Ir ao conteúdo
  • Cadastre-se
bruverde

Analise de LOG - PC sé abre em Modo Seguro

Recommended Posts

Olá obrigado antecipadamente pela ajuda.

O MBAM acusou um bloqueio de site via utorrent, após isso, depois de reiniciar o pc ficou travando na área de trabalho, sempre processando muito e sem conseguir abrir nada, até o gerenciador de tarefas estava travando.

Reiniciei em modo de segurança, o MBAM achou uma mudança de registro PUM.Opitional.NoDrives, e o Avast não abre nem para fazer a varredura.

 

ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @bruverde

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

 

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

# Etapa nº 1 #
 
Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop)

Execute o arquivo adwcleaner.exe Como Administrador

  • Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome"
  • Clique no botão Verificar e aguarde o exame finalizar.
  • Clique no botão Limpar.
  • Abrirá um bloco de notas com o resultado.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.
  • O log também será salvo em C:\AdwCleaner


NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar.
 
# Etapa nº 2 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

 

Execute o arquivo ZHPCleaner.exe Como Administrador

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Muito obrigado pela ajuda @diego_moicano

 

Importante te informar que passei o Rkill, depois disso o pc voltou ao normal, mas o MBAM continua achando o PUM.Opitional.NoDrives.

Vou postar aqui o LOG do Rkill e depois os do AdwCleaner e do ZHPCleaner

 

LOG RKIL

------

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2018 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/22/2018 05:51:20 PM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 03/22/2018 05:51:56 PM
Execution time: 0 hours(s), 0 minute(s), and 36 seconds(s)

------------------------------------------------------------------------------------------------------

 

# AdwCleaner 7.0.8.0 - Logfile created on Mon Mar 26 23:36:50 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 7 Professional (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-3734402050-449040757-3319967823-1000\Software\drpsu
Deleted: [Key] - HKCU\Software\drpsu


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::TCP/IP settings cleared
::IE policies deleted
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1069 B] - [2018/3/26 23:35:57]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

---------------------------------------------------------------------------------------------------------------

~ ZHPCleaner v2018.3.23.55 by Nicolas Coolman (2018/03/23)
~ Run by Usuario (Administrator)  (26/03/2018 20:51:45)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : D:\Bruno\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Usuario\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.


---\\  Registry ( Key, Value, Data) (4)
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool]  =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [secman]  =>PUP.Optional.Camec
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [secman]  =>PUP.Optional.Camec


---\\  Summary of the elements found (3)
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/02/28/toolbar-ask/ =>Toolbar.Ask
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.Camec


---\\  Other deletions. (17)
~ Registry Keys Tracing deleted (17)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 4804
~ Items found : 0
~ Items cancelled : 0
~ Items options : 0/7
~ Space saving (bytes) : 0


~ End of clean in 00h00mn12s

---\\  Reports (2)
ZHPCleaner--26032018-20_50_11.txt
ZHPCleaner-[R]-26032018-20_51_57.txt

-----------------------------------------------------------------------------------------------------

Agradeço novamente pela ajuda e fico a disposição.

Abraço

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @bruverde

 

Citação

Importante te informar que passei o Rkill

 

Ok... peço, por favor, para que siga o que foi passando logo no início:

 

Citação

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop).


32 bit (x86) ou 64 bit (x64)

  • Clique com o botão direito e escolha Executar como Administrador;
  • Marque a caixa Arquivos 90 dias,  e clique no botão Examinar;
  • Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop);
  • Selecione, copie e cole o conteúdo do log  FRST.txt em sua próxima resposta;
  • Anexe o log Addition.txt.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Mas uma vez obrigado pela ajuda e paciência heheheh @diego_moicano

 

Segue o log do FRST

--------------------------------------

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 14.03.2018
Executado por Usuario (administrador) em BRUNO-PC (28-03-2018 20:47:59)
Executando a partir de D:\Bruno\Desktop
Perfis Carregados: Usuario (Perfis Disponíveis: Usuario)
Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(FSPro Labs) C:\Program Files\My Lockbox\mylbx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(A.E.T. Europe B.V.) C:\Windows\System32\aetcrss1.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13874392 2015-01-22] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-13] (AVAST Software)
HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\mylbx.exe [2634504 2015-12-07] (FSPro Labs)
HKLM\...\Run: [CertificateRegistration] => C:\Windows\system32\aetcrss1.exe [25600 2013-03-04] (A.E.T. Europe B.V.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\RunOnce: [SBrowserCheck] => C:\ProgramData\Avast Software\Avast\SecureBrowser\avast_browser_setup_checker.exe [2482128 2018-03-23] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
HKU\S-1-5-21-3734402050-449040757-3319967823-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46139776 2018-03-15] ()
HKU\S-1-5-21-3734402050-449040757-3319967823-1000\...\Policies\Explorer: [NoDrives] 1
HKU\S-1-5-21-3734402050-449040757-3319967823-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-3734402050-449040757-3319967823-1000\...\MountPoints2: {32cce226-17ef-11e7-b713-1c1b0d8f170c} - G:\setup.exe
HKU\S-1-5-21-3734402050-449040757-3319967823-1000\...\MountPoints2: {32cce25e-17ef-11e7-b713-1c1b0d8f170c} - G:\setup.exe
HKU\S-1-5-21-3734402050-449040757-3319967823-1000\...\MountPoints2: {e6ba1fca-1431-11e7-8b59-806e6f6e6963} - D:\Run.exe

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 189.124.132.33 192.168.0.1
Tcpip\..\Interfaces\{62604BB9-A73A-4393-99C0-AC32C2A3F578}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{87676C2F-6D4C-4D5B-8557-1AAF471BD383}: [DhcpNameServer] 189.124.132.33 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3734402050-449040757-3319967823-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-02-12] (AVAST Software)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-02-20] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-12] (AVAST Software)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)

FireFox:
========
FF DefaultProfile: erltefm2.default-1518772967812
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\erltefm2.default-1518772967812 [2018-03-28]
FF Extension: (Avast Online Security) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\erltefm2.default-1518772967812\Extensions\wrc@avast.com.xpi [2017-11-16]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\erltefm2.default-1518772967812\features\{1afb51ed-00e8-459a-b055-6dded87b6724}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-03-28] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-04-02] [Legacy] [não assinado]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-11-09] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-11-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\autoconf_warsaw.js [2018-03-28]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default [2018-03-26]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-11]
CHR Extension: (Adobe Acrobat) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-03]
CHR Extension: (Avast SafePrice) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-03-13]
CHR Extension: (Documentos Google off-line) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-11]
CHR Extension: (Avast Online Security) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-04-06]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-06]
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-13]
CHR HKU\S-1-5-21-3734402050-449040757-3319967823-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Usuario\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2017-04-05]
CHR HKU\S-1-5-21-3734402050-449040757-3319967823-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-13] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-13] (AVAST Software)
R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [13824 2017-11-20] (Cybereason) [Arquivo não assinado]
S3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [1340760 2015-08-10] (Disc Soft Ltd)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Arquivo não assinado]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11294448 2018-03-09] (TeamViewer GmbH)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [1068376 2017-12-14] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196648 2018-03-13] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-13] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-13] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-13] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-13] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [215320 2018-03-13] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-03-13] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146656 2018-03-13] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110328 2018-03-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-03-13] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-03-13] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-03-13] (AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-03-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-03-13] (AVAST Software)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30264 2017-04-03] (Disc Soft Ltd)
R3 dtultrausbbus; C:\Windows\System32\DRIVERS\dtultrausbbus.sys [47160 2017-04-03] (Disc Soft Ltd)
R0 FSProFilter2; C:\Windows\System32\Drivers\FSPFltd2.sys [57648 2011-06-03] (FSPro Labs)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [109800 2018-03-28] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [92280 2018-03-28] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [28376 2017-06-06] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia)
S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [44624 2017-12-14] (GAS Tecnologia)
S3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [43608 2017-12-14] (GAS Tecnologia)
S3 MBAMProtection; system32\DRIVERS\mbam.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2018-03-28 20:46 - 2018-03-28 20:47 - 000000000 ____D C:\FRST
2018-03-28 09:37 - 2018-03-28 09:37 - 000092280 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-03-27 18:51 - 2018-03-27 18:51 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\uTorrent
2018-03-26 20:59 - 2018-03-28 09:17 - 000109800 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-03-26 20:44 - 2018-03-26 20:51 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\ZHP
2018-03-26 20:44 - 2018-03-26 20:44 - 000000000 ____D C:\Users\Usuario\AppData\Local\ZHP
2018-03-26 20:31 - 2018-03-26 20:36 - 000000000 ____D C:\AdwCleaner
2018-03-22 20:12 - 2018-03-22 20:12 - 000018181 _____ C:\ZA-Scan.txt
2018-03-22 18:51 - 2018-03-28 20:37 - 000281850 _____ C:\Windows\ntbtlog.txt
2018-03-22 18:06 - 2018-03-22 18:06 - 000000000 ____D C:\zoek_backup
2018-03-19 22:03 - 2018-03-19 22:03 - 000000000 ____D C:\Program Files\Google
2018-03-14 17:37 - 2018-03-14 17:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-13 17:53 - 2018-03-13 17:53 - 000000000 ____D C:\Users\Usuario\AppData\Local\TeamViewer
2018-03-13 17:46 - 2018-03-28 20:39 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-13 17:46 - 2018-03-13 17:46 - 000001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-03-13 17:46 - 2018-03-13 17:46 - 000001031 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-03-13 17:46 - 2018-03-13 17:46 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\TeamViewer
2018-03-13 07:25 - 2018-03-13 07:25 - 000380768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-03-02 18:02 - 2018-03-02 18:02 - 000000563 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2018-03-02 18:02 - 2018-03-02 18:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2018-03-02 17:54 - 2018-03-02 17:54 - 000000000 ____D C:\Users\Todos os Usuários\Blizzard Entertainment
2018-03-02 17:54 - 2018-03-02 17:54 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
2018-03-02 17:53 - 2018-03-28 03:33 - 000000000 ____D C:\Users\Usuario\AppData\Local\Battle.net
2018-03-02 17:53 - 2018-03-02 17:54 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Battle.net
2018-03-02 17:53 - 2018-03-02 17:53 - 000000000 ____D C:\Users\Usuario\AppData\Local\Blizzard Entertainment
2018-03-02 17:52 - 2018-03-02 17:52 - 000000936 _____ C:\Users\Public\Desktop\Battle.net.lnk
2018-03-02 17:52 - 2018-03-02 17:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2018-03-02 17:50 - 2018-03-27 22:56 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-03-02 17:50 - 2018-03-02 17:50 - 000000000 ____D C:\Users\Usuario\AppData\Local\Blizzard
2018-03-02 17:49 - 2018-03-02 17:50 - 000000000 ____D C:\Users\Todos os Usuários\Battle.net
2018-03-02 17:49 - 2018-03-02 17:50 - 000000000 ____D C:\ProgramData\Battle.net
2018-02-20 14:56 - 2018-02-20 14:55 - 000097344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-02-16 18:32 - 2018-03-20 17:34 - 000000000 ____D C:\Users\Usuario\AppData\Local\Spotify
2018-02-16 18:32 - 2018-02-16 18:32 - 000001801 _____ C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2018-02-16 18:31 - 2018-03-20 17:01 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Spotify
2018-02-16 06:22 - 2018-03-27 18:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-16 06:22 - 2018-02-16 06:22 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-02-16 06:19 - 2018-02-16 06:19 - 000004464 _____ C:\Windows\system32\warsaw.cfg
2018-02-13 00:01 - 2018-03-14 17:37 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-13 00:01 - 2018-02-13 00:01 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-13 00:01 - 2018-01-18 08:03 - 000076200 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-02-12 23:54 - 2018-03-13 07:24 - 000215320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-01-30 14:00 - 2017-12-14 13:06 - 000044624 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddpp.sys
2018-01-30 14:00 - 2017-12-14 13:06 - 000043608 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddprm.sys
2018-01-20 20:25 - 2018-02-25 09:40 - 000000000 ____D C:\Users\Usuario\AppData\Local\ElevatedDiagnostics
2018-01-15 10:26 - 2018-01-15 10:26 - 000002002 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2018-01-15 10:26 - 2018-01-15 10:26 - 000001992 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
2018-01-15 10:26 - 2018-01-15 10:26 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Samsung
2018-01-15 10:26 - 2018-01-15 10:26 - 000000000 ____D C:\Users\Usuario\AppData\Local\Samsung
2018-01-15 10:25 - 2018-01-15 10:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2018-01-15 10:25 - 2016-07-22 04:21 - 001499408 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2018-01-15 10:25 - 2016-07-22 04:21 - 000716928 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2018-01-15 10:25 - 2016-07-22 04:21 - 000164992 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
2018-01-15 10:25 - 2016-05-18 14:49 - 000144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2018-01-15 10:24 - 2018-01-15 10:25 - 000000000 ____D C:\Program Files (x86)\Samsung
2018-01-15 10:24 - 2016-05-18 14:49 - 004659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2018-01-15 10:18 - 2018-01-15 10:18 - 000000000 ____D C:\Users\Usuario\AppData\Local\Downloaded Installations
2018-01-15 09:27 - 2018-01-15 09:27 - 000000000 ____D C:\Users\Usuario\AppData\Local\Wondershare
2018-01-15 09:27 - 2018-01-15 09:27 - 000000000 ____D C:\Users\Todos os Usuários\Wondershare
2018-01-15 09:27 - 2018-01-15 09:27 - 000000000 ____D C:\ProgramData\Wondershare
2018-01-15 09:27 - 2018-01-15 09:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2018-01-15 09:27 - 2018-01-15 09:27 - 000000000 ____D C:\Program Files (x86)\Wondershare
2018-01-15 09:10 - 2018-01-15 09:10 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2018-01-15 09:08 - 2018-01-15 10:29 - 000000000 ____D C:\Program Files\Recuva
2018-01-15 09:08 - 2018-01-15 09:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2018-01-15 08:59 - 2018-01-15 10:24 - 000000000 ____D C:\Users\Todos os Usuários\Samsung
2018-01-15 08:59 - 2018-01-15 10:24 - 000000000 ____D C:\ProgramData\Samsung
2018-01-15 08:59 - 2018-01-15 08:59 - 000000000 ____D C:\Program Files\SAMSUNG
2018-01-15 08:58 - 2018-03-22 17:48 - 000000000 ____D C:\Program Files (x86)\Kingo ROOT
2018-01-15 08:58 - 2018-01-15 10:28 - 000000179 _____ C:\Users\Usuario\AppData\Local\uts.ini
2018-01-15 08:58 - 2018-01-15 08:58 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Kingosoft
2018-01-15 08:58 - 2018-01-15 08:58 - 000000000 ____D C:\Users\Usuario\AppData\Local\uts
2018-01-15 08:58 - 2018-01-15 08:58 - 000000000 ____D C:\Users\Usuario\AppData\Local\Kingosoft
2018-01-15 08:58 - 2018-01-15 08:58 - 000000000 ____D C:\Users\Usuario\.android
2018-01-05 19:15 - 2018-01-05 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cybereason RansomFree

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2018-03-28 20:47 - 2017-04-01 10:16 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\Mozilla
2018-03-28 20:42 - 2017-05-02 19:16 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-03-28 20:42 - 2017-04-05 22:42 - 000000000 ___RD C:\Users\Usuario\Google Drive
2018-03-28 20:39 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-28 09:28 - 2009-07-14 01:45 - 000020384 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-28 09:28 - 2009-07-14 01:45 - 000020384 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-28 03:43 - 2017-04-01 10:22 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\uTorrent
2018-03-28 03:42 - 2017-03-31 20:27 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\vlc
2018-03-28 03:32 - 2017-11-28 00:02 - 000003124 _____ C:\Windows\System32\Tasks\{6D044146-F32D-4265-B4B2-233CC99AA07B}
2018-03-28 03:32 - 2017-06-27 23:19 - 000003992 _____ C:\Windows\System32\Tasks\Cybereason RansomFree Keepalive
2018-03-28 03:32 - 2017-05-15 19:09 - 000003098 _____ C:\Windows\System32\Tasks\Cybereason RansomFree Autostart
2018-03-28 03:32 - 2017-04-02 09:12 - 000002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-03-28 03:32 - 2017-03-28 16:46 - 000003898 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1490730375
2018-03-28 03:32 - 2017-03-28 16:44 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-03-28 03:32 - 2014-08-08 12:16 - 000003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-03-28 03:32 - 2014-08-08 12:16 - 000003372 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-27 18:51 - 2017-03-28 16:47 - 000000000 ___SD C:\Users\Usuario\AppData\LocalLow\Temp
2018-03-22 18:49 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
2018-03-21 22:20 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\system32\NDF
2018-03-21 21:53 - 2017-03-28 16:43 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-03-21 06:14 - 2014-08-08 12:16 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-19 22:03 - 2017-09-22 14:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-03-14 17:29 - 2009-07-14 01:45 - 000431616 _____ C:\Windows\system32\FNTCACHE.DAT
2018-03-13 20:10 - 2014-08-08 11:14 - 000119240 _____ C:\Users\Usuario\AppData\Local\GDIPFONTCACHEV1.DAT
2018-03-13 07:25 - 2017-11-16 10:30 - 000196648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-03-13 07:25 - 2017-03-28 16:43 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-03-13 07:25 - 2017-03-28 16:43 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-03-13 07:25 - 2017-03-28 16:43 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-03-13 07:25 - 2017-03-28 16:43 - 000146656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-03-13 07:25 - 2017-03-28 16:43 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-03-13 07:25 - 2017-03-28 16:43 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-03-13 07:25 - 2017-03-28 16:43 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-03-13 07:24 - 2017-03-28 16:43 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-03-13 07:24 - 2017-03-28 16:43 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-03-13 07:24 - 2017-03-28 16:43 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-03-13 07:24 - 2017-03-28 16:43 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-03-13 07:24 - 2017-03-28 16:43 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys

==================== Arquivos na raiz de alguns diretórios =======

2017-04-05 22:18 - 2017-04-05 22:35 - 000000132 _____ () C:\Users\Usuario\AppData\Roaming\Preferências do formato PNG do Adobe CS5
2012-12-19 11:46 - 2012-12-19 11:46 - 018903019 _____ (ZJMedia Digital Technology Ltd.) C:\Users\Usuario\AppData\Roaming\WinAVI_Video_Converter.exe
2017-04-24 20:46 - 2017-09-02 23:33 - 000007607 _____ () C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
2018-01-15 08:58 - 2018-01-15 10:28 - 000000179 _____ () C:\Users\Usuario\AppData\Local\uts.ini

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2018-03-19 00:42

==================== Fim de FRST.txt ============================

Addition.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa... amigo, o FRST deve ser executado do Desktop da partição da instalação do Windows, no caso C:

 

Por favor, delete o FRST do D: e refaça os logs.

 

Fico no aguado. :)

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×