Ir ao conteúdo
  • Cadastre-se
Felipe Luiz Fix

Análise de log

Recommended Posts

Caro @Felipe Luiz Fix

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

 

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

# Etapa nº 1 #
 
Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop)

Execute o arquivo adwcleaner.exe

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome"
  • Clique no botão Verificar e aguarde o exame finalizar.
  • Clique no botão Limpar.
  • Abrirá um bloco de notas com o resultado.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.
  • O log também será salvo em C:\AdwCleaner


NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar.
 
# Etapa nº 2 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Junkware Removal Tool (JRT) e salve em sua Área de trabalho (Desktop)

 

Clique duas vezes para executar o jrt.exe.
 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • A ferramenta começará o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Ao final um log se abrirá. Será salvo no desktop com o nome de JRT.txt.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 
# Etapa nº 3 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia @diego_moicano, tentei 3x salvar o relatório do Junkware Removal Tool, porém, além de demorar várias horas, ao final, o computador é reiniciado e não aparece nenhum relatório.

De ontem a noite para hoje de manhã deixei o programa rodando (desligando antivirus e etc) mas ao verificar o computador hoje, percebi que o mesmo apenas foi reiniciado em algum momento da madrugada e não havia relatório. (desativei as opções de suspender a energia após um período de inatividade - o PC ficou ligado direto das 23:00 até as 06:30)

Tem alguma ideia do que pode ser, ou alguma sugestão?

Os demais programas geraram relatórios normalmente.

 

Obrigado!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite, segue o log do ZHPCleaner. Quanto ao Adw, gerou uma informação que não encontrou nada malicioso.

 

# AdwCleaner v6.041 - Relatório criado 15/12/2016 às 19:06:42
# *Updated on 16/12/2016 by Malwarebytes
# Banco de dados : 2016-12-15.1 [Servidor]
# Sistema operacional : Windows 7 Professional Service Pack 1 (X86)
# Usuário : Felipe - FELIPE-PC
# Executando de : C:\Users\Felipe\Desktop\adwcleaner_6.041.exe
# *Mode: Scan
# Apoio : https://www.malwarebytes.com/support

***** [ Serviços ] *****

*No malicious services found.


***** [ Pastas ] *****

*No malicious folders found.


***** [ Arquivos ] *****

*No malicious files found.


***** [ DLL ] *****

*No malicious DLLs found.


***** [ WMI ] *****

*No malicious keys found.


***** [ Atalhos ] *****

Procurando por atalhos infectados ...


***** [ Tarefas agendadas ] *****

*No malicious task found.


***** [ Registro ] *****

Procurando por itens do registro 


***** [ Navegadores ] *****

Procurando por itens do registro 
Procurando por itens do registro 

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1015 *Bytes] - [15/12/2016 19:06:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1089 *Bytes] ##########
 

 

 

Log do ZHPCleaner:

 

~ ZHPCleaner v2016.12.15.216 by Nicolas Coolman (2016/12/15)
~ Run by Felipe (Administrator)  (15/12/2016 18:52:08)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : 
~ Type : Scanner
~ Report : C:\Users\Felipe\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Felipe\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)


---\\  Serviços (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Navegadores de Internet (20)
ENCONTRADO: [gfyuofsu.default] - user_pref("extensions.astrmndasr.AL", 2);  =>PUP.Optional.Astromenda
ENCONTRADO: [gfyuofsu.default] - user_pref("extensions.astrmndasr.aflt", "ast_dnldstr_14_38_ch");  =>PUP.Optional.Astromenda
ENCONTRADO: [gfyuofsu.default] - user_pref("extensions.astrmndasr.appId", "{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}");  =>PUP.Optional.Astromenda
ENCONTRADO: [gfyuofsu.default] - user_pref("extensions.astrmndasr.cd", "2XzuyEtN2Y1L1QzuzzyEtB0BtB0ByB0C0B0B0FyEtB0F0DtDtN0D0Tzu0Szyz[...]  =>PUP.Optional.Astromenda
ENCONTRADO: [gfyuofsu.default] - user_pref("extensions.astrmndasr.cr", "1365238923");  =>PUP.Optional.Astromenda
ENCONTRADO: [gfyuofsu.default] - user_pref("extensions.astrmndasr.dfltLng", "");  =>PUP.Optional.Astromenda
ENCONTRADO: [gfyuofsu.default] - user_pref("extensions.astrmndasr.dfltSrch", true);  =>PUP.Optional.Astromenda
ENCONTRADO: [gfyuofsu.default] - user_pref("extensions.astrmndasr.dnsErr", true);  =>PUP.Optional.Astromenda
ENCONTRADO: [gfyuofsu.default] - user_pref("extensions.astrmndasr.excTlbr", false);  =>PUP.Optional.Astromenda
ENCONTRADO: [gfyuofsu.default] - user_pref("extensions.astrmndasr.hmpg", true);  =>PUP.Optional.Astromenda
ENCONTRADO: [gfyuofsu.default] - user_pref("extensions.astrmndasr.id", "842B2B7CBBF42FD0");  =>PUP.Optional.Astromenda
ENCONTRADO: [gfyuofsu.default] - user_pref("extensions.astrmndasr.instlDay", "16324");  =>PUP.Optional.Astromenda
ENCONTRADO: [gfyuofsu.default] - user_pref("extensions.astrmndasr.instlRef", "142905_a");  =>PUP.Optional.Astromenda
ENCONTRADO: [gfyuofsu.default] - user_pref("extensions.astrmndasr.prdct", "astrmndasr");  =>PUP.Optional.Astromenda
ENCONTRADO: [gfyuofsu.default] - user_pref("extensions.astrmndasr.tlbrId", "");  =>PUP.Optional.Astromenda
ENCONTRADO: [gfyuofsu.default] - user_pref("extensions.astrmndasr.vrsn", "");  =>PUP.Optional.Astromenda
ENCONTRADO: [gfyuofsu.default] - user_pref("extensions.astrmndasr.vrsni", "");  =>PUP.Optional.Astromenda
ENCONTRADO: [gfyuofsu.default] - user_pref("extensions.astrmndasr_i.newTab", true);  =>PUP.Optional.Astromenda
ENCONTRADO: [gfyuofsu.default] - user_pref("extensions.astrmndasr_i.smplGrp", "none");  =>PUP.Optional.Astromenda
ENCONTRADO: [gfyuofsu.default] - user_pref("extensions.astrmndasr_i.vrsnTs", "22:36:52");  =>PUP.Optional.Astromenda


---\\  Arquivo hosts (1)
~ O arquivo hosts é legítimo (4)


---\\  Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Explorer ( Arquivos, Pastas) (14)
ENCONTRADO pasta: C:\Users\Felipe\AppData\Roaming\unins001.exe [ - Setup/Uninstall]  =>PUP.Optional.Pirrit
ENCONTRADO pasta: C:\Users\Felipe\AppData\Roaming\unins002.exe [ - Setup/Uninstall]  =>PUP.Optional.Pirrit
ENCONTRADO pasta: C:\Users\Felipe\AppData\Roaming\unins001.exe [ - Setup/Uninstall]  =>Adware.Suspect
ENCONTRADO pasta: C:\Users\Felipe\AppData\Roaming\unins002.exe [ - Setup/Uninstall]  =>Adware.Suspect
ENCONTRADO pasta: C:\Users\Felipe\AppData\Roaming\unins001.exe [ - Setup/Uninstall]  =>Adware.GenericTask
ENCONTRADO pasta: C:\Users\Felipe\AppData\Roaming\unins002.exe [ - Setup/Uninstall]  =>Adware.GenericTask
ENCONTRADO pasta: C:\Windows\Installer\wix{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}.SchedServiceConfig.rmi    =>.Superfluous.Empty
ENCONTRADO pasta: C:\Windows\Installer\wix{459699C3-9430-4381-964B-4248D87B49F9}.SchedServiceConfig.rmi    =>.Superfluous.Empty
ENCONTRADO pasta: C:\Windows\Installer\wix{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}.SchedServiceConfig.rmi    =>.Superfluous.Empty
ENCONTRADO pasta: C:\Windows\Installer\wix{CACAEB5F-174D-4C7C-AC56-A33289A807CA}.SchedServiceConfig.rmi    =>.Superfluous.Empty
ENCONTRADO arquivo: C:\Users\Felipe\AppData\Roaming\HMYGSetting  =>Adware.Suspect
ENCONTRADO arquivo: C:\Users\Felipe\AppData\Local\Temp\scoped_dir_5340_8536  =>.Superfluous.Temporary.Steam
ENCONTRADO arquivo: C:\Program Files\QuickTime  =>Riskware.QuickTime
ENCONTRADO arquivo: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime  =>Riskware.QuickTime


---\\  Registro ( Chaves, Valores, Dados ) (5)
ENCONTRADO chave: HKLM\SYSTEM\CurrentControlSet\Services\CscService []  =>.Superfluous.PCSpeedUp
ENCONTRADO chave: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.]  =>Heuristic.Suspect
ENCONTRADO valor: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\\c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\WinFxBrowserApplicationTemplateWizard.dll [1]  =>PUP.Optional.CrossRider
ENCONTRADO valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{4A46D5D8-8B1E-4A32-9828-00D10A68C299}C:\users\felipe\appdata\local\popcorn time\nw.exe [C:\users\felipe\appdata\local\popcorn time\nw.exe]  =>.Superfluous.PopcornTime
ENCONTRADO valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{983F355E-BE31-425D-84C9-996556312D89}C:\users\felipe\appdata\local\popcorn time\nw.exe [C:\users\felipe\appdata\local\popcorn time\nw.exe]  =>.Superfluous.PopcornTime


---\\  Resumo dos elementos encontrados na sua estação de trabalho (11)
https://www.nicolascoolman.com/fr/pup-astromenda/  =>PUP.Optional.Astromenda
https://www.nicolascoolman.com/fr/pup-pirritsuggestor/  =>PUP.Optional.Pirrit
https://www.anti-malware.top/2016/05/01/definition-dun-logiciel-pup-lpi/  =>Adware.Suspect
https://www.nicolascoolman.com/fr/repaquetage-et_infections/  =>Adware.GenericTask
https://www.nicolascoolman.com/fr/logiciels-superflus  =>.Superfluous.Empty
https://www.nicolascoolman.com/fr/logiciels-superflus  =>.Superfluous.Temporary.Steam
https://www.anti-malware.top/2016/04/21/riskware-quicktime/  =>Riskware.QuickTime
https://www.nicolascoolman.com/fr/superfluous-pcspeeduppro/  =>.Superfluous.PCSpeedUp
https://www.anti-malware.top/2016/04/22/heuristic-suspect/  =>Heuristic.Suspect
https://www.anti-malware.top/2016/04/30/pup-optional-crossrider/  =>PUP.Optional.CrossRider
https://www.anti-malware.top/2016/09/28/superfluous-popcorntime/  =>.Superfluous.PopcornTime


---\\ Resultado de reparação
~ Eventuais reparações feita
~ Este navegador está faltando ! (Opera Software)


---\\ Estatísticas
~ Items scan : 64507
~ Items encontrado : 40
~ items cancelados : 0
~ Items réparo : 0


~ End of search in 00h07mn55s
~====================
ZHPCleaner--15122016-19_00_03.txt
 

 

Fico no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Felipe Luiz Fix

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop).


32 bit (x86) ou 64 bit (x64)

 

  • Clique duas vezes para executar a ferramenta.
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
  • Marque a caixa Arquivos 90 dias,  e clique no botão Examinar.
  • Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop).
  • Selecione, copie e cole o conteúdo do log  FRST.txt em sua próxima resposta.
  • Anexe o log Addition.txt

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue:

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 17-12-2016
Executado por Felipe (administrador) em FELIPE-PC (17-12-2016 11:13:40)
Executando a partir de C:\Users\Felipe\Desktop
Perfis Carregados: Felipe (Perfis Disponíveis: Felipe)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(FirebirdSQL Project) C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Spotify Ltd) C:\Users\Felipe\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(FirebirdSQL Project) C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registro (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-08-08] (AVAST Software)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [CorelDRAW Graphics Suite 11b] => C:\Program Files\Corel\Corel Graphics 12\Languages\BR\Programs\registration.exe [729088 2003-11-28] (Corel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-23] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [792112 2016-06-23] (GAS Tecnologia LTDA)
Winlogon\Notify\ GbPluginCef: C:\Program Files\GbPlugin\gbiehCef.dll [2016-08-20] (Caixa Economica Federal)
Winlogon\Notify\ GbPluginUni: C:\Program Files\GbPlugin\gbiehUni.dll [2016-12-12] (Banco Itaú Unibanco)
HKU\S-1-5-21-3187784104-3908965563-4253194750-1000\...\Run: [ares] => C:\Program Files\Ares\Ares.exe [913920 2013-02-10] (Ares Development Group)
HKU\S-1-5-21-3187784104-3908965563-4253194750-1000\...\Run: [Spotify Web Helper] => C:\Users\Felipe\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-12] (Spotify Ltd)
HKU\S-1-5-21-3187784104-3908965563-4253194750-1000\...\Run: [Google Update] => C:\Users\Felipe\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-3187784104-3908965563-4253194750-1000\...\Run: [uTorrent] => C:\Users\Felipe\AppData\Roaming\uTorrent\uTorrent.exe [1977536 2016-10-07] (BitTorrent Inc.)
HKU\S-1-5-21-3187784104-3908965563-4253194750-1000\...\Run: [Spotify] => C:\Users\Felipe\AppData\Roaming\Spotify\Spotify.exe [7095408 2016-12-12] (Spotify Ltd)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES\GbPlugin\gbiehuni.dll [1951968 2016-12-12] (Banco Itaú Unibanco)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll [1903328 2016-08-20] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-07-11] (AVAST Software)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.25.1
Tcpip\..\Interfaces\{202B3183-E962-4705-BB94-10F53AFB0A25}: [DhcpNameServer] 8.8.8.8 208.67.222.222
Tcpip\..\Interfaces\{9763F595-CBB9-471F-A8F8-568A729C2BC1}: [DhcpNameServer] 192.168.25.1
Tcpip\..\Interfaces\{E750F6F8-2363-4221-9101-182E660E7862}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{E750F6F8-2363-4221-9101-182E660E7862}: [DhcpNameServer] 192.168.25.1
Tcpip\..\Interfaces\{F66CC28D-8493-4AB3-845D-A54E99EDACF0}: [DhcpNameServer] 208.67.222.222 208.67.220.220

Internet Explorer:
==================
HKU\S-1-5-21-3187784104-3908965563-4253194750-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3187784104-3908965563-4253194750-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-3187784104-3908965563-4253194750-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3187784104-3908965563-4253194750-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2016-04-10] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-11] (AVAST Software)
BHO: Auxiliar de Conexão do Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files\GbPlugin\gbiehcef.dll [2016-08-20] (Caixa Economica Federal)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\PROGRAM FILES\GBPLUGIN\gbiehuni.dll [2016-12-12] (Banco Itaú Unibanco)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2016-04-10] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  Nenhum Arquivo

FireFox:
========
FF ProfilePath: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\gfyuofsu.default [2016-04-10]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\gfyuofsu.default -> Google
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\gfyuofsu.default -> hxxps://www.google.com/search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\gfyuofsu.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\gfyuofsu.default -> Google
FF Keyword.URL: Mozilla\Firefox\Profiles\gfyuofsu.default -> hxxps://www.google.com/search
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} [2013-03-13] [não assinado]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-11]
FF HKLM\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com => não encontrado (a)
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-11]
FF HKU\S-1-5-21-3187784104-3908965563-4253194750-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8874}] - C:\Users\Felipe\AppData\Local\GAS Tecnologia\GBBD\abn\sf.xpi
FF Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\Felipe\AppData\Local\GAS Tecnologia\GBBD\abn\sf.xpi [2013-10-25] [não assinado]
FF HKU\S-1-5-21-3187784104-3908965563-4253194750-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Felipe\AppData\Local\GAS Tecnologia\GBBD\cef\xpi => não encontrado (a)
FF HKU\S-1-5-21-3187784104-3908965563-4253194750-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Felipe\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
FF Extension: (Guardião - Itaú 30 horas) - C:\Users\Felipe\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2015-02-06] [não assinado]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\buscape.xml [2013-03-30]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml [2013-03-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2016-04-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2016-04-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [Nenhum Arquivo]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3187784104-3908965563-4253194750-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Felipe\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3187784104-3908965563-4253194750-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Felipe\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3187784104-3908965563-4253194750-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Felipe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-12-07] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3187784104-3908965563-4253194750-1000: gastecnologia.com.br/sf/abn -> C:\Users\Felipe\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll [2013-10-25] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3187784104-3908965563-4253194750-1000: gastecnologia.com.br/sf/cef -> C:\Users\Felipe\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2013-11-21] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3187784104-3908965563-4253194750-1000: gastecnologia.com.br/sf/uni -> C:\Users\Felipe\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-07-15] (GAS Tecnologia)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.omniboxes.com/?type=hp&ts=1450649605&z=e9d8d710e62b930d7cc49b0g4z7w6efq4z9t0qee4z&from=amt&uid=WDCXWD5000AAKS-75V0A0_WD-WCAWF736354663546
CHR StartupUrls: Default -> "hxxp://www.google.com.br/"
CHR Profile: C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default [2016-12-17]
CHR Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface [2015-05-05]
CHR Extension: (AdBlock) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-17]
CHR Extension: (Avast Online Security) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-15]
CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2015-05-21]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei [2015-05-05]
CHR Extension: (Chrome Media Router) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-02]
CHR HKU\S-1-5-21-3187784104-3908965563-4253194750-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [abmojiekfpcmkkfamgfcpgfgipocface] - C:\Users\Felipe\AppData\Local\GAS Tecnologia\GBBD\abn\sf.crx [2013-06-09]
CHR HKU\S-1-5-21-3187784104-3908965563-4253194750-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\Felipe\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx [2013-11-21]
StartMenuInternet: Google Chrome.PWRYHBVY6T4PG3TTSXFJZHSPQA - C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

"Warsaw Technology" => serviço foi desbloqueado. <===== ATENÇÃO

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-11] (AVAST Software)
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe [81920 2007-03-02] (FirebirdSQL Project) [Arquivo não assinado]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe [1994752 2007-03-02] (FirebirdSQL Project) [Arquivo não assinado]
R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [631520 2016-12-15] (GAS Tecnologia)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [792112 2016-06-23] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-07-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-07-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91680 2016-07-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-07-11] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-07-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-07-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [438296 2016-07-13] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118152 2016-07-11] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2016-08-08] (AVAST Software)
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2014-03-11] (Baidu, Inc.)
R3 DFX11_1; C:\Windows\System32\drivers\dfx11_1.sys [24424 2012-12-13] (Windows (R) Win 7 DDK provider)
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [49496 2015-09-03] (GAS Tecnologia)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-11-03] (GAS Tecnologia)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2013-02-24] () [Arquivo não assinado]
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [128704 2016-08-16] (MBB)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [80728 2016-12-17] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [31864 2016-06-16] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [76384 2016-06-08] (GAS Tecnologia)
U3 axrqodct; C:\Windows\system32\Drivers\axrqodct.sys [0 ] (Microsoft Corporation) <==== ATENÇÃO (zero byte Arquivo/Pasta)
S3 BHipsEx; \??\C:\Windows\System32\drivers\BHipsEx.sys [X]
S3 catchme; \??\C:\Users\Felipe\AppData\Local\Temp\catchme.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-12-17 11:13 - 2016-12-17 11:14 - 00021421 _____ C:\Users\Felipe\Desktop\FRST.txt
2016-12-17 11:13 - 2016-12-17 11:13 - 00000000 ____D C:\FRST
2016-12-17 11:11 - 2016-12-17 11:11 - 01762304 _____ (Farbar) C:\Users\Felipe\Desktop\FRST.exe
2016-12-15 19:03 - 2016-12-15 19:11 - 00000000 ____D C:\AdwCleaner
2016-12-15 19:03 - 2016-12-15 19:04 - 03977168 _____ C:\Users\Felipe\Desktop\adwcleaner_6.041.exe
2016-12-15 19:00 - 2016-12-15 19:00 - 00007173 _____ C:\Users\Felipe\Desktop\ZHPCleaner.txt
2016-12-15 18:52 - 2016-12-15 19:00 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\ZHP
2016-12-15 18:51 - 2016-12-15 18:51 - 02628608 _____ C:\Users\Felipe\Desktop\ZHPCleaner.exe
2016-12-13 23:47 - 2016-11-20 14:24 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-12-13 23:47 - 2016-11-20 14:24 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-12-13 23:47 - 2016-11-20 14:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-12-13 23:47 - 2016-11-20 14:19 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2016-12-13 23:47 - 2016-11-20 12:07 - 00373896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-12-13 23:47 - 2016-11-17 14:27 - 00250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-12-13 23:47 - 2016-11-14 20:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-12-13 23:47 - 2016-11-12 16:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-12-13 23:47 - 2016-11-12 16:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-12-13 23:47 - 2016-11-12 16:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-12-13 23:47 - 2016-11-12 16:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-12-13 23:47 - 2016-11-12 16:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-12-13 23:47 - 2016-11-12 16:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-12-13 23:47 - 2016-11-12 15:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-12-13 23:47 - 2016-11-12 15:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-12-13 23:47 - 2016-11-12 15:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-12-13 23:47 - 2016-11-12 15:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-12-13 23:47 - 2016-11-12 15:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-12-13 23:47 - 2016-11-12 15:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-12-13 23:47 - 2016-11-12 15:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-12-13 23:47 - 2016-11-12 15:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-12-13 23:47 - 2016-11-12 15:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-12-13 23:47 - 2016-11-10 14:19 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-12-13 23:47 - 2016-11-09 14:24 - 00105192 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-12-13 23:47 - 2016-11-09 14:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-13 23:47 - 2016-11-09 14:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-12-13 23:47 - 2016-11-09 14:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-12-13 23:47 - 2016-11-09 13:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-12-13 23:47 - 2016-11-06 14:16 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-12-13 23:47 - 2016-11-06 13:55 - 02399744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-13 23:47 - 2016-10-27 13:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-12-13 23:47 - 2016-10-11 13:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-12-13 23:47 - 2016-10-11 13:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-12-13 23:47 - 2016-10-11 13:21 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-12-13 23:47 - 2016-10-11 13:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-12-13 23:47 - 2016-10-11 12:51 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2016-12-13 23:47 - 2016-10-11 11:18 - 00419648 _____ C:\Windows\system32\locale.nls
2016-12-13 23:47 - 2016-10-08 11:05 - 00534600 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-12-13 23:47 - 2016-10-04 13:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-12-13 23:47 - 2016-10-04 13:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-12-13 23:46 - 2016-11-20 14:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-12-13 23:46 - 2016-11-20 14:20 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-12-13 23:46 - 2016-11-20 14:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-12-13 23:46 - 2016-11-20 14:19 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-12-13 23:46 - 2016-11-20 14:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-12-13 23:46 - 2016-11-20 14:19 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-12-13 23:46 - 2016-11-20 14:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-12-13 23:46 - 2016-11-20 14:19 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-12-13 23:46 - 2016-11-20 14:19 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-12-13 23:46 - 2016-11-20 14:19 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-12-13 23:46 - 2016-11-20 14:19 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-12-13 23:46 - 2016-11-20 14:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-12-13 23:46 - 2016-11-20 14:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-12-13 23:46 - 2016-11-20 14:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-12-13 23:46 - 2016-11-20 14:19 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-12-13 23:46 - 2016-11-20 13:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-12-13 23:46 - 2016-11-20 13:53 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-12-13 23:46 - 2016-11-20 13:53 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-12-13 23:46 - 2016-11-20 13:53 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-12-13 23:46 - 2016-11-20 13:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-12-13 23:46 - 2016-11-20 13:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-12-13 23:46 - 2016-11-20 13:52 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-12-13 23:46 - 2016-11-12 16:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-12-13 23:46 - 2016-11-12 16:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-12-13 23:46 - 2016-11-12 16:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-12-13 23:46 - 2016-11-12 16:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-12-13 23:46 - 2016-11-12 16:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-12-13 23:46 - 2016-11-12 16:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-12-13 23:46 - 2016-11-12 16:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-12-13 23:46 - 2016-11-12 16:15 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-12-13 23:46 - 2016-11-12 16:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-12-13 23:46 - 2016-11-12 16:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-12-13 23:46 - 2016-11-12 16:06 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-13 23:46 - 2016-11-12 16:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-12-13 23:46 - 2016-11-12 15:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-13 23:46 - 2016-11-12 15:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-12-13 23:46 - 2016-11-12 15:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-12-13 23:46 - 2016-11-12 15:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-12-13 23:46 - 2016-11-12 15:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-12-13 23:46 - 2016-11-12 15:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-12-13 23:46 - 2016-11-12 15:38 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-12-13 23:46 - 2016-11-09 14:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-12-13 23:46 - 2016-11-09 14:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-12-13 23:46 - 2016-11-09 14:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-12-13 23:46 - 2016-10-11 13:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-12-13 23:46 - 2016-10-11 13:18 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-12-13 23:46 - 2016-10-11 13:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-12-13 23:46 - 2016-10-11 13:18 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-12-13 23:46 - 2016-10-11 13:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-12-13 23:46 - 2016-10-11 13:18 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-12-13 23:46 - 2016-10-11 13:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-12-13 23:46 - 2016-10-11 12:55 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-12-13 23:46 - 2016-10-11 12:55 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-12-13 23:46 - 2016-10-11 12:55 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-12-13 23:46 - 2016-10-11 12:55 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-12-13 23:46 - 2016-10-11 12:53 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-12-13 23:46 - 2016-10-11 12:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-12-13 23:46 - 2016-10-04 13:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-12-13 23:46 - 2016-10-04 13:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-12-12 21:21 - 2016-06-16 19:43 - 00031864 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddntf.sys
2016-12-12 21:21 - 2016-06-16 19:43 - 00008811 _____ C:\Windows\system32\Drivers\wsddntf.cat
2016-12-12 21:21 - 2016-06-08 19:43 - 00076384 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddpp.sys
2016-12-12 20:26 - 2016-12-12 20:26 - 01631928 _____ (Malwarebytes) C:\Users\Felipe\Desktop\JRT.exe
2016-12-12 20:17 - 2016-12-12 20:57 - 00000000 ____D C:\Users\Felipe\Desktop\The.Walking.Dead.S07E08.HDTV.x264-FUM[ettv]
2016-12-06 23:51 - 2016-12-06 23:51 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\ScanGuard
2016-12-06 07:31 - 2016-12-06 07:31 - 00000000 ____D C:\Users\Felipe\Desktop\My Shared Folder
2016-12-05 23:38 - 2016-12-11 17:43 - 00000000 ____D C:\Users\Felipe\Desktop\Filmes
2016-12-05 23:14 - 2016-12-05 23:14 - 00024281 _____ C:\ZA-Scan.txt
2016-12-05 22:52 - 2016-12-05 22:52 - 00000000 ____D C:\zoek_backup
2016-12-05 22:48 - 2016-12-05 22:49 - 01370112 _____ C:\Users\Felipe\Desktop\ZA-Scan.exe
2016-11-29 22:34 - 2016-11-29 22:34 - 00028352 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110_clr0400.dll
2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_clr0400.dll
2016-11-21 20:41 - 2016-12-17 11:06 - 00080728 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-11-21 20:41 - 2016-11-21 20:41 - 00000000 ___HD C:\Program Files\GAS Tecnologia
2016-11-21 20:41 - 2016-11-21 20:41 - 00000000 ____D C:\Program Files\Diebold
2016-11-21 20:37 - 2016-11-21 20:43 - 00000000 ____D C:\Users\Todos os Usuários\Temp
2016-11-21 20:37 - 2016-11-21 20:43 - 00000000 ____D C:\ProgramData\Temp
2016-11-20 00:27 - 2016-11-20 00:27 - 00842151 _____ C:\Users\Felipe\Downloads\note jony.pdf
2016-11-08 21:18 - 2016-11-02 13:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-08 21:18 - 2016-11-02 13:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-08 21:18 - 2016-11-02 13:16 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-08 21:18 - 2016-11-02 13:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-08 21:18 - 2016-11-02 12:53 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-08 21:18 - 2016-10-15 13:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-08 21:18 - 2016-10-15 13:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-08 21:18 - 2016-10-11 13:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-08 21:18 - 2016-10-11 13:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-08 21:18 - 2016-10-11 13:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-08 21:18 - 2016-10-11 13:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-08 21:18 - 2016-10-11 13:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-08 21:18 - 2016-10-11 13:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-08 21:18 - 2016-10-11 13:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-08 21:18 - 2016-10-11 13:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-08 21:18 - 2016-10-11 13:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-08 21:18 - 2016-10-11 13:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-08 21:18 - 2016-10-11 13:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-08 21:18 - 2016-10-11 13:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-08 21:18 - 2016-10-11 11:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-08 21:18 - 2016-10-07 13:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-08 21:18 - 2016-10-07 13:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-08 21:18 - 2016-10-07 13:12 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2016-11-08 21:18 - 2016-10-07 13:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-08 21:18 - 2016-10-05 12:50 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-08 21:18 - 2016-09-15 12:51 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-08 21:18 - 2016-09-09 16:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-08 21:17 - 2016-08-21 11:05 - 00935424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-01 21:01 - 2016-11-03 20:40 - 00000000 ____D C:\Users\Felipe\AppData\LocalLow\uTorrent
2016-10-17 19:53 - 2016-10-17 19:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2016-10-17 14:34 - 2016-10-17 14:34 - 00003983 _____ C:\Users\Felipe\Downloads\comprovante (1).html
2016-10-17 14:16 - 2016-10-17 14:16 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-10-15 23:54 - 2016-10-15 23:54 - 04925927 _____ C:\Users\Felipe\Downloads\monte-sua-primeira-loja-virtual-2015.pdf
2016-10-11 21:49 - 2016-09-12 18:54 - 00067816 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-11 21:49 - 2016-09-12 18:49 - 01017856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-11 21:49 - 2016-09-12 18:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-11 21:49 - 2016-09-12 17:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-11 21:49 - 2016-09-12 17:08 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-11 21:49 - 2016-09-09 13:53 - 01406976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-11 21:49 - 2016-09-09 13:53 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-11 21:49 - 2016-09-09 13:53 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-11 21:49 - 2016-09-09 13:53 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-11 21:49 - 2016-09-09 13:53 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-11 21:49 - 2016-09-09 13:53 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-11 21:49 - 2016-09-09 13:53 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-11 21:49 - 2016-09-08 18:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-11 21:49 - 2016-09-08 18:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-11 21:49 - 2016-09-08 12:49 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-11 21:49 - 2016-09-08 12:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-11 21:49 - 2016-08-12 14:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-11 21:49 - 2016-08-12 14:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-11 21:49 - 2016-08-12 14:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-11 21:49 - 2016-08-12 14:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-11 21:49 - 2016-08-12 14:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-11 21:49 - 2016-08-12 14:21 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-11 21:49 - 2016-08-06 13:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-11 21:49 - 2016-08-06 13:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-11 21:49 - 2016-08-06 13:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-11 21:49 - 2016-08-06 13:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-11 21:49 - 2016-08-06 13:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-11 21:49 - 2016-08-06 12:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-11 21:49 - 2016-08-06 12:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-11 21:49 - 2016-08-06 12:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-11 21:49 - 2016-07-22 12:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-11 21:49 - 2016-06-14 13:25 - 00078568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-11 21:49 - 2016-06-14 13:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-11 21:49 - 2016-06-14 13:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-11 21:49 - 2016-06-14 13:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-11 21:49 - 2016-06-14 13:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-11 21:49 - 2016-06-14 13:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-11 21:49 - 2016-06-14 13:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-11 21:49 - 2016-06-14 13:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-11 21:49 - 2016-06-14 13:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-11 21:49 - 2016-06-14 13:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-11 21:49 - 2016-06-14 13:21 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-11 21:49 - 2016-06-14 13:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-11 21:49 - 2016-06-14 13:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-11 21:49 - 2016-06-14 13:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-11 21:49 - 2016-06-14 13:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-11 21:49 - 2016-06-14 13:21 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-11 21:49 - 2016-06-14 13:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-11 21:49 - 2016-06-14 13:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-11 21:49 - 2016-06-14 13:21 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-11 21:49 - 2016-06-14 13:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-11 21:49 - 2016-06-14 13:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-11 21:49 - 2016-06-14 13:21 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-11 21:49 - 2016-06-14 13:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-11 21:49 - 2016-06-14 13:17 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-11 21:49 - 2016-06-14 13:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-11 21:49 - 2016-06-14 13:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-11 21:49 - 2016-06-14 13:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-11 21:49 - 2016-06-14 13:00 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-11 21:49 - 2016-06-14 12:55 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-11 21:49 - 2016-06-14 12:55 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-11 21:49 - 2016-06-14 12:54 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-11 21:48 - 2016-08-29 13:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-11 21:48 - 2016-08-29 13:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-10-11 21:48 - 2016-08-29 12:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-10-11 21:48 - 2016-08-16 18:27 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-10-11 21:48 - 2016-08-16 18:27 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-10-11 21:48 - 2016-08-16 18:26 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-10-11 21:48 - 2016-08-16 18:26 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-10-11 21:48 - 2016-08-16 18:26 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-10-11 21:48 - 2016-08-16 18:26 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-10-11 21:48 - 2016-08-16 18:26 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-10-10 13:46 - 2016-10-10 13:46 - 00002161 _____ C:\Users\Felipe\Desktop\Itaú.lnk
2016-10-10 13:46 - 2016-10-10 13:46 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú
2016-10-08 23:30 - 2016-10-08 23:30 - 00114708 _____ C:\Users\Felipe\Downloads\Westworld.S01E02.rar
2016-10-08 23:29 - 2016-10-08 23:30 - 00207889 _____ C:\Users\Felipe\Downloads\Westworld.S01E01-up2.rar
2016-10-03 17:51 - 2016-10-03 17:57 - 00000000 _____ C:\Users\Felipe\AppData\Local\{67CF8A90-4CC2-437E-AB86-9DD40D641C8C}
2016-10-02 00:58 - 2016-10-02 01:06 - 61476963 _____ C:\Users\Felipe\Downloads\H&J - NOV.HIST.2016 - www.sistemasertanejo.com.rar
2016-10-02 00:46 - 2016-10-02 00:56 - 76020057 _____ C:\Users\Felipe\Downloads\L.M - DE.BA.EM.BA.2016 - www.sistemasertanejo.com.rar
2016-10-02 00:14 - 2016-10-02 00:22 - 70819141 _____ C:\Users\Felipe\Downloads\Coletânea Sistema Sertanejo Vol. 03.rar
2016-10-01 23:44 - 2016-10-01 23:50 - 53361841 _____ C:\Users\Felipe\Downloads\MA&MA - AO.VIV.EM.GO.2015 - www.sistemasertanejo.com.rar
2016-10-01 23:28 - 2016-10-01 23:34 - 50167529 _____ C:\Users\Felipe\Downloads\MA.ME - ALB.2015 - www.sistemasertanejo.com.rar
2016-09-24 00:10 - 2016-09-24 00:10 - 01290816 _____ C:\Users\Felipe\Downloads\User Manual W10_Acer_1.0_A_A.zip
2016-09-19 16:32 - 2016-09-19 16:32 - 01857590 _____ C:\Users\Felipe\Downloads\(64 não lidos) - l_xif - Yahoo Mail.html
2016-09-19 16:32 - 2016-09-19 16:32 - 00281600 _____ C:\Users\Felipe\Downloads\Enderecos.xls
2016-09-19 16:32 - 2016-09-19 16:32 - 00000000 ____D C:\Users\Felipe\Downloads\(64 não lidos) - l_xif - Yahoo Mail_files

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-12-17 11:13 - 2014-08-08 23:47 - 00000000 ____D C:\Users\Felipe\AppData\Local\Spotify
2016-12-17 11:10 - 2014-11-03 21:15 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2016-12-17 11:10 - 2014-11-03 21:15 - 00000000 ____D C:\ProgramData\GbPlugin
2016-12-17 11:07 - 2014-08-08 23:46 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Spotify
2016-12-17 11:06 - 2013-02-02 08:52 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-17 11:06 - 2009-07-14 02:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-17 11:05 - 2014-11-03 21:15 - 00000000 ____D C:\Program Files\GbPlugin
2016-12-15 21:54 - 2013-02-02 08:52 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-15 21:51 - 2012-10-26 20:27 - 00001082 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3187784104-3908965563-4253194750-1000UA.job
2016-12-15 21:21 - 2012-10-26 13:31 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-15 19:51 - 2012-10-26 20:27 - 00001030 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3187784104-3908965563-4253194750-1000Core.job
2016-12-15 19:09 - 2016-05-05 21:01 - 00347648 ___SH C:\Users\Felipe\Desktop\Thumbs.db
2016-12-15 18:46 - 2009-07-14 02:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-15 18:46 - 2009-07-14 02:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-14 19:56 - 2012-10-26 20:28 - 00002380 _____ C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 04:06 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\rescache
2016-12-14 03:35 - 2012-10-26 18:53 - 01571202 _____ C:\Windows\system32\prfh0416.dat
2016-12-14 03:35 - 2012-10-26 18:53 - 00973500 _____ C:\Windows\system32\prfc0416.dat
2016-12-14 03:35 - 2012-10-26 13:01 - 00006438 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-14 03:29 - 2009-07-14 02:33 - 02353360 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-14 03:08 - 2013-07-22 14:21 - 00000000 ____D C:\Windows\system32\MRT
2016-12-14 03:08 - 2012-10-27 13:19 - 133430776 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-12-14 03:08 - 2012-10-26 13:05 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-12-13 21:21 - 2012-10-26 13:31 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-12-13 21:21 - 2012-10-26 13:31 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-12-13 21:21 - 2012-10-26 13:31 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-12 21:24 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\inf
2016-12-01 21:48 - 2015-05-06 00:18 - 00001912 _____ C:\Windows\epplauncher.mif
2016-12-01 21:48 - 2015-05-06 00:17 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-12-01 21:47 - 2015-05-06 00:17 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-11-25 21:09 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\NDF
2016-11-22 22:30 - 2016-07-13 21:24 - 00000000 ___RD C:\Program Files\Skype
2016-11-22 22:30 - 2012-10-26 13:23 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-11-22 22:30 - 2012-10-26 13:23 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Skype
2016-11-22 22:30 - 2012-10-26 13:23 - 00000000 ____D C:\ProgramData\Skype
2016-11-22 22:27 - 2012-10-26 13:14 - 00118824 _____ C:\Users\Felipe\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-18 22:33 - 2015-11-02 22:44 - 00000000 ____D C:\Users\Todos os Usuários\Avg
2016-11-18 22:33 - 2015-11-02 22:44 - 00000000 ____D C:\ProgramData\Avg
2016-11-18 22:33 - 2015-11-02 22:44 - 00000000 ____D C:\Program Files\AVG
2016-11-18 22:32 - 2015-11-02 22:37 - 00000000 ____D C:\Users\Felipe\AppData\Local\AvgSetupLog
2016-11-18 22:24 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system

==================== Arquivos na raiz de alguns diretórios =======

2013-02-17 18:06 - 2013-02-17 18:06 - 0007887 _____ () C:\Users\Felipe\AppData\Roaming\pcouffin.cat
2013-02-17 18:06 - 2013-02-17 18:06 - 0001144 _____ () C:\Users\Felipe\AppData\Roaming\pcouffin.inf
2013-02-17 18:06 - 2013-02-17 18:06 - 0000034 _____ () C:\Users\Felipe\AppData\Roaming\pcouffin.log
2013-02-17 18:06 - 2013-02-17 18:06 - 0047360 _____ (VSO Software) C:\Users\Felipe\AppData\Roaming\pcouffin.sys
2013-06-09 17:50 - 2013-06-09 17:50 - 0013843 _____ () C:\Users\Felipe\AppData\Roaming\unins000.dat
2013-11-21 12:17 - 2013-11-21 12:17 - 0017384 _____ () C:\Users\Felipe\AppData\Roaming\unins001.dat
2013-11-21 12:17 - 2013-11-21 12:17 - 0730322 _____ () C:\Users\Felipe\AppData\Roaming\unins001.exe
2014-11-03 21:15 - 2014-11-03 21:15 - 0015558 _____ () C:\Users\Felipe\AppData\Roaming\unins002.dat
2014-11-03 21:15 - 2014-11-03 21:15 - 0720082 _____ () C:\Users\Felipe\AppData\Roaming\unins002.exe
2015-07-26 20:33 - 2015-09-18 00:58 - 0001173 _____ () C:\Users\Felipe\AppData\Roaming\vso_ts_preview.xml
2015-12-25 21:36 - 2016-07-17 14:54 - 0003584 _____ () C:\Users\Felipe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-12 19:17 - 2014-01-12 19:17 - 0000000 ___SH () C:\Users\Felipe\AppData\Local\LumaEmu
2014-03-02 20:56 - 2014-03-02 20:56 - 0007605 _____ () C:\Users\Felipe\AppData\Local\Resmon.ResmonCfg
2016-10-03 17:51 - 2016-10-03 17:57 - 0000000 _____ () C:\Users\Felipe\AppData\Local\{67CF8A90-4CC2-437E-AB86-9DD40D641C8C}
2016-08-08 14:46 - 2016-08-08 14:47 - 0000000 _____ () C:\Users\Felipe\AppData\Local\{EF82CB6A-EFA1-4042-906E-3F0EB289E8FB}
2014-09-11 23:47 - 2014-09-11 23:47 - 0000152 _____ () C:\ProgramData\bc.ini
2014-01-15 03:15 - 2014-01-15 03:15 - 0167784 _____ (Baidu, Inc.) C:\ProgramData\FileSplitUpLoad.dll

Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\FileSplitUpLoad.dll
C:\Users\Todos os Usuários\FileSplitUpLoad.dll


Alguns arquivos em TEMP:
====================
C:\Users\Felipe\AppData\Local\temp\aplicativoitau.exe
C:\Users\Felipe\AppData\Local\temp\avguirn_081152575467.exe
C:\Users\Felipe\AppData\Local\temp\avguirn_081214778320.exe
C:\Users\Felipe\AppData\Local\temp\avguirn_081401840841.exe
C:\Users\Felipe\AppData\Local\temp\avguirn_081762709694.exe
C:\Users\Felipe\AppData\Local\temp\avguirn_08222317832.exe
C:\Users\Felipe\AppData\Local\temp\avguirn_08275028737.exe
C:\Users\Felipe\AppData\Local\temp\avguirn_08294609024.exe
C:\Users\Felipe\AppData\Local\temp\avguirn_08586098168.exe
C:\Users\Felipe\AppData\Local\temp\avguirn_08834664830.exe
C:\Users\Felipe\AppData\Local\temp\GUR2644.exe
C:\Users\Felipe\AppData\Local\temp\msconfig.exe
C:\Users\Felipe\AppData\Local\temp\Opera_NI_stable.exe


==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2016-12-14 00:48

==================== Fim de FRST.txt ============================

Addition.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Felipe Luiz Fix

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Baixe o arquivo (fixlist.txt) no anexo deste post e salve-o na Área de Trabalho (Desktop).

Execute o FRST.exe (ou FRST64.exe) e clique no botão Corrigir.

Aguarde... ao final será gerado o log Fixlog.txt  salvo em sua Área de Trabalho (Desktop).

Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 

Abraços :D

fixlist.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia, segue:

 

Resultado da Correção pela Farbar Recovery Scan Tool (x86) Versão: 17-12-2016
Executado por Felipe (18-12-2016 11:54:07) Run:1
Executando a partir de C:\Users\Felipe\Desktop
Perfis Carregados: Felipe (Perfis Disponíveis: Felipe)
Modo da Inicialização: Normal

==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3187784104-3908965563-4253194750-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3187784104-3908965563-4253194750-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-3187784104-3908965563-4253194750-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3187784104-3908965563-4253194750-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} [2013-03-13] [não assinado]
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2014-03-11] (Baidu, Inc.)
C:\Windows\System32\drivers\Bhbase.sys
U3 axrqodct; C:\Windows\system32\Drivers\axrqodct.sys [0 ] (Microsoft Corporation) <==== ATENÇÃO (zero byte Arquivo/Pasta)
S3 BHipsEx; \??\C:\Windows\System32\drivers\BHipsEx.sys [X]
S3 catchme; \??\C:\Users\Felipe\AppData\Local\Temp\catchme.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg32.sys [X]
C:\ProgramData\FileSplitUpLoad.dll
C:\Users\Todos os Usuários\FileSplitUpLoad.dll
C:\Users\Felipe\AppData\Local\temp\aplicativoitau.exe
C:\Users\Felipe\AppData\Local\temp\avguirn_081152575467.exe
C:\Users\Felipe\AppData\Local\temp\avguirn_081214778320.exe
C:\Users\Felipe\AppData\Local\temp\avguirn_081401840841.exe
C:\Users\Felipe\AppData\Local\temp\avguirn_081762709694.exe
C:\Users\Felipe\AppData\Local\temp\avguirn_08222317832.exe
C:\Users\Felipe\AppData\Local\temp\avguirn_08275028737.exe
C:\Users\Felipe\AppData\Local\temp\avguirn_08294609024.exe
C:\Users\Felipe\AppData\Local\temp\avguirn_08586098168.exe
C:\Users\Felipe\AppData\Local\temp\avguirn_08834664830.exe
C:\Users\Felipe\AppData\Local\temp\GUR2644.exe
C:\Users\Felipe\AppData\Local\temp\msconfig.exe
C:\Users\Felipe\AppData\Local\temp\Opera_NI_stable.exe
Hosts:
CMD:ipconfig /flushdns
EmptyTemp:

*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
"HKU\S-1-5-21-3187784104-3908965563-4253194750-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => chave removido (a) com sucesso.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => valor restaurado com sucesso
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => valor removido (a) com sucesso.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => valor removido (a) com sucesso.
HKU\S-1-5-21-3187784104-3908965563-4253194750-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso
HKU\S-1-5-21-3187784104-3908965563-4253194750-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => chave removido (a) com sucesso.
HKCR\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} => chave não encontrado (a). 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
"HKU\S-1-5-21-3187784104-3908965563-4253194750-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => chave removido (a) com sucesso.
HKCR\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} => chave não encontrado (a). 
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => chave removido (a) com sucesso.
"HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA}" => chave removido (a) com sucesso.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => chave removido (a) com sucesso.
"HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => chave removido (a) com sucesso.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} => movido com sucesso
Bhbase => Não foi possível finalizar o serviço.
Bhbase => serviço removido (a) com sucesso.
C:\Windows\System32\drivers\Bhbase.sys => movido com sucesso
axrqodct => serviço não encontrado (a).
BHipsEx => serviço removido (a) com sucesso.
catchme => serviço removido (a) com sucesso.
gbpddreg => serviço removido (a) com sucesso.
C:\ProgramData\FileSplitUpLoad.dll => movido com sucesso
"C:\Users\Todos os Usuários\FileSplitUpLoad.dll" => não encontrado (a).
C:\Users\Felipe\AppData\Local\temp\aplicativoitau.exe => movido com sucesso
C:\Users\Felipe\AppData\Local\temp\avguirn_081152575467.exe => movido com sucesso
C:\Users\Felipe\AppData\Local\temp\avguirn_081214778320.exe => movido com sucesso
C:\Users\Felipe\AppData\Local\temp\avguirn_081401840841.exe => movido com sucesso
C:\Users\Felipe\AppData\Local\temp\avguirn_081762709694.exe => movido com sucesso
C:\Users\Felipe\AppData\Local\temp\avguirn_08222317832.exe => movido com sucesso
C:\Users\Felipe\AppData\Local\temp\avguirn_08275028737.exe => movido com sucesso
C:\Users\Felipe\AppData\Local\temp\avguirn_08294609024.exe => movido com sucesso
C:\Users\Felipe\AppData\Local\temp\avguirn_08586098168.exe => movido com sucesso
C:\Users\Felipe\AppData\Local\temp\avguirn_08834664830.exe => movido com sucesso
C:\Users\Felipe\AppData\Local\temp\GUR2644.exe => movido com sucesso
C:\Users\Felipe\AppData\Local\temp\msconfig.exe => movido com sucesso
C:\Users\Felipe\AppData\Local\temp\Opera_NI_stable.exe => movido com sucesso
C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.

========= ipconfig /flushdns =========


Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 105280681 B
Java, Flash, Steam htmlcache => 2212 B
Windows/system/drivers => 549706320 B
Edge => 0 B
Chrome => 542931781 B
Firefox => 63661792 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 1856 B
Public => 0 B
ProgramData => 0 B
systemprofile => 71890 B
LocalService => 66228 B
NetworkService => 88848142 B
Felipe => 227879621 B

RecycleBin => 14275350509 B
EmptyTemp: => 14.8 GB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 11:59:35 ====

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Felipe Luiz Fix

 

Baixe a Malwarebytes Anti-Malware (MBAM).
 
Clique duas vezes no mbam-setup.exe para instalar o programa.

  • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas..
  • Clique em Configurações, clique em Detecção e proteção, marque Verificar por Rootkits.
  • Volte ao Painel e por fim clique em Verificar agora.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Registros do aplicativo na janela principal do programa.
  • Clique duas vezes no log (Registro de verificação). Utilize o formato .txt para exportar o log.
  • O log de Proteção é desnecessário para a análise, exporte sempre o log correto.
  • Selecione, copie e cole o conteúdo deste log em sua próxima resposta.

 

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde, segue o log.

 

Os itens que você mencionou não estavam exatamente igual ao seu post (não apareceu a opção de desmarcar a caixa Desativar Trial)

 

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 19/12/16
Hora da análise: 19:13
Arquivo de registro: fixvv.txt
Administrador: Sim

-Informação do software-
Versão: 3.0.5.1299
Versão de componentes: 1.0.43
Versão do pacote de definições: 1.0.791
Licença: Versão de avaliação

-Informação do sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x86
Sistema de arquivos: NTFS
Usuário: Felipe-PC\Felipe

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Resultado: Concluído
Objetos verificados: 350710
Tempo decorrido: 9 min, 21 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 2
PUP.Optional.ScanGuard, HKLM\SOFTWARE\MICROSOFT\TRACING\ScanGuard_RASAPI32, Quarentena, [2723], [347133],1.0.791
PUP.Optional.ScanGuard, HKLM\SOFTWARE\MICROSOFT\TRACING\ScanGuard_RASMANCS, Quarentena, [2723], [347133],1.0.791

Valor de registro: 1
PUP.Optional.Astromenda, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|APPPATH, Quarentena, [2293], [235613],1.0.791

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 2
PUP.Optional.ScanGuard, C:\Users\Felipe\AppData\Roaming\ScanGuard\1.3.0, Quarentena, [2723], [347136],1.0.791
PUP.Optional.ScanGuard, C:\USERS\FELIPE\APPDATA\ROAMING\ScanGuard, Quarentena, [2723], [347136],1.0.791

Arquivo: 1
PUP.Optional.ScanGuard, C:\Users\Felipe\AppData\Roaming\ScanGuard\1.3.0\avira32redist.zip, Quarentena, [2723], [347136],1.0.791

Setor físico: 0
(Nenhum item malicioso detectado)


(end)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Felipe Luiz Fix

 

Etapa 1

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está abaixo:

 

Citação

CreateRestorePoint:
CloseProcesses:

Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  Nenhum Arquivo
CHR HomePage: Default -> hxxp://www.omniboxes.com/?type=hp&ts=1450649605&z=e9d8d710e62b930d7cc49b0g4z7w6efq4z9t0qee4z&from=amt&uid=WDCXWD5000AAKS-75V0A0_WD-WCAWF736354663546
U3 ac00mcj5; C:\Windows\system32\Drivers\ac00mcj5.sys [0 ] (Microsoft Corporation) <==== ATENÇÃO (zero byte Arquivo/Pasta)
S0 gbpddreg; system32\drivers\gbpddreg32.sys [X]

CMD:ipconfig /flushdns
EmptyTemp:

 

  • Salve este arquivo na Área de Trabalho (Desktop) como fixlist.txt
  • Execute novamente o FRST e clique no botão Corrigir;
  • Aguarde... ao final será gerado o log Fixlog.txt em sua Área de Trabalho (Desktop).
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Etapa 2

 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Stinger e salve em sua Área de trabalho (Desktop).
32 bit (x86) ou 64 bit (x64)

  • Execute o arquivo Stinger.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
  • Clique no botão “I Accept”


Stinger%20a.png

Na nova janela clique em “Advanced” e depois “Settings”

Stinger%20b.png

Na janela configurações deixe conforme imagem abaixo e clique no botão “Save”

9hnsyu.png

Clique em “Customize my Scan”

Stinger%20f.png

Selecione as unidades do sistema e em seguida clique no botão “Scan”

Stinger%20g.png

Ao final clique em “View log”, será aberto uma janela com o log em seu navegador.
Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado. Caso você seja o autor do tópico e quer que o mesmo seja reaberto, entre em contato com um Analista de Segurança do Fórum solicitando o desbloqueio.

 

Turco

diego_moicano

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×