0
    (Nenhum item malicioso detectado)

    Chave de registro: 0
    (Nenhum item malicioso detectado)

    Valor de registro: 0
    (Nenhum item malicioso detectado)

    Dados de registro: 0
    (Nenhum item malicioso detectado)

    Fluxo de dados: 0
    (Nenhum item malicioso detectado)

    Pasta: 0
    (Nenhum item malicioso detectado)

    Arquivo: 0
    (Nenhum item malicioso detectado)

    Setor físico: 0
    (Nenhum item malicioso detectado)


    (end)

     

     

     

    # AdwCleaner 7.0.2.1 - Logfile created on Tue Sep 26 03:12:58 2017
    # Updated on 2017/29/08 by Malwarebytes 
    # Database: 09-23-2017.2
    # Running on Windows 7 Professional (X64)
    # Mode: scan
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    No malicious folders found.

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    No malicious registry entries found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries.

    *************************

    C:/AdwCleaner/AdwCleaner[C0].txt - [2848 B] - [2017/9/20 0:30:24]
    C:/AdwCleaner/AdwCleaner[S0].txt - [2961 B] - [2017/9/20 0:29:34]
    C:/AdwCleaner/AdwCleaner[S1].txt - [1086 B] - [2017/9/22 14:57:6]


    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########

     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @vozdoseven

     

    Como está seu Windows?

     

    # Etapa nº 1 #

     

    Baixe o Delfix by Xplode e salve na sua área de trabalho.

     

    Clique duas vezes no delfix.exe para executá-lo. Marque as caixas conforme imagem.

     

    ** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo delfix.exe, depois clique em execadmin.png.

     

    2mez6ld.png

     

    Clique no botão Executar.

     

    Ao final será gerado um log, mas não é necessário postar.

    # Etapa nº 2 #

    imageproxy.php?img=http%3A%2F%2Fi65.tiny Versões antigas de programas têm vulnerabilidades que alguns malwares podem usar para infectar o seu sistema.

    Por isso, é recomendável atualizar os programas que o Security Check apontou como desatualizados (os updates opcionais ficam ao seu critério).

    Basta clicar no Download Update de cada aviso (post acima), que irá para o site do desenvolvedor.

    <<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

     

    # Etapa nº 3 #

     

    O Ccleaner é um excelente utilitário de limpeza para o computador.

     

    Faça o download dele aqui Ccleaner

     

    • Após a instalação vá até o local onde o programa foi instalado, geralmente em C:\Arquivos de programas\CCleaner.
    • Clique duas vezes nesta pasta;
    • Numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta;
    • Coloque o nome de backups.
    • Abra o programa e clique em Executar Limpeza;
    • Clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
    • Observação: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Meus caros

    O problema que me levou até vós está solucionado, o "gerenciador de tarefas" abre e já não necessito de escrever nesta página em "modo de segurança".

    Fui apercebendo-me que o PC estava infectado e, pelos relatórios, agora está limpinho.

    Não sei se é do entusiasmo, mas parece-me que inicia bem mais rápido.

    Por tudo isto, um muito obrigado.

    Agradecimento do tamanho do mundo como soi dizer-se.

     

    Respeitosamente

    António Neves

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×