Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RKill detected an item! "NDISRD* [PUP/GEN]" -- (strange and fake Network driver)


  • This topic is locked This topic is locked
15 replies to this topic

#1 LHVF

LHVF

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 08 January 2018 - 09:36 PM

Hello to everyone from the Security Team of BleepingComputer Forums!
 
 
  Since I'm new here, and I am presenting here a problem very similar to the below linked, already closed and resolved Topic:
 

https://www.bleepingcomputer.com/forums/t/664552/help-rkill-detected-a-pupgen/

 

, I want to receive the adequated support, maybe adapted to my case in specific, since the instructions may vary in my case, since the Windows 7 OS and it is in another idiom (Brazilian Portuguese Idiom to be clearer here), and I'll need the set of correct instructions to can sucessful fix the here open issue at the moment, since the platform of my Windows OS is different to the quoted guy, thus being "x86" (a 32-bit Operating System) instead of "x64" as the guy mentioned have.

 

 

I have some symptoms as I can list and enumerate for now:
 
 
1st Symptom:
 
 
The computer after that the Rkill is ran, loses the Network Connection and Internet access, and I need to restart the PC for gain Internet and Network access again.
***The guy that openned the above Topic linked case have complainted about this symptom, mentioning this comportment in his computer after a scanning of RKill software.
 

 

2st Symptom:

 

 

I also can enumerate that I've found this strange Driver / Windows fake-Service (as stayed clear and appeared recently) being runned in my Windows 7 x86, and, initially, this was not a evidence and was not a clear symptom in infections that I may have had after some not much careful Internet navigation (Sharing Sites). After this, I also have make some scanings on my PC with several known Antivirus / Anti-malware Solutions, without that this had been really clear and a fact on my OS at the begin, appearing thus a time later, as clearly was showed recently in the RKill logs. The AV sequence that I always was passing on my Windows was:

 

• RKill (all distributed versions at BleepingComputer download section);
• Malwarebytes Premium (14-day Trial Evaluation Software);
• RogueKiller Trial version (as recently that software is being distributed within the Pro features nowadays)
• JRT (both the older versions and also the posteriorly released versions by the Malwarebytes Company, after them made the acquision of the development of this software )
• and finally for the proper clean of software of the type Adware (Spyware / "PUP / PUA" software) the "AdwCleaner" versions prior the acquision by the Malwarebytes Company.

 

3rd Symptom:

 

The computer suffers clearly with some kind of DoS periodically (Denial-of-Service), and to clearly describe this problem, from time to time, I can't access / navigate properly in any websites using any installed Web Browser on this PC, because, probably, this fake-Driver / fake-Windows Service makes a intermediation between the DNS part and the Internet connection, making some known errors in Google Chrome (as a note for quoting this Web Browsing software: it is because this Browser debug these types of errors, only to mention):

 

• 'DNS_Probe_Finished_Bad_Config'

• ‘DNS_PROBE_FINISHED_NXDOMAIN’
• and other, that I'm not well remarked well "DNS (*something) Reset").
 
 
The below "issue command" to fix problems in Network from Command Prompt (AKA "CMD.exe"):
 

IPCONFIG /flushdns

 

doesn't resolve this DNS problems that I'm here often mentioning. Then, thus after some wait, and closing current openned Web Browsers, and cleaning the Cache and Internet Cookies with CCleaner, the problem go away, and I can navigate in the web normally. But sometimes the DNS problems are persistent, and I can't even navigate properly, and because this problem (maybe), when these problems were occuring I suffered an invasion in my Free Account of Dropbox with the Server from them accusing that I had exceeded the traffic limit for the month"), but this situation maybe not be really true or can be unrelated (I haven't make any complaint about this problem in the proper Dropbox Forums until the moment, for them make some further investigations on this issue this manner, if needed -- maybe really necessary).

 

Another historic, as I can here notice, are that I have putted my Windows 7 in Clean Boot, because some other critical error (one more severe related to the trivial and essential 'DCOM Explorer Service", that after the "Selective Startup", gone away), and the BSODs presented to me were also gone away. But some softwares I really can't install on my Windows 7, and debugging I've seen that some part are corrupt (as the Microsoft 'AppVerifier' software debugger, with the Install Shield via command-line installation indicating a status of corruption). 

 

For now, I can use Photoshop and run many other softwares normally, but the CorelDRAW because of the "Clean Boot" cannot even finish the Setup (many Windows Services Modules were deactivated, for sake the system conflicts). The conflicts stayed many severe, after that I was accessing some Sharing Sites in Windows 7 (some of them "fake" ones appearing as US Government confiscated (*Eagle Logotype) websites by be an 'illegal content', and that may had "Virures / Malwares", and some weeks later the OS began to have some BSODs, as the status "1058", needing thus a operating system reinstallation, but with "Clean Boot" this was isolated and wasn't needed in the final situation showed for me until the moment.

 

Here are one of the LOG's, for the specific persons from the Security Team investigate might help me with my mentioned problem:

 

Rkill.txt:

 

 

Rkill 2.9.1 by Lawrence Abrams (Grinler)

Copyright 2008-2018 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/05/2018 10:04:21 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * NDISRD Stopped. [PUP/GEN]
 
1 service stopped!
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 01/05/2018 10:08:06 PM
Execution time: 0 hours(s), 3 minute(s), and 44 seconds(s)
 

 

FRST.txt:

 

PS.: ONLY ATTACHED (TOO LONG TEXT IN THE FILE..)

 

Shortcut.txt:

 

PS.: ONLY ATTACHED (TOO LONG TEXT IN THE FILE..)

 

 

Obs.: The LOG's were made with all FRST Options enabled.

 

 

Might someone help me in my specifc case? I will make some other steps and advices if given here.
 
 
Maybe we will have some delay because of the timezone. Where is located the people and BleepingComputer Servers of the Forums in the world? Maybe this is not necessary to mention here, because maybe there are many and different people that are available to help around the world.
 
 
Note: And also, ask me to provide more details if necessary. And a last note, sorry for my bad english, I'm not a native English speaker. Mistyped words may be still here on my text.
 
Note[2]: I removed with RogueKiller a strange driver (marked in red by the AV) file in Windows \ system32, and some BSODs were gone after this cleaning. Many accumulated problems may be still present on my PC.
 
 
Thanks and waiting for some advices and support, to fix and to resolve the problems on my PC.
 
 
 
Best Regards.
@LHVF,
Brazil.

Attached Files


Edited by LHVF, 08 January 2018 - 11:39 PM.


BC AdBot (Login to Remove)

 


#2 LHVF

LHVF
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 08 January 2018 - 10:26 PM

Hi again!

 

  During the writting of this Topic, a Notepad windows appeared from nothing.. Maybe a "Script-kiddie" or much less probably a "Cracker" was trying to use my band-width for illegal activities! Keylogger indeed..

 

 

More than only one infection thus.. And thus I've passed "SMFixer" last year for gain access for some losed Windows 7 "Safe Mode" options that were not working (Bootkit as I have read in some websites.. . Some still can't works at the moment). "Restore Point" feature don't works also since a long time ago, when occured an infection of Baidu AV from Adware PUP / PUA (from "express installations" of my father -- he insists in making the installation this manner..), because it is a well known "Rootkit / Spyware" sofisticated (already have removed this from mine Windows PC, with the intervention and intermediation of the own "malware uninstaller" in the past, and with the support of the Avast Internet Security (paid AV Solution), mentioning that "two AV can't run at the same time").

 

 

Please help, with all the needed proceedings.

 

 

I've Installed these AV / Antil-malware Solutions nowadays and currently:

 

• Avast Internet Security (with Clean Up software);

•  and MBAM (Premium version).

 

 

Waiting the Security Team responses, ASAP.

 

Bootable Antivirus / Anti-malware (Linux Distributions) may be needed for a complete clean and drivers issues.

 

 

NoteSorry for the bad English again. If there are some remaining errors mistyped words, later I'll fix this on my text. Don't hesitate for ask me to any needed information.

 

 

Best Regards.

 

Thanks.

 

@LHVF (Brazil).


Edited by LHVF, 08 January 2018 - 11:32 PM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:52 AM

Posted 09 January 2018 - 09:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
Download Accelerator Plus (DAP) (HKLM\...\Download Accelerator Plus (DAP)) (Version: 10060 (Build 2599) - Speedbit Ltd.)
---

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
GroupPolicy\User: Restrição ? <==== ATENÇÃO
GroupPolicyUsers\S-1-5-21-3370822099-4033009180-3280478221-1024\User: Restrição <==== ATENÇÃO
GroupPolicyUsers\S-1-5-21-3370822099-4033009180-3280478221-1021\User: Restrição <==== ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S2 qogolefo; não ImagePath
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert32.sys [31448 2015-07-07] (Basil)
S3 AsrCDDrv; \??\C:\Windows\system32\Drivers\AsrCDDrv.sys [X]
S3 catchme; \??\C:\Users\luish\AppData\Local\Temp\catchme.sys [X]
S3 CFcatchme; \??\C:\ComboFix\CFcatchme.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg32.sys [X]

ContextMenuHandlers2: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} =>  -> Nenhum Arquivo
ContextMenuHandlers6: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} =>  -> Nenhum Arquivo
Task: {3AA820DC-DFE9-4884-A2D0-F6A81C0DA4E6} - System32\Tasks\SBWUpdateTask_Logon_7c28d734-00E07DF559DB => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe <==== ATENÇÃO
Task: {444326C8-1CB2-422C-8829-8B1759FE40CE} - System32\Tasks\SBWUpdateTask_Time_7c28d734-00E07DF559DB => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe <==== ATENÇÃO
AlternateDataStreams: C:\Program Files\GbPlugin:IncompleteStartProcessProtection.cnt [8]
AlternateDataStreams: C:\Program Files\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst [514]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [0]
AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [135]
AlternateDataStreams: C:\Users\luis.computnine\Desktop\CorelDRAWGraphicsSuiteX6Installer_EN32Bit.exe:xdg.origin.url [161]
AlternateDataStreams: C:\Users\luis.computnine\Desktop\CorelDRAWGraphicsSuiteX6Installer_EN32Bit.exe:xdg.referrer.url [116]
AlternateDataStreams: C:\Users\luis.computnine\Downloads\OperaPortable_40.0.2308.81.paf.exe:xdg.origin.url [95]
AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10]
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:56E2E879 [135]

C:\Windows\System32\Tasks\SBWUpdateTask_Logon_7c28d734-00E07DF559DB
C:\Windows\System32\Tasks\SBWUpdateTask_Time_7c28d734-00E07DF559DB
C:\Program Files\Common Files\Speedbit
C:\Program Files\Diebold\Warsaw

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
---

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)

Please let me know what problem persists with this computer.

Lets check this stopped service reported by the Rkill program
 

Checking for Windows services to stop:
* NDISRD Stopped. [PUP/GEN]
1 service stopped!


It may be a false positive. This is the driver I found on your log.
R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-08-15] (GAS Tecnologia)

Lets find out what we can find in the registry that may be different.

Lets see what we can find in the Registry.

Farbar Recovery Scan Tool (FRST) - Registry Search
Follow the instructions below to download and execute a Registry search on your system with FRST, and provide the log in your next reply.
  • Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • In the Search text area, copy and paste the following:
NDISRD
  • Once done, click on the Search Registry button and wait for FRST to finish the search;
  • On completion, a log will open in Notepad. Copy and paste its content in your next reply;
Please post the logs and let me know what problem persists.

#4 LHVF

LHVF
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 12 January 2018 - 06:56 PM

Hi again!


Here are the outputs of the requested LOG's:

First LOG (Fixlog.txt):

Quote
Resultado da Correção pela Farbar Recovery Scan Tool (x86) Versão: 02.01.2018
Executado por luish (10-01-2018 22:27:08) Run:1
Executando a partir de C:\Users\luish.computnine\Desktop\AV_(2018)\Outros
Perfis Carregados: luish &amp; UpdatusUser (Perfis Disponíveis: luish &amp; marcoaufer &amp; luis &amp; marcopai &amp; lula &amp; UpdatusUser &amp; isabecris &amp; acronimo &amp; clarissa &amp; cassia &amp; IsabelCris)
Modo da Inicialização: Normal

==============================================

fixlist Conteúdo:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrio &lt;==== ATENO
GroupPolicy\User: Restrio ? &lt;==== ATENO
GroupPolicyUsers\S-1-5-21-3370822099-4033009180-3280478221-1024\User: Restrio &lt;==== ATENO
GroupPolicyUsers\S-1-5-21-3370822099-4033009180-3280478221-1021\User: Restrio &lt;==== ATENO
CHR HKLM\SOFTWARE\Policies\Google: Restrio &lt;==== ATENO
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&amp;q={searchTerms}
SearchScopes: HKLM -&gt; {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&amp;q={searchTerms}
FF Plugin: @microsoft.com/GENUINE -&gt; disabled [Nenhum Arquivo]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S2 qogolefo; no ImagePath
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert32.sys [31448 2015-07-07] (Basil)
S3 AsrCDDrv; \??\C:\Windows\system32\Drivers\AsrCDDrv.sys [X]
S3 catchme; \??\C:\Users\luish\AppData\Local\Temp\catchme.sys [X]
S3 CFcatchme; \??\C:\ComboFix\CFcatchme.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg32.sys [X]

ContextMenuHandlers2: [Baidu_Scan] -&gt; {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} =&gt; -&gt; Nenhum Arquivo
ContextMenuHandlers6: [Baidu_Scan] -&gt; {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} =&gt; -&gt; Nenhum Arquivo
Task: {3AA820DC-DFE9-4884-A2D0-F6A81C0DA4E6} - System32\Tasks\SBWUpdateTask_Logon_7c28d734-00E07DF559DB =&gt; C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe &lt;==== ATENO
Task: {444326C8-1CB2-422C-8829-8B1759FE40CE} - System32\Tasks\SBWUpdateTask_Time_7c28d734-00E07DF559DB =&gt; C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe &lt;==== ATENO
AlternateDataStreams: C:\Program Files\GbPlugin:IncompleteStartProcessProtection.cnt [8]
AlternateDataStreams: C:\Program Files\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst [514]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [0]
AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [135]
AlternateDataStreams: C:\Users\luis.computnine\Desktop\CorelDRAWGraphicsSuiteX6Installer_EN32Bit.exe:xdg.origin.url [161]
AlternateDataStreams: C:\Users\luis.computnine\Desktop\CorelDRAWGraphicsSuiteX6Installer_EN32Bit.exe:xdg.referrer.url [116]
AlternateDataStreams: C:\Users\luis.computnine\Downloads\OperaPortable_40.0.2308.81.paf.exe:xdg.origin.url [95]
AlternateDataStreams: C:\Users\Todos os Usurios\GbPlugin:IncompleteStartGbprcm.cnt [10]
AlternateDataStreams: C:\Users\Todos os Usurios\TEMP:56E2E879 [135]

C:\Windows\System32\Tasks\SBWUpdateTask_Logon_7c28d734-00E07DF559DB
C:\Windows\System32\Tasks\SBWUpdateTask_Time_7c28d734-00E07DF559DB
C:\Program Files\Common Files\Speedbit
C:\Program Files\Diebold\Warsaw

End
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" =&gt; removido (a) com sucesso.
C:\Windows\system32\GroupPolicy\User =&gt; movido com sucesso
C:\Windows\system32\GroupPolicy\GPT.ini =&gt; movido com sucesso
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3370822099-4033009180-3280478221-1024\User =&gt; movido com sucesso
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3370822099-4033009180-3280478221-1021\User =&gt; movido com sucesso
"HKLM\SOFTWARE\Policies\Google" =&gt; removido (a) com sucesso.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page =&gt; valor restaurado com sucesso
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" =&gt; removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} =&gt; não encontrado (a)
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" =&gt; removido (a) com sucesso.
"HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" =&gt; removido (a) com sucesso.
"HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" =&gt; removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Services\qogolefo" =&gt; removido (a) com sucesso.
qogolefo =&gt; serviço removido (a) com sucesso.
WinDivert1.1 =&gt; Não foi possível finalizar o serviço.
"HKLM\System\CurrentControlSet\Services\WinDivert1.1" =&gt; removido (a) com sucesso.
WinDivert1.1 =&gt; serviço removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Services\AsrCDDrv" =&gt; removido (a) com sucesso.
AsrCDDrv =&gt; serviço removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Services\catchme" =&gt; removido (a) com sucesso.
catchme =&gt; serviço removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Services\CFcatchme" =&gt; removido (a) com sucesso.
CFcatchme =&gt; serviço removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Services\gbpddreg" =&gt; removido (a) com sucesso.
gbpddreg =&gt; serviço removido (a) com sucesso.
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Baidu_Scan" =&gt; removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB} =&gt; não encontrado (a)
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan" =&gt; removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB} =&gt; não encontrado (a)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AA820DC-DFE9-4884-A2D0-F6A81C0DA4E6} =&gt; Não pode ser removido. ErrorCode1: 0x00000001
"C:\Windows\System32\Tasks\SBWUpdateTask_Logon_7c28d734-00E07DF559DB" =&gt; não encontrado (a)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SBWUpdateTask_Logon_7c28d734-00E07DF559DB =&gt; não encontrado (a)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{444326C8-1CB2-422C-8829-8B1759FE40CE} =&gt; não encontrado (a)
"C:\Windows\System32\Tasks\SBWUpdateTask_Time_7c28d734-00E07DF559DB" =&gt; não encontrado (a)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SBWUpdateTask_Time_7c28d734-00E07DF559DB =&gt; não encontrado (a)
C:\Program Files\GbPlugin =&gt; ":IncompleteStartProcessProtection.cnt" ADS removido (a) com sucesso.
C:\Program Files\GbPlugin =&gt; ":u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==" ADS removido (a) com sucesso.
C:\Windows\system32\drivers =&gt; ":GbpKmAp.lst" ADS removido (a) com sucesso.
C:\Windows\system32\Drivers\wsddfac.sys =&gt; ":X5ZN8aGXs4" ADS removido (a) com sucesso.
C:\ProgramData\GbPlugin =&gt; ":IncompleteStartGbprcm.cnt" ADS removido (a) com sucesso.
C:\ProgramData\TEMP =&gt; ":56E2E879" ADS removido (a) com sucesso.
C:\Users\luis.computnine\Desktop\CorelDRAWGraphicsSuiteX6Installer_EN32Bit.exe =&gt; ":xdg.origin.url" ADS removido (a) com sucesso.
C:\Users\luis.computnine\Desktop\CorelDRAWGraphicsSuiteX6Installer_EN32Bit.exe =&gt; ":xdg.referrer.url" ADS removido (a) com sucesso.
C:\Users\luis.computnine\Downloads\OperaPortable_40.0.2308.81.paf.exe =&gt; ":xdg.origin.url" ADS removido (a) com sucesso.
"C:\Users\Todos os Usurios\GbPlugin" =&gt; ":IncompleteStartGbprcm.cnt" ADS não encontrado (a).
"C:\Users\Todos os Usurios\TEMP" =&gt; ":56E2E879" ADS não encontrado (a).
"C:\Windows\System32\Tasks\SBWUpdateTask_Logon_7c28d734-00E07DF559DB" =&gt; não encontrado (a)
"C:\Windows\System32\Tasks\SBWUpdateTask_Time_7c28d734-00E07DF559DB" =&gt; não encontrado (a)
"C:\Program Files\Common Files\Speedbit" =&gt; não encontrado (a)
C:\Program Files\Diebold\Warsaw =&gt; movido com sucesso

=========== EmptyTemp: ==========

BITS transfer queue =&gt; 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache =&gt; 41956164 B
Java, Flash, Steam htmlcache =&gt; 506 B
Windows/system/drivers =&gt; 322648 B
Edge =&gt; 0 B
Chrome =&gt; 7411127 B
Firefox =&gt; 27239667 B
Opera =&gt; 0 B

Temp, IE cache, history, cookies, recent:
Users =&gt; 0 B
Default =&gt; 33125 B
Public =&gt; 0 B
ProgramData =&gt; 0 B
systemprofile =&gt; 97938 B
LocalService =&gt; 66228 B
NetworkService =&gt; 66488 B
luish.computnine =&gt; 10301266 B
marcoaufer =&gt; 503780400 B
luis.computnine =&gt; 10828185 B
marcopai =&gt; 60838401 B
lula =&gt; 1278868 B
UpdatusUser =&gt; 0 B
isabecris =&gt; 96511773 B
acronimo =&gt; 11830169 B
clarissa =&gt; 266271 B
cassia =&gt; 14804417 B
IsabelCris =&gt; 682713 B

RecycleBin =&gt; 437993 B
EmptyTemp: =&gt; 760.2 MB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 22:31:45 ====


Second LOG (SearchReg.txt):

Quote
Farbar Recovery Scan Tool (x86) Versão: 02.01.2018
Executado por luish (10-01-2018 23:24:04)
Executando a partir de C:\Users\luish.computnine\Desktop\AV_(2018)\Outros\últimos
Modo da Inicialização: Normal

================== Pesquisar Registro: "NDISRD" ===========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{CD75C963-E19F-4139-BC3B-14019EF72F19}]
"LocDescription"="@oem9.inf,%ndisrd_desc%;GAS Tecnologia Filter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{CD75C963-E19F-4139-BC3B-14019EF72F19}]
"ComponentId"="nt_ndisrd"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{CD75C963-E19F-4139-BC3B-14019EF72F19}\Ndi]
"Service"="ndisrd"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{CD75C963-E19F-4139-BC3B-14019EF72F19}\Ndi]
"CoServices"="ndisrd"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NDISRD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NDISRD\0000]
"Service"="ndisrd"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NDISRD\0000\Control]
"ActiveService"="ndisrd"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ndisrd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ndisrd]
"ImagePath"="system32\DRIVERS\gbpndisrdn.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ndisrd\Enum]
"0"="Root\LEGACY_NDISRD\0000"

====== Fim de Pesquisar ======


. Unfortunately, after all these procedures, the RKill software still encounters the "*NDISRD" process running, and attempts to kill it, also as the linked case, here mentioned and already resolved, after this, the Network and Internet Access are interrupted, and only restarting the computer that I went able to restore these connections again. Here is the log output of RKill after all this passages and required steps for a proper computer cleaning:

Quote
Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2018 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/10/2018 11:57:45 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* NDISRD Stopped. [PUP/GEN]

1 service stopped!

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, &amp; .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/11/2018 12:00:47 AM
Execution time: 0 hours(s), 3 minute(s), and 1 seconds(s)


. Maybe am I infected also by some type of Trojan or Rootkit, that were accumulated around these elapsed last years (as the symptom of a "Notepad.exe" opened from nothing as noticed by me, when I've been writting this Topic on the first time) ?

I cannot, at least, to connect a Tablet from Philco Manufacturer from my brother, since middle of December last year, and I cannot isolate this problem completely, for assure that this mentioned problem is from some kind of damaged USB port (that under Linux runs properly, without any problem noticed by me in some first tests that I did), or it is caused by some strange driver (a malware of type "Rootkit" would be evident here, or even some type of malware that enters between the Kernel layer or Windows 7 Services and drivers causing damages, and that interfers to a proper functionality of the Windows drivers), that hinders me to can zeroing (of to make a Device formatting) to restore to the Factory Settings this mentioned Tablet. Some comportments are suspicious on the computer usage, and I'm taking here the attention for this, for eliminate the origin of problem, controlling the allowed users accesses, for thus, this manner, do not to contract "viruses / malwares" provenients of some bad computer utilization from my siblings and parents in the future, maybe caught when my mother allowed my brother to use incorrectly this computer (not watching him). I will also report some type of "False-positives" to the proper Avast Forums, since I'm paying the Premier product license of them, and for they make the necessary fixes for many incorrect detections ("false-positives"), that certainly this could wrongly to delete all my installed Portables (7zSFX binaries) present on my computer, that are coming from authentic and procedents Portable Apps, that comes only from the PortableApps.com website, if my father decide to realize a full scanning with this Antivirus next days.


Another important notice here, is that the detection that you have gave me as a suspicious problem, and might also these could be false-positive detections, that I'm quoting below, that (evidently) is clearly needed to pay attention on this helping:


Quote
R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-08-15] (GAS Tecnologia)


, with which I may indicate that this software that you have found, is an old unused Online Bank module, that nowadays is unnecessary, and should be removed (if you might knows by the name, is from "Banco do Brasil", or translating to the English, "Bank of Brazil" a big and well known Public Bank in Brazil). This computer could be also infected of another pragues too, since for now I do remembers, that only after the middle of December last year (from an evidence encountered by me later, when I could locate that a USB Flash Drive of 64GB from Kingston has been opened on my Windows 7, according to what the "USBDeview" and "Unknown Device Identifier" softwares showed on its logs, and recently installed driver on this Windows), is that USB ports stopped working for the recognition on the PC of an old Tablet of my brother from the Philco Manufacturer, that I can relate to these strange comportment of mal-function of these USB ports (might be from damaged ports in Motherboard, but on Linux these ports are working correctly). An Admin Account was deactivated by me after this acknowledgment.

I also could advice to you also should indicate to me, to make a complete removing of this Module (maybe) that is being conflicting (a fixme.reg), and that presents as a strange driver and a Windows Service here not being never related as reliable (that after RKill is ran, my Network and the Internet connection are killed, and also because the "Bank of Brazil" module are not more needed), and also may be being infected, also I can notify that this Online Bank don't uses PCs anymore for Banking access, only Apps for Mobile Phones ("Smartphones") are available nowadays, and should be completely removed from my computer (as was done in the linked case, and that the guy asked the needed next steps to isolate the problem of him, thus with the problem being resolved in that case (maybe similar, or something related to mine) ). Please, indicate to me which more steps that should I do, for finally can resolve the problems within "NDISRD" Driver / Windows Service (maybe a generic name detection in RKill), and proceed cleaning from these evidents infections that were here presented on the already quoted logs.

Maybe should be necessary, since the MBAM (14-day Premium version) founds nothing on my computer, that you consider in this case these anothers below listed Anti-Adwares (PUP / PUA):

RogueKiller (Pro trial version features);
JRT (the version after the acquision by Malwarebytes Company);
AdwCleaner (the version after the acquision by Malwarebytes Company).


for properly remove from the Web Browsers some remaining "Unwanted Programs / Applications" infections on my computer, that maybe might exist yet at the moment?


Obs.: After all these proceedings, do you not considers also a Full scanning with the "SUPERAntyspyware Pro" and to finish all with a full scanning of the "ESET-NOD32 Online Scanner" for guarantee to me a complete "malwares" removing from all possible remaining infections that in a near future can be still present on this computer? And also the "Delfix" wouldn't be considered, for cleaning some old "malwares", that maybe had its data "backuped" in some time ago done "Restore Point" on my Windows 7 (that was backuped with this Windows feature since the time that Baidu AV was installed some last year by Adwares (PUP / PUA) )? Also, the "MBAR" (Malwarebytes Anti-Rootkit) would not be considered from this presented case, and within of what was now shown on the logs and symptoms here presented at the moment?


Waiting the recommended next steps and the resolving of my computer problems, by follow here these always recommended steps. I believe that a resolving will be possible in my case, without any OS reinstallation.



Note: At the moment, I already have uninstalled the DAP (that IMO is a clean software for usage and not harmful) and the outdated Java as was solicited by you. I wouldn't never fall in the trap of the "Java ' 0-day fix' malware posing update offer" as was mentioned by you. And I am the only Admin that frequently uses this computer. And by last, sorry for my bad English. After the first reboot, and the FRST solicited procedures, the computer take several minutes to load the login screen and the startup sound take several minutes to play (maybe some evident malwares are still present on this machine, same after these attempts to cleaning).


Thanks.


Best Regards.
@LHVF (Brazil).

Edited by LHVF, 13 January 2018 - 04:32 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:52 AM

Posted 13 January 2018 - 08:48 AM



Hi,

Let go back on step.

Please download and run these cleaning programs.

:step1:
Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

:step2:
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Run the Farbar program and post fresh FRST and Addition.txt log for my review.

p.s.
To create a new additionl.txt file make sure tha the box to create a new log is check.

Do not run the Rkill program any more until all is well with this computer.

#6 LHVF

LHVF
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 18 January 2018 - 12:11 AM

Hi once again!
 
At the moment, I have did your solicited scans, and, at the first time, some items were found. Then, I will post both the logs with some results encountered, and only as attachments the my later done scans that haven't encountered none or critical results (it seems to be already cleaned in the software capacity and malware recognition within the same softwares), but my computer it is still suffering with the same comportment of DNS problems currently -- a strange comportment and remaining problem (maybe due to some strange infiltrated driver or "msconfig" hidden services that are still running on my Windows 7 operating system in background).
 
Firstly, follows the first logs with the detections:
 
AdwCleaner[C0].txt:
 
# AdwCleaner 7.0.6.0 - Logfile created on Tue Jan 16 02:35:14 2018# Updated on 2017/21/12 by Malwarebytes # Running on Windows 7 Professional (X86)# Mode: clean# Support: https://www.malwarebytes.com/support***** [ Services ] *****No malicious services deleted.***** [ Folders ] *****Deleted: C:\ProgramData\SpeedbitDeleted: C:\ProgramData\Application Data\SpeedbitDeleted: C:\Users\acronimo\AppData\LocalLow\SpeedbitDeleted: C:\Users\acronimo\AppData\Roaming\SpeedbitDeleted: C:\Users\All Users\SpeedbitDeleted: C:\Users\isabecris\AppData\LocalLow\SpeedbitDeleted: C:\Users\isabecris\AppData\Roaming\SpeedbitDeleted: C:\Users\luis.computnine\AppData\LocalLow\SpeedbitDeleted: C:\Users\luis.computnine\AppData\Roaming\SpeedbitDeleted: C:\Users\luish.computnine\AppData\LocalLow\SpeedbitDeleted: C:\Users\luish.computnine\AppData\Roaming\SpeedbitDeleted: C:\Users\lula\AppData\LocalLow\SpeedbitDeleted: C:\Users\lula\AppData\Roaming\SpeedbitDeleted: C:\Users\marcopai\AppData\LocalLow\SpeedbitDeleted: C:\Users\Todos os Usuários\SpeedbitDeleted: C:\Users\All Users\Documents\pc fasterDeleted: C:\Users\Public\Documents\pc fasterDeleted: C:\Users\Todos os Usuários\Documents\pc faster***** [ Files ] *****No malicious files deleted.***** [ DLL ] *****No malicious DLLs cleaned.***** [ WMI ] *****No malicious WMI cleaned.***** [ Shortcuts ] *****No malicious shortcuts cleaned.***** [ Tasks ] *****No malicious tasks deleted.***** [ Registry ] *****Deleted: [Key] - HKU\S-1-5-21-3370822099-4033009180-3280478221-1001\Software\SpeedBitDeleted: [Key] - HKU\S-1-5-21-3370822099-4033009180-3280478221-1007\Software\SpeedBitDeleted: [Key] - HKCU\Software\SpeedBitDeleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\servicesDeleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\servicesDeleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\servicesDeleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services***** [ Firefox (and derivatives) ] *****No malicious Firefox entries deleted.***** [ Chromium (and derivatives) ] *****No malicious Chromium entries deleted.*************************::Tracing keys deleted::Winsock settings cleared::Additional Actions: 0*************************C:/AdwCleaner/AdwCleaner[S0].txt - [2632 B] - [2018/1/16 2:31:18]########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
AdwCleaner[S0].txt:
# AdwCleaner 7.0.6.0 - Logfile created on Tue Jan 16 02:31:18 2018# Updated on 2017/21/12 by Malwarebytes # Database: 01-11-2018.1# Running on Windows 7 Professional (X86)# Mode: scan# Support: https://www.malwarebytes.com/support***** [ Services ] *****No malicious services found.***** [ Folders ] *****PUP.Optional.Legacy, C:\ProgramData\SpeedbitPUP.Optional.Legacy, C:\ProgramData\Application Data\SpeedbitPUP.Optional.Legacy, C:\Users\acronimo\AppData\LocalLow\SpeedbitPUP.Optional.Legacy, C:\Users\acronimo\AppData\Roaming\SpeedbitPUP.Optional.Legacy, C:\Users\All Users\SpeedbitPUP.Optional.Legacy, C:\Users\isabecris\AppData\LocalLow\SpeedbitPUP.Optional.Legacy, C:\Users\isabecris\AppData\Roaming\SpeedbitPUP.Optional.Legacy, C:\Users\luis.computnine\AppData\LocalLow\SpeedbitPUP.Optional.Legacy, C:\Users\luis.computnine\AppData\Roaming\SpeedbitPUP.Optional.Legacy, C:\Users\luish.computnine\AppData\LocalLow\SpeedbitPUP.Optional.Legacy, C:\Users\luish.computnine\AppData\Roaming\SpeedbitPUP.Optional.Legacy, C:\Users\lula\AppData\LocalLow\SpeedbitPUP.Optional.Legacy, C:\Users\lula\AppData\Roaming\SpeedbitPUP.Optional.Legacy, C:\Users\marcopai\AppData\LocalLow\SpeedbitPUP.Optional.Legacy, C:\Users\Todos os Usuários\SpeedbitPUP.Optional.Legacy, C:\Users\All Users\Documents\pc fasterPUP.Optional.Legacy, C:\Users\Public\Documents\pc fasterPUP.Optional.Legacy, C:\Users\Todos os Usuários\Documents\pc faster***** [ Files ] *****No malicious files found.***** [ DLL ] *****No malicious DLLs found.***** [ WMI ] *****No malicious WMI found.***** [ Shortcuts ] *****No malicious shortcuts found.***** [ Tasks ] *****No malicious tasks found.***** [ Registry ] *****PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3370822099-4033009180-3280478221-1001\Software\SpeedBitPUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3370822099-4033009180-3280478221-1007\Software\SpeedBitPUP.Optional.Legacy, [Key] - HKCU\Software\SpeedBitPUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\servicesPUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\servicesPUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\servicesPUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services***** [ Firefox (and derivatives) ] *****No malicious Firefox entries.***** [ Chromium (and derivatives) ] *****No malicious Chromium entries.*************************########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
 
. Seeing the results, I could point the source of some strange comportments to some "msconfig" "Windows illegitimate service" to be running on my Windows 7 OS.
 
Below, follows the MBAM Premium and of the FRST (this last today) logs (after some system reboots) that I will let as registers here:
 
View_Export_(16-01-2018).txt:
Malwarebyteswww.malwarebytes.com-Log Details-Scan Date: 1/15/18Scan Time: 10:43 PMLog File: 48f5f6e0-fa56-11e7-8009-000000000000.jsonAdministrator: Yes-Software Information-Version: 3.3.1.2183Components Version: 1.0.262Update Package Version: 1.0.3703License: Trial-System Information-OS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: computnine\luish-Scan Summary-Scan Type: Threat ScanResult: CompletedObjects Scanned: 438770Threats Detected: 8Threats Quarantined: 8Time Elapsed: 49 min, 33 sec-Scan Options-Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: DetectPUM: Detect-Scan Details-Process: 0(No malicious items detected)Module: 0(No malicious items detected)Registry Key: 0(No malicious items detected)Registry Value: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Data Stream: 0(No malicious items detected)Folder: 0(No malicious items detected)File: 8PUP.Optional.ASK, C:\USERS\LUIS.COMPUTNINE\DESKTOP\COMPACTADOS\BACKUP_GRAVAçãO.7Z, Quarantined, [463], [383618],1.0.3703PUP.Optional.ProductKeyFinder, C:\USERS\LUISH.COMPUTNINE\DESKTOP\EXECUTáVEIS\PRODUKEY\PRODUKEY.EXE, Quarantined, [6584], [86094],1.0.3703PUP.Optional.ProductKeyFinder, C:\USERS\LUISH.COMPUTNINE\DESKTOP\EXECUTáVEIS\PRODUKEY-X64\PRODUKEY.EXE, Quarantined, [6584], [86094],1.0.3703PUP.Optional.ProductKeyFinder, C:\USERS\LUISH.COMPUTNINE\DESKTOP\VRS\OUTRO\PRODUKEY.ZIP, Quarantined, [6584], [86094],1.0.3703PUP.Optional.ProductKeyFinder, C:\USERS\LUISH.COMPUTNINE\DESKTOP\VRS\PRODUKEY-X64.ZIP, Quarantined, [6584], [86094],1.0.3703PUP.Optional.ProductKeyFinder, C:\USERS\LULA\DESKTOP\ARQUIVOS_(ROBOT)\PEN\SERIAL_MS\PRODUKEY.ZIP, Quarantined, [6584], [86094],1.0.3703PUP.Optional.ProductKeyFinder, C:\USERS\LUISH.COMPUTNINE\DESKTOP\VRS\PRODUKEY.ZIP, Quarantined, [6584], [86094],1.0.3703PUP.Optional.ProductKeyFinder, C:\USERS\LULA\DESKTOP\ARQUIVOS_(ROBOT)\PEN\SERIAL_MS\PRODUKEY-X64.ZIP, Quarantined, [6584], [86094],1.0.3703Physical Sector: 0(No malicious items detected)(end)
Addition.txt:
Resultado do exame Adicional Farbar Recovery Scan Tool (x86) Versão: 17.01.2018 01Executado por luish (18-01-2018 02:20:50)Executando a partir de C:\Users\luish.computnine\Desktop\AV_(2018)\Outros\últimos\LOG's_(TXT's)\17-01-2018Microsoft Windows 7 Professional  Service Pack 1 (X86) (2014-03-30 15:09:17)Modo da Inicialização: Normal============================================================================== Contas: =============================acronimo (S-1-5-21-3370822099-4033009180-3280478221-1021 - Limited - Enabled) => C:\Users\acronimoAdministrador (S-1-5-21-3370822099-4033009180-3280478221-500 - Administrator - Disabled)Convidado (S-1-5-21-3370822099-4033009180-3280478221-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-3370822099-4033009180-3280478221-1002 - Limited - Enabled)isabecris (S-1-5-21-3370822099-4033009180-3280478221-1020 - Limited - Enabled) => C:\Users\isabecrisIsabelCris (S-1-5-21-3370822099-4033009180-3280478221-1101 - Limited - Enabled) => C:\Users\IsabelCrisluis (S-1-5-21-3370822099-4033009180-3280478221-1004 - Limited - Enabled) => C:\Users\luis.computnineluish (S-1-5-21-3370822099-4033009180-3280478221-1001 - Administrator - Enabled) => C:\Users\luish.computninelula (S-1-5-21-3370822099-4033009180-3280478221-1006 - Limited - Enabled) => C:\Users\lulamarcoaufer (S-1-5-21-3370822099-4033009180-3280478221-1003 - Administrator - Enabled) => C:\Users\marcoaufermarcopai (S-1-5-21-3370822099-4033009180-3280478221-1005 - Limited - Enabled) => C:\Users\marcopaiUpdatusUser (S-1-5-21-3370822099-4033009180-3280478221-1007 - Limited - Enabled) => C:\Users\UpdatusUser==================== Central de Segurança ========================(Se uma entrada for incluída na fixlist, será removida.)==================== Programas Instalados ======================(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)AAC ACM Codec 1.9 (HKLM\...\AACACM) (Version: 1.9 - fccHandler)AC-3 ACM Codec 2.2 (HKLM\...\AC3ACM) (Version: 2.2 - fccHandler)Acrobat.com (HKLM\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) HiddenAcrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)Adobe Acrobat Reader DC - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)Adobe Flash Player 28 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.3.183 - Adobe Systems, Inc.)Advertising Center (HKLM\...\{B2EC4A38-B545-4A00-8214-13FE0E915E6D}) (Version: 0.0.0.2 - Nero AG) HiddenAny Video Converter 5.7.7 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)ASRock IES v2.1.24 (HKLM\...\ASRock IES_is1) (Version:  - )Atualizações da NVIDIA 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)Avast Cleanup Premium (HKLM\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 17.2.3724.0 - AVAST Software)Avast Premier (HKLM\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP)Crystal Reports for Visual Studio (HKLM\...\{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}) (Version: 12.51.0.240 - SAP) HiddenDebug Diagnostics 2 Update 2 32-bit (HKLM\...\{95ED13B2-0182-4397-97A5-5EA69DE0AEFF}) (Version: 2.2.0.13 - Microsoft Corporation)Desinstalar impressora EPSON Stylus TX200 Series (HKLM\...\EPSON Stylus TX200 Series) (Version:  - SEIKO EPSON Corporation)Dotfuscator Software Services - Community Edition (HKLM\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )DVDAuthorGUI (remove only) (HKLM\...\DVDAuthorGUI) (Version:  - )EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)FireShot (HKLM\...\FireShot) (Version:  - )FireShot for Internet Explorer (HKLM\...\FireShot for IE) (Version:  - )Freemake Video Converter versão 4.1.4 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)GDR 4033 para o SQL Server 2008 R2 (KB2977320) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation)GDR 4042 para o SQL Server 2008 R2 (KB3045313) (HKLM\...\KB3045313) (Version: 10.52.4042.0 - Microsoft Corporation)GetASFStream (HKLM\...\GetASFStream) (Version:  - )GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)Google Chrome (HKLM\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) HiddenGoogle Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) HiddenHuffyuv AVI lossless video codec (Remove Only) (HKLM\...\HUFFYUV) (Version:  - )Hybrid (remove only) (HKLM\...\Hybrid) (Version: 2017.5.6.0 - Selur´s Hybrid)IconViewer (HKLM\...\{C6F34AE0-0576-11d4-82FE-4491FCC00000}) (Version: 3.2.147 - Bot Productions)ImagXpress (HKLM\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) HiddenInternet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )Kingsoft PDF to Word SDK (2.0.1) (HKLM\...\{113B2748-4AD7-425A-AD99-4F618E235550}) (Version: 2.0.1 - Zhuhai Kingsoft Office Software Co.,Ltd)K-Lite Mega Codec Pack 10.6.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.6.0 - )KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )LibreOffice 4.3 Help Pack (Portuguese (Brazil)) (HKLM\...\{FD3124B2-A20F-4FC7-BB0A-917063A64790}) (Version: 4.3.1.2 - The Document Foundation)LibreOffice 4.4.1.2 (HKLM\...\{4A754DA6-6E12-40AF-BAF0-B7D60C6BE005}) (Version: 4.4.1.2 - The Document Foundation)Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)Menu Templates - Pack 1 (HKLM\...\{56ABA277-EE53-4478-A607-FA42208FF5A9}) (Version: 9.6.0.0 - Nero AG) HiddenMenu Templates - Starter Kit (HKLM\...\{B78120A0-CF84-4366-A393-4D0A59BC546C}) (Version: 9.6.0.0 - Nero AG) HiddenMicrosoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)Microsoft ASP.NET MVC 2 (HKLM\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)Microsoft Report Viewer Redistributable 2008 SP1 (HKLM\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)Microsoft Silverlight 4 SDK (HKLM\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)Microsoft SQL Server 2008 R2 (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{8E0BF061-4331-4459-BB6C-C20F237B53DB}) (Version: 10.52.4042.0 - Microsoft Corporation)Microsoft SQL Server 2008 R2 Policies (HKLM\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{EFECC55D-7B0A-4D05-8487-CC2FD7C618A3}) (Version: 10.52.4042.0 - Microsoft Corporation)Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)Microsoft SQL Server Browser (HKLM\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)Microsoft SQL Server System CLR Types (HKLM\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)Microsoft SQL Server VSS Writer (HKLM\...\{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}) (Version: 10.52.4000.0 - Microsoft Corporation)Microsoft Sync Framework Runtime v1.0 SP1 (x86) (HKLM\...\{C6DD625F-4B61-4561-8286-87CA0275CEA1}) (Version: 1.0.3010.0 - Microsoft Corporation)Microsoft Sync Framework SDK v1.0 SP1 (HKLM\...\{97CE8B73-AA5A-4987-A1BE-50DD1A187478}) (Version: 1.0.3010.0 - Microsoft Corporation)Microsoft Sync Framework Services v1.0 SP1 (x86) (HKLM\...\{F990B526-8F7C-46E0-B1F1-6C893A8B478F}) (Version: 1.0.3010.0 - Microsoft Corporation)Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) (HKLM\...\{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}) (Version: 2.0.3010.0 - Microsoft Corporation)Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)Microsoft Visual F# 2.0 Runtime (HKLM\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (HKLM\...\{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2010 Service Pack 1 (HKLM\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)Microsoft Visual Studio 2010 Ultimate - ENU (HKLM\...\Microsoft Visual Studio 2010 Ultimate - ENU) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)Movie Templates - Starter Kit (HKLM\...\{E498385E-1C51-459A-B45F-1721E37AA1A0}) (Version: 9.6.0.0 - Nero AG) HiddenMozilla Firefox 57.0.4 (x86 pt-BR) (HKLM\...\Mozilla Firefox 57.0.4 (x86 pt-BR)) (Version: 57.0.4 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.4.6577 - Mozilla)MPEG Video Wizard DVD 5.0.1.110 (06/2014) (HKLM\...\{9FD45917-95E6-449D-ACC9-01E634A34CBD}_is1) (Version: 5.0.1.110 - Womble Multimedia, Inc.)MPEG Video Wizard DVD 5.0.1.110 (06/2014) (HKLM\...\Mpeg Video Wizard DVD 5.0) (Version: 5.0.1.110 (06/2014) - Womble Multimedia, Inc.)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Nero 9 Essentials (HKLM\...\{33e6e776-5d5d-4392-8293-263d9ab7e698}) (Version:  - Nero AG)NVIDIA Driver de gráficos 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)Painel de controle da NVIDIA 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 307.83 - NVIDIA Corporation) HiddenPlatform (HKLM\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) HiddenRevisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) HiddenRogueKiller versão 12.9.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.2.0 - Adlice Software)SafeZone Stable 4.58.2552.909 (HKLM\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) HiddenSamsung ML-1610 Series (HKLM\...\Samsung ML-1610 Series) (Version:  - )Samsung ML-1610 Series SmartPanel (HKLM\...\Samsung ML-1610 Series SmartPanel) (Version:  - )Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)Service Pack 2 for SQL Server 2008 R2 (KB2630458) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)SQL Server 2008 R2 Reporting Services (HKLM\...\{49E98741-B7A4-4A44-A536-6AFCA23106FE}) (Version: 10.50.1600.1 - Microsoft Corporation) HiddenSQL Server 2008 R2 SP2 BI Development Studio (HKLM\...\{143203CB-9E09-4D9D-91F1-D000EC6E1F87}) (Version: 10.52.4000.0 - Microsoft Corporation) HiddenSQL Server 2008 R2 SP2 BI Development Studio (HKLM\...\{2BF7DF19-F716-4986-AD4A-3AF6ACFEEE14}) (Version: 10.52.4000.0 - Microsoft Corporation) HiddenSQL Server 2008 R2 SP2 Common Files (HKLM\...\{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}) (Version: 10.52.4000.0 - Microsoft Corporation) HiddenSQL Server 2008 R2 SP2 Common Files (HKLM\...\{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}) (Version: 10.52.4000.0 - Microsoft Corporation) HiddenSQL Server 2008 R2 SP2 Database Engine Services (HKLM\...\{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}) (Version: 10.52.4000.0 - Microsoft Corporation) HiddenSQL Server 2008 R2 SP2 Database Engine Services (HKLM\...\{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}) (Version: 10.52.4000.0 - Microsoft Corporation) HiddenSQL Server 2008 R2 SP2 Database Engine Shared (HKLM\...\{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}) (Version: 10.52.4000.0 - Microsoft Corporation) HiddenSQL Server 2008 R2 SP2 Database Engine Shared (HKLM\...\{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}) (Version: 10.52.4000.0 - Microsoft Corporation) HiddenSQL Server 2008 R2 SP2 Full text search (HKLM\...\{06A7EA72-0F00-4D53-A81C-A5D925711141}) (Version: 10.52.4000.0 - Microsoft Corporation) HiddenSQL Server 2008 R2 SP2 Management Studio (HKLM\...\{020617D7-2F72-4D02-BF59-A5CBC1761177}) (Version: 10.52.4000.0 - Microsoft Corporation) HiddenSQL Server 2008 R2 SP2 Management Studio (HKLM\...\{121475F5-2598-4574-8801-8F6B3D6A99BB}) (Version: 10.52.4000.0 - Microsoft Corporation) HiddenSQL Server 2008 R2 SP2 Reporting Services (HKLM\...\{23F70562-02F4-4805-ACF5-6E52BAD167C2}) (Version: 10.52.4000.0 - Microsoft Corporation) HiddenSql Server Customer Experience Improvement Program (HKLM\...\{93998800-1608-403F-9A51-420A77D23C25}) (Version: 10.50.1600.1 - Microsoft Corporation) HiddenswMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) HiddenUnknown Device Identifier 9.01 (HKLM\...\Unknown Device Identifier_is1) (Version: 9.01 - Huntersoft)Update for Skype for Business 2015 (KB4011255) 32-Bit Edition (HKLM\...\{90150000-012B-0416-0000-0000000FF1CE}_Office15.PROPLUSR_{2449D2C4-C30E-4854-9A5E-59AA60DE216B}) (Version:  - Microsoft)Update for Skype for Business 2015 (KB4011255) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{2449D2C4-C30E-4854-9A5E-59AA60DE216B}) (Version:  - Microsoft)VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) HiddenVIA Gerenciador de dispositivo de plataforma (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)Warsaw 1.12.4.14 32 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.12.4.14 - GAS Tecnologia)WCF RIA Services V1.0 SP1 (HKLM\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)WinZip (HKLM\...\WinZip) (Version:  9.0 SR-1 (6224) - WinZip Computing, Inc.)Wise Program Uninstaller 1.97 (HKLM\...\Wise Program Uninstaller_is1) (Version: 1.97 - WiseCleaner.com, Inc.)wkhtmltox 0.12.3.2 (HKLM\...\wkhtmltopdf) (Version:  - )XFastUSB (HKLM\...\XFastUSB) (Version: 3.02.28 - ASRock Inc.)==================== Exame Personalizado CLSID (Whitelisted): ==========================(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-12-21] (AVAST Software)ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-12-21] (AVAST Software)ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll [2010-04-27] (Nero AG)ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLSTB.DLL [2004-08-16] (WinZip Computing, Inc.)ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-12-21] (AVAST Software)ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLSTB.DLL [2004-08-16] (WinZip Computing, Inc.)ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-01-31] (NVIDIA Corporation)ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-12-21] (AVAST Software)ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLSTB.DLL [2004-08-16] (WinZip Computing, Inc.)==================== Tarefas Agendadas (Whitelisted) =============(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)Task: {04CF2A6E-143E-42C8-8A6D-62D2F2D75EE8} - System32\Tasks\WpsPdf2WordUpdateTask_luis => C:\Users\luis.computnine\AppData\Local\Kingsoft\PDF2Word\10.2.0.5824\wtoolex\pdf2wordupd.exeTask: {1404DB05-0273-49F1-8ABB-6446A696B2BB} - System32\Tasks\SafeZone scheduled Autoupdate 1467349672 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)Task: {177D5E8C-F6D4-4AD2-A713-906D6A1B5127} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)Task: {1AC9B894-65B9-446D-861A-6BBF048C4CB1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)Task: {1F424EA7-B5C5-4A6E-86F3-B1530DBC5FD1} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work => C:\Windows\system32\WorkFoldersSystemTray.exe [2015-09-04] (Microsoft Corporation)Task: {422CCA08-81B3-4CFB-8ABD-B644549479C1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)Task: {51F95F34-F5A5-4AD6-944E-16269E238CA4} - System32\Tasks\{6827F6D9-2E0D-4CFC-9B0B-7DFF9AA9A4A0} => C:\Windows\system32\pcalua.exe -a C:\Windows\system32\DivXControlPanelApplet.cpl -c DivX Control PanelTask: {53238DAF-D6A8-478F-AE6C-FDC1F5B09DB9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-10] (Adobe Systems Incorporated)Task: {5FEED805-708C-4E34-81A8-8F092DF5B634} - System32\Tasks\{D876ECB0-3862-4F94-B30B-AC607F529F61} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\IconViewer\Setup.exe" -d "C:\Program Files\IconViewer"Task: {630A7EEC-EDFA-4188-8001-9AD1E9FEB19C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)Task: {7157EE0D-FDBE-43EE-9A07-19BBF5EFE468} - System32\Tasks\{FC56E5A7-122E-4D2F-8543-4FF4A881C7A1} => C:\Windows\system32\pcalua.exe -a C:\Users\luish\Desktop\SMFixer.exe -d C:\Users\luish\DesktopTask: {796BBE93-1AC3-45B3-A525-259007FC0B0D} - System32\Tasks\SafeZone scheduled Autoupdate 1450832711 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)Task: {882FBB0B-C96E-4D0A-BBBD-B76248009EC3} - System32\Tasks\{F1096CF4-4D74-4FE1-8A18-DFD32D82357C} => C:\Program Files\Mozilla Firefox\firefox.exe Task: {B4BE499F-EDAD-4507-97D8-95E5A67F8817} - System32\Tasks\Avast TUNEUP Update => C:\Program Files\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2017-12-13] (AVAST Software)Task: {D2B0963B-5519-485B-9C77-BAE1F90761CA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-12-21] (AVAST Software)Task: {DDBA20A3-54AD-4156-90DE-0981A3F5C8C5} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-03-02] ()Task: {DF34158F-AFC9-4DAE-B8F0-313C6FCAB383} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)Task: {EAAD04E9-2DDD-4D2A-BBA4-16B2B38B3978} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)Task: {EF8888C0-7889-4F46-A438-FE0034158EBC} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-05] (AVAST Software)Task: {F20B1FC2-3225-4B6E-8911-278B03D98E6F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)Task: C:\Windows\Tasks\WpsPdf2WordUpdateTask_luis.job => C:\Users\luis.computnine\AppData\Local\Kingsoft\PDF2Word\10.2.0.5824\wtoolex\pdf2wordupd.exe==================== Atalhos & WMI ========================(As entradas podem ser listadas para serem restauradas ou removidas.)Shortcut: C:\Users\luish.computnine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FireShot for Internet Explorer\FireShot at the Web.lnk -> hxxp://screenshot-program.com/fireshot/fireshot_pro.phShortcut: C:\Users\luish.computnine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FireShot\FireShot Homepage.lnk -> hxxp://getfireshot.com/firesho==================== Módulos Carregados (Whitelisted) ==============2014-03-30 15:02 - 2013-01-31 07:00 - 000079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll2017-12-21 22:54 - 2017-12-21 22:54 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll2017-12-21 22:54 - 2017-12-21 22:54 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll2017-12-21 22:54 - 2017-12-21 22:54 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll2017-12-21 22:54 - 2017-12-21 22:54 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll2017-12-21 22:54 - 2017-12-21 22:54 - 000196248 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll2018-01-17 21:39 - 2018-01-17 21:39 - 005768336 _____ () C:\Program Files\AVAST Software\Avast\defs\18011706\algo.dll2017-12-21 22:54 - 2017-12-21 22:54 - 000745408 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll2017-12-21 22:53 - 2017-12-21 22:53 - 000148936 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll2017-12-21 22:54 - 2017-12-21 22:54 - 000293944 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll2014-06-03 18:59 - 2006-12-04 02:25 - 000022723 _____ () C:\Windows\System32\SUGS1l3.dll2018-01-15 22:39 - 2017-11-29 09:11 - 001934792 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll2018-01-15 22:39 - 2017-11-29 09:11 - 001798608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll2017-12-21 22:53 - 2017-12-21 22:53 - 000196816 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll2016-06-27 12:41 - 2011-05-28 23:04 - 000140288 _____ () C:\Program Files\WinRAR\rarext.dll2017-12-21 22:56 - 2016-09-12 14:53 - 048936448 _____ () C:\Program Files\AVAST Software\Avast Cleanup\libcef.dll2017-07-03 15:48 - 2017-07-03 15:48 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2017-12-21 22:53 - 2017-12-21 22:53 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll==================== Alternate Data Streams (Whitelisted) =========(Se uma entrada for incluída na fixlist, somente o ADS será removido.)AlternateDataStreams: C:\Program Files\GbPlugin:IncompleteStartProcessProtection.cnt [8]AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst [514]AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10]==================== Modo de Segurança (Whitelisted) ===================(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\48611155.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP_TDI => ""="Driver Group"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Schedule => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\48611155.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Schedule => ""="Service"==================== Associação (Whitelisted) ===============(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)==================== Internet Explorer confiável/restrito ===============(Se uma entrada for incluída na fixlist, será removida do Registro.)IE trusted site: HKU\S-1-5-21-3370822099-4033009180-3280478221-1001\...\bancobrasil.com.br -> hxxps://www14.bancobrasil.com.brIE trusted site: HKU\S-1-5-21-3370822099-4033009180-3280478221-1001\...\bb.com.br -> hxxps://seg.bb.com.brIE trusted site: HKU\S-1-5-21-3370822099-4033009180-3280478221-1001\...\itau.com.br -> hxxps://bankline.itau.com.brIE trusted site: HKU\S-1-5-21-3370822099-4033009180-3280478221-1001\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br==================== Hosts Conteúdo: ===============================(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)2009-07-14 00:04 - 2013-09-03 17:19 - 000000833 ____N C:\Windows\system32\Drivers\etc\hosts==================== Outras Áreas ============================(Atualmente não há nenhuma correção automática para esta seção.)HKU\S-1-5-21-3370822099-4033009180-3280478221-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\luish.computnine\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 201.6.2.222 - 201.6.2.122HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)Firewall do Windows está habilitado.==================== MSCONFIG/TASK MANAGER ítens desabilitados ==MSCONFIG\startupreg: Diebold - Warsaw => C:\Program Files\Diebold\Warsaw\core.exeMSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -rMSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exeMSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeMSCONFIG\startupreg: XFastUSB => "C:\Program Files\XFastUSB\XFastUsb.exe"==================== Regras do Firewall (Whitelisted) ===============(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exeFirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exeFirewallRules: [{EDB9187B-0996-487F-89E6-12070BF31DE5}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeFirewallRules: [{8D2E7ED1-A6E9-47E6-8C34-20100546138E}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeFirewallRules: [{8D9B5106-4DDE-4CE0-9EC8-C443FF7C7475}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exeFirewallRules: [TCP Query User{30881A95-5EA8-4611-B84E-8CDCCDC5CF60}C:\program files\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files\divx\divx media server\divxmediaserver.exeFirewallRules: [UDP Query User{EA20E4B9-0F10-4071-A43B-8A537D16CC70}C:\program files\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files\divx\divx media server\divxmediaserver.exeFirewallRules: [TCP Query User{42945325-FFA8-4360-BD44-51A6DE7D060D}C:\program files\libreoffice 4\program\soffice.bin] => (Allow) C:\program files\libreoffice 4\program\soffice.binFirewallRules: [UDP Query User{8B1539B7-9B0C-4046-8493-0012BADB01A0}C:\program files\libreoffice 4\program\soffice.bin] => (Allow) C:\program files\libreoffice 4\program\soffice.binFirewallRules: [{9FA0BD9D-B3DC-4EC3-BEB0-36535C1977E9}] => (Allow) C:\Users\marcoaufer\AppData\Roaming\Dropbox\bin\Dropbox.exeFirewallRules: [{8275B36B-61B5-49B7-8E9C-FC17C87BDF3B}] => (Allow) C:\Users\marcoaufer\AppData\Roaming\Dropbox\bin\Dropbox.exeFirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exeFirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exeFirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exeFirewallRules: [{2CCA36F5-83C8-4A97-9B0F-6BEBFD7114DC}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exeFirewallRules: [{2B9D26BC-71D6-417D-B387-4DD17C381A09}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exeFirewallRules: [{B7DE53EB-C4AE-44A5-A98B-E8C747486D0E}] => (Allow) C:\Program Files\KMSpico\AutoPico.exeFirewallRules: [{241F4674-163C-4D60-BA2D-85C3C8D79E59}] => (Allow) C:\Program Files\KMSpico\AutoPico.exeFirewallRules: [{FB419453-E639-4C7C-8465-D8CDBC5FEDD6}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exeFirewallRules: [{C77B7993-8415-4831-BFFB-208B6F1B1B80}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exeFirewallRules: [{84569998-48FA-42B3-9B50-DA8F0B5C5781}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exeFirewallRules: [{8EDBED35-CE4F-4DC5-81B9-5FC97C5F4D0D}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exeFirewallRules: [{A4B3821C-3F6F-436C-A9E1-CF045D019063}] => (Allow) C:\Program Files\KMSpico\AutoPico.exeFirewallRules: [{E4E9586E-B680-4EE5-839C-284089EC4873}] => (Allow) C:\Program Files\KMSpico\AutoPico.exeFirewallRules: [{D7951EC7-0324-404E-8D60-B3E76586D1E7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exeFirewallRules: [{E1DBF4FC-FFE6-44BE-9244-ECBAE8DDB3D4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exeFirewallRules: [{0309FA31-928F-45F7-9E15-728D53145EE3}] => (Allow) C:\Users\marcoaufer\AppData\Local\temp\7zS2AF4\hppiw.exeFirewallRules: [{8DC0F6EE-D650-4BA9-BE54-12DAA17231D5}] => (Allow) C:\Users\marcoaufer\AppData\Local\temp\7zS2AF4\hppiw.exeFirewallRules: [{138810EA-8073-49DC-9326-6113D2B44258}] => (Allow) C:\Users\marcoaufer\AppData\Local\temp\7zS3726\hppiw.exeFirewallRules: [{1C33379A-0913-484B-A408-731D352D5637}] => (Allow) C:\Users\marcoaufer\AppData\Local\temp\7zS3726\hppiw.exeFirewallRules: [{7A1F4263-D091-41DA-B258-E1E146358F9F}] => (Allow) C:\Users\marcoaufer\AppData\Local\temp\7zS477D\hppiw.exeFirewallRules: [{395DF255-6B21-43EE-BE7A-C7555ECB9D8F}] => (Allow) C:\Users\marcoaufer\AppData\Local\temp\7zS477D\hppiw.exeFirewallRules: [{0193C886-929A-4614-81FB-0AFE5ACEC191}] => (Allow) C:\Users\marcoaufer\AppData\Local\temp\7zS4AF9\HPDiagnosticCoreUI.exeFirewallRules: [{27DECAD8-8F04-4197-80B2-AAC30B6E4596}] => (Allow) C:\Users\marcoaufer\AppData\Local\temp\7zS4AF9\HPDiagnosticCoreUI.exeFirewallRules: [{487FCEAD-8DCC-48E9-A92F-D38192E1B3A8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exeFirewallRules: [{3EC5E266-8BE9-498B-BFE0-FF1DDFE3B307}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exeFirewallRules: [{648A38E0-D5BB-4FEA-A58E-75D460B141B8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exeFirewallRules: [{7E552CC4-4DF8-4A65-97CB-E03042E6D051}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exeFirewallRules: [TCP Query User{9672FB7A-38B4-4D2F-B2E1-39BF846F9012}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exeFirewallRules: [UDP Query User{64DD149D-3ED8-4E34-B962-4CB321239B40}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exeFirewallRules: [TCP Query User{98D33EA4-CCE2-4BA1-94B7-773514E06CEF}C:\users\luis\documents\softwares\firefoxportable_36.0_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe] => (Allow) C:\users\luis\documents\softwares\firefoxportable_36.0_portuguesebr.paf\firefoxportable\app\firefox\firefox.exeFirewallRules: [UDP Query User{08AF9AED-CF43-4C55-B037-7F78ECAA33A2}C:\users\luis\documents\softwares\firefoxportable_36.0_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe] => (Allow) C:\users\luis\documents\softwares\firefoxportable_36.0_portuguesebr.paf\firefoxportable\app\firefox\firefox.exeFirewallRules: [TCP Query User{0AE157A9-B893-4A9F-9E46-7143AE67DEE0}C:\users\luis\documents\softwares\firefoxportable_36.0.1_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe] => (Allow) C:\users\luis\documents\softwares\firefoxportable_36.0.1_portuguesebr.paf\firefoxportable\app\firefox\firefox.exeFirewallRules: [UDP Query User{EAA2DDDF-B955-498B-AFB7-F085B0C85810}C:\users\luis\documents\softwares\firefoxportable_36.0.1_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe] => (Allow) C:\users\luis\documents\softwares\firefoxportable_36.0.1_portuguesebr.paf\firefoxportable\app\firefox\firefox.exeFirewallRules: [TCP Query User{024257F2-1E98-4813-B3AA-4B06206CEE4C}C:\program files\libreoffice 4\program\soffice.bin] => (Allow) C:\program files\libreoffice 4\program\soffice.binFirewallRules: [UDP Query User{EACE3890-2C86-4ED7-A544-5257227743ED}C:\program files\libreoffice 4\program\soffice.bin] => (Allow) C:\program files\libreoffice 4\program\soffice.binFirewallRules: [TCP Query User{A027C0E4-D537-45E3-A9B5-B248996F0D96}C:\users\luis\documents\softwares\firefoxportable_36.0_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe] => (Allow) C:\users\luis\documents\softwares\firefoxportable_36.0_portuguesebr.paf\firefoxportable\app\firefox\firefox.exeFirewallRules: [UDP Query User{408AA43A-7328-4033-BA05-24B51CFC251A}C:\users\luis\documents\softwares\firefoxportable_36.0_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe] => (Allow) C:\users\luis\documents\softwares\firefoxportable_36.0_portuguesebr.paf\firefoxportable\app\firefox\firefox.exeFirewallRules: [TCP Query User{B7F23F02-0691-4652-BE48-5CB447F9C718}C:\users\luis\documents\softwares\firefoxportable_36.0.1_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe] => (Allow) C:\users\luis\documents\softwares\firefoxportable_36.0.1_portuguesebr.paf\firefoxportable\app\firefox\firefox.exeFirewallRules: [UDP Query User{757E04E6-7271-435D-BB60-ECEB262E8C9D}C:\users\luis\documents\softwares\firefoxportable_36.0.1_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe] => (Allow) C:\users\luis\documents\softwares\firefoxportable_36.0.1_portuguesebr.paf\firefoxportable\app\firefox\firefox.exeFirewallRules: [TCP Query User{7AFB2E64-0BDB-4737-B1FC-AC246A569C85}C:\users\luis\documents\softwares\googlechromeportable_45.0.2454.85_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_45.0.2454.85_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{D039AA36-E4D0-4AB8-B153-845AED60C877}C:\users\luis\documents\softwares\googlechromeportable_45.0.2454.85_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_45.0.2454.85_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [{1326FEC7-4439-4E28-81BB-F41F58C06BB8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exeFirewallRules: [{33C934DB-2664-4EEA-AF79-F7C46804E041}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exeFirewallRules: [TCP Query User{0DEC255A-2484-44C6-A51D-1507443C61D4}C:\users\luish\documents\softwares\firefoxportable_36.0.1_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe] => (Allow) C:\users\luish\documents\softwares\firefoxportable_36.0.1_portuguesebr.paf\firefoxportable\app\firefox\firefox.exeFirewallRules: [UDP Query User{9ABAE85F-6105-4D5B-B40E-D7F545F626B3}C:\users\luish\documents\softwares\firefoxportable_36.0.1_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe] => (Allow) C:\users\luish\documents\softwares\firefoxportable_36.0.1_portuguesebr.paf\firefoxportable\app\firefox\firefox.exeFirewallRules: [TCP Query User{D0DDAE81-7761-4CF2-9271-634F2B09B903}C:\users\luis.computnine\documents\softwares\googlechromeportable_48.0.2564.82_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_48.0.2564.82_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{86A32187-DFA2-492C-BF70-3E29709304EF}C:\users\luis.computnine\documents\softwares\googlechromeportable_48.0.2564.82_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_48.0.2564.82_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [{95CF7A7E-B47B-43D3-881B-951DF71EE835}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exeFirewallRules: [TCP Query User{68D9A539-B39A-4753-9105-4E2008B37613}C:\users\luis\documents\softwares\googlechromeportable_53.0.2785.101_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_53.0.2785.101_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{D5062786-F20F-4410-B80E-001E19FD03F3}C:\users\luis\documents\softwares\googlechromeportable_53.0.2785.101_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_53.0.2785.101_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [{AD48CCC3-4D56-425C-BCCB-D0E57819FE08}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exeFirewallRules: [{4712D6D9-A61A-4FE4-A0DD-37AA2FCAA209}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exeFirewallRules: [{5259C4E3-CDA7-4FC0-8494-3C9077B40E1C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exeFirewallRules: [{F5305E4F-C163-4D99-860F-0541C5A43E8F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exeFirewallRules: [TCP Query User{4183D434-C802-4622-A4D2-692D732A09BE}C:\users\luis\documents\softwares\googlechromeportable_53.0.2785.116_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_53.0.2785.116_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{E486B84D-7778-429C-8BE3-60487F19A82C}C:\users\luis\documents\softwares\googlechromeportable_53.0.2785.116_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_53.0.2785.116_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{B2A48BD9-E8A1-4FC3-94A8-9DFF5C46A191}C:\users\luis\documents\softwares\googlechromeportable_53.0.2785.143_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_53.0.2785.143_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{2F614E1C-5C0B-49B0-9226-3F83EABE623E}C:\users\luis\documents\softwares\googlechromeportable_53.0.2785.143_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_53.0.2785.143_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{1385DF5B-EFC3-4DD4-B8D8-2BF7E46437E0}C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.59_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.59_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{327C5144-1A33-47FA-84DF-9A9EBB20AAF5}C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.59_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.59_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{0E94AFEC-B02C-4A49-9FF1-B9D88172414B}C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.71_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.71_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{68A9636D-BFFA-45B9-BE2C-378B0B82F697}C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.71_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.71_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{26A9CBDB-4EAB-41A1-8B6B-2D902A69AC73}C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.87_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.87_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{766ED1F6-8072-42C3-91E9-6227A2EE1621}C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.87_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.87_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{F4749B46-0E37-40C5-A1B0-B227D3C4DF8D}C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.99_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.99_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{BFDA281F-8B94-4C57-A32D-0CD75927A747}C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.99_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.99_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{23E77E95-59CF-4C4D-9EF7-DC4E3E00CF4C}C:\users\luis\documents\softwares\googlechromeportable_55.0.2883.75_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_55.0.2883.75_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{C0127CE6-1C43-4EE4-B49B-29EA65C4452B}C:\users\luis\documents\softwares\googlechromeportable_55.0.2883.75_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_55.0.2883.75_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{CEB0D9ED-D794-40D4-BE12-6A5F0CD73210}C:\users\luis\documents\softwares\googlechromeportable_55.0.2883.87_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_55.0.2883.87_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{8F5D8F2A-C061-421C-B7F2-AE09E4AC6FAE}C:\users\luis\documents\softwares\googlechromeportable_55.0.2883.87_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_55.0.2883.87_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{674B109A-A033-4323-BC5A-29DC67671441}C:\users\luis.computnine\documents\softwares\googlechromeportable_55.0.2883.87_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Block) C:\users\luis.computnine\documents\softwares\googlechromeportable_55.0.2883.87_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{7DD3DD43-E549-4F7A-B41C-63A53656E70C}C:\users\luis.computnine\documents\softwares\googlechromeportable_55.0.2883.87_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Block) C:\users\luis.computnine\documents\softwares\googlechromeportable_55.0.2883.87_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{8AF385A5-E72E-4CFA-8D6D-409B66F9F43D}C:\users\luis.computnine\documents\softwares\googlechromeportable_57.0.2987.98_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_57.0.2987.98_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{A05358AA-105B-4D9A-91EC-C95310C494EB}C:\users\luis.computnine\documents\softwares\googlechromeportable_57.0.2987.98_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_57.0.2987.98_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{8217BA65-E4CE-40CF-ADB0-A709A5AA458A}C:\users\luis.computnine\documents\softwares\googlechromeportable_57.0.2987.110_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_57.0.2987.110_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{C995032F-604E-4539-BD17-006394F71B65}C:\users\luis.computnine\documents\softwares\googlechromeportable_57.0.2987.110_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_57.0.2987.110_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{649DAB87-E134-4C04-B4DD-3DA9935A488C}C:\users\luis.computnine\documents\softwares\googlechromeportable_57.0.2987.133_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_57.0.2987.133_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{6BD038DF-DEEE-4BBB-881C-AD6A32FD6A98}C:\users\luis.computnine\documents\softwares\googlechromeportable_57.0.2987.133_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_57.0.2987.133_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{98AA75CE-6C33-4C56-90DD-666D97BBB1C8}C:\users\luis.computnine\documents\softwares\googlechromeportable_58.0.3029.81_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_58.0.3029.81_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{53287878-337C-441F-872A-17BD52A74022}C:\users\luis.computnine\documents\softwares\googlechromeportable_58.0.3029.81_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_58.0.3029.81_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{FC01E617-3FB5-4BBC-A1E8-E2EFB58DFB7C}C:\users\luis.computnine\documents\softwares\googlechromeportable_58.0.3029.96_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_58.0.3029.96_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{AD7A9D24-C841-4D41-AF0E-70691ED7CAF8}C:\users\luis.computnine\documents\softwares\googlechromeportable_58.0.3029.96_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_58.0.3029.96_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{9EB42960-B3CB-42C9-8AF3-350203EBCB90}C:\users\luis.computnine\documents\softwares\googlechromeportable_58.0.3029.110_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_58.0.3029.110_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{D2D62E32-64AC-4618-A7DB-DB9AF115B294}C:\users\luis.computnine\documents\softwares\googlechromeportable_58.0.3029.110_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_58.0.3029.110_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{E3A0EBFC-2ED9-40A1-83B0-02626E12FD4E}C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.86_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.86_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{7E6D2427-58EE-4150-AB7C-3B2F69382E76}C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.86_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.86_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{A87C5357-0D25-4435-AF82-7FA608E454DA}C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.104_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.104_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{D240DACF-AFD4-43D8-B93D-E86836F5D387}C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.104_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.104_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{694FA025-3C3B-412E-BFD3-32D0F77631F8}C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.109_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.109_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{FA1B4001-B9E7-44E3-A5B4-33B1C5C9492C}C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.109_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.109_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{9E1408B5-D4A6-4233-B61F-820621E6D437}C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.115_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.115_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{6CCDD431-1DEA-4A9A-902C-DC31BB953202}C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.115_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.115_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{C1E74EF0-C1AC-430F-A7A1-969E3D18DDFA}C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.78_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.78_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{F5DD486A-246F-4048-8EC2-FB2887E87528}C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.78_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.78_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{A55CA3F3-C97A-4DCC-B119-87C65CCB4138}C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.90_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.90_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{E180F0C0-1B2B-4631-B0F3-B4B09A7EE3D8}C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.90_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.90_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [{FB23380D-30DB-49FB-926B-5D11A5B6C396}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exeFirewallRules: [TCP Query User{723EDAC6-9B6D-4F3F-99BE-1F7B65CEF46F}C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.101_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.101_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{117CCF55-6BD4-4BEF-B385-8179D0B90472}C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.101_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.101_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{D6E77F50-2547-4A0D-8006-17709A1DDEAD}C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.113_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.113_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{1CC2E1A6-63C6-423B-8F94-B19841BA1C7A}C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.113_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.113_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [{E952CFD7-29ED-4297-8280-D8C64EB4F244}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exeFirewallRules: [TCP Query User{CB2106DE-1325-421A-8B18-645E13FE182F}C:\users\luis.computnine\documents\softwares\googlechromeportable_61.0.3163.79_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_61.0.3163.79_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{1128243C-8736-4968-8986-2C1E803E3EDC}C:\users\luis.computnine\documents\softwares\googlechromeportable_61.0.3163.79_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_61.0.3163.79_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{398B446B-75E6-4508-A0D2-E8F896D060AC}C:\users\luis.computnine\documents\softwares\googlechromeportable_61.0.3163.91_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_61.0.3163.91_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{71A9D075-AD34-43BB-BD4D-41553BE84093}C:\users\luis.computnine\documents\softwares\googlechromeportable_61.0.3163.91_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_61.0.3163.91_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{8BBD5FF7-F8E0-4F92-A7E9-03D3350536EF}C:\users\luis.computnine\documents\softwares\googlechromeportable_61.0.3163.100_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_61.0.3163.100_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{3B6A814B-C2DF-4E09-921C-58EACFC07673}C:\users\luis.computnine\documents\softwares\googlechromeportable_61.0.3163.100_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_61.0.3163.100_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{A78091B8-2714-4196-9968-EE19F475ED8F}C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.62_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.62_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{F4F6919D-7C67-45CD-9558-D9E03E4D1CA6}C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.62_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.62_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{BEBD3FF7-C81E-4792-9751-B93F45837C2E}C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.75_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.75_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{3B0F3228-0877-41CA-8E96-CA33B17D3284}C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.75_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.75_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{A5CB1D52-276A-43B0-AC52-CDE84A7BA381}C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.89_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.89_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{FF011FD3-274F-41FF-BBB8-832EB3846731}C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.89_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.89_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{FC2EECD5-EA9D-4900-A282-B3335F91C70E}C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.94_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.94_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{2C80B0FC-7841-4A4C-827A-FC8CFE59582F}C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.94_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.94_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{5D5A9FD1-2BE5-4D48-902C-5B4656F8F067}C:\users\luis.computnine\documents\softwares\googlechromeportable_63.0.3239.84_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_63.0.3239.84_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{DFA60F1F-FBBB-47EF-8C95-AEEB5A398960}C:\users\luis.computnine\documents\softwares\googlechromeportable_63.0.3239.84_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_63.0.3239.84_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [TCP Query User{33434A50-930A-409B-B6AC-AAE2677AB922}C:\users\luis.computnine\documents\softwares\googlechromeportable_63.0.3239.108_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_63.0.3239.108_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{F654651E-0AB4-46E9-AA21-E1318554A0E6}C:\users\luis.computnine\documents\softwares\googlechromeportable_63.0.3239.108_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_63.0.3239.108_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [{B60E2F0C-63DB-45FA-B471-DD8A697DE59F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exeFirewallRules: [TCP Query User{5C295DEC-825E-45D2-A906-4368D8B3DED1}C:\users\luis.computnine\documents\softwares\googlechromeportable_63.0.3239.132_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_63.0.3239.132_online.paf\googlechromeportable\app\chrome-bin\chrome.exeFirewallRules: [UDP Query User{F1814F75-2A59-4722-8C62-1A8231C84E16}C:\users\luis.computnine\documents\softwares\googlechromeportable_63.0.3239.132_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_63.0.3239.132_online.paf\googlechromeportable\app\chrome-bin\chrome.exe==================== Pontos de Restauração =========================26-12-2017 22:17:02 Ponto de Verificação Agendado10-01-2018 22:27:18 Restore Point Created by FRST10-01-2018 22:55:51 Removed Java 8 Update 4510-01-2018 22:59:43 Removed Java SE Development Kit 8 Update 4514-01-2018 21:39:47 Revo Uninstaller's restore point - Malwarebytes versão 3.3.1.2183==================== Dispositivos Apresentando Falhas No Gerenciador =============Name: Warsaw - Driver (PP)Description: Warsaw - Driver (PP)Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer: Service: wsddppProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved.==================== Erros no Log de eventos: =========================Erros em Aplicativos:==================Error: (01/18/2018 01:43:07 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Falha ao agendar o reinício do serviço Proteção de Software 2018-02-17T01:00:07Z. Código de Erro: 0x80070057.Error: (01/18/2018 01:35:52 AM) (Source: MSDTC) (EventID: 4439) (User: )Description: Falha ao verificar informações sobre a conta do serviço MS DTC. Informações Internas: msdtc_trace : File: d:\w7rtm\com\complus\dtc\shared\util\security.cpp, Line: 834, VerifyAccountInfo : ReadRegKeyValue32W(ACCOUNT_NAME) failed, hr=0x80070002.Error: (01/18/2018 01:33:20 AM) (Source: Report Server Windows Service (SQLEXPRESS)) (EventID: 107) (User: )Description: Report Server Windows Service (SQLEXPRESS) cannot connect to the report server database.Error: (01/18/2018 01:33:09 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 15466) (User: )Description: An error occurred during decryption.Error: (01/18/2018 01:33:04 AM) (Source: Freemake Improver) (EventID: 0) (User: )Description: Service cannot be started. System.PlatformNotSupportedException: Operation is not supported on this platform.   at System.Net.HttpListener..ctor()   at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen()   at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener)   at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback)   at System.ServiceModel.Channels.TransportChannelListener.OnOpen(TimeSpan timeout)   at System.ServiceModel.Channels.HttpChannelListener`1.OnOpen(TimeSpan timeout)   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)   at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)   at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)   at FreemakeUtilsService.Common.Proces...Error: (01/18/2018 12:48:35 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Falha ao agendar o reinício do serviço Proteção de Software 2018-02-17T00:59:35Z. Código de Erro: 0x80070057.Error: (01/18/2018 12:18:42 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Falha ao agendar o reinício do serviço Proteção de Software 2018-02-17T00:59:42Z. Código de Erro: 0x80070057.Error: (01/18/2018 12:11:54 AM) (Source: MSDTC) (EventID: 4439) (User: )Description: Falha ao verificar informações sobre a conta do serviço MS DTC. Informações Internas: msdtc_trace : File: d:\w7rtm\com\complus\dtc\shared\util\security.cpp, Line: 834, VerifyAccountInfo : ReadRegKeyValue32W(ACCOUNT_NAME) failed, hr=0x80070002.Error: (01/18/2018 12:09:40 AM) (Source: Report Server Windows Service (SQLEXPRESS)) (EventID: 107) (User: )Description: Report Server Windows Service (SQLEXPRESS) cannot connect to the report server database.Error: (01/18/2018 12:09:35 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17187) (User: )Description: SQL Server is not ready to accept new client connections. Wait a few minutes before trying again. If you have access to the error log, look for the informational message that indicates that SQL Server is ready before trying to connect again.  [CLIENT: <local machine>]Erros de Sistema:=============Error: (01/18/2018 01:44:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: O serviço Serviço de Compartilhamento de Rede do Windows Media Player depende do serviço HTTP, mas não foi possível iniciá-lo devido ao seguinte erro: O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados.Error: (01/18/2018 01:44:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: O serviço Serviço de Compartilhamento de Rede do Windows Media Player depende do serviço HTTP, mas não foi possível iniciá-lo devido ao seguinte erro: O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados.Error: (01/18/2018 01:36:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: O serviço Central de Segurança terminou com o erro: Acesso negado.Error: (01/18/2018 01:36:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: O serviço Serviço de Compartilhamento de Rede do Windows Media Player depende do serviço HTTP, mas não foi possível iniciá-lo devido ao seguinte erro: O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados.Error: (01/18/2018 01:35:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: O serviço HP Network Devices Support terminou com o erro: Não foi possível encontrar o módulo especificado.Error: (01/18/2018 01:35:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: O serviço Descoberta SSDP depende do serviço HTTP, mas não foi possível iniciá-lo devido ao seguinte erro: O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados.Error: (01/18/2018 01:33:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: O serviço Central de Segurança terminou com o erro: Acesso negado.Error: (01/18/2018 01:33:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: O serviço Central de Segurança terminou com o erro: Acesso negado.Error: (01/18/2018 01:33:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: cdromUimBusUim_DEVIMUim_IMwsddfacError: (01/18/2018 01:33:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço Warsaw Technology devido ao seguinte erro: O sistema não pode encontrar o arquivo especificado.CodeIntegrity:===================================  Date: 2016-09-10 01:32:35.339  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\wsddpp.sys because the set of per-page image hashes could not be found on the system.  Date: 2016-09-10 01:32:04.763  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.  Date: 2016-09-10 01:32:04.342  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.  Date: 2016-09-01 09:35:41.471  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\wsddpp.sys because the set of per-page image hashes could not be found on the system.  Date: 2016-09-01 09:34:44.531  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.  Date: 2016-09-01 09:34:44.157  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.  Date: 2016-09-01 08:54:47.875  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\wsddpp.sys because the set of per-page image hashes could not be found on the system.  Date: 2016-09-01 08:53:59.562  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.  Date: 2016-09-01 08:53:58.750  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.  Date: 2016-08-25 21:32:19.451  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\wsddpp.sys because the set of per-page image hashes could not be found on the system.==================== Informações da Memória =========================== Processador: AMD Sempron(tm) 145 ProcessorPercentagem de memória em uso: 57%RAM física total: 3071.24 MBRAM física disponível: 1317.33 MBVirtual Total: 6140.81 MBVirtual disponível: 4170.77 MB==================== Drives ================================Drive c: () (Fixed) (Total:733.23 GB) (Free:140.92 GB) NTFS ==>[drive com componentes de inicialização (obtido através de BCD)]==================== MBR & Tabela de Partições ==========================================================================Disk: 0 (Size: 931.5 GB) (Disk ID: 0006A342)Partition 1: (Active) - (Size=733.2 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=194.6 GB) - (Type=83)Partition 3: (Not Active) - (Size=3.7 GB) - (Type=82)==================== Fim de Addition.txt ============================
FRST.txt:
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 17.01.2018 01Executado por luish (administrador) em COMPUTNINE (18-01-2018 02:18:51)Executando a partir de C:\Users\luish.computnine\Desktop\AV_(2018)\Outros\últimos\LOG's_(TXT's)\17-01-2018Perfis Carregados: luish & UpdatusUser (Perfis Disponíveis: luish & marcoaufer & luis & marcopai & lula & UpdatusUser & isabecris & acronimo & IsabelCris)Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Idioma: Português (Brasil)Internet Explorer Versão 11 (Navegador padrão: FF)Modo da Inicialização: NormalTutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processos (Whitelisted) =================(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe(AVAST Software) C:\Program Files\AVAST Software\Avast Cleanup\TuneupSvc.exe(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdhost.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe(Microsoft Corporation) C:\Program Files\DebugDiag\DbgSvc.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Program Files\DebugDiag\DbgHost.exe(Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe(AVAST Software) C:\Program Files\AVAST Software\Avast Cleanup\TuneupUI.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Microsoft Corporation) C:\Windows\System32\taskmgr.exe==================== Registro (Whitelisted) ===========================(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-21] (AVAST Software)Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll [2016-06-16] (Banco do Brasil)Winlogon\Notify\ GbPluginUni: C:\Program Files\GbPlugin\gbiehUni.dll [2016-11-21] (Banco Itaú Unibanco)HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃOShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GbPlugin\gbieh.dll [1947872 2016-06-16] (Banco do Brasil)ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll [1951968 2016-11-21] (Banco Itaú Unibanco)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2017-12-21]ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)Startup: C:\Users\luis.computnine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2017-03-09]ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)Startup: C:\Users\luish.computnine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2017-03-09]ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)==================== Internet (Whitelisted) ====================(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)Tcpip\Parameters: [DhcpNameServer] 201.6.2.222 201.6.2.122 192.168.4.1Tcpip\..\Interfaces\{64E5126D-DB28-4369-920F-36C71939449F}: [DhcpNameServer] 201.6.2.222 201.6.2.122 192.168.4.1Tcpip\..\Interfaces\{EEC95ACA-67E2-4711-A343-4065E46236E8}: [DhcpNameServer] 201.6.2.222 201.6.2.122 192.168.4.1Internet Explorer:==================HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-3370822099-4033009180-3280478221-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehpSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-14] (AVAST Software)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES\GBPLUGIN\gbieh.dll [2016-06-16] (Banco do Brasil)BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files\GbPlugin\gbiehuni.dll [2016-11-21] (Banco Itaú Unibanco)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)BHO: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation)Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files\FireShot for IE\FSAddin-0.69.dll [2009-02-22] ()Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)StartMenuInternet: IEXPLORE.EXE - iexplore.exeFireFox:========FF DefaultProfile: me3qdzmd.default-1504751691907FF DefaultProfile: neibj5t4.defaultFF ProfilePath: C:\Users\luish.computnine\AppData\Roaming\Mozilla\Firefox\Profiles\me3qdzmd.default-1504751691907 [2018-01-17]FF Homepage: Mozilla\Firefox\Profiles\me3qdzmd.default-1504751691907 -> about:homeFF Extension: (Avast Online Security) - C:\Users\luish.computnine\AppData\Roaming\Mozilla\Firefox\Profiles\me3qdzmd.default-1504751691907\Extensions\wrc@avast.com.xpi [2017-10-17]FF Extension: (Disable JavaScript Shared Memory) - C:\Users\luish.computnine\AppData\Roaming\Mozilla\Firefox\Profiles\me3qdzmd.default-1504751691907\features\{58c27083-1a79-481e-b9e8-f7bb87d11bb1}\disable-js-shared-memory@mozilla.org.xpi [2018-01-06] [Legacy]FF ProfilePath: C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default [2018-01-16]FF Extension: (Czech (CZ) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-cs@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]FF Extension: (Deutsch (DE) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-de@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]FF Extension: (English (US) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-en-US@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]FF Extension: (Español (España) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-es-ES@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]FF Extension: (Finnish Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-fi@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]FF Extension: (Français Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-fr@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]FF Extension: (Galego (España) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-gl@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]FF Extension: (Hebrew (IL) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-he@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]FF Extension: (Magyar (HU) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-hu@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]FF Extension: (Italiano (IT) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-it@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]FF Extension: (Japanese Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-ja@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]FF Extension: (Korean (KR) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-ko@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]FF Extension: (Nederlands (NL) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-nl@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]FF Extension: (Polski Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-pl@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]FF Extension: (Russian (RU) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-ru@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]FF Extension: (Slovenski jezik Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-sl@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]FF Extension: (српски (sr) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-sr@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]FF Extension: (Svenska (SE) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-sv-SE@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-zh-CN@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-zh-TW@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-10] ()FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1223183.dll [2015-12-22] (Adobe Systems, Inc.)FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)StartMenuInternet: Firefox-2B3568E6D061A8AB - C:\Users\luis.computnine\Documents\Softwares\FirefoxPortable_56.0.2_PortugueseBR.paf\FirefoxPortable\App\Firefox\firefox.exeChrome: =======CHR Profile: C:\Users\luish.computnine\AppData\Local\Google\Chrome\User Data\Default [2018-01-18]CHR Extension: (Documentos) - C:\Users\luish.computnine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-28]CHR Extension: (Google Drive) - C:\Users\luish.computnine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-20]CHR Extension: (YouTube) - C:\Users\luish.computnine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-20]CHR Extension: (Planilhas) - C:\Users\luish.computnine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-23]CHR Extension: (Documentos Google off-line) - C:\Users\luish.computnine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-27]CHR Extension: (Slinky Moderno) - C:\Users\luish.computnine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnodhmmonndffbejancdeiggflcehi [2017-03-26]CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\luish.computnine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-22]CHR Extension: (Gmail) - C:\Users\luish.computnine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-20]CHR Extension: (Chrome Media Router) - C:\Users\luish.computnine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-21]==================== Serviços (Whitelisted) ====================(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5906816 2017-12-21] (AVAST Software)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-21] (AVAST Software)R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [351552 2017-12-21] (AVAST Software)R2 CleanupPSvc; C:\Program Files\AVAST Software\Avast Cleanup\TuneupSvc.exe [4709728 2017-12-13] (AVAST Software)R2 DbgSvc; C:\Program Files\DebugDiag\DbgSvc.exe [328840 2015-11-03] (Microsoft Corporation)S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-07-15] (Freemake) [Arquivo não assinado]R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [590048 2018-01-10] (GAS Tecnologia)R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43130032 2015-03-30] (Microsoft Corporation)R3 MSSQLFDLauncher$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [38576 2015-03-30] (Microsoft Corporation)S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3201024 2008-07-29] (Microsoft Corporation)R2 ReportServer$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [1193144 2015-03-30] (Microsoft Corporation)S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [381104 2015-03-30] (Microsoft Corporation)R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-06-14] (VIA Technologies, Inc.)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)S2 HPSLPSVC; C:\Users\marcoaufer\AppData\Local\temp\7zS477D\hpslpsvc32.dll [X] <==== ATENÇÃOS2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [X]===================== Drivers (Whitelisted) ======================(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [158224 2017-12-21] (AVAST Software)R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [255584 2017-12-21] (AVAST Software)R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157376 2017-12-21] (AVAST Software)R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276696 2017-12-21] (AVAST Software)R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50344 2017-12-21] (AVAST Software)S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42824 2017-12-21] (AVAST Software)R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [39784 2017-09-03] (AVAST Software)R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [123880 2018-01-10] (AVAST Software)R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [36104 2017-07-03] (AVAST Software)R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [436104 2017-12-21] (AVAST Software)R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [99528 2017-12-21] (AVAST Software)R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70832 2017-12-21] (AVAST Software)R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783104 2017-12-21] (AVAST Software)R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [390256 2018-01-10] (AVAST Software)R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [151328 2017-12-21] (AVAST Software)R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [294680 2017-12-21] (AVAST Software)S3 awUSB; C:\Windows\System32\DRIVERS\USBDrv.sys [13824 2012-07-17] (Scott)R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-03-02] (Samsung Electronics Co., Ltd.) [Arquivo não assinado]R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59896 2017-11-29] ()S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [29760 2016-11-13] (FNet Co., Ltd.)R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [14656 2014-03-30] (FNet Co., Ltd.)R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [49496 2015-08-26] (GAS Tecnologia)R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [168376 2018-01-15] (Malwarebytes)R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [91576 2018-01-18] (Malwarebytes)R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40376 2018-01-18] (Malwarebytes)R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2018-01-15] (Malwarebytes)R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [65824 2018-01-18] (Malwarebytes)R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-08-15] (GAS Tecnologia)S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [250152 2015-03-30] (Microsoft Corporation)R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-03-02] (Samsung Electronics) [Arquivo não assinado]S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [95368 2014-10-29] ()S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [20616 2014-10-29] ()S1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [540808 2014-10-29] ()R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1086976 2009-09-17] (VIA Technologies, Inc.)S3 VSPerfDrv100; C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [54144 2011-01-18] (Microsoft Corporation)S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [80728 2016-10-16] (GAS Tecnologia)S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [79064 2015-03-18] (GAS Tecnologia)========================== MD5 dos Drivers =======================C:\Windows\system32\drivers\1394ohci.sys ==> MD5 é legítimoC:\Windows\System32\drivers\ACPI.sys ==> MD5 é legítimoC:\Windows\system32\drivers\acpipmi.sys ==> MD5 é legítimoC:\Windows\system32\drivers\adp94xx.sys ==> MD5 é legítimoC:\Windows\system32\drivers\adpahci.sys ==> MD5 é legítimoC:\Windows\system32\drivers\adpu320.sys ==> MD5 é legítimoC:\Windows\system32\drivers\afd.sys F582FC7976F1248AC5FBD6875C626B41C:\Windows\system32\drivers\agp440.sys ==> MD5 é legítimoC:\Windows\system32\drivers\djsvs.sys ==> MD5 é legítimoC:\Windows\system32\drivers\aliide.sys ==> MD5 é legítimoC:\Windows\system32\drivers\amdagp.sys ==> MD5 é legítimoC:\Windows\system32\drivers\amdide.sys ==> MD5 é legítimoC:\Windows\system32\drivers\amdk8.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 é legítimoC:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FCC:\Windows\system32\drivers\amdsbs.sys ==> MD5 é legítimoC:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2C:\Windows\system32\drivers\appid.sys 20D93E913BBE39E50BB10CC7BA651910C:\Windows\system32\drivers\arc.sys ==> MD5 é legítimoC:\Windows\system32\drivers\arcsas.sys ==> MD5 é legítimoC:\Windows\System32\drivers\aswArPot.sys C02BEC9908EE3BFA41CE6EEF1E6F5C6EC:\Windows\System32\drivers\aswbidsdriverx.sys C6333131761ABEE2194AECAF0A110426C:\Windows\System32\drivers\aswbidshx.sys 3A35BA53FF4925AE2BB4634FEBC73332C:\Windows\System32\drivers\aswblogx.sys 5E1F72665836DE6A02396F1D41505677C:\Windows\System32\drivers\aswbunivx.sys 8E7BFC77542F92555F17F4516F02A574C:\Windows\System32\drivers\aswHwid.sys 9FEAFB4BD2EFB0149B04E23DBC209AE4C:\Windows\system32\drivers\aswKbd.sys 5E636A146CF227A1C3B4EC13BA222A93C:\Windows\System32\drivers\aswMonFlt.sys 3E9578FCB7D5B3B31D1F32CF1DD1DA58C:\Windows\System32\DRIVERS\aswNetNd6.sys CC8BE7309C11075B8F5B4409E2AAAE87C:\Windows\System32\drivers\aswNetSec.sys 9E6B59C233BA0865936AA02B96BB170DC:\Windows\System32\drivers\aswRdr2.sys BEF7C993FD4EC02681DEAA8644C45BB1C:\Windows\System32\drivers\aswRvrt.sys 9C6D63EF0D900A3BCB924D7D6E1F3CCDC:\Windows\System32\drivers\aswSnx.sys E0DD4EE6E9C6D6587FAB0D50D7696576C:\Windows\System32\drivers\aswSP.sys E5E9B29A4F3645CC205BFF91A6576AECC:\Windows\System32\drivers\aswStm.sys 0705FC28AC750BD879037E6A32F63BFBC:\Windows\System32\drivers\aswVmm.sys A9D87DCCA6DF6CD83630714C1CEFDEEBC:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 é legítimoC:\Windows\System32\drivers\atapi.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\USBDrv.sys FC43C9C666A1F5F288091BF2140ADA59C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 é legítimoC:\Windows\system32\Drivers\Beep.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\bowser.sys 28AF7D4427868B7CE4C00CAB1864C7F6C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 é legítimoC:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4BC:\Windows\System32\Drivers\Brserid.sys ==> MD5 é legítimoC:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 é legítimoC:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 é legítimoC:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 é legítimoC:\Windows\system32\drivers\bthmodem.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 é legítimoC:\Windows\system32\drivers\circlass.sys ==> MD5 é legítimoC:\Windows\System32\CLFS.sys 000B58009E5D0962C0A71D6477029A3FC:\Windows\system32\drivers\CmBatt.sys ==> MD5 é legítimoC:\Windows\system32\drivers\cmdide.sys ==> MD5 é legítimoC:\Windows\System32\Drivers\cng.sys 7F7D4B16389CEF932950F6B2604D2601C:\Windows\system32\drivers\compbatt.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 é legítimoC:\Windows\system32\drivers\crcdisk.sys ==> MD5 é legítimoC:\Windows\System32\drivers\csc.sys ==> MD5 é legítimoC:\Windows\System32\Drivers\dfsc.sys EA9DBD76CE9254C77BAAB4339DD4C4FBC:\Windows\system32\Drivers\DgiVecp.sys 7F19DBA1A467B838CCB23124A2C55568C:\Windows\System32\drivers\discache.sys ==> MD5 é legítimoC:\Windows\System32\drivers\disk.sys B7B470F163002A0D0E381EE45834BF6BC:\Windows\system32\drivers\dmvsc.sys 2A958EF85DB1B61FFCA65044FA4BCE9EC:\Windows\system32\drivers\drmkaud.sys A3F684B866A7D89AE396276CE7AFD416C:\Windows\System32\drivers\dxgkrnl.sys 897AE9430D037B056CF76A49CF588542C:\Windows\system32\drivers\evbdx.sys ==> MD5 é legítimoC:\Windows\system32\drivers\elxstor.sys ==> MD5 é legítimoC:\Windows\system32\drivers\errdev.sys ==> MD5 é legítimoC:\Windows\system32\drivers\mbae.sys 35169309091A34A993EEB8B3BCB5A3FCC:\Windows\system32\Drivers\exfat.sys 53E8732CC70CC0991839DF9FC8996E4AC:\Windows\system32\Drivers\fastfat.sys 24F422E5D7517FEBDA2324116F1A7BE6C:\Windows\system32\drivers\fdc.sys ==> MD5 é legítimoC:\Windows\System32\drivers\fileinfo.sys ==> MD5 é legítimoC:\Windows\System32\drivers\filetrace.sys ==> MD5 é legítimoC:\Windows\system32\drivers\flpydisk.sys ==> MD5 é legítimoBC:\Windows\System32\drivers\fltmgr.sys ==> MD5 é legítimoC:\Windows\System32\drivers\FNETTBOH_305.SYS 4BD9964632325802F8DC971F6987CD1BC:\Windows\System32\drivers\FNETURPX.SYS 47BDA10316324CFA540F25AB7021F0D8C:\Windows\System32\drivers\FsDepends.sys ==> MD5 é legítimoC:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDBC:\Windows\system32\drivers\gagp30kx.sys ==> MD5 é legítimoC:\Windows\System32\drivers\gbpkm.sys 4EC1CC0AB9AC26F0C25AB23829F404C1C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 é legítimoC:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 é legítimoC:\Windows\system32\drivers\HidBatt.sys ==> MD5 é legítimoC:\Windows\system32\drivers\hidbth.sys ==> MD5 é legítimoC:\Windows\system32\drivers\hidir.sys ==> MD5 é legítimoC:\Windows\system32\drivers\hidusb.sys ==> MD5 é legítimoC:\Windows\system32\drivers\HpSAMD.sys ==> MD5 é legítimoC:\Windows\System32\drivers\HTTP.sys 2F50E2780F16E00369F1311B086C3E42C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 é legítimoC:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76EC:\Windows\system32\drivers\iirsp.sys ==> MD5 é legítimoC:\Windows\system32\drivers\intelide.sys ==> MD5 é legítimoC:\Windows\system32\drivers\intelppm.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 é legítimoC:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 é legítimoC:\Windows\System32\drivers\ipnat.sys ==> MD5 é legítimoC:\Windows\System32\drivers\irenum.sys ==> MD5 é legítimoC:\Windows\system32\drivers\isapnp.sys ==> MD5 é legítimoC:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 é legítimoC:\Windows\system32\drivers\kbdhid.sys ==> MD5 é legítimoC:\Windows\System32\Drivers\ksecdd.sys AD7A45E1A91028B0005EDDE9112D9357C:\Windows\System32\Drivers\ksecpkg.sys D598526763D02DE0FB14FF148933F5BCC:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 é legítimoC:\Windows\system32\drivers\lsi_fc.sys ==> MD5 é legítimoC:\Windows\system32\drivers\lsi_sas.sys ==> MD5 é legítimoC:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 é legítimoC:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 é legítimoC:\Windows\system32\drivers\luafv.sys 4BA509FEF4DB0B683C46821ACDF20B9EC:\Windows\System32\Drivers\MbamChameleon.sys F50E42A5E2633489D787B35CC50F0752C:\Windows\System32\DRIVERS\farflt.sys 3131B2ED5445509D41FEBAFA35012B0CC:\Windows\System32\DRIVERS\mbam.sys 2B0C9D7E596BBA7CB7D176AED9DD5BA7C:\Windows\System32\Drivers\mbamswissarmy.sys 4E901FA7B37CA45A79EFC6C699ED0914C:\Windows\System32\DRIVERS\mwac.sys BF0A9B9F217A5C4E412A8758A2FB157EC:\Windows\system32\drivers\megasas.sys ==> MD5 é legítimoC:\Windows\system32\drivers\MegaSR.sys ==> MD5 é legítimoC:\Windows\System32\drivers\modem.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\monitor.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 é legítimoC:\Windows\system32\drivers\mouhid.sys ==> MD5 é legítimoC:\Windows\System32\drivers\mountmgr.sys 9664F55623B43FD85D5642A202976AEEC:\Windows\system32\drivers\mpio.sys ==> MD5 é legítimoC:\Windows\System32\drivers\mpsdrv.sys ==> MD5 é legítimoC:\Windows\system32\drivers\mrxdav.sys 06AC0310138E4B2C35AF7344D18BC686C:\Windows\System32\DRIVERS\mrxsmb.sys CED9A2CB76D01C817B067DEF638AA26DC:\Windows\System32\DRIVERS\mrxsmb10.sys 7063F786FEEB116B1E0CCE8FD4D2DCC8C:\Windows\System32\DRIVERS\mrxsmb20.sys 2A325EC0931F389944A1C012DC6EB23FC:\Windows\system32\drivers\msahci.sys ==> MD5 é legítimoC:\Windows\system32\drivers\msdsm.sys ==> MD5 é legítimoC:\Windows\system32\Drivers\Msfs.sys ==> MD5 é legítimoC:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 é legítimoC:\Windows\System32\drivers\msisadrv.sys ==> MD5 é legítimoC:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 é legítimoC:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 é legítimoC:\Windows\System32\drivers\MSPQM.sys ==> MD5 é legítimoC:\Windows\system32\Drivers\MsRPC.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 é legítimoC:\Windows\System32\drivers\MSTEE.sys ==> MD5 é legítimoC:\Windows\system32\drivers\MTConfig.sys ==> MD5 é legítimoC:\Windows\System32\Drivers\mup.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\nwifi.sys 5F2B9CD280C48A8015AD70FCF4DFB758C:\Windows\System32\drivers\ndis.sys 9804FB2E46077F2977552347DFCA7E05C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\gbpndisrdn.sys A5C914C5CBCFF645434535234BFCEACAC:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 é legítimoC:\Windows\system32\Drivers\NDProxy.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\netbios.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\netbt.sys 2E226E666C6E11DC8C850071A90BE2DCC:\Windows\system32\drivers\nfrd960.sys ==> MD5 é legítimoC:\Windows\system32\Drivers\Npfs.sys ==> MD5 é legítimoC:\Windows\System32\drivers\nsiproxy.sys C68AA651F93450ECA51A60D45A8E266CC:\Windows\system32\Drivers\Ntfs.sys F2CBF48566BB13240D39543F445460F9C:\Windows\system32\Drivers\Null.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\nvm62x32.sys B5E37E31C053BC9950455A257526514BC:\Windows\System32\DRIVERS\nvlddmkm.sys 9A77B1C13BCCEDDF78DFD7AFC25B4F5EC:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0C:\Windows\System32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4C:\Windows\system32\drivers\nv_agp.sys ==> MD5 é legítimoC:\Windows\system32\drivers\ohci1394.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\parport.sys ==> MD5 é legítimoC:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9BC:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 é legítimoC:\Windows\System32\drivers\pci.sys ==> MD5 é legítimoC:\Windows\System32\drivers\pciide.sys ==> MD5 é legítimoC:\Windows\system32\drivers\pcmcia.sys ==> MD5 é legítimoC:\Windows\System32\drivers\pcw.sys ==> MD5 é legítimoC:\Windows\System32\drivers\peauth.sys 0C941A3F148B4228867908F98F394461C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 é legítimoC:\Windows\system32\drivers\processr.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\pacer.sys ==> MD5 é legítimoC:\Windows\system32\drivers\ql2300.sys ==> MD5 é legítimoC:\Windows\system32\drivers\ql40xx.sys ==> MD5 é legítimoC:\Windows\system32\drivers\qwavedrv.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 é legítimoC:\Windows\System32\drivers\rdpdr.sys ==> MD5 é legítimoC:\Windows\System32\drivers\rdpencdd.sys ==> MD5 é legítimoC:\Windows\System32\drivers\rdprefmp.sys ==> MD5 é legítimoC:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693C:\Windows\System32\drivers\rdyboost.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\RsFx0153.sys 412FEE325FDC5054AE44CF7797692AF3C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\Rtnicxp.sys 4E20765744BFBC16F6D6E5BD5598786BC:\Windows\system32\drivers\vms3cap.sys ==> MD5 é legítimoC:\Windows\system32\drivers\sbp2port.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 é legítimoC:\Windows\system32\Drivers\secdrv.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\serenum.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\serial.sys ==> MD5 é legítimoC:\Windows\system32\drivers\sermouse.sys ==> MD5 é legítimoC:\Windows\system32\drivers\sffdisk.sys ==> MD5 é legítimoC:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 é legítimoC:\Windows\system32\drivers\sffp_sd.sys ==> MD5 é legítimoC:\Windows\system32\drivers\sfloppy.sys ==> MD5 é legítimoC:\Windows\system32\drivers\sisagp.sys ==> MD5 é legítimoC:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 é legítimoC:\Windows\system32\drivers\sisraid4.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\smb.sys ==> MD5 é legítimoC:\Windows\system32\Drivers\spldr.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\srv.sys 381C074173702C92080AAD489F1EC6DCC:\Windows\System32\DRIVERS\srv2.sys FC411046A1391AE7206DD513061C6FDFC:\Windows\System32\DRIVERS\srvnet.sys 765C4FFF0E69F7466411C7EC3724188AC:\Windows\system32\Drivers\SSPORT.sys EF3458337D7341A05169CEFC73709264C:\Windows\system32\drivers\stexstor.sys ==> MD5 é legítimoC:\Windows\System32\drivers\vmstorfl.sys ==> MD5 é legítimoC:\Windows\system32\drivers\storvsc.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\swenum.sys ==> MD5 é legítimoC:\Windows\System32\drivers\tcpip.sys C25848DB4A86839A7EDD1077F62AD980C:\Windows\System32\DRIVERS\tcpip.sys C25848DB4A86839A7EDD1077F62AD980C:\Windows\System32\drivers\tcpipreg.sys A4BF8BE9D1F7D563C7868AC7B2561545C:\Windows\System32\drivers\tdpipe.sys ==> MD5 é legítimoC:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8C:\Windows\System32\DRIVERS\tdx.sys 8F143F86FDD8CF4F7BD25973C5983F9DC:\Windows\System32\DRIVERS\termdd.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\tssecsrv.sys 6841C85446F906E4584D43A70484E318C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463C:\Windows\system32\drivers\TsUsbGD.sys 01246F0BAAD7B68EC0F472AA41E33282C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 é legítimoC:\Windows\system32\drivers\uagp35.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\udfs.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\UimBus.sys 8C423FAC1B9CC63BDE544553F384F604C:\Windows\System32\DRIVERS\uim_devim.sys 458979BEA759F9FD21C14D17F13ECE99C:\Windows\System32\DRIVERS\uim_im.sys 351A330D72B06C995E3BEA2A8C8FEBE8C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\umbus.sys ==> MD5 é legítimoC:\Windows\system32\drivers\umpass.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\usbccgp.sys 87632869F4350B7CE711B356B1936B2BC:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041C:\Windows\system32\drivers\usbehci.sys EF8127E7E612694F4E8FFDA37D9D00E4C:\Windows\system32\drivers\usbhub.sys 711E9F7CA6F9A2351F4F97F31004E589C:\Windows\system32\drivers\usbohci.sys 831F708F06CD5BF3933FBDFB388C606DC:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036C:\Windows\System32\DRIVERS\USBSTOR.SYS 144DA53294922A84FFAA3D90B1453745C:\Windows\system32\drivers\usbuhci.sys 89BDF895EB76E3EC1C02EEF5AA18928DC:\Windows\System32\drivers\vdrvroot.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 é legítimoC:\Windows\System32\drivers\vga.sys ==> MD5 é legítimoC:\Windows\system32\drivers\vhdmp.sys ==> MD5 é legítimoC:\Windows\system32\drivers\viaagp.sys ==> MD5 é legítimoC:\Windows\system32\drivers\viac7.sys ==> MD5 é legítimoC:\Windows\System32\drivers\viahduaa.sys F27C1D81ED7DACA5B1A539745A4EF710C:\Windows\system32\drivers\viaide.sys ==> MD5 é legítimoC:\Windows\system32\drivers\vmbus.sys ==> MD5 é legítimoC:\Windows\system32\drivers\VMBusHID.sys ==> MD5 é legítimoC:\Windows\System32\drivers\volmgr.sys ==> MD5 é legítimoC:\Windows\System32\drivers\volmgrx.sys 21D83DD717E8D681364A5E44A5459717C:\Windows\System32\drivers\volsnap.sys ==> MD5 é legítimoC:\Windows\system32\drivers\vsmraid.sys ==> MD5 é legítimoC:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys 143C873A90E834F38733BB05D686A9E7C:\Windows\System32\drivers\vwifibus.sys ==> MD5 é legítimoC:\Windows\system32\drivers\wacompen.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 é legítimoC:\Windows\system32\drivers\wd.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\wdcsam.sys 5A833408ACFEADB92C7BEB2E7DB6B9BFC:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 é legítimoC:\Windows\System32\drivers\wimmount.sys ==> MD5 é legítimoC:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 é legítimoC:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 é legítimoC:\Windows\System32\drivers\wsddfac.sys 659DDC0353243B4CB9194F6A531A8150C:\Windows\system32\drivers\wsddpp.sys DB667B5C19798C95DECB1DD7E49416EFC:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF==================== NetSvcs (Whitelisted) ===================(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)==================== Três Meses Criados arquivos e pastas ========(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)2018-01-18 01:33 - 2018-01-18 01:33 - 000000000 ____D C:\Users\Todos os Usuários\SWCUTemp2018-01-18 01:33 - 2018-01-18 01:33 - 000000000 ____D C:\ProgramData\SWCUTemp2018-01-17 23:57 - 2018-01-18 01:45 - 000000000 ____D C:\AdwCleaner2018-01-17 22:38 - 2018-01-18 01:33 - 000091576 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys2018-01-15 22:39 - 2018-01-18 01:42 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys2018-01-15 22:39 - 2018-01-18 01:33 - 000040376 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys2018-01-15 22:39 - 2018-01-15 22:39 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys2018-01-15 22:39 - 2018-01-15 22:39 - 000168376 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys2018-01-15 22:39 - 2018-01-15 22:39 - 000001984 _____ C:\Users\Public\Desktop\Malwarebytes.lnk2018-01-15 22:39 - 2018-01-15 22:39 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes2018-01-15 22:39 - 2018-01-15 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes2018-01-15 22:39 - 2018-01-15 22:39 - 000000000 ____D C:\ProgramData\Malwarebytes2018-01-15 22:39 - 2018-01-15 22:39 - 000000000 ____D C:\Program Files\Malwarebytes2018-01-15 22:39 - 2017-11-29 09:11 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys2018-01-15 22:08 - 2018-01-15 22:09 - 082263712 _____ (Malwarebytes ) C:\Users\luish.computnine\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3699.exe2018-01-15 22:07 - 2018-01-15 22:07 - 008198432 _____ (Malwarebytes) C:\Users\luish.computnine\Desktop\adwcleaner_7.0.6.0.exe2018-01-14 21:38 - 2018-01-14 21:38 - 082149144 _____ (Malwarebytes ) C:\Users\luish.computnine\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3687.exe2018-01-14 00:10 - 2018-01-14 00:10 - 003101913 _____ (LIGHTNING UK!) C:\Users\luish.computnine\Downloads\SetupImgBurn_2.5.8.0.exe2018-01-14 00:07 - 2018-01-14 00:08 - 005478064 _____ (MediaArea.net) C:\Users\luish.computnine\Downloads\MediaInfo_GUI_17.12_Windows.exe2018-01-13 23:22 - 2018-01-13 23:22 - 000000000 ____D C:\Users\luish.computnine\AppData\Roaming\Media Player Classic2018-01-13 23:16 - 2018-01-14 22:06 - 000000000 ____D C:\Users\luish.computnine\AppData\Local\CrashDumps2018-01-12 20:53 - 2018-01-12 20:54 - 009452999 _____ C:\Users\luish.computnine\Downloads\ccsetup536.zip2018-01-10 23:26 - 2018-01-10 23:26 - 000002818 _____ C:\Users\luish.computnine\AppData\Local\recently-used.xbel2018-01-10 23:26 - 2018-01-10 23:26 - 000000000 ____D C:\Users\luish.computnine\.thumbnails2018-01-10 22:58 - 2018-01-10 22:58 - 000000000 ____D C:\Users\luish.computnine\AppData\LocalLow\Sun2018-01-10 22:07 - 2018-01-10 22:07 - 000002560 _____ C:\Windows\_MSRSTRT.EXE2018-01-10 21:53 - 2018-01-10 21:53 - 000000000 ____D C:\Users\luish.computnine\AppData\Local\Disruptive Innovations SARL2018-01-08 20:05 - 2018-01-08 20:06 - 043539488 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\OperaPortable_49.0.2725.64.paf.exe2018-01-08 20:02 - 2018-01-08 20:03 - 043751696 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\OperaPortable_50.0.2762.45.paf.exe2018-01-08 19:13 - 2018-01-08 19:13 - 001621768 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\GoogleChromePortable_63.0.3239.132_online.paf.exe2018-01-07 21:22 - 2018-01-07 21:22 - 000131072 ____N C:\Windows\Minidump\010718-27799-01.dmp2018-01-07 19:29 - 2018-01-07 19:29 - 000131072 ____N C:\Windows\Minidump\010718-26395-01.dmp2018-01-07 18:57 - 2018-01-07 18:57 - 000000000 __SHD C:\found.0142018-01-06 23:14 - 2018-01-06 23:14 - 009667561 _____ C:\Users\luish.computnine\Downloads\adbdriver.zip2018-01-06 22:50 - 2018-01-06 22:50 - 000068755 _____ C:\Users\luish.computnine\Downloads\devmanview.zip2018-01-06 22:45 - 2018-01-06 22:45 - 001189704 _____ (Igor Pavlov) C:\Users\luish.computnine\Downloads\DDU v17.0.8.2.exe2018-01-06 22:08 - 2018-01-06 22:08 - 000013791 _____ C:\Users\luish.computnine\Desktop\DeviceList.txt2018-01-06 21:42 - 2018-01-06 21:51 - 000000000 ____D C:\Users\luish.computnine\Desktop\Nova pasta2018-01-05 23:17 - 2018-01-05 23:17 - 000000000 ____D C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL2018-01-05 23:01 - 2018-01-05 23:02 - 053912144 _____ C:\Users\luish.computnine\Downloads\bluegriffon-3.0.1.win-i686.zip2018-01-05 20:33 - 2018-01-09 00:39 - 000000000 ____D C:\Users\luish.computnine\Desktop\AV_(2018)2018-01-05 20:13 - 2018-01-05 20:13 - 009322390 _____ C:\Users\luish.computnine\Downloads\RevoUninstaller_Portable (1).zip2018-01-05 20:11 - 2018-01-05 20:11 - 083316440 _____ (Malwarebytes ) C:\Users\luish.computnine\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe2018-01-03 17:17 - 2018-01-03 17:17 - 078044280 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\FirefoxPortable_57.0.3_PortugueseBR.paf.exe2018-01-03 16:21 - 2018-01-03 16:21 - 000001963 _____ C:\Users\Public\Desktop\Avast Premier.lnk2018-01-03 16:20 - 2017-12-21 22:54 - 000305840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2017-12-28 23:56 - 2017-12-28 23:56 - 000003964 _____ C:\Users\isabecris\AppData\Local\recently-used.xbel2017-12-26 18:09 - 2017-12-26 18:09 - 003234082 _____ C:\Users\isabecris\Downloads\MediaInfo_GUI_17.12_Windows_i386_WithoutInstaller.7z2017-12-23 16:07 - 2017-12-23 16:07 - 000000000 ____D C:\Users\isabecris\AppData\Roaming\Avast Tuneup2017-12-22 00:50 - 2017-12-22 00:50 - 000000000 ____D C:\Users\luis.computnine\AppData\Roaming\Avast Tuneup2017-12-21 23:53 - 2017-12-21 23:53 - 000000000 ____D C:\Users\luish.computnine\Desktop\imageusb_(other)2017-12-21 23:22 - 2017-12-21 23:22 - 078106616 _____ (PortableApps.com) C:\Users\luish.computnine\Downloads\FirefoxPortable_56.0.2_PortugueseBR.paf.exe2017-12-21 23:09 - 2017-12-21 23:10 - 000000000 ____D C:\Users\luish.computnine\AppData\Roaming\Avast Tuneup2017-12-21 22:56 - 2017-12-21 22:56 - 000001061 _____ C:\Users\Public\Desktop\Avast Cleanup Premium.lnk2017-12-21 19:19 - 2017-12-21 19:21 - 053094978 _____ C:\Users\luis.computnine\Downloads\bluegriffon-3.0.win-i686.zip2017-12-21 19:19 - 2017-12-21 19:20 - 053164167 _____ C:\Users\luis.computnine\Downloads\bluegriffon-2.4.1.win-i686.zip2017-12-21 19:17 - 2017-12-21 19:18 - 053912144 _____ C:\Users\luis.computnine\Downloads\bluegriffon-3.0.1.win-i686.zip2017-12-21 18:19 - 2017-12-21 18:19 - 001621512 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\GoogleChromePortable_63.0.3239.108_online.paf.exe2017-12-21 00:21 - 2017-12-21 00:21 - 000000000 __SHD C:\found.0132017-12-20 22:13 - 2017-12-20 22:13 - 000018730 _____ C:\Users\luis.computnine\AppData\Local\recently-used.xbel2017-12-20 17:57 - 2017-12-20 17:57 - 000129890 _____ C:\Users\isabecris\Desktop\Planejamento_(2017)_(Química)_(Modificados)_(outros)_(últimos)_(20-12-2017).zip2017-12-20 17:26 - 2017-12-20 17:26 - 000129782 _____ C:\Users\isabecris\Desktop\Planejamento_(2017)_(Química)_(Modificados)_(outros)_(20-12-2017).zip2017-12-20 16:27 - 2017-12-20 16:27 - 000123423 _____ C:\Users\isabecris\Desktop\Planejamento_(Química)_(2016)_(Emygdio)-20171220T182723Z-001.zip2017-12-20 16:13 - 2017-12-20 16:13 - 000123405 _____ C:\Users\isabecris\Desktop\Planejamento_(2017)_(Química)_(Modificados)_(20-12-2017).zip2017-12-20 16:01 - 2017-12-20 16:01 - 000123291 _____ C:\Users\isabecris\Desktop\Planejamento_(2016)_(Emygdio)-20171220T180054Z-001.zip2017-12-16 18:19 - 2017-12-16 18:19 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf2017-12-16 17:55 - 2017-12-16 18:01 - 334100232 _____ C:\Users\luish.computnine\Downloads\Atualizacao_verB.zip2017-12-12 22:42 - 2017-12-12 22:42 - 009452999 _____ C:\Users\luis.computnine\Downloads\ccsetup536.zip2017-12-10 18:39 - 2017-12-10 18:40 - 078044776 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\FirefoxPortable_57.0.2_PortugueseBR.paf.exe2017-12-09 01:30 - 2017-12-09 01:30 - 001621040 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\GoogleChromePortable_63.0.3239.84_online.paf.exe2017-12-07 02:12 - 2017-12-07 02:12 - 000008910 _____ C:\Users\isabecris\Downloads\2017_3A_Lançamento de Fechamento.htm2017-12-06 14:56 - 2017-12-06 14:56 - 000000000 ____D C:\Program Files\Common Files\Avast Software2017-12-04 21:57 - 2017-12-04 21:19 - 000030511 _____ C:\Users\luis.computnine\Documents\untitled_1.odt2017-12-02 23:54 - 2017-12-02 23:55 - 078057008 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\FirefoxPortable_57.0.1_PortugueseBR.paf.exe2017-12-02 21:29 - 2017-12-02 22:19 - 000000000 ____D C:\Users\isabecris\Desktop\1º_Anos_(Noite)_(H_-_I_-_L)2017-12-02 21:28 - 2017-12-02 21:28 - 000023943 _____ C:\Users\isabecris\Downloads\encplanilhasdoprovo4bim20171h1i_1lnoit.zip2017-12-02 02:46 - 2017-12-02 02:46 - 001233257 _____ C:\Users\luis.computnine\Downloads\1471125743_Apresentação SEGURANÇA.pptx2017-12-02 02:31 - 2017-12-02 02:32 - 043842616 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\OperaPortable_49.0.2725.47.paf.exe2017-12-01 22:49 - 2017-12-01 22:49 - 009452999 _____ C:\Users\isabecris\Downloads\ccsetup536.zip2017-11-26 20:56 - 2017-11-26 20:56 - 038985375 _____ C:\Users\isabecris\Desktop\Ensino Médio Inclusivo.pptx2017-11-25 02:42 - 2017-11-25 03:37 - 000000000 ____D C:\Users\isabecris\Desktop\Novas_Fotos_(Escolhidas)_(AVA-IRM)2017-11-24 02:30 - 2017-11-24 02:33 - 000000000 ____D C:\Program Files\FireShot for IE2017-11-24 02:30 - 2017-11-24 02:30 - 000000000 ____D C:\Users\luish.computnine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FireShot for Internet Explorer2017-11-24 02:28 - 2017-11-24 02:28 - 000000000 ____D C:\Users\luis.computnine\Downloads\fireshot_ie_install (1)2017-11-24 02:27 - 2017-11-24 02:27 - 000900693 _____ C:\Users\luis.computnine\Downloads\fireshot_ie_install (1).zip2017-11-24 02:25 - 2017-11-24 02:25 - 000000000 ____D C:\Users\luish.computnine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FireShot2017-11-24 02:19 - 2017-11-24 02:19 - 003953654 _____ C:\Users\luis.computnine\Downloads\fireshot_ie_install.zip2017-11-24 02:19 - 2017-11-24 02:19 - 000000000 ____D C:\Users\luis.computnine\Downloads\fireshot_ie_install2017-11-23 03:31 - 2017-11-23 03:31 - 001115756 _____ C:\Users\luish.computnine\Downloads\imageusb (2).zip2017-11-23 02:46 - 2017-11-23 02:46 - 000004608 _____ C:\Users\isabecris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2017-11-23 01:32 - 2017-11-23 01:32 - 000000000 ____D C:\Users\isabecris\Desktop\Arquivos_(WhatsApp)_(Cache)2017-11-23 01:31 - 2017-11-23 01:32 - 032936142 _____ C:\Users\isabecris\Desktop\Arquivos_(WhatsApp)_(Cache)-20171123T033118Z-001.zip2017-11-23 00:57 - 2017-11-23 00:57 - 015709963 _____ C:\Users\isabecris\Desktop\VID-20171117-WA0032.mp42017-11-22 21:49 - 2017-11-25 03:33 - 000000000 ____D C:\Users\isabecris\Desktop\Fotos Acessibilidade2017-11-22 21:45 - 2017-11-22 21:45 - 000000000 ____D C:\Users\isabecris\Desktop\Imagens_(Acessibilidade)_(AVA-IRM)_(Aunos_Deficientes_do_Emygdio)2017-11-22 21:44 - 2017-11-22 21:44 - 037390020 _____ C:\Users\isabecris\Desktop\Imagens_(Acessibilidade)_(AVA-IRM)_(Aunos_Deficientes_do_Emygdio)-20171122T234333Z-001.zip2017-11-22 19:51 - 2017-11-22 19:54 - 000000000 ____D C:\Users\isabecris\Desktop\AVA20172017-11-22 16:41 - 2017-11-22 16:41 - 078106616 _____ (PortableApps.com) C:\Users\isabecris\Downloads\FirefoxPortable_56.0.2_PortugueseBR.paf.exe2017-11-22 16:36 - 2017-11-22 16:36 - 000000000 ____D C:\Users\isabecris\Desktop\HTML's2017-11-22 01:02 - 2017-11-25 04:46 - 038985375 _____ C:\Users\isabecris\Documents\Ensino Médio Inclusivo.pptx2017-11-21 20:46 - 2017-11-17 02:15 - 002402816 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2017-11-21 00:03 - 2017-11-21 00:03 - 043573328 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\OperaPortable_49.0.2725.39.paf.exe2017-11-21 00:00 - 2017-11-21 00:00 - 078063592 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\FirefoxPortable_57.0_PortugueseBR.paf.exe2017-11-20 23:50 - 2017-11-20 23:51 - 001614160 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\GoogleChromePortable_62.0.3202.94_online.paf.exe2017-11-20 20:54 - 2017-11-20 22:07 - 000000000 ____D C:\Users\isabecris\Desktop\AVA-IRM_(.PDF's_&_Snapshots)2017-11-19 23:14 - 2017-10-18 00:16 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe2017-11-19 23:14 - 2017-10-18 00:11 - 000488448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2017-11-19 23:14 - 2017-10-15 20:04 - 000313184 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll2017-11-19 23:14 - 2017-10-04 11:04 - 001918464 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe2017-11-19 23:14 - 2017-10-04 11:04 - 001321472 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2017-11-19 23:14 - 2017-10-04 11:04 - 000541696 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2017-11-19 23:14 - 2017-10-04 11:04 - 000509440 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2017-11-19 23:14 - 2017-10-04 11:04 - 000303616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2017-11-19 23:14 - 2017-10-04 11:04 - 000193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2017-11-19 23:14 - 2017-10-04 11:04 - 000150016 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll2017-11-19 22:08 - 2017-10-18 04:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2017-11-19 22:08 - 2017-10-17 23:55 - 000285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys2017-11-19 22:08 - 2017-10-17 23:55 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys2017-11-19 22:08 - 2017-10-17 23:55 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys2017-11-19 22:08 - 2017-10-17 23:55 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys2017-11-19 22:08 - 2017-10-17 23:55 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys2017-11-19 22:08 - 2017-10-17 23:55 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys2017-11-19 22:08 - 2017-10-17 23:55 - 000006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys2017-11-19 22:08 - 2017-10-16 20:49 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys2017-11-19 22:08 - 2017-10-16 19:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll2017-11-19 22:08 - 2017-10-14 05:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2017-11-19 22:08 - 2017-10-14 05:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2017-11-19 22:08 - 2017-10-14 05:03 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2017-11-19 22:08 - 2017-10-14 04:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2017-11-19 22:08 - 2017-10-14 04:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2017-11-19 22:08 - 2017-10-14 04:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2017-11-19 22:08 - 2017-10-14 04:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2017-11-19 22:08 - 2017-10-14 04:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2017-11-19 22:08 - 2017-10-14 04:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2017-11-19 22:08 - 2017-10-14 04:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2017-11-19 22:08 - 2017-10-14 04:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2017-11-19 22:08 - 2017-10-14 04:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2017-11-19 22:08 - 2017-10-14 04:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2017-11-19 22:08 - 2017-10-14 04:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2017-11-19 22:08 - 2017-10-14 04:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2017-11-19 22:08 - 2017-10-14 04:45 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2017-11-19 22:08 - 2017-10-14 04:41 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2017-11-19 22:08 - 2017-10-14 04:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2017-11-19 22:08 - 2017-10-14 04:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx2017-11-19 22:08 - 2017-10-14 04:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2017-11-19 22:08 - 2017-10-14 04:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll2017-11-19 22:08 - 2017-10-14 04:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2017-11-19 22:08 - 2017-10-14 04:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2017-11-19 22:08 - 2017-10-14 04:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2017-11-19 22:08 - 2017-10-14 04:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2017-11-19 22:08 - 2017-10-14 04:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll2017-11-19 22:08 - 2017-10-14 04:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2017-11-19 22:08 - 2017-10-14 04:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2017-11-19 22:08 - 2017-10-14 04:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2017-11-19 22:08 - 2017-10-14 04:24 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2017-11-19 22:08 - 2017-10-14 04:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2017-11-19 22:08 - 2017-10-14 04:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2017-11-19 22:08 - 2017-10-14 04:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2017-11-19 22:08 - 2017-10-14 04:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2017-11-19 22:08 - 2017-10-14 04:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2017-11-19 22:08 - 2017-10-11 22:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll2017-11-19 22:08 - 2017-10-11 22:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL2017-11-19 22:08 - 2017-10-11 22:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll2017-11-19 22:08 - 2017-10-11 22:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll2017-11-19 22:08 - 2017-10-11 22:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll2017-11-19 22:08 - 2017-10-11 22:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll2017-11-19 22:08 - 2017-10-11 22:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll2017-11-19 22:08 - 2017-10-11 22:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll2017-11-19 22:08 - 2017-10-11 22:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll2017-11-19 22:08 - 2017-10-11 22:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll2017-11-19 22:08 - 2017-10-11 22:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll2017-11-19 22:08 - 2017-10-11 22:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll2017-11-19 22:08 - 2017-10-11 22:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll2017-11-19 22:08 - 2017-10-11 22:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll2017-11-19 22:08 - 2017-10-11 22:37 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll2017-11-19 22:08 - 2017-10-11 22:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll2017-11-19 22:08 - 2017-10-11 22:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe2017-11-19 22:08 - 2017-10-11 22:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe2017-11-19 22:08 - 2017-10-11 22:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe2017-11-19 22:08 - 2017-10-11 22:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll2017-11-19 22:08 - 2017-10-11 22:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll2017-11-19 22:08 - 2017-10-11 22:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx2017-11-19 22:08 - 2017-10-11 22:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll2017-11-19 22:08 - 2017-10-11 22:16 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll2017-11-19 22:08 - 2017-10-11 22:14 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys2017-11-19 22:08 - 2017-09-07 11:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll2017-11-19 22:08 - 2017-09-07 11:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll2017-11-19 22:08 - 2017-09-07 11:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll2017-11-19 22:08 - 2017-09-07 11:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll2017-11-19 22:08 - 2017-09-07 11:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll2017-11-19 22:08 - 2017-09-07 11:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll2017-11-19 22:08 - 2017-09-07 11:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll2017-11-19 22:08 - 2017-09-07 11:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll2017-11-19 22:08 - 2017-09-07 11:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll2017-11-19 22:08 - 2017-09-07 11:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll2017-11-19 22:08 - 2017-09-07 11:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll2017-11-19 22:08 - 2017-09-07 11:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll2017-11-19 22:08 - 2017-09-07 11:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll2017-11-19 22:08 - 2017-09-07 11:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll2017-11-19 22:08 - 2017-09-07 11:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll2017-11-19 22:08 - 2017-09-07 11:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll2017-11-19 22:08 - 2017-09-07 11:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll2017-11-19 22:08 - 2017-09-07 11:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll2017-11-19 22:08 - 2017-09-07 11:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll2017-11-19 22:08 - 2017-09-07 11:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll2017-11-19 22:08 - 2017-09-07 11:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll2017-11-19 22:08 - 2017-09-07 11:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll2017-11-19 22:08 - 2017-09-07 11:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll2017-11-19 17:24 - 2017-11-19 17:24 - 007649280 _____ C:\Program Files\GUT6191.tmp2017-11-19 17:24 - 2017-11-19 17:24 - 000000000 ____D C:\Program Files\GUM6190.tmp2017-11-19 16:38 - 2017-11-19 16:42 - 000000000 ____D C:\Users\isabecris\Desktop\novembro172017-11-14 02:03 - 2017-12-21 22:54 - 000158224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys2017-11-12 03:18 - 2017-11-12 00:28 - 000160546 _____ C:\Users\luis.computnine\Downloads\LC_MGPU_OCT07_web.pdf2017-11-12 03:18 - 2017-11-12 00:26 - 001725367 _____ C:\Users\luis.computnine\Downloads\NVMediaShield_UGv6.pdf2017-11-08 00:29 - 2017-11-08 00:29 - 001620960 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\GoogleChromePortable_62.0.3202.89_online.paf.exe2017-11-03 04:42 - 2017-11-03 04:42 - 007220356 _____ C:\Users\luis.computnine\Downloads\CutyCapt-Win32-2010-04-26.zip2017-11-03 02:43 - 2017-11-03 02:43 - 000000000 ____D C:\Users\luis.computnine\AppData\Local\enchant2017-11-01 01:05 - 2017-11-01 01:05 - 000062742 _____ C:\Users\isabecris\Downloads\Feliz Dia dos Professores!.pptx2017-10-30 22:31 - 2017-10-30 22:32 - 012593715 _____ C:\Users\luis.computnine\Downloads\WAVTools_2.00.zip2017-10-30 21:51 - 2017-10-30 21:51 - 005155815 _____ C:\Users\luis.computnine\Downloads\delaycut-1.4.3.9-win32-msvc.7z2017-10-30 21:36 - 2017-10-30 21:36 - 042756392 _____ C:\Users\luis.computnine\Downloads\ffmpeg-3.4-win32-static.zip2017-10-30 21:19 - 2017-10-30 21:19 - 000471946 _____ C:\Users\luis.computnine\Downloads\wavpack-5.1.0-x86.zip2017-10-30 21:19 - 2017-10-30 21:19 - 000000000 ____D C:\Users\luis.computnine\Downloads\wavpack-5.1.0-x862017-10-30 21:07 - 2017-10-30 21:07 - 003444021 _____ C:\Users\luis.computnine\Downloads\FFmpeg_v0.6.2_for_Audacity_on_Windows.zip2017-10-30 21:07 - 2017-10-30 21:07 - 000000000 ____D C:\Users\luis.computnine\Downloads\FFmpeg_v0.6.2_for_Audacity_on_Windows2017-10-30 21:06 - 2017-10-30 21:06 - 000000000 ____D C:\Users\luis.computnine\Downloads\libmp3lame-win-3.99.32017-10-30 21:04 - 2017-10-30 21:04 - 008546565 _____ C:\Users\luis.computnine\Downloads\audacity-win-2.0.5.zip2017-10-30 21:00 - 2017-10-30 21:00 - 000202295 _____ C:\Users\luis.computnine\Downloads\libmp3lame-win-3.99.3.zip2017-10-30 20:59 - 2017-10-30 23:06 - 000000000 ____D C:\Users\luis.computnine\AppData\Roaming\audacity2017-10-30 20:59 - 2017-10-30 20:59 - 000000000 ____D C:\Users\luis.computnine\AppData\Local\Audacity2017-10-30 20:56 - 2017-10-30 20:56 - 011995493 _____ C:\Users\luis.computnine\Downloads\audacity-win-2.1.3.zip2017-10-30 20:50 - 2017-10-30 20:50 - 014402781 _____ C:\Users\luis.computnine\Downloads\mkvtoolnix-32-bit-17.0.0.7z2017-10-28 23:11 - 2017-10-29 02:20 - 000000000 ____D C:\Users\luish.computnine\Desktop\Teste_(Download)_(AI_CS6)2017-10-28 22:51 - 2017-10-28 22:51 - 000000000 ____D C:\Users\luish.computnine\Desktop\Adobe Illustrator CS62017-10-28 22:20 - 2017-10-28 22:50 - 000000000 ____D C:\Users\luish.computnine\Downloads\Illustrator_CS6_(Downloads)2017-10-28 22:17 - 2017-10-28 22:17 - 000000000 ____D C:\Users\luish.computnine\Desktop\28-10-20172017-10-28 17:10 - 2017-10-28 17:10 - 000095681 _____ C:\Users\isabecris\Downloads\Documento sem título.pdf2017-10-27 22:14 - 2017-10-27 22:15 - 078106616 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\FirefoxPortable_56.0.2_PortugueseBR.paf.exe2017-10-27 21:50 - 2017-10-27 21:51 - 042283704 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\OperaPortable_48.0.2685.52.paf.exe2017-10-27 21:50 - 2017-10-27 21:50 - 001620808 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\GoogleChromePortable_62.0.3202.75_online.paf.exe2017-10-24 19:43 - 2017-10-24 19:39 - 000032323 _____ C:\Users\luis.computnine\Desktop\Teste_(.SVG_(2).html.bak2017-10-23 01:08 - 2017-10-23 01:08 - 000000000 ____D C:\Users\isabecris\Downloads\fireshot_ie_install2017-10-23 01:06 - 2017-10-23 01:06 - 003953654 _____ C:\Users\isabecris\Downloads\fireshot_ie_install.zip2017-10-22 18:03 - 2017-10-22 18:03 - 000020280 _____ C:\Users\isabecris\Downloads\GABARITO 4BIM.xlsx2017-10-22 17:57 - 2017-10-22 17:57 - 000020280 _____ C:\Users\isabecris\Downloads\2017_GABARITO 4BIM.xlsx2017-10-22 16:51 - 2017-10-22 16:51 - 001645524 _____ C:\Users\marcopai\Desktop\YouTube.htmeletronicaIndia.htm2017-10-22 16:51 - 2017-10-22 16:51 - 000000000 ____D C:\Users\marcopai\Desktop\YouTube.htmeletronicaIndia_arquivos2017-10-21 20:43 - 2017-10-21 20:43 - 000109950 _____ C:\Users\isabecris\Downloads\MAPAO_EMYGDIO_DE_BARROS_PROFESSOR-2ª_SERIE_H_NOITE-CONSELHO-TERCEIRO-BIMESTRE-21-10-2017 20-42.pdf2017-10-21 00:51 - 2017-10-21 00:51 - 018169202 _____ C:\Users\isabecris\Downloads\Escolhidas-20171021T025107Z-001.zip2017-10-21 00:12 - 2017-10-21 00:12 - 002678074 _____ C:\Users\isabecris\Downloads\QuickHash-Windows-v2.8.2.zip2017-10-20 23:21 - 2017-10-20 23:21 - 001620784 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\GoogleChromePortable_62.0.3202.62_online.paf.exe==================== Três Meses Modificados arquivos e pastas ========(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)2018-01-18 02:18 - 2016-05-17 21:27 - 000000000 ____D C:\Program Files\DebugDiag2018-01-18 02:18 - 2015-05-07 02:41 - 000000000 ____D C:\FRST2018-01-18 01:59 - 2017-10-17 00:13 - 000000676 _____ C:\Windows\Tasks\WpsPdf2WordUpdateTask_luis.job2018-01-18 01:44 - 2014-07-05 21:04 - 000000000 ____D C:\Users\Todos os Usuários\GbPlugin2018-01-18 01:44 - 2014-07-05 21:04 - 000000000 ____D C:\ProgramData\GbPlugin2018-01-18 01:35 - 2009-07-14 00:37 - 000000000 ____D C:\Windows\registration2018-01-18 01:33 - 2009-07-14 02:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT2018-01-18 01:17 - 2009-07-14 02:34 - 000027728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02018-01-18 01:17 - 2009-07-14 02:34 - 000027728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02018-01-18 01:16 - 2017-03-09 17:18 - 000000000 ____D C:\Users\luis.computnine\AppData\Roaming\Mozilla2018-01-17 21:49 - 2015-11-01 18:43 - 000000008 __RSH C:\Users\isabecris\ntuser.pol2018-01-17 21:49 - 2014-08-30 18:56 - 000000000 ____D C:\Users\isabecris2018-01-16 23:03 - 2011-04-12 02:47 - 000787844 _____ C:\Windows\system32\prfh0416.dat2018-01-16 23:03 - 2011-04-12 02:47 - 000178310 _____ C:\Windows\system32\prfc0416.dat2018-01-16 23:03 - 2010-11-20 19:01 - 001880494 _____ C:\Windows\system32\PerfStringBackup.INI2018-01-16 23:03 - 2009-07-14 00:37 - 000000000 ____D C:\Windows\inf2018-01-16 22:39 - 2014-05-30 02:36 - 000000000 ____D C:\Users\Public\teste2018-01-16 01:00 - 2017-03-09 17:43 - 000000000 ____D C:\Users\luish.computnine\.gimp-2.82018-01-16 00:26 - 2014-08-07 19:04 - 000000000 ____D C:\Users\luish.computnine\Desktop\EULA's2018-01-16 00:09 - 2017-03-09 18:31 - 000000000 ____D C:\Users\luish.computnine\AppData\LocalLow\Mozilla2018-01-15 23:36 - 2016-01-18 19:23 - 000000000 ____D C:\Users\luis.computnine\Desktop\compactados2018-01-15 23:36 - 2014-09-11 15:25 - 000000000 ____D C:\Users\luish.computnine\Desktop\vrs2018-01-15 22:17 - 2014-05-30 18:50 - 000000000 ____D C:\Users\marcopai2018-01-14 00:38 - 2017-03-09 18:31 - 000000000 ____D C:\Users\luish.computnine\AppData\Roaming\Mozilla2018-01-13 22:55 - 2009-07-14 00:37 - 000000000 ___HD C:\Windows\system32\GroupPolicyUsers2018-01-12 21:00 - 2014-05-30 02:37 - 000000000 ____D C:\Users\luish.computnine\Documents\Softwares2018-01-11 00:04 - 2014-07-05 21:04 - 000000000 ____D C:\Program Files\GbPlugin2018-01-10 23:26 - 2017-03-09 18:01 - 000000000 ____D C:\Users\luish.computnine\AppData\Local\gtk-2.02018-01-10 23:26 - 2017-03-09 17:19 - 000000000 ____D C:\Users\luish.computnine2018-01-10 22:58 - 2014-06-22 02:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2018-01-10 22:47 - 2017-03-09 17:19 - 000000008 __RSH C:\Users\luish.computnine\ntuser.pol2018-01-10 22:44 - 2017-03-09 17:16 - 000000008 __RSH C:\Users\luis.computnine\ntuser.pol2018-01-10 22:44 - 2017-03-09 17:16 - 000000000 ____D C:\Users\luis.computnine2018-01-10 22:42 - 2014-03-30 15:02 - 000000000 ____D C:\Users\UpdatusUser2018-01-10 22:30 - 2015-09-04 04:05 - 000000000 ____D C:\Users\isabecris\AppData\LocalLow\Temp2018-01-10 22:30 - 2015-01-14 15:49 - 000000000 ____D C:\Users\marcopai\AppData\LocalLow\Temp2018-01-10 22:29 - 2016-08-25 22:30 - 000000000 ____D C:\Program Files\Diebold2018-01-10 22:29 - 2014-12-30 21:28 - 000000000 ____D C:\Users\marcoaufer\AppData\LocalLow\Temp2018-01-10 22:28 - 2009-07-14 00:37 - 000000000 ___HD C:\Windows\system32\GroupPolicy2018-01-10 22:01 - 2014-06-15 18:33 - 000000000 ____D C:\Users\Todos os Usuários\TEMP2018-01-10 22:01 - 2014-06-15 18:33 - 000000000 ____D C:\ProgramData\TEMP2018-01-10 21:36 - 2016-02-09 00:04 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2018-01-10 21:36 - 2016-02-09 00:04 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2018-01-10 21:36 - 2014-05-30 19:05 - 000000000 ____D C:\Windows\system32\Macromed2018-01-10 21:15 - 2016-07-01 03:01 - 000390256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys2018-01-10 21:15 - 2016-07-01 03:00 - 000123880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2018-01-08 20:27 - 2016-06-11 23:21 - 000000000 ____D C:\Users\luis.computnine\Documents\Softwares2018-01-07 21:23 - 2015-06-19 18:28 - 000000000 ____D C:\Windows\Minidump2018-01-07 20:13 - 2016-01-18 19:52 - 000000000 ____D C:\Users\luis.computnine\Desktop\TXT's2018-01-07 19:43 - 2017-01-12 01:19 - 000000114 _____ C:\Users\luish.computnine\Desktop\USB Disk Format Tool.url2018-01-07 18:59 - 2017-09-03 22:10 - 000000000 ____D C:\Program Files\Mozilla Firefox2018-01-07 18:59 - 2014-03-30 13:50 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service2018-01-06 01:31 - 2014-08-17 13:14 - 000002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk2018-01-06 01:31 - 2014-08-17 13:14 - 000002087 _____ C:\Users\Public\Desktop\Google Chrome.lnk2018-01-06 00:22 - 2014-05-30 01:50 - 000000000 ____D C:\Users\luish.computnine\Desktop\Arquivos2018-01-05 22:12 - 2009-07-14 00:37 - 000000000 ____D C:\Windows\system32\NDF2018-01-05 22:11 - 2017-03-26 00:42 - 000000000 ____D C:\Users\luish.computnine\AppData\Local\ElevatedDiagnostics2018-01-03 17:18 - 2016-01-18 19:16 - 000000000 ____D C:\Users\luis.computnine\Desktop\Backup2018-01-03 16:21 - 2016-07-01 03:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software2017-12-29 01:45 - 2014-08-30 19:55 - 000000000 ____D C:\Users\isabecris\AppData\Roaming\Mozilla2017-12-29 00:08 - 2015-11-08 20:52 - 000000000 ____D C:\Users\isabecris\.gimp-2.82017-12-28 23:56 - 2015-01-28 19:38 - 000000000 ____D C:\Users\isabecris\AppData\Local\gtk-2.02017-12-26 23:26 - 2014-08-30 21:47 - 000000000 ____D C:\Users\isabecris\Documents\Softwares2017-12-26 23:25 - 2016-11-22 15:48 - 000000000 ____D C:\Users\isabecris\AppData\LocalLow\Mozilla2017-12-26 23:15 - 2014-11-12 23:14 - 000000000 ____D C:\Users\isabecris\Documents\Backups2017-12-26 18:01 - 2015-01-03 19:57 - 000000000 ____D C:\Users\isabecris\dwhelper2017-12-25 20:57 - 2015-06-27 17:09 - 000000000 ____D C:\Users\Public\Mãe2017-12-23 17:27 - 2015-02-11 18:06 - 000000000 ____D C:\Users\isabecris\Documents\Compras2017-12-21 23:53 - 2015-05-29 17:40 - 000000000 ____D C:\Users\luish.computnine\Desktop\Backups2017-12-21 22:56 - 2016-07-01 02:59 - 000000000 ____D C:\Users\Todos os Usuários\AVAST Software2017-12-21 22:56 - 2016-07-01 02:59 - 000000000 ____D C:\ProgramData\AVAST Software2017-12-21 22:56 - 2016-07-01 02:59 - 000000000 ____D C:\Program Files\AVAST Software2017-12-21 22:54 - 2016-07-01 03:01 - 000294680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys2017-12-21 22:54 - 2016-07-01 03:01 - 000151328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys2017-12-21 22:54 - 2016-07-01 03:00 - 000099528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2017-12-21 22:54 - 2016-07-01 03:00 - 000070832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys2017-12-21 22:54 - 2016-07-01 03:00 - 000042824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys2017-12-21 22:53 - 2017-03-09 16:54 - 000276696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblogx.sys2017-12-21 22:53 - 2017-03-09 16:54 - 000255584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriverx.sys2017-12-21 22:53 - 2017-03-09 16:54 - 000157376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidshx.sys2017-12-21 22:53 - 2017-03-09 16:54 - 000050344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbunivx.sys2017-12-21 22:53 - 2016-07-01 03:00 - 000783104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys2017-12-21 22:53 - 2016-07-01 03:00 - 000436104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys2017-12-20 22:13 - 2017-03-13 02:03 - 000000000 ____D C:\Users\luis.computnine\.gimp-2.82017-12-20 22:13 - 2016-06-16 23:20 - 000000000 ____D C:\Users\luis.computnine\AppData\Local\gtk-2.02017-12-20 21:13 - 2016-01-18 19:25 - 000000000 ____D C:\Users\luis.computnine\Desktop\Edições_de_Imagem==================== Arquivos na raiz de alguns diretórios =======2017-11-19 17:24 - 2017-11-19 17:24 - 007649280 _____ () C:\Program Files\GUT6191.tmp2018-01-10 23:26 - 2018-01-10 23:26 - 000002818 _____ () C:\Users\luish.computnine\AppData\Local\recently-used.xbel==================== Bamital & volsnap ======================(Não há correção automática para arquivos que não passaram na verificação.)C:\Windows\explorer.exe => O arquivo é assinado digitalmenteC:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmenteC:\Windows\system32\wininit.exe => O arquivo é assinado digitalmenteC:\Windows\system32\svchost.exe => O arquivo é assinado digitalmenteC:\Windows\system32\services.exe => O arquivo é assinado digitalmenteC:\Windows\system32\User32.dll => O arquivo é assinado digitalmenteC:\Windows\system32\userinit.exe => O arquivo é assinado digitalmenteC:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmenteC:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmenteC:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmenteC:\Windows\system32\drivers\wsddin32.sys -> Acesso Negado <======= ATENÇÃO==================== BCD ================================Gerenciador de Inicializa‡Æo do Windows--------------------identificador           {bootmgr}device                  partition=C:description             Windows Boot Managerlocale                  pt-BRinherit                 {globalsettings}default                 {current}resumeobject            {e78ea204-872f-11e3-89a7-dad743570716}displayorder            {current}toolsdisplayorder       {memdiag}timeout                 30Carregador de Inicializa‡Æo do Windows-------------------identificador           {e78ea202-872f-11e3-89a7-dad743570716}device                  ramdisk=[C:]\Recovery\e78ea202-872f-11e3-89a7-dad743570716\Winre.wim,{e78ea203-872f-11e3-89a7-dad743570716}path                    \windows\system32\winload.exedescription             Windows Recovery Environmentinherit                 {bootloadersettings}osdevice                ramdisk=[C:]\Recovery\e78ea202-872f-11e3-89a7-dad743570716\Winre.wim,{e78ea203-872f-11e3-89a7-dad743570716}systemroot              \windowsnx                      OptInwinpe                   YesCarregador de Inicializa‡Æo do Windows-------------------identificador           {current}device                  partition=C:path                    \Windows\system32\winload.exedescription             Windows 7locale                  pt-BRinherit                 {bootloadersettings}recoverysequence        {e78ea206-872f-11e3-89a7-dad743570716}recoveryenabled         Yesosdevice                partition=C:systemroot              \Windowsresumeobject            {e78ea204-872f-11e3-89a7-dad743570716}nx                      OptInCarregador de Inicializa‡Æo do Windows-------------------identificador           {e78ea206-872f-11e3-89a7-dad743570716}device                  ramdisk=[C:]\Recovery\e78ea206-872f-11e3-89a7-dad743570716\Winre.wim,{e78ea207-872f-11e3-89a7-dad743570716}path                    \windows\system32\winload.exedescription             Windows Recovery Environmentinherit                 {bootloadersettings}osdevice                ramdisk=[C:]\Recovery\e78ea206-872f-11e3-89a7-dad743570716\Winre.wim,{e78ea207-872f-11e3-89a7-dad743570716}systemroot              \windowsnx                      OptInwinpe                   YesContinuar da Hiberna‡Æo---------------------identificador           {e78ea204-872f-11e3-89a7-dad743570716}device                  partition=C:path                    \Windows\system32\winresume.exedescription             Windows Resume Applicationlocale                  pt-BRinherit                 {resumeloadersettings}filedevice              partition=C:filepath                \hiberfil.syspae                     Yesdebugoptionenabled      NoTestador de Mem¢ria do Windows---------------------identificador           {memdiag}device                  partition=C:path                    \boot\memtest.exedescription             Diagn¢stico de Mem¢ria do Windowslocale                  pt-BRinherit                 {globalsettings}badmemoryaccess         YesConfigura‡äes de EMS------------identificador           {emssettings}bootems                 YesConfigura‡äes do Depurador-----------------identificador           {dbgsettings}debugtype               Serialdebugport               1baudrate                115200Defeitos de RAM-----------identificador           {badmemory}Configura‡äes Globais---------------identificador           {globalsettings}inherit                 {dbgsettings}                        {emssettings}                        {badmemory}Configura‡äes do Carregador de Inicializa‡Æo--------------------identificador           {bootloadersettings}inherit                 {globalsettings}                        {hypervisorsettings}Configura‡äes do Hypervisor-------------------identificador           {hypervisorsettings}hypervisordebugtype     Serialhypervisordebugport     1hypervisorbaudrate      115200Configura‡äes do Carregador de Retorno----------------------identificador           {resumeloadersettings}inherit                 {globalsettings}Op‡äes de dispositivo--------------identificador           {e78ea203-872f-11e3-89a7-dad743570716}description             Ramdisk Optionsramdisksdidevice        partition=C:ramdisksdipath          \Recovery\e78ea202-872f-11e3-89a7-dad743570716\boot.sdiOp‡äes de dispositivo--------------identificador           {e78ea207-872f-11e3-89a7-dad743570716}description             Ramdisk Optionsramdisksdidevice        partition=C:ramdisksdipath          \Recovery\e78ea206-872f-11e3-89a7-dad743570716\boot.sdiLastRegBack: 2018-01-18 00:39==================== Fim de FRST.txt ============================

Obs.: Malwarebytes Anti-malware Premium (14-day Trial version) hasn't founds nothing, instead of this, it have been encountered some harmless "PUP" (Ad-supported) softwares, that in nothing have something related with some OS problems here described on this Topic. I ran Malwarebytes before and after some suspicious comportments below described, and nothing in the logs that were harmful was encountered on the both prior and post scans.
 
Note: I can accuse some problems here probably coming by part of some kind of Rootkit (or "PUP"), and mayvbe as coming by part from a Trojan also together, because I have presented after the first "AdwCleaner" reboot, with some payload of the present malwares taking damaged the "WAT" (Windows Activation Technology), saying wrongly, that my Partnership (MSDN-AA Student License) copy of the installed Windows 7, was treated as "pirate", and was refused during sometime by the Windows License internal controllings after the AdwCleaner "msconfig" fake Services cleanings, being thus a false alarm, was clearly related and caused by some payload, maybe coming from the malware infections contracted. The WarSaw ("Bank of Brazil" -- "Banco do Brasil") unused Online Bank Module, has been deactivated successful, and, at the first time, the insistent Java Bank Modules could be disabled in "msconfig" (the malware was hindering the checkbox desired tick to be marked before the solicited scannings be done). Something like that showed up on my computer screen aftet the AdwCleaner required reboot (auto-fixing itself later):
 
mqdefault.jpg
 
and I losed all my Network Connections and Internet accesses for a while, having to restart my computer to have in order the Windows 7 normal License things, and the Network normal function. Some infections on this computer or some computer pragues are still remaining, My MBAM Premium (Trial) expires today. Please, don't ask MBAM more times if it isn't a really necessary step here, since nothing was found with this Anti-malware. And again, sorry for my bad English.
 
Note: The recently mentioned logs cannot be uploaded here. If you ask, I'll upload them to a Sharing website folder.

 
Waiting a response ASAP.

 
 Best Regards.

 
Thanks.
@LHVF Brazil.

Edited by LHVF, 18 January 2018 - 04:26 AM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:52 AM

Posted 18 January 2018 - 09:09 AM



Hi,

I cannot read the FRST and Addition.txt files.

Please run the tool again and save the files in Notepad or a Text Edititor.
Each line must end with a Carriage Return.

Look at the logs you submitted in your post No. 1.

If you can paste the logs in your next reply.
Do not use the Quote or Code boxes.
Just past the text if you need break the txt and use as many replies as you need.

Also, in a few words what is not working with this computer.

#8 LHVF

LHVF
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 18 January 2018 - 04:00 PM

Hi,

I cannot read the FRST and Addition.txt files.

Please run the tool again and save the files in Notepad or a Text Edititor.
Each line must end with a Carriage Return.

Look at the logs you submitted in your post No. 1.

If you can paste the logs in your next reply.
Do not use the Quote or Code boxes.
Just past the text if you need break the txt and use as many replies as you need.

Also, in a few words what is not working with this computer.

 

Hi again!
 
Sorry me. Because a few hours before I was using the Forum website on phone (Android Smartphone), this made all the text indentation to be lose (I've had already save the logs correctly at the first time). I'll post the logs in body of my post, to can be read properly:
 
View_Export_(16-01-2018).txt:
 
[...]
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/15/18
Scan Time: 10:43 PM
Log File: 48f5f6e0-fa56-11e7-8009-000000000000.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3703
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: computnine\luish
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 438770
Threats Detected: 8
Threats Quarantined: 8
Time Elapsed: 49 min, 33 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 8
PUP.Optional.ASK, C:\USERS\LUIS.COMPUTNINE\DESKTOP\COMPACTADOS\BACKUP_GRAVAçãO.7Z, Quarantined, [463], [383618],1.0.3703
PUP.Optional.ProductKeyFinder, C:\USERS\LUISH.COMPUTNINE\DESKTOP\EXECUTáVEIS\PRODUKEY\PRODUKEY.EXE, Quarantined, [6584], [86094],1.0.3703
PUP.Optional.ProductKeyFinder, C:\USERS\LUISH.COMPUTNINE\DESKTOP\EXECUTáVEIS\PRODUKEY-X64\PRODUKEY.EXE, Quarantined, [6584], [86094],1.0.3703
PUP.Optional.ProductKeyFinder, C:\USERS\LUISH.COMPUTNINE\DESKTOP\VRS\OUTRO\PRODUKEY.ZIP, Quarantined, [6584], [86094],1.0.3703
PUP.Optional.ProductKeyFinder, C:\USERS\LUISH.COMPUTNINE\DESKTOP\VRS\PRODUKEY-X64.ZIP, Quarantined, [6584], [86094],1.0.3703
PUP.Optional.ProductKeyFinder, C:\USERS\LULA\DESKTOP\ARQUIVOS_(ROBOT)\PEN\SERIAL_MS\PRODUKEY.ZIP, Quarantined, [6584], [86094],1.0.3703
PUP.Optional.ProductKeyFinder, C:\USERS\LUISH.COMPUTNINE\DESKTOP\VRS\PRODUKEY.ZIP, Quarantined, [6584], [86094],1.0.3703
PUP.Optional.ProductKeyFinder, C:\USERS\LULA\DESKTOP\ARQUIVOS_(ROBOT)\PEN\SERIAL_MS\PRODUKEY-X64.ZIP, Quarantined, [6584], [86094],1.0.3703
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
[...]
 
Continues in the next post...

Edited by LHVF, 19 January 2018 - 12:26 AM.


#9 LHVF

LHVF
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 18 January 2018 - 04:06 PM

Continuation... :

 
AdwCleaner[C0].txt:
 
[...]
 
# AdwCleaner 7.0.6.0 - Logfile created on Tue Jan 16 02:35:14 2018
# Updated on 2017/21/12 by Malwarebytes 
# Running on Windows 7 Professional (X86)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\ProgramData\Speedbit
Deleted: C:\ProgramData\Application Data\Speedbit
Deleted: C:\Users\acronimo\AppData\LocalLow\Speedbit
Deleted: C:\Users\acronimo\AppData\Roaming\Speedbit
Deleted: C:\Users\All Users\Speedbit
Deleted: C:\Users\isabecris\AppData\LocalLow\Speedbit
Deleted: C:\Users\isabecris\AppData\Roaming\Speedbit
Deleted: C:\Users\luis.computnine\AppData\LocalLow\Speedbit
Deleted: C:\Users\luis.computnine\AppData\Roaming\Speedbit
Deleted: C:\Users\luish.computnine\AppData\LocalLow\Speedbit
Deleted: C:\Users\luish.computnine\AppData\Roaming\Speedbit
Deleted: C:\Users\lula\AppData\LocalLow\Speedbit
Deleted: C:\Users\lula\AppData\Roaming\Speedbit
Deleted: C:\Users\marcopai\AppData\LocalLow\Speedbit
Deleted: C:\Users\Todos os Usuários\Speedbit
Deleted: C:\Users\All Users\Documents\pc faster
Deleted: C:\Users\Public\Documents\pc faster
Deleted: C:\Users\Todos os Usuários\Documents\pc faster
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKU\S-1-5-21-3370822099-4033009180-3280478221-1001\Software\SpeedBit
Deleted: [Key] - HKU\S-1-5-21-3370822099-4033009180-3280478221-1007\Software\SpeedBit
Deleted: [Key] - HKCU\Software\SpeedBit
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [2632 B] - [2018/1/16 2:31:18]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 

[...]

 

Addition.txt:

 

[...]

 

Resultado do exame Adicional Farbar Recovery Scan Tool (x86) Versão: 17.01.2018 01

Executado por luish (18-01-2018 02:20:50)
Executando a partir de C:\Users\luish.computnine\Desktop\AV_(2018)\Outros\últimos\LOG's_(TXT's)\17-01-2018
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2014-03-30 15:09:17)
Modo da Inicialização: Normal
==========================================================
 
 
==================== Contas: =============================
 
acronimo (S-1-5-21-3370822099-4033009180-3280478221-1021 - Limited - Enabled) => C:\Users\acronimo
Administrador (S-1-5-21-3370822099-4033009180-3280478221-500 - Administrator - Disabled)
Convidado (S-1-5-21-3370822099-4033009180-3280478221-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3370822099-4033009180-3280478221-1002 - Limited - Enabled)
isabecris (S-1-5-21-3370822099-4033009180-3280478221-1020 - Limited - Enabled) => C:\Users\isabecris
IsabelCris (S-1-5-21-3370822099-4033009180-3280478221-1101 - Limited - Enabled) => C:\Users\IsabelCris
luis (S-1-5-21-3370822099-4033009180-3280478221-1004 - Limited - Enabled) => C:\Users\luis.computnine
luish (S-1-5-21-3370822099-4033009180-3280478221-1001 - Administrator - Enabled) => C:\Users\luish.computnine
lula (S-1-5-21-3370822099-4033009180-3280478221-1006 - Limited - Enabled) => C:\Users\lula
marcoaufer (S-1-5-21-3370822099-4033009180-3280478221-1003 - Administrator - Enabled) => C:\Users\marcoaufer
marcopai (S-1-5-21-3370822099-4033009180-3280478221-1005 - Limited - Enabled) => C:\Users\marcopai
UpdatusUser (S-1-5-21-3370822099-4033009180-3280478221-1007 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Central de Segurança ========================
 
(Se uma entrada for incluída na fixlist, será removida.)
 
 
==================== Programas Instalados ======================
 
(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)
 
AAC ACM Codec 1.9 (HKLM\...\AACACM) (Version: 1.9 - fccHandler)
AC-3 ACM Codec 2.2 (HKLM\...\AC3ACM) (Version: 2.2 - fccHandler)
Acrobat.com (HKLM\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.3.183 - Adobe Systems, Inc.)
Advertising Center (HKLM\...\{B2EC4A38-B545-4A00-8214-13FE0E915E6D}) (Version: 0.0.0.2 - Nero AG) Hidden
Any Video Converter 5.7.7 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
ASRock IES v2.1.24 (HKLM\...\ASRock IES_is1) (Version:  - )
Atualizações da NVIDIA 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Avast Cleanup Premium (HKLM\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 17.2.3724.0 - AVAST Software)
Avast Premier (HKLM\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP)
Crystal Reports for Visual Studio (HKLM\...\{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}) (Version: 12.51.0.240 - SAP) Hidden
Debug Diagnostics 2 Update 2 32-bit (HKLM\...\{95ED13B2-0182-4397-97A5-5EA69DE0AEFF}) (Version: 2.2.0.13 - Microsoft Corporation)
Desinstalar impressora EPSON Stylus TX200 Series (HKLM\...\EPSON Stylus TX200 Series) (Version:  - SEIKO EPSON Corporation)
Dotfuscator Software Services - Community Edition (HKLM\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
DVDAuthorGUI (remove only) (HKLM\...\DVDAuthorGUI) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
FireShot (HKLM\...\FireShot) (Version:  - )
FireShot for Internet Explorer (HKLM\...\FireShot for IE) (Version:  - )
Freemake Video Converter versão 4.1.4 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
GDR 4033 para o SQL Server 2008 R2 (KB2977320) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation)
GDR 4042 para o SQL Server 2008 R2 (KB3045313) (HKLM\...\KB3045313) (Version: 10.52.4042.0 - Microsoft Corporation)
GetASFStream (HKLM\...\GetASFStream) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Huffyuv AVI lossless video codec (Remove Only) (HKLM\...\HUFFYUV) (Version:  - )
Hybrid (remove only) (HKLM\...\Hybrid) (Version: 2017.5.6.0 - Selur´s Hybrid)
IconViewer (HKLM\...\{C6F34AE0-0576-11d4-82FE-4491FCC00000}) (Version: 3.2.147 - Bot Productions)
ImagXpress (HKLM\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Kingsoft PDF to Word SDK (2.0.1) (HKLM\...\{113B2748-4AD7-425A-AD99-4F618E235550}) (Version: 2.0.1 - Zhuhai Kingsoft Office Software Co.,Ltd)
K-Lite Mega Codec Pack 10.6.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.6.0 - )
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
LibreOffice 4.3 Help Pack (Portuguese (Brazil)) (HKLM\...\{FD3124B2-A20F-4FC7-BB0A-917063A64790}) (Version: 4.3.1.2 - The Document Foundation)
LibreOffice 4.4.1.2 (HKLM\...\{4A754DA6-6E12-40AF-BAF0-B7D60C6BE005}) (Version: 4.4.1.2 - The Document Foundation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Menu Templates - Pack 1 (HKLM\...\{56ABA277-EE53-4478-A607-FA42208FF5A9}) (Version: 9.6.0.0 - Nero AG) Hidden
Menu Templates - Starter Kit (HKLM\...\{B78120A0-CF84-4366-A393-4D0A59BC546C}) (Version: 9.6.0.0 - Nero AG) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{8E0BF061-4331-4459-BB6C-C20F237B53DB}) (Version: 10.52.4042.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Policies (HKLM\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{EFECC55D-7B0A-4D05-8487-CC2FD7C618A3}) (Version: 10.52.4042.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x86) (HKLM\...\{C6DD625F-4B61-4561-8286-87CA0275CEA1}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM\...\{97CE8B73-AA5A-4987-A1BE-50DD1A187478}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x86) (HKLM\...\{F990B526-8F7C-46E0-B1F1-6C893A8B478F}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) (HKLM\...\{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (HKLM\...\{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - ENU (HKLM\...\Microsoft Visual Studio 2010 Ultimate - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Movie Templates - Starter Kit (HKLM\...\{E498385E-1C51-459A-B45F-1721E37AA1A0}) (Version: 9.6.0.0 - Nero AG) Hidden
Mozilla Firefox 57.0.4 (x86 pt-BR) (HKLM\...\Mozilla Firefox 57.0.4 (x86 pt-BR)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.4.6577 - Mozilla)
MPEG Video Wizard DVD 5.0.1.110 (06/2014) (HKLM\...\{9FD45917-95E6-449D-ACC9-01E634A34CBD}_is1) (Version: 5.0.1.110 - Womble Multimedia, Inc.)
MPEG Video Wizard DVD 5.0.1.110 (06/2014) (HKLM\...\Mpeg Video Wizard DVD 5.0) (Version: 5.0.1.110 (06/2014) - Womble Multimedia, Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM\...\{33e6e776-5d5d-4392-8293-263d9ab7e698}) (Version:  - Nero AG)
NVIDIA Driver de gráficos 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
Painel de controle da NVIDIA 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 307.83 - NVIDIA Corporation) Hidden
Platform (HKLM\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Hidden
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
RogueKiller versão 12.9.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.2.0 - Adlice Software)
SafeZone Stable 4.58.2552.909 (HKLM\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Samsung ML-1610 Series (HKLM\...\Samsung ML-1610 Series) (Version:  - )
Samsung ML-1610 Series SmartPanel (HKLM\...\Samsung ML-1610 Series SmartPanel) (Version:  - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
SQL Server 2008 R2 Reporting Services (HKLM\...\{49E98741-B7A4-4A44-A536-6AFCA23106FE}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 BI Development Studio (HKLM\...\{143203CB-9E09-4D9D-91F1-D000EC6E1F87}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 BI Development Studio (HKLM\...\{2BF7DF19-F716-4986-AD4A-3AF6ACFEEE14}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Common Files (HKLM\...\{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Common Files (HKLM\...\{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (HKLM\...\{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (HKLM\...\{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (HKLM\...\{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (HKLM\...\{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Full text search (HKLM\...\{06A7EA72-0F00-4D53-A81C-A5D925711141}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Management Studio (HKLM\...\{020617D7-2F72-4D02-BF59-A5CBC1761177}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Management Studio (HKLM\...\{121475F5-2598-4574-8801-8F6B3D6A99BB}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Reporting Services (HKLM\...\{23F70562-02F4-4805-ACF5-6E52BAD167C2}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM\...\{93998800-1608-403F-9A51-420A77D23C25}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unknown Device Identifier 9.01 (HKLM\...\Unknown Device Identifier_is1) (Version: 9.01 - Huntersoft)
Update for Skype for Business 2015 (KB4011255) 32-Bit Edition (HKLM\...\{90150000-012B-0416-0000-0000000FF1CE}_Office15.PROPLUSR_{2449D2C4-C30E-4854-9A5E-59AA60DE216B}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011255) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{2449D2C4-C30E-4854-9A5E-59AA60DE216B}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VIA Gerenciador de dispositivo de plataforma (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Warsaw 1.12.4.14 32 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.12.4.14 - GAS Tecnologia)
WCF RIA Services V1.0 SP1 (HKLM\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip (HKLM\...\WinZip) (Version:  9.0 SR-1 (6224) - WinZip Computing, Inc.)
Wise Program Uninstaller 1.97 (HKLM\...\Wise Program Uninstaller_is1) (Version: 1.97 - WiseCleaner.com, Inc.)
wkhtmltox 0.12.3.2 (HKLM\...\wkhtmltopdf) (Version:  - )
XFastUSB (HKLM\...\XFastUSB) (Version: 3.02.28 - ASRock Inc.)
 
==================== Exame Personalizado CLSID (Whitelisted): ==========================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-12-21] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-12-21] (AVAST Software)
ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll [2010-04-27] (Nero AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLSTB.DLL [2004-08-16] (WinZip Computing, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-12-21] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLSTB.DLL [2004-08-16] (WinZip Computing, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-01-31] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-12-21] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLSTB.DLL [2004-08-16] (WinZip Computing, Inc.)
 
==================== Tarefas Agendadas (Whitelisted) =============
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
Task: {04CF2A6E-143E-42C8-8A6D-62D2F2D75EE8} - System32\Tasks\WpsPdf2WordUpdateTask_luis => C:\Users\luis.computnine\AppData\Local\Kingsoft\PDF2Word\10.2.0.5824\wtoolex\pdf2wordupd.exe
Task: {1404DB05-0273-49F1-8ABB-6446A696B2BB} - System32\Tasks\SafeZone scheduled Autoupdate 1467349672 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {177D5E8C-F6D4-4AD2-A713-906D6A1B5127} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {1AC9B894-65B9-446D-861A-6BBF048C4CB1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {1F424EA7-B5C5-4A6E-86F3-B1530DBC5FD1} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work => C:\Windows\system32\WorkFoldersSystemTray.exe [2015-09-04] (Microsoft Corporation)
Task: {422CCA08-81B3-4CFB-8ABD-B644549479C1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {51F95F34-F5A5-4AD6-944E-16269E238CA4} - System32\Tasks\{6827F6D9-2E0D-4CFC-9B0B-7DFF9AA9A4A0} => C:\Windows\system32\pcalua.exe -a C:\Windows\system32\DivXControlPanelApplet.cpl -c DivX Control Panel
Task: {53238DAF-D6A8-478F-AE6C-FDC1F5B09DB9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-10] (Adobe Systems Incorporated)
Task: {5FEED805-708C-4E34-81A8-8F092DF5B634} - System32\Tasks\{D876ECB0-3862-4F94-B30B-AC607F529F61} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\IconViewer\Setup.exe" -d "C:\Program Files\IconViewer"
Task: {630A7EEC-EDFA-4188-8001-9AD1E9FEB19C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {7157EE0D-FDBE-43EE-9A07-19BBF5EFE468} - System32\Tasks\{FC56E5A7-122E-4D2F-8543-4FF4A881C7A1} => C:\Windows\system32\pcalua.exe -a C:\Users\luish\Desktop\SMFixer.exe -d C:\Users\luish\Desktop
Task: {796BBE93-1AC3-45B3-A525-259007FC0B0D} - System32\Tasks\SafeZone scheduled Autoupdate 1450832711 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {882FBB0B-C96E-4D0A-BBBD-B76248009EC3} - System32\Tasks\{F1096CF4-4D74-4FE1-8A18-DFD32D82357C} => C:\Program Files\Mozilla Firefox\firefox.exe 
Task: {B4BE499F-EDAD-4507-97D8-95E5A67F8817} - System32\Tasks\Avast TUNEUP Update => C:\Program Files\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2017-12-13] (AVAST Software)
Task: {D2B0963B-5519-485B-9C77-BAE1F90761CA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-12-21] (AVAST Software)
Task: {DDBA20A3-54AD-4156-90DE-0981A3F5C8C5} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-03-02] ()
Task: {DF34158F-AFC9-4DAE-B8F0-313C6FCAB383} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {EAAD04E9-2DDD-4D2A-BBA4-16B2B38B3978} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {EF8888C0-7889-4F46-A438-FE0034158EBC} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-05] (AVAST Software)
Task: {F20B1FC2-3225-4B6E-8911-278B03D98E6F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
 
(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)
 
Task: C:\Windows\Tasks\WpsPdf2WordUpdateTask_luis.job => C:\Users\luis.computnine\AppData\Local\Kingsoft\PDF2Word\10.2.0.5824\wtoolex\pdf2wordupd.exe
 
==================== Atalhos & WMI ========================
 
(As entradas podem ser listadas para serem restauradas ou removidas.)
 
 
Shortcut: C:\Users\luish.computnine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FireShot for Internet Explorer\FireShot at the Web.lnk -> hxxp://screenshot-program.com/fireshot/fireshot_pro.ph
Shortcut: C:\Users\luish.computnine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FireShot\FireShot Homepage.lnk -> hxxp://getfireshot.com/firesho
 
==================== Módulos Carregados (Whitelisted) ==============
 
2014-03-30 15:02 - 2013-01-31 07:00 - 000079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2017-12-21 22:54 - 2017-12-21 22:54 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-12-21 22:54 - 2017-12-21 22:54 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2017-12-21 22:54 - 2017-12-21 22:54 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-12-21 22:54 - 2017-12-21 22:54 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-12-21 22:54 - 2017-12-21 22:54 - 000196248 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2018-01-17 21:39 - 2018-01-17 21:39 - 005768336 _____ () C:\Program Files\AVAST Software\Avast\defs\18011706\algo.dll
2017-12-21 22:54 - 2017-12-21 22:54 - 000745408 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-12-21 22:53 - 2017-12-21 22:53 - 000148936 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2017-12-21 22:54 - 2017-12-21 22:54 - 000293944 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2014-06-03 18:59 - 2006-12-04 02:25 - 000022723 _____ () C:\Windows\System32\SUGS1l3.dll
2018-01-15 22:39 - 2017-11-29 09:11 - 001934792 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-15 22:39 - 2017-11-29 09:11 - 001798608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-12-21 22:53 - 2017-12-21 22:53 - 000196816 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2016-06-27 12:41 - 2011-05-28 23:04 - 000140288 _____ () C:\Program Files\WinRAR\rarext.dll
2017-12-21 22:56 - 2016-09-12 14:53 - 048936448 _____ () C:\Program Files\AVAST Software\Avast Cleanup\libcef.dll
2017-07-03 15:48 - 2017-07-03 15:48 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-12-21 22:53 - 2017-12-21 22:53 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(Se uma entrada for incluída na fixlist, somente o ADS será removido.)
 
AlternateDataStreams: C:\Program Files\GbPlugin:IncompleteStartProcessProtection.cnt [8]
AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst [514]
AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]
AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10]
 
==================== Modo de Segurança (Whitelisted) ===================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\48611155.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP_TDI => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Schedule => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\48611155.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Schedule => ""="Service"
 
==================== Associação (Whitelisted) ===============
 
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)
 
 
==================== Internet Explorer confiável/restrito ===============
 
(Se uma entrada for incluída na fixlist, será removida do Registro.)
 
IE trusted site: HKU\S-1-5-21-3370822099-4033009180-3280478221-1001\...\bancobrasil.com.br -> hxxps://www14.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-3370822099-4033009180-3280478221-1001\...\bb.com.br -> hxxps://seg.bb.com.br
IE trusted site: HKU\S-1-5-21-3370822099-4033009180-3280478221-1001\...\itau.com.br -> hxxps://bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-3370822099-4033009180-3280478221-1001\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br
 
==================== Hosts Conteúdo: ===============================
 
(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)
 
2009-07-14 00:04 - 2013-09-03 17:19 - 000000833 ____N C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Outras Áreas ============================
 
(Atualmente não há nenhuma correção automática para esta seção.)
 
HKU\S-1-5-21-3370822099-4033009180-3280478221-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\luish.computnine\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 201.6.2.222 - 201.6.2.122
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Firewall do Windows está habilitado.
 
==================== MSCONFIG/TASK MANAGER ítens desabilitados ==
 
MSCONFIG\startupreg: Diebold - Warsaw => C:\Program Files\Diebold\Warsaw\core.exe
MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: XFastUSB => "C:\Program Files\XFastUSB\XFastUsb.exe"
 
==================== Regras do Firewall (Whitelisted) ===============
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{EDB9187B-0996-487F-89E6-12070BF31DE5}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8D2E7ED1-A6E9-47E6-8C34-20100546138E}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8D9B5106-4DDE-4CE0-9EC8-C443FF7C7475}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{30881A95-5EA8-4611-B84E-8CDCCDC5CF60}C:\program files\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files\divx\divx media server\divxmediaserver.exe
FirewallRules: [UDP Query User{EA20E4B9-0F10-4071-A43B-8A537D16CC70}C:\program files\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files\divx\divx media server\divxmediaserver.exe
FirewallRules: [TCP Query User{42945325-FFA8-4360-BD44-51A6DE7D060D}C:\program files\libreoffice 4\program\soffice.bin] => (Allow) C:\program files\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{8B1539B7-9B0C-4046-8493-0012BADB01A0}C:\program files\libreoffice 4\program\soffice.bin] => (Allow) C:\program files\libreoffice 4\program\soffice.bin
FirewallRules: [{9FA0BD9D-B3DC-4EC3-BEB0-36535C1977E9}] => (Allow) C:\Users\marcoaufer\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{8275B36B-61B5-49B7-8E9C-FC17C87BDF3B}] => (Allow) C:\Users\marcoaufer\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{2CCA36F5-83C8-4A97-9B0F-6BEBFD7114DC}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{2B9D26BC-71D6-417D-B387-4DD17C381A09}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{B7DE53EB-C4AE-44A5-A98B-E8C747486D0E}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{241F4674-163C-4D60-BA2D-85C3C8D79E59}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{FB419453-E639-4C7C-8465-D8CDBC5FEDD6}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{C77B7993-8415-4831-BFFB-208B6F1B1B80}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{84569998-48FA-42B3-9B50-DA8F0B5C5781}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{8EDBED35-CE4F-4DC5-81B9-5FC97C5F4D0D}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{A4B3821C-3F6F-436C-A9E1-CF045D019063}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{E4E9586E-B680-4EE5-839C-284089EC4873}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{D7951EC7-0324-404E-8D60-B3E76586D1E7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E1DBF4FC-FFE6-44BE-9244-ECBAE8DDB3D4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0309FA31-928F-45F7-9E15-728D53145EE3}] => (Allow) C:\Users\marcoaufer\AppData\Local\temp\7zS2AF4\hppiw.exe
FirewallRules: [{8DC0F6EE-D650-4BA9-BE54-12DAA17231D5}] => (Allow) C:\Users\marcoaufer\AppData\Local\temp\7zS2AF4\hppiw.exe
FirewallRules: [{138810EA-8073-49DC-9326-6113D2B44258}] => (Allow) C:\Users\marcoaufer\AppData\Local\temp\7zS3726\hppiw.exe
FirewallRules: [{1C33379A-0913-484B-A408-731D352D5637}] => (Allow) C:\Users\marcoaufer\AppData\Local\temp\7zS3726\hppiw.exe
FirewallRules: [{7A1F4263-D091-41DA-B258-E1E146358F9F}] => (Allow) C:\Users\marcoaufer\AppData\Local\temp\7zS477D\hppiw.exe
FirewallRules: [{395DF255-6B21-43EE-BE7A-C7555ECB9D8F}] => (Allow) C:\Users\marcoaufer\AppData\Local\temp\7zS477D\hppiw.exe
FirewallRules: [{0193C886-929A-4614-81FB-0AFE5ACEC191}] => (Allow) C:\Users\marcoaufer\AppData\Local\temp\7zS4AF9\HPDiagnosticCoreUI.exe
FirewallRules: [{27DECAD8-8F04-4197-80B2-AAC30B6E4596}] => (Allow) C:\Users\marcoaufer\AppData\Local\temp\7zS4AF9\HPDiagnosticCoreUI.exe
FirewallRules: [{487FCEAD-8DCC-48E9-A92F-D38192E1B3A8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{3EC5E266-8BE9-498B-BFE0-FF1DDFE3B307}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{648A38E0-D5BB-4FEA-A58E-75D460B141B8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7E552CC4-4DF8-4A65-97CB-E03042E6D051}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{9672FB7A-38B4-4D2F-B2E1-39BF846F9012}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{64DD149D-3ED8-4E34-B962-4CB321239B40}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{98D33EA4-CCE2-4BA1-94B7-773514E06CEF}C:\users\luis\documents\softwares\firefoxportable_36.0_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe] => (Allow) C:\users\luis\documents\softwares\firefoxportable_36.0_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe
FirewallRules: [UDP Query User{08AF9AED-CF43-4C55-B037-7F78ECAA33A2}C:\users\luis\documents\softwares\firefoxportable_36.0_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe] => (Allow) C:\users\luis\documents\softwares\firefoxportable_36.0_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe
FirewallRules: [TCP Query User{0AE157A9-B893-4A9F-9E46-7143AE67DEE0}C:\users\luis\documents\softwares\firefoxportable_36.0.1_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe] => (Allow) C:\users\luis\documents\softwares\firefoxportable_36.0.1_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe
FirewallRules: [UDP Query User{EAA2DDDF-B955-498B-AFB7-F085B0C85810}C:\users\luis\documents\softwares\firefoxportable_36.0.1_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe] => (Allow) C:\users\luis\documents\softwares\firefoxportable_36.0.1_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe
FirewallRules: [TCP Query User{024257F2-1E98-4813-B3AA-4B06206CEE4C}C:\program files\libreoffice 4\program\soffice.bin] => (Allow) C:\program files\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{EACE3890-2C86-4ED7-A544-5257227743ED}C:\program files\libreoffice 4\program\soffice.bin] => (Allow) C:\program files\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{A027C0E4-D537-45E3-A9B5-B248996F0D96}C:\users\luis\documents\softwares\firefoxportable_36.0_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe] => (Allow) C:\users\luis\documents\softwares\firefoxportable_36.0_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe
FirewallRules: [UDP Query User{408AA43A-7328-4033-BA05-24B51CFC251A}C:\users\luis\documents\softwares\firefoxportable_36.0_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe] => (Allow) C:\users\luis\documents\softwares\firefoxportable_36.0_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe
FirewallRules: [TCP Query User{B7F23F02-0691-4652-BE48-5CB447F9C718}C:\users\luis\documents\softwares\firefoxportable_36.0.1_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe] => (Allow) C:\users\luis\documents\softwares\firefoxportable_36.0.1_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe
FirewallRules: [UDP Query User{757E04E6-7271-435D-BB60-ECEB262E8C9D}C:\users\luis\documents\softwares\firefoxportable_36.0.1_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe] => (Allow) C:\users\luis\documents\softwares\firefoxportable_36.0.1_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe
FirewallRules: [TCP Query User{7AFB2E64-0BDB-4737-B1FC-AC246A569C85}C:\users\luis\documents\softwares\googlechromeportable_45.0.2454.85_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_45.0.2454.85_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{D039AA36-E4D0-4AB8-B153-845AED60C877}C:\users\luis\documents\softwares\googlechromeportable_45.0.2454.85_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_45.0.2454.85_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [{1326FEC7-4439-4E28-81BB-F41F58C06BB8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{33C934DB-2664-4EEA-AF79-F7C46804E041}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0DEC255A-2484-44C6-A51D-1507443C61D4}C:\users\luish\documents\softwares\firefoxportable_36.0.1_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe] => (Allow) C:\users\luish\documents\softwares\firefoxportable_36.0.1_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe
FirewallRules: [UDP Query User{9ABAE85F-6105-4D5B-B40E-D7F545F626B3}C:\users\luish\documents\softwares\firefoxportable_36.0.1_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe] => (Allow) C:\users\luish\documents\softwares\firefoxportable_36.0.1_portuguesebr.paf\firefoxportable\app\firefox\firefox.exe
FirewallRules: [TCP Query User{D0DDAE81-7761-4CF2-9271-634F2B09B903}C:\users\luis.computnine\documents\softwares\googlechromeportable_48.0.2564.82_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_48.0.2564.82_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{86A32187-DFA2-492C-BF70-3E29709304EF}C:\users\luis.computnine\documents\softwares\googlechromeportable_48.0.2564.82_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_48.0.2564.82_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [{95CF7A7E-B47B-43D3-881B-951DF71EE835}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [TCP Query User{68D9A539-B39A-4753-9105-4E2008B37613}C:\users\luis\documents\softwares\googlechromeportable_53.0.2785.101_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_53.0.2785.101_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{D5062786-F20F-4410-B80E-001E19FD03F3}C:\users\luis\documents\softwares\googlechromeportable_53.0.2785.101_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_53.0.2785.101_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [{AD48CCC3-4D56-425C-BCCB-D0E57819FE08}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{4712D6D9-A61A-4FE4-A0DD-37AA2FCAA209}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{5259C4E3-CDA7-4FC0-8494-3C9077B40E1C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F5305E4F-C163-4D99-860F-0541C5A43E8F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{4183D434-C802-4622-A4D2-692D732A09BE}C:\users\luis\documents\softwares\googlechromeportable_53.0.2785.116_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_53.0.2785.116_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{E486B84D-7778-429C-8BE3-60487F19A82C}C:\users\luis\documents\softwares\googlechromeportable_53.0.2785.116_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_53.0.2785.116_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{B2A48BD9-E8A1-4FC3-94A8-9DFF5C46A191}C:\users\luis\documents\softwares\googlechromeportable_53.0.2785.143_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_53.0.2785.143_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{2F614E1C-5C0B-49B0-9226-3F83EABE623E}C:\users\luis\documents\softwares\googlechromeportable_53.0.2785.143_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_53.0.2785.143_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{1385DF5B-EFC3-4DD4-B8D8-2BF7E46437E0}C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.59_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.59_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{327C5144-1A33-47FA-84DF-9A9EBB20AAF5}C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.59_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.59_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{0E94AFEC-B02C-4A49-9FF1-B9D88172414B}C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.71_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.71_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{68A9636D-BFFA-45B9-BE2C-378B0B82F697}C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.71_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.71_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{26A9CBDB-4EAB-41A1-8B6B-2D902A69AC73}C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.87_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.87_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{766ED1F6-8072-42C3-91E9-6227A2EE1621}C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.87_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.87_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{F4749B46-0E37-40C5-A1B0-B227D3C4DF8D}C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.99_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.99_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{BFDA281F-8B94-4C57-A32D-0CD75927A747}C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.99_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_54.0.2840.99_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{23E77E95-59CF-4C4D-9EF7-DC4E3E00CF4C}C:\users\luis\documents\softwares\googlechromeportable_55.0.2883.75_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_55.0.2883.75_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{C0127CE6-1C43-4EE4-B49B-29EA65C4452B}C:\users\luis\documents\softwares\googlechromeportable_55.0.2883.75_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_55.0.2883.75_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{CEB0D9ED-D794-40D4-BE12-6A5F0CD73210}C:\users\luis\documents\softwares\googlechromeportable_55.0.2883.87_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_55.0.2883.87_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{8F5D8F2A-C061-421C-B7F2-AE09E4AC6FAE}C:\users\luis\documents\softwares\googlechromeportable_55.0.2883.87_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis\documents\softwares\googlechromeportable_55.0.2883.87_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{674B109A-A033-4323-BC5A-29DC67671441}C:\users\luis.computnine\documents\softwares\googlechromeportable_55.0.2883.87_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Block) C:\users\luis.computnine\documents\softwares\googlechromeportable_55.0.2883.87_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{7DD3DD43-E549-4F7A-B41C-63A53656E70C}C:\users\luis.computnine\documents\softwares\googlechromeportable_55.0.2883.87_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Block) C:\users\luis.computnine\documents\softwares\googlechromeportable_55.0.2883.87_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{8AF385A5-E72E-4CFA-8D6D-409B66F9F43D}C:\users\luis.computnine\documents\softwares\googlechromeportable_57.0.2987.98_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_57.0.2987.98_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{A05358AA-105B-4D9A-91EC-C95310C494EB}C:\users\luis.computnine\documents\softwares\googlechromeportable_57.0.2987.98_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_57.0.2987.98_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{8217BA65-E4CE-40CF-ADB0-A709A5AA458A}C:\users\luis.computnine\documents\softwares\googlechromeportable_57.0.2987.110_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_57.0.2987.110_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{C995032F-604E-4539-BD17-006394F71B65}C:\users\luis.computnine\documents\softwares\googlechromeportable_57.0.2987.110_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_57.0.2987.110_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{649DAB87-E134-4C04-B4DD-3DA9935A488C}C:\users\luis.computnine\documents\softwares\googlechromeportable_57.0.2987.133_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_57.0.2987.133_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{6BD038DF-DEEE-4BBB-881C-AD6A32FD6A98}C:\users\luis.computnine\documents\softwares\googlechromeportable_57.0.2987.133_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_57.0.2987.133_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{98AA75CE-6C33-4C56-90DD-666D97BBB1C8}C:\users\luis.computnine\documents\softwares\googlechromeportable_58.0.3029.81_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_58.0.3029.81_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{53287878-337C-441F-872A-17BD52A74022}C:\users\luis.computnine\documents\softwares\googlechromeportable_58.0.3029.81_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_58.0.3029.81_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{FC01E617-3FB5-4BBC-A1E8-E2EFB58DFB7C}C:\users\luis.computnine\documents\softwares\googlechromeportable_58.0.3029.96_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_58.0.3029.96_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{AD7A9D24-C841-4D41-AF0E-70691ED7CAF8}C:\users\luis.computnine\documents\softwares\googlechromeportable_58.0.3029.96_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_58.0.3029.96_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{9EB42960-B3CB-42C9-8AF3-350203EBCB90}C:\users\luis.computnine\documents\softwares\googlechromeportable_58.0.3029.110_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_58.0.3029.110_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{D2D62E32-64AC-4618-A7DB-DB9AF115B294}C:\users\luis.computnine\documents\softwares\googlechromeportable_58.0.3029.110_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_58.0.3029.110_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{E3A0EBFC-2ED9-40A1-83B0-02626E12FD4E}C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.86_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.86_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{7E6D2427-58EE-4150-AB7C-3B2F69382E76}C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.86_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.86_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{A87C5357-0D25-4435-AF82-7FA608E454DA}C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.104_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.104_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{D240DACF-AFD4-43D8-B93D-E86836F5D387}C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.104_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.104_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{694FA025-3C3B-412E-BFD3-32D0F77631F8}C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.109_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.109_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{FA1B4001-B9E7-44E3-A5B4-33B1C5C9492C}C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.109_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.109_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{9E1408B5-D4A6-4233-B61F-820621E6D437}C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.115_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.115_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{6CCDD431-1DEA-4A9A-902C-DC31BB953202}C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.115_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_59.0.3071.115_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{C1E74EF0-C1AC-430F-A7A1-969E3D18DDFA}C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.78_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.78_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{F5DD486A-246F-4048-8EC2-FB2887E87528}C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.78_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.78_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{A55CA3F3-C97A-4DCC-B119-87C65CCB4138}C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.90_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.90_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{E180F0C0-1B2B-4631-B0F3-B4B09A7EE3D8}C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.90_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.90_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [{FB23380D-30DB-49FB-926B-5D11A5B6C396}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [TCP Query User{723EDAC6-9B6D-4F3F-99BE-1F7B65CEF46F}C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.101_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.101_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{117CCF55-6BD4-4BEF-B385-8179D0B90472}C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.101_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.101_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{D6E77F50-2547-4A0D-8006-17709A1DDEAD}C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.113_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.113_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{1CC2E1A6-63C6-423B-8F94-B19841BA1C7A}C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.113_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_60.0.3112.113_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [{E952CFD7-29ED-4297-8280-D8C64EB4F244}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [TCP Query User{CB2106DE-1325-421A-8B18-645E13FE182F}C:\users\luis.computnine\documents\softwares\googlechromeportable_61.0.3163.79_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_61.0.3163.79_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{1128243C-8736-4968-8986-2C1E803E3EDC}C:\users\luis.computnine\documents\softwares\googlechromeportable_61.0.3163.79_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_61.0.3163.79_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{398B446B-75E6-4508-A0D2-E8F896D060AC}C:\users\luis.computnine\documents\softwares\googlechromeportable_61.0.3163.91_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_61.0.3163.91_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{71A9D075-AD34-43BB-BD4D-41553BE84093}C:\users\luis.computnine\documents\softwares\googlechromeportable_61.0.3163.91_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_61.0.3163.91_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{8BBD5FF7-F8E0-4F92-A7E9-03D3350536EF}C:\users\luis.computnine\documents\softwares\googlechromeportable_61.0.3163.100_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_61.0.3163.100_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{3B6A814B-C2DF-4E09-921C-58EACFC07673}C:\users\luis.computnine\documents\softwares\googlechromeportable_61.0.3163.100_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_61.0.3163.100_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{A78091B8-2714-4196-9968-EE19F475ED8F}C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.62_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.62_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{F4F6919D-7C67-45CD-9558-D9E03E4D1CA6}C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.62_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.62_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{BEBD3FF7-C81E-4792-9751-B93F45837C2E}C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.75_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.75_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{3B0F3228-0877-41CA-8E96-CA33B17D3284}C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.75_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.75_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{A5CB1D52-276A-43B0-AC52-CDE84A7BA381}C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.89_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.89_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{FF011FD3-274F-41FF-BBB8-832EB3846731}C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.89_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.89_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{FC2EECD5-EA9D-4900-A282-B3335F91C70E}C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.94_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.94_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{2C80B0FC-7841-4A4C-827A-FC8CFE59582F}C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.94_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_62.0.3202.94_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{5D5A9FD1-2BE5-4D48-902C-5B4656F8F067}C:\users\luis.computnine\documents\softwares\googlechromeportable_63.0.3239.84_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_63.0.3239.84_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{DFA60F1F-FBBB-47EF-8C95-AEEB5A398960}C:\users\luis.computnine\documents\softwares\googlechromeportable_63.0.3239.84_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_63.0.3239.84_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{33434A50-930A-409B-B6AC-AAE2677AB922}C:\users\luis.computnine\documents\softwares\googlechromeportable_63.0.3239.108_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_63.0.3239.108_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{F654651E-0AB4-46E9-AA21-E1318554A0E6}C:\users\luis.computnine\documents\softwares\googlechromeportable_63.0.3239.108_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_63.0.3239.108_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [{B60E2F0C-63DB-45FA-B471-DD8A697DE59F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{5C295DEC-825E-45D2-A906-4368D8B3DED1}C:\users\luis.computnine\documents\softwares\googlechromeportable_63.0.3239.132_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_63.0.3239.132_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{F1814F75-2A59-4722-8C62-1A8231C84E16}C:\users\luis.computnine\documents\softwares\googlechromeportable_63.0.3239.132_online.paf\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\luis.computnine\documents\softwares\googlechromeportable_63.0.3239.132_online.paf\googlechromeportable\app\chrome-bin\chrome.exe
 
==================== Pontos de Restauração =========================
 
26-12-2017 22:17:02 Ponto de Verificação Agendado
10-01-2018 22:27:18 Restore Point Created by FRST
10-01-2018 22:55:51 Removed Java 8 Update 45
10-01-2018 22:59:43 Removed Java SE Development Kit 8 Update 45
14-01-2018 21:39:47 Revo Uninstaller's restore point - Malwarebytes versão 3.3.1.2183
 
==================== Dispositivos Apresentando Falhas No Gerenciador =============
 
Name: Warsaw - Driver (PP)
Description: Warsaw - Driver (PP)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: wsddpp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Erros no Log de eventos: =========================
 
Erros em Aplicativos:
==================
Error: (01/18/2018 01:43:07 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Falha ao agendar o reinício do serviço Proteção de Software 2018-02-17T01:00:07Z. Código de Erro: 0x80070057.
 
Error: (01/18/2018 01:35:52 AM) (Source: MSDTC) (EventID: 4439) (User: )
Description: Falha ao verificar informações sobre a conta do serviço MS DTC. Informações Internas: msdtc_trace : File: d:\w7rtm\com\complus\dtc\shared\util\security.cpp, Line: 834, VerifyAccountInfo : ReadRegKeyValue32W(ACCOUNT_NAME) failed, hr=0x80070002
.
 
Error: (01/18/2018 01:33:20 AM) (Source: Report Server Windows Service (SQLEXPRESS)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQLEXPRESS) cannot connect to the report server database.
 
Error: (01/18/2018 01:33:09 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 15466) (User: )
Description: An error occurred during decryption.
 
Error: (01/18/2018 01:33:04 AM) (Source: Freemake Improver) (EventID: 0) (User: )
Description: Service cannot be started. System.PlatformNotSupportedException: Operation is not supported on this platform.
   at System.Net.HttpListener..ctor()
   at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen()
   at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener)
   at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback)
   at System.ServiceModel.Channels.TransportChannelListener.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.HttpChannelListener`1.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at FreemakeUtilsService.Common.Proces...
 
Error: (01/18/2018 12:48:35 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Falha ao agendar o reinício do serviço Proteção de Software 2018-02-17T00:59:35Z. Código de Erro: 0x80070057.
 
Error: (01/18/2018 12:18:42 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Falha ao agendar o reinício do serviço Proteção de Software 2018-02-17T00:59:42Z. Código de Erro: 0x80070057.
 
Error: (01/18/2018 12:11:54 AM) (Source: MSDTC) (EventID: 4439) (User: )
Description: Falha ao verificar informações sobre a conta do serviço MS DTC. Informações Internas: msdtc_trace : File: d:\w7rtm\com\complus\dtc\shared\util\security.cpp, Line: 834, VerifyAccountInfo : ReadRegKeyValue32W(ACCOUNT_NAME) failed, hr=0x80070002
.
 
Error: (01/18/2018 12:09:40 AM) (Source: Report Server Windows Service (SQLEXPRESS)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQLEXPRESS) cannot connect to the report server database.
 
Error: (01/18/2018 12:09:35 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17187) (User: )
Description: SQL Server is not ready to accept new client connections. Wait a few minutes before trying again. If you have access to the error log, look for the informational message that indicates that SQL Server is ready before trying to connect again.  [CLIENT: <local machine>]
 
 
Erros de Sistema:
=============
Error: (01/18/2018 01:44:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Serviço de Compartilhamento de Rede do Windows Media Player depende do serviço HTTP, mas não foi possível iniciá-lo devido ao seguinte erro: 
O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados.
 
Error: (01/18/2018 01:44:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Serviço de Compartilhamento de Rede do Windows Media Player depende do serviço HTTP, mas não foi possível iniciá-lo devido ao seguinte erro: 
O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados.
 
Error: (01/18/2018 01:36:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Central de Segurança terminou com o erro: 
Acesso negado.
 
Error: (01/18/2018 01:36:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Serviço de Compartilhamento de Rede do Windows Media Player depende do serviço HTTP, mas não foi possível iniciá-lo devido ao seguinte erro: 
O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados.
 
Error: (01/18/2018 01:35:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço HP Network Devices Support terminou com o erro: 
Não foi possível encontrar o módulo especificado.
 
Error: (01/18/2018 01:35:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Descoberta SSDP depende do serviço HTTP, mas não foi possível iniciá-lo devido ao seguinte erro: 
O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados.
 
Error: (01/18/2018 01:33:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Central de Segurança terminou com o erro: 
Acesso negado.
 
Error: (01/18/2018 01:33:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Central de Segurança terminou com o erro: 
Acesso negado.
 
Error: (01/18/2018 01:33:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: 
cdrom
UimBus
Uim_DEVIM
Uim_IM
wsddfac
 
Error: (01/18/2018 01:33:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw Technology devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.
 
 
CodeIntegrity:
===================================
  Date: 2016-09-10 01:32:35.339
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\wsddpp.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-10 01:32:04.763
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-10 01:32:04.342
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-01 09:35:41.471
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\wsddpp.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-01 09:34:44.531
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-01 09:34:44.157
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-01 08:54:47.875
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\wsddpp.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-01 08:53:59.562
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-01 08:53:58.750
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-25 21:32:19.451
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\wsddpp.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Informações da Memória =========================== 
 
Processador: AMD Sempron™ 145 Processor
Percentagem de memória em uso: 57%
RAM física total: 3071.24 MB
RAM física disponível: 1317.33 MB
Virtual Total: 6140.81 MB
Virtual disponível: 4170.77 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:733.23 GB) (Free:140.92 GB) NTFS ==>[drive com componentes de inicialização (obtido através de BCD)]
 
==================== MBR & Tabela de Partições ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0006A342)
Partition 1: (Active) - (Size=733.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=194.6 GB) - (Type=83)
Partition 3: (Not Active) - (Size=3.7 GB) - (Type=82)
 
==================== Fim de Addition.txt ============================
 
[...]
 
FRST.txt:
 
[...]
 
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 17.01.2018 01
Executado por luish (administrador) em COMPUTNINE (18-01-2018 02:18:51)
Executando a partir de C:\Users\luish.computnine\Desktop\AV_(2018)\Outros\últimos\LOG's_(TXT's)\17-01-2018
Perfis Carregados: luish & UpdatusUser (Perfis Disponíveis: luish & marcoaufer & luis & marcopai & lula & UpdatusUser & isabecris & acronimo & IsabelCris)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: FF)
Modo da Inicialização: Normal
 
==================== Processos (Whitelisted) =================
 
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast Cleanup\TuneupSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Program Files\DebugDiag\DbgSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\DebugDiag\DbgHost.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast Cleanup\TuneupUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
==================== Registro (Whitelisted) ===========================
 
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-21] (AVAST Software)
Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll [2016-06-16] (Banco do Brasil)
Winlogon\Notify\ GbPluginUni: C:\Program Files\GbPlugin\gbiehUni.dll [2016-11-21] (Banco Itaú Unibanco)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GbPlugin\gbieh.dll [1947872 2016-06-16] (Banco do Brasil)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll [1951968 2016-11-21] (Banco Itaú Unibanco)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2017-12-21]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
Startup: C:\Users\luis.computnine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2017-03-09]
ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\luish.computnine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2017-03-09]
ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
 
Tcpip\Parameters: [DhcpNameServer] 201.6.2.222 201.6.2.122 192.168.4.1
Tcpip\..\Interfaces\{64E5126D-DB28-4369-920F-36C71939449F}: [DhcpNameServer] 201.6.2.222 201.6.2.122 192.168.4.1
Tcpip\..\Interfaces\{EEC95ACA-67E2-4711-A343-4065E46236E8}: [DhcpNameServer] 201.6.2.222 201.6.2.122 192.168.4.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3370822099-4033009180-3280478221-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-14] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES\GBPLUGIN\gbieh.dll [2016-06-16] (Banco do Brasil)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files\GbPlugin\gbiehuni.dll [2016-11-21] (Banco Itaú Unibanco)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation)
Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files\FireShot for IE\FSAddin-0.69.dll [2009-02-22] ()
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: me3qdzmd.default-1504751691907
FF DefaultProfile: neibj5t4.default
FF ProfilePath: C:\Users\luish.computnine\AppData\Roaming\Mozilla\Firefox\Profiles\me3qdzmd.default-1504751691907 [2018-01-17]
FF Homepage: Mozilla\Firefox\Profiles\me3qdzmd.default-1504751691907 -> about:home
FF Extension: (Avast Online Security) - C:\Users\luish.computnine\AppData\Roaming\Mozilla\Firefox\Profiles\me3qdzmd.default-1504751691907\Extensions\wrc@avast.com.xpi [2017-10-17]
FF Extension: (Disable JavaScript Shared Memory) - C:\Users\luish.computnine\AppData\Roaming\Mozilla\Firefox\Profiles\me3qdzmd.default-1504751691907\features\{58c27083-1a79-481e-b9e8-f7bb87d11bb1}\disable-js-shared-memory@mozilla.org.xpi [2018-01-06] [Legacy]
FF ProfilePath: C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default [2018-01-16]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-cs@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-de@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]
FF Extension: (English (US) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-en-US@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]
FF Extension: (Español (España) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-es-ES@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]
FF Extension: (Finnish Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-fi@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]
FF Extension: (Français Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-fr@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]
FF Extension: (Galego (España) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-gl@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]
FF Extension: (Hebrew (IL) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-he@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]
FF Extension: (Magyar (HU) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-hu@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]
FF Extension: (Italiano (IT) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-it@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]
FF Extension: (Japanese Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-ja@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]
FF Extension: (Korean (KR) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-ko@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]
FF Extension: (Nederlands (NL) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-nl@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]
FF Extension: (Polski Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-pl@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]
FF Extension: (Russian (RU) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-ru@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]
FF Extension: (Slovenski jezik Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-sl@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]
FF Extension: (српски (sr) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-sr@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]
FF Extension: (Svenska (SE) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-sv-SE@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]
FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-zh-CN@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]
FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\neibj5t4.default\Extensions\langpack-zh-TW@bluegriffon.org.xpi [2018-01-05] [Legacy] [não assinado]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-10] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1223183.dll [2015-12-22] (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
StartMenuInternet: Firefox-2B3568E6D061A8AB - C:\Users\luis.computnine\Documents\Softwares\FirefoxPortable_56.0.2_PortugueseBR.paf\FirefoxPortable\App\Firefox\firefox.exe
 
Chrome: 
=======
CHR Profile: C:\Users\luish.computnine\AppData\Local\Google\Chrome\User Data\Default [2018-01-18]
CHR Extension: (Documentos) - C:\Users\luish.computnine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-28]
CHR Extension: (Google Drive) - C:\Users\luish.computnine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-20]
CHR Extension: (YouTube) - C:\Users\luish.computnine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-20]
CHR Extension: (Planilhas) - C:\Users\luish.computnine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-23]
CHR Extension: (Documentos Google off-line) - C:\Users\luish.computnine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-27]
CHR Extension: (Slinky Moderno) - C:\Users\luish.computnine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnodhmmonndffbejancdeiggflcehi [2017-03-26]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\luish.computnine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-22]
CHR Extension: (Gmail) - C:\Users\luish.computnine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-20]
CHR Extension: (Chrome Media Router) - C:\Users\luish.computnine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-21]
 
==================== Serviços (Whitelisted) ====================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5906816 2017-12-21] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-21] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [351552 2017-12-21] (AVAST Software)
R2 CleanupPSvc; C:\Program Files\AVAST Software\Avast Cleanup\TuneupSvc.exe [4709728 2017-12-13] (AVAST Software)
R2 DbgSvc; C:\Program Files\DebugDiag\DbgSvc.exe [328840 2015-11-03] (Microsoft Corporation)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-07-15] (Freemake) [Arquivo não assinado]
R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [590048 2018-01-10] (GAS Tecnologia)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43130032 2015-03-30] (Microsoft Corporation)
R3 MSSQLFDLauncher$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [38576 2015-03-30] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3201024 2008-07-29] (Microsoft Corporation)
R2 ReportServer$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [1193144 2015-03-30] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [381104 2015-03-30] (Microsoft Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-06-14] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\marcoaufer\AppData\Local\temp\7zS477D\hpslpsvc32.dll [X] <==== ATENÇÃO
S2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [158224 2017-12-21] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [255584 2017-12-21] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157376 2017-12-21] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276696 2017-12-21] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50344 2017-12-21] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42824 2017-12-21] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [39784 2017-09-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [123880 2018-01-10] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [36104 2017-07-03] (AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [436104 2017-12-21] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [99528 2017-12-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70832 2017-12-21] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783104 2017-12-21] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [390256 2018-01-10] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [151328 2017-12-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [294680 2017-12-21] (AVAST Software)
S3 awUSB; C:\Windows\System32\DRIVERS\USBDrv.sys [13824 2012-07-17] (Scott)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-03-02] (Samsung Electronics Co., Ltd.) [Arquivo não assinado]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59896 2017-11-29] ()
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [29760 2016-11-13] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [14656 2014-03-30] (FNet Co., Ltd.)
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [49496 2015-08-26] (GAS Tecnologia)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [168376 2018-01-15] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [91576 2018-01-18] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40376 2018-01-18] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2018-01-15] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [65824 2018-01-18] (Malwarebytes)
R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-08-15] (GAS Tecnologia)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [250152 2015-03-30] (Microsoft Corporation)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-03-02] (Samsung Electronics) [Arquivo não assinado]
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [95368 2014-10-29] ()
S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [20616 2014-10-29] ()
S1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [540808 2014-10-29] ()
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1086976 2009-09-17] (VIA Technologies, Inc.)
S3 VSPerfDrv100; C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [54144 2011-01-18] (Microsoft Corporation)
S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [80728 2016-10-16] (GAS Tecnologia)
S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [79064 2015-03-18] (GAS Tecnologia)
 
========================== MD5 dos Drivers =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\ACPI.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\adpahci.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\adpu320.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\afd.sys F582FC7976F1248AC5FBD6875C626B41
C:\Windows\system32\drivers\agp440.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\djsvs.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\aliide.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\amdagp.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\amdide.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\amdk8.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys 20D93E913BBE39E50BB10CC7BA651910
C:\Windows\system32\drivers\arc.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\arcsas.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\aswArPot.sys C02BEC9908EE3BFA41CE6EEF1E6F5C6E
C:\Windows\System32\drivers\aswbidsdriverx.sys C6333131761ABEE2194AECAF0A110426
C:\Windows\System32\drivers\aswbidshx.sys 3A35BA53FF4925AE2BB4634FEBC73332
C:\Windows\System32\drivers\aswblogx.sys 5E1F72665836DE6A02396F1D41505677
C:\Windows\System32\drivers\aswbunivx.sys 8E7BFC77542F92555F17F4516F02A574
C:\Windows\System32\drivers\aswHwid.sys 9FEAFB4BD2EFB0149B04E23DBC209AE4
C:\Windows\system32\drivers\aswKbd.sys 5E636A146CF227A1C3B4EC13BA222A93
C:\Windows\System32\drivers\aswMonFlt.sys 3E9578FCB7D5B3B31D1F32CF1DD1DA58
C:\Windows\System32\DRIVERS\aswNetNd6.sys CC8BE7309C11075B8F5B4409E2AAAE87
C:\Windows\System32\drivers\aswNetSec.sys 9E6B59C233BA0865936AA02B96BB170D
C:\Windows\System32\drivers\aswRdr2.sys BEF7C993FD4EC02681DEAA8644C45BB1
C:\Windows\System32\drivers\aswRvrt.sys 9C6D63EF0D900A3BCB924D7D6E1F3CCD
C:\Windows\System32\drivers\aswSnx.sys E0DD4EE6E9C6D6587FAB0D50D7696576
C:\Windows\System32\drivers\aswSP.sys E5E9B29A4F3645CC205BFF91A6576AEC
C:\Windows\System32\drivers\aswStm.sys 0705FC28AC750BD879037E6A32F63BFB
C:\Windows\System32\drivers\aswVmm.sys A9D87DCCA6DF6CD83630714C1CEFDEEB
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\atapi.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\USBDrv.sys FC43C9C666A1F5F288091BF2140ADA59
C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 é legítimo
C:\Windows\system32\Drivers\Beep.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\bowser.sys 28AF7D4427868B7CE4C00CAB1864C7F6
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 é legítimo
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 é legítimo
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 é legítimo
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\circlass.sys ==> MD5 é legítimo
C:\Windows\System32\CLFS.sys 000B58009E5D0962C0A71D6477029A3F
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\cmdide.sys ==> MD5 é legítimo
C:\Windows\System32\Drivers\cng.sys 7F7D4B16389CEF932950F6B2604D2601
C:\Windows\system32\drivers\compbatt.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\csc.sys ==> MD5 é legítimo
C:\Windows\System32\Drivers\dfsc.sys EA9DBD76CE9254C77BAAB4339DD4C4FB
C:\Windows\system32\Drivers\DgiVecp.sys 7F19DBA1A467B838CCB23124A2C55568
C:\Windows\System32\drivers\discache.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\disk.sys B7B470F163002A0D0E381EE45834BF6B
C:\Windows\system32\drivers\dmvsc.sys 2A958EF85DB1B61FFCA65044FA4BCE9E
C:\Windows\system32\drivers\drmkaud.sys A3F684B866A7D89AE396276CE7AFD416
C:\Windows\System32\drivers\dxgkrnl.sys 897AE9430D037B056CF76A49CF588542
C:\Windows\system32\drivers\evbdx.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\elxstor.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\errdev.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\mbae.sys 35169309091A34A993EEB8B3BCB5A3FC
C:\Windows\system32\Drivers\exfat.sys 53E8732CC70CC0991839DF9FC8996E4A
C:\Windows\system32\Drivers\fastfat.sys 24F422E5D7517FEBDA2324116F1A7BE6
C:\Windows\system32\drivers\fdc.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\filetrace.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 é legítimoB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\FNETTBOH_305.SYS 4BD9964632325802F8DC971F6987CD1B
C:\Windows\System32\drivers\FNETURPX.SYS 47BDA10316324CFA540F25AB7021F0D8
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 é legítimo
C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\gbpkm.sys 4EC1CC0AB9AC26F0C25AB23829F404C1
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\hidbth.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\hidir.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\hidusb.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\HTTP.sys 2F50E2780F16E00369F1311B086C3E42
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\system32\drivers\iirsp.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\intelide.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\intelppm.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\ipnat.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\irenum.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\isapnp.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 é legítimo
C:\Windows\System32\Drivers\ksecdd.sys AD7A45E1A91028B0005EDDE9112D9357
C:\Windows\System32\Drivers\ksecpkg.sys D598526763D02DE0FB14FF148933F5BC
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\luafv.sys 4BA509FEF4DB0B683C46821ACDF20B9E
C:\Windows\System32\Drivers\MbamChameleon.sys F50E42A5E2633489D787B35CC50F0752
C:\Windows\System32\DRIVERS\farflt.sys 3131B2ED5445509D41FEBAFA35012B0C
C:\Windows\System32\DRIVERS\mbam.sys 2B0C9D7E596BBA7CB7D176AED9DD5BA7
C:\Windows\System32\Drivers\mbamswissarmy.sys 4E901FA7B37CA45A79EFC6C699ED0914
C:\Windows\System32\DRIVERS\mwac.sys BF0A9B9F217A5C4E412A8758A2FB157E
C:\Windows\system32\drivers\megasas.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\modem.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\mouhid.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\mountmgr.sys 9664F55623B43FD85D5642A202976AEE
C:\Windows\system32\drivers\mpio.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\mrxdav.sys 06AC0310138E4B2C35AF7344D18BC686
C:\Windows\System32\DRIVERS\mrxsmb.sys CED9A2CB76D01C817B067DEF638AA26D
C:\Windows\System32\DRIVERS\mrxsmb10.sys 7063F786FEEB116B1E0CCE8FD4D2DCC8
C:\Windows\System32\DRIVERS\mrxsmb20.sys 2A325EC0931F389944A1C012DC6EB23F
C:\Windows\system32\drivers\msahci.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\msdsm.sys ==> MD5 é legítimo
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 é legítimo
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 é legítimo
C:\Windows\System32\Drivers\mup.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\nwifi.sys 5F2B9CD280C48A8015AD70FCF4DFB758
C:\Windows\System32\drivers\ndis.sys 9804FB2E46077F2977552347DFCA7E05
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\gbpndisrdn.sys A5C914C5CBCFF645434535234BFCEACA
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 é legítimo
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\netbt.sys 2E226E666C6E11DC8C850071A90BE2DC
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 é legítimo
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\nsiproxy.sys C68AA651F93450ECA51A60D45A8E266C
C:\Windows\system32\Drivers\Ntfs.sys F2CBF48566BB13240D39543F445460F9
C:\Windows\system32\Drivers\Null.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\nvm62x32.sys B5E37E31C053BC9950455A257526514B
C:\Windows\System32\DRIVERS\nvlddmkm.sys 9A77B1C13BCCEDDF78DFD7AFC25B4F5E
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\System32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\pci.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\pciide.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\pcw.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\peauth.sys 0C941A3F148B4228867908F98F394461
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\processr.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\ql2300.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\RsFx0153.sys 412FEE325FDC5054AE44CF7797692AF3
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\Rtnicxp.sys 4E20765744BFBC16F6D6E5BD5598786B
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 é legítimo
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\sermouse.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\sisagp.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 é legítimo
C:\Windows\system32\Drivers\spldr.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\srv.sys 381C074173702C92080AAD489F1EC6DC
C:\Windows\System32\DRIVERS\srv2.sys FC411046A1391AE7206DD513061C6FDF
C:\Windows\System32\DRIVERS\srvnet.sys 765C4FFF0E69F7466411C7EC3724188A
C:\Windows\system32\Drivers\SSPORT.sys EF3458337D7341A05169CEFC73709264
C:\Windows\system32\drivers\stexstor.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\storvsc.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\tcpip.sys C25848DB4A86839A7EDD1077F62AD980
C:\Windows\System32\DRIVERS\tcpip.sys C25848DB4A86839A7EDD1077F62AD980
C:\Windows\System32\drivers\tcpipreg.sys A4BF8BE9D1F7D563C7868AC7B2561545
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys 8F143F86FDD8CF4F7BD25973C5983F9D
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\tssecsrv.sys 6841C85446F906E4584D43A70484E318
C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463
C:\Windows\system32\drivers\TsUsbGD.sys 01246F0BAAD7B68EC0F472AA41E33282
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\uagp35.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\UimBus.sys 8C423FAC1B9CC63BDE544553F384F604
C:\Windows\System32\DRIVERS\uim_devim.sys 458979BEA759F9FD21C14D17F13ECE99
C:\Windows\System32\DRIVERS\uim_im.sys 351A330D72B06C995E3BEA2A8C8FEBE8
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\umpass.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\usbccgp.sys 87632869F4350B7CE711B356B1936B2B
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\system32\drivers\usbehci.sys EF8127E7E612694F4E8FFDA37D9D00E4
C:\Windows\system32\drivers\usbhub.sys 711E9F7CA6F9A2351F4F97F31004E589
C:\Windows\system32\drivers\usbohci.sys 831F708F06CD5BF3933FBDFB388C606D
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036
C:\Windows\System32\DRIVERS\USBSTOR.SYS 144DA53294922A84FFAA3D90B1453745
C:\Windows\system32\drivers\usbuhci.sys 89BDF895EB76E3EC1C02EEF5AA18928D
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\vga.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\viaagp.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\viac7.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\viahduaa.sys F27C1D81ED7DACA5B1A539745A4EF710
C:\Windows\system32\drivers\viaide.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\vmbus.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\volmgr.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\volmgrx.sys 21D83DD717E8D681364A5E44A5459717
C:\Windows\System32\drivers\volsnap.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 é legítimo
C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys 143C873A90E834F38733BB05D686A9E7
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\wacompen.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\wd.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\wdcsam.sys 5A833408ACFEADB92C7BEB2E7DB6B9BF
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\wimmount.sys ==> MD5 é legítimo
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 é legítimo
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 é legítimo
C:\Windows\System32\drivers\wsddfac.sys 659DDC0353243B4CB9194F6A531A8150
C:\Windows\system32\drivers\wsddpp.sys DB667B5C19798C95DECB1DD7E49416EF
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
 
==================== NetSvcs (Whitelisted) ===================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
 
==================== Três Meses Criados arquivos e pastas ========
 
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
 
2018-01-18 01:33 - 2018-01-18 01:33 - 000000000 ____D C:\Users\Todos os Usuários\SWCUTemp
2018-01-18 01:33 - 2018-01-18 01:33 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-01-17 23:57 - 2018-01-18 01:45 - 000000000 ____D C:\AdwCleaner
2018-01-17 22:38 - 2018-01-18 01:33 - 000091576 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-01-15 22:39 - 2018-01-18 01:42 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-01-15 22:39 - 2018-01-18 01:33 - 000040376 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-01-15 22:39 - 2018-01-15 22:39 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-15 22:39 - 2018-01-15 22:39 - 000168376 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-01-15 22:39 - 2018-01-15 22:39 - 000001984 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-15 22:39 - 2018-01-15 22:39 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2018-01-15 22:39 - 2018-01-15 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-15 22:39 - 2018-01-15 22:39 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-15 22:39 - 2018-01-15 22:39 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-15 22:39 - 2017-11-29 09:11 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys
2018-01-15 22:08 - 2018-01-15 22:09 - 082263712 _____ (Malwarebytes ) C:\Users\luish.computnine\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3699.exe
2018-01-15 22:07 - 2018-01-15 22:07 - 008198432 _____ (Malwarebytes) C:\Users\luish.computnine\Desktop\adwcleaner_7.0.6.0.exe
2018-01-14 21:38 - 2018-01-14 21:38 - 082149144 _____ (Malwarebytes ) C:\Users\luish.computnine\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3687.exe
2018-01-14 00:10 - 2018-01-14 00:10 - 003101913 _____ (LIGHTNING UK!) C:\Users\luish.computnine\Downloads\SetupImgBurn_2.5.8.0.exe
2018-01-14 00:07 - 2018-01-14 00:08 - 005478064 _____ (MediaArea.net) C:\Users\luish.computnine\Downloads\MediaInfo_GUI_17.12_Windows.exe
2018-01-13 23:22 - 2018-01-13 23:22 - 000000000 ____D C:\Users\luish.computnine\AppData\Roaming\Media Player Classic
2018-01-13 23:16 - 2018-01-14 22:06 - 000000000 ____D C:\Users\luish.computnine\AppData\Local\CrashDumps
2018-01-12 20:53 - 2018-01-12 20:54 - 009452999 _____ C:\Users\luish.computnine\Downloads\ccsetup536.zip
2018-01-10 23:26 - 2018-01-10 23:26 - 000002818 _____ C:\Users\luish.computnine\AppData\Local\recently-used.xbel
2018-01-10 23:26 - 2018-01-10 23:26 - 000000000 ____D C:\Users\luish.computnine\.thumbnails
2018-01-10 22:58 - 2018-01-10 22:58 - 000000000 ____D C:\Users\luish.computnine\AppData\LocalLow\Sun
2018-01-10 22:07 - 2018-01-10 22:07 - 000002560 _____ C:\Windows\_MSRSTRT.EXE
2018-01-10 21:53 - 2018-01-10 21:53 - 000000000 ____D C:\Users\luish.computnine\AppData\Local\Disruptive Innovations SARL
2018-01-08 20:05 - 2018-01-08 20:06 - 043539488 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\OperaPortable_49.0.2725.64.paf.exe
2018-01-08 20:02 - 2018-01-08 20:03 - 043751696 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\OperaPortable_50.0.2762.45.paf.exe
2018-01-08 19:13 - 2018-01-08 19:13 - 001621768 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\GoogleChromePortable_63.0.3239.132_online.paf.exe
2018-01-07 21:22 - 2018-01-07 21:22 - 000131072 ____N C:\Windows\Minidump\010718-27799-01.dmp
2018-01-07 19:29 - 2018-01-07 19:29 - 000131072 ____N C:\Windows\Minidump\010718-26395-01.dmp
2018-01-07 18:57 - 2018-01-07 18:57 - 000000000 __SHD C:\found.014
2018-01-06 23:14 - 2018-01-06 23:14 - 009667561 _____ C:\Users\luish.computnine\Downloads\adbdriver.zip
2018-01-06 22:50 - 2018-01-06 22:50 - 000068755 _____ C:\Users\luish.computnine\Downloads\devmanview.zip
2018-01-06 22:45 - 2018-01-06 22:45 - 001189704 _____ (Igor Pavlov) C:\Users\luish.computnine\Downloads\DDU v17.0.8.2.exe
2018-01-06 22:08 - 2018-01-06 22:08 - 000013791 _____ C:\Users\luish.computnine\Desktop\DeviceList.txt
2018-01-06 21:42 - 2018-01-06 21:51 - 000000000 ____D C:\Users\luish.computnine\Desktop\Nova pasta
2018-01-05 23:17 - 2018-01-05 23:17 - 000000000 ____D C:\Users\luish.computnine\AppData\Roaming\Disruptive Innovations SARL
2018-01-05 23:01 - 2018-01-05 23:02 - 053912144 _____ C:\Users\luish.computnine\Downloads\bluegriffon-3.0.1.win-i686.zip
2018-01-05 20:33 - 2018-01-09 00:39 - 000000000 ____D C:\Users\luish.computnine\Desktop\AV_(2018)
2018-01-05 20:13 - 2018-01-05 20:13 - 009322390 _____ C:\Users\luish.computnine\Downloads\RevoUninstaller_Portable (1).zip
2018-01-05 20:11 - 2018-01-05 20:11 - 083316440 _____ (Malwarebytes ) C:\Users\luish.computnine\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2018-01-03 17:17 - 2018-01-03 17:17 - 078044280 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\FirefoxPortable_57.0.3_PortugueseBR.paf.exe
2018-01-03 16:21 - 2018-01-03 16:21 - 000001963 _____ C:\Users\Public\Desktop\Avast Premier.lnk
2018-01-03 16:20 - 2017-12-21 22:54 - 000305840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-12-28 23:56 - 2017-12-28 23:56 - 000003964 _____ C:\Users\isabecris\AppData\Local\recently-used.xbel
2017-12-26 18:09 - 2017-12-26 18:09 - 003234082 _____ C:\Users\isabecris\Downloads\MediaInfo_GUI_17.12_Windows_i386_WithoutInstaller.7z
2017-12-23 16:07 - 2017-12-23 16:07 - 000000000 ____D C:\Users\isabecris\AppData\Roaming\Avast Tuneup
2017-12-22 00:50 - 2017-12-22 00:50 - 000000000 ____D C:\Users\luis.computnine\AppData\Roaming\Avast Tuneup
2017-12-21 23:53 - 2017-12-21 23:53 - 000000000 ____D C:\Users\luish.computnine\Desktop\imageusb_(other)
2017-12-21 23:22 - 2017-12-21 23:22 - 078106616 _____ (PortableApps.com) C:\Users\luish.computnine\Downloads\FirefoxPortable_56.0.2_PortugueseBR.paf.exe
2017-12-21 23:09 - 2017-12-21 23:10 - 000000000 ____D C:\Users\luish.computnine\AppData\Roaming\Avast Tuneup
2017-12-21 22:56 - 2017-12-21 22:56 - 000001061 _____ C:\Users\Public\Desktop\Avast Cleanup Premium.lnk
2017-12-21 19:19 - 2017-12-21 19:21 - 053094978 _____ C:\Users\luis.computnine\Downloads\bluegriffon-3.0.win-i686.zip
2017-12-21 19:19 - 2017-12-21 19:20 - 053164167 _____ C:\Users\luis.computnine\Downloads\bluegriffon-2.4.1.win-i686.zip
2017-12-21 19:17 - 2017-12-21 19:18 - 053912144 _____ C:\Users\luis.computnine\Downloads\bluegriffon-3.0.1.win-i686.zip
2017-12-21 18:19 - 2017-12-21 18:19 - 001621512 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\GoogleChromePortable_63.0.3239.108_online.paf.exe
2017-12-21 00:21 - 2017-12-21 00:21 - 000000000 __SHD C:\found.013
2017-12-20 22:13 - 2017-12-20 22:13 - 000018730 _____ C:\Users\luis.computnine\AppData\Local\recently-used.xbel
2017-12-20 17:57 - 2017-12-20 17:57 - 000129890 _____ C:\Users\isabecris\Desktop\Planejamento_(2017)_(Química)_(Modificados)_(outros)_(últimos)_(20-12-2017).zip
2017-12-20 17:26 - 2017-12-20 17:26 - 000129782 _____ C:\Users\isabecris\Desktop\Planejamento_(2017)_(Química)_(Modificados)_(outros)_(20-12-2017).zip
2017-12-20 16:27 - 2017-12-20 16:27 - 000123423 _____ C:\Users\isabecris\Desktop\Planejamento_(Química)_(2016)_(Emygdio)-20171220T182723Z-001.zip
2017-12-20 16:13 - 2017-12-20 16:13 - 000123405 _____ C:\Users\isabecris\Desktop\Planejamento_(2017)_(Química)_(Modificados)_(20-12-2017).zip
2017-12-20 16:01 - 2017-12-20 16:01 - 000123291 _____ C:\Users\isabecris\Desktop\Planejamento_(2016)_(Emygdio)-20171220T180054Z-001.zip
2017-12-16 18:19 - 2017-12-16 18:19 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2017-12-16 17:55 - 2017-12-16 18:01 - 334100232 _____ C:\Users\luish.computnine\Downloads\Atualizacao_verB.zip
2017-12-12 22:42 - 2017-12-12 22:42 - 009452999 _____ C:\Users\luis.computnine\Downloads\ccsetup536.zip
2017-12-10 18:39 - 2017-12-10 18:40 - 078044776 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\FirefoxPortable_57.0.2_PortugueseBR.paf.exe
2017-12-09 01:30 - 2017-12-09 01:30 - 001621040 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\GoogleChromePortable_63.0.3239.84_online.paf.exe
2017-12-07 02:12 - 2017-12-07 02:12 - 000008910 _____ C:\Users\isabecris\Downloads\2017_3A_Lançamento de Fechamento.htm
2017-12-06 14:56 - 2017-12-06 14:56 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2017-12-04 21:57 - 2017-12-04 21:19 - 000030511 _____ C:\Users\luis.computnine\Documents\untitled_1.odt
2017-12-02 23:54 - 2017-12-02 23:55 - 078057008 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\FirefoxPortable_57.0.1_PortugueseBR.paf.exe
2017-12-02 21:29 - 2017-12-02 22:19 - 000000000 ____D C:\Users\isabecris\Desktop\1º_Anos_(Noite)_(H_-_I_-_L)
2017-12-02 21:28 - 2017-12-02 21:28 - 000023943 _____ C:\Users\isabecris\Downloads\encplanilhasdoprovo4bim20171h1i_1lnoit.zip
2017-12-02 02:46 - 2017-12-02 02:46 - 001233257 _____ C:\Users\luis.computnine\Downloads\1471125743_Apresentação SEGURANÇA.pptx
2017-12-02 02:31 - 2017-12-02 02:32 - 043842616 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\OperaPortable_49.0.2725.47.paf.exe
2017-12-01 22:49 - 2017-12-01 22:49 - 009452999 _____ C:\Users\isabecris\Downloads\ccsetup536.zip
2017-11-26 20:56 - 2017-11-26 20:56 - 038985375 _____ C:\Users\isabecris\Desktop\Ensino Médio Inclusivo.pptx
2017-11-25 02:42 - 2017-11-25 03:37 - 000000000 ____D C:\Users\isabecris\Desktop\Novas_Fotos_(Escolhidas)_(AVA-IRM)
2017-11-24 02:30 - 2017-11-24 02:33 - 000000000 ____D C:\Program Files\FireShot for IE
2017-11-24 02:30 - 2017-11-24 02:30 - 000000000 ____D C:\Users\luish.computnine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FireShot for Internet Explorer
2017-11-24 02:28 - 2017-11-24 02:28 - 000000000 ____D C:\Users\luis.computnine\Downloads\fireshot_ie_install (1)
2017-11-24 02:27 - 2017-11-24 02:27 - 000900693 _____ C:\Users\luis.computnine\Downloads\fireshot_ie_install (1).zip
2017-11-24 02:25 - 2017-11-24 02:25 - 000000000 ____D C:\Users\luish.computnine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FireShot
2017-11-24 02:19 - 2017-11-24 02:19 - 003953654 _____ C:\Users\luis.computnine\Downloads\fireshot_ie_install.zip
2017-11-24 02:19 - 2017-11-24 02:19 - 000000000 ____D C:\Users\luis.computnine\Downloads\fireshot_ie_install
2017-11-23 03:31 - 2017-11-23 03:31 - 001115756 _____ C:\Users\luish.computnine\Downloads\imageusb (2).zip
2017-11-23 02:46 - 2017-11-23 02:46 - 000004608 _____ C:\Users\isabecris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-23 01:32 - 2017-11-23 01:32 - 000000000 ____D C:\Users\isabecris\Desktop\Arquivos_(WhatsApp)_(Cache)
2017-11-23 01:31 - 2017-11-23 01:32 - 032936142 _____ C:\Users\isabecris\Desktop\Arquivos_(WhatsApp)_(Cache)-20171123T033118Z-001.zip
2017-11-23 00:57 - 2017-11-23 00:57 - 015709963 _____ C:\Users\isabecris\Desktop\VID-20171117-WA0032.mp4
2017-11-22 21:49 - 2017-11-25 03:33 - 000000000 ____D C:\Users\isabecris\Desktop\Fotos Acessibilidade
2017-11-22 21:45 - 2017-11-22 21:45 - 000000000 ____D C:\Users\isabecris\Desktop\Imagens_(Acessibilidade)_(AVA-IRM)_(Aunos_Deficientes_do_Emygdio)
2017-11-22 21:44 - 2017-11-22 21:44 - 037390020 _____ C:\Users\isabecris\Desktop\Imagens_(Acessibilidade)_(AVA-IRM)_(Aunos_Deficientes_do_Emygdio)-20171122T234333Z-001.zip
2017-11-22 19:51 - 2017-11-22 19:54 - 000000000 ____D C:\Users\isabecris\Desktop\AVA2017
2017-11-22 16:41 - 2017-11-22 16:41 - 078106616 _____ (PortableApps.com) C:\Users\isabecris\Downloads\FirefoxPortable_56.0.2_PortugueseBR.paf.exe
2017-11-22 16:36 - 2017-11-22 16:36 - 000000000 ____D C:\Users\isabecris\Desktop\HTML's
2017-11-22 01:02 - 2017-11-25 04:46 - 038985375 _____ C:\Users\isabecris\Documents\Ensino Médio Inclusivo.pptx
2017-11-21 20:46 - 2017-11-17 02:15 - 002402816 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-21 00:03 - 2017-11-21 00:03 - 043573328 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\OperaPortable_49.0.2725.39.paf.exe
2017-11-21 00:00 - 2017-11-21 00:00 - 078063592 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\FirefoxPortable_57.0_PortugueseBR.paf.exe
2017-11-20 23:50 - 2017-11-20 23:51 - 001614160 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\GoogleChromePortable_62.0.3202.94_online.paf.exe
2017-11-20 20:54 - 2017-11-20 22:07 - 000000000 ____D C:\Users\isabecris\Desktop\AVA-IRM_(.PDF's_&_Snapshots)
2017-11-19 23:14 - 2017-10-18 00:16 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-19 23:14 - 2017-10-18 00:11 - 000488448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-19 23:14 - 2017-10-15 20:04 - 000313184 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-19 23:14 - 2017-10-04 11:04 - 001918464 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-19 23:14 - 2017-10-04 11:04 - 001321472 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-19 23:14 - 2017-10-04 11:04 - 000541696 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-19 23:14 - 2017-10-04 11:04 - 000509440 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-19 23:14 - 2017-10-04 11:04 - 000303616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-19 23:14 - 2017-10-04 11:04 - 000193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-19 23:14 - 2017-10-04 11:04 - 000150016 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-11-19 22:08 - 2017-10-18 04:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-19 22:08 - 2017-10-17 23:55 - 000285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-19 22:08 - 2017-10-17 23:55 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-19 22:08 - 2017-10-17 23:55 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-19 22:08 - 2017-10-17 23:55 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-11-19 22:08 - 2017-10-17 23:55 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-11-19 22:08 - 2017-10-17 23:55 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-11-19 22:08 - 2017-10-17 23:55 - 000006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-11-19 22:08 - 2017-10-16 20:49 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-19 22:08 - 2017-10-16 19:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2017-11-19 22:08 - 2017-10-14 05:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-19 22:08 - 2017-10-14 05:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-11-19 22:08 - 2017-10-14 05:03 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-11-19 22:08 - 2017-10-14 04:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-19 22:08 - 2017-10-14 04:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-11-19 22:08 - 2017-10-14 04:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-11-19 22:08 - 2017-10-14 04:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-11-19 22:08 - 2017-10-14 04:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-11-19 22:08 - 2017-10-14 04:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-19 22:08 - 2017-10-14 04:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-11-19 22:08 - 2017-10-14 04:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-11-19 22:08 - 2017-10-14 04:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-11-19 22:08 - 2017-10-14 04:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-19 22:08 - 2017-10-14 04:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-11-19 22:08 - 2017-10-14 04:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-11-19 22:08 - 2017-10-14 04:45 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-11-19 22:08 - 2017-10-14 04:41 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-11-19 22:08 - 2017-10-14 04:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-11-19 22:08 - 2017-10-14 04:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-11-19 22:08 - 2017-10-14 04:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-11-19 22:08 - 2017-10-14 04:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-11-19 22:08 - 2017-10-14 04:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-19 22:08 - 2017-10-14 04:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-11-19 22:08 - 2017-10-14 04:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-11-19 22:08 - 2017-10-14 04:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-11-19 22:08 - 2017-10-14 04:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-11-19 22:08 - 2017-10-14 04:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-19 22:08 - 2017-10-14 04:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-11-19 22:08 - 2017-10-14 04:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-19 22:08 - 2017-10-14 04:24 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-19 22:08 - 2017-10-14 04:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-19 22:08 - 2017-10-14 04:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-11-19 22:08 - 2017-10-14 04:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-19 22:08 - 2017-10-14 04:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-19 22:08 - 2017-10-14 04:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-11-19 22:08 - 2017-10-11 22:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-11-19 22:08 - 2017-10-11 22:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-11-19 22:08 - 2017-10-11 22:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-19 22:08 - 2017-10-11 22:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-19 22:08 - 2017-10-11 22:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-11-19 22:08 - 2017-10-11 22:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-11-19 22:08 - 2017-10-11 22:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-11-19 22:08 - 2017-10-11 22:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-11-19 22:08 - 2017-10-11 22:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-11-19 22:08 - 2017-10-11 22:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-11-19 22:08 - 2017-10-11 22:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-11-19 22:08 - 2017-10-11 22:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-11-19 22:08 - 2017-10-11 22:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-11-19 22:08 - 2017-10-11 22:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-11-19 22:08 - 2017-10-11 22:37 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-11-19 22:08 - 2017-10-11 22:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-11-19 22:08 - 2017-10-11 22:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-11-19 22:08 - 2017-10-11 22:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-11-19 22:08 - 2017-10-11 22:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-11-19 22:08 - 2017-10-11 22:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-11-19 22:08 - 2017-10-11 22:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-11-19 22:08 - 2017-10-11 22:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-11-19 22:08 - 2017-10-11 22:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-11-19 22:08 - 2017-10-11 22:16 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-11-19 22:08 - 2017-10-11 22:14 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-19 22:08 - 2017-09-07 11:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-19 22:08 - 2017-09-07 11:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-11-19 22:08 - 2017-09-07 11:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-11-19 22:08 - 2017-09-07 11:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-19 22:08 - 2017-09-07 11:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-11-19 22:08 - 2017-09-07 11:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-19 22:08 - 2017-09-07 11:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-19 22:08 - 2017-09-07 11:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-19 22:08 - 2017-09-07 11:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-11-19 22:08 - 2017-09-07 11:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-11-19 22:08 - 2017-09-07 11:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-19 22:08 - 2017-09-07 11:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-11-19 22:08 - 2017-09-07 11:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-19 22:08 - 2017-09-07 11:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-19 22:08 - 2017-09-07 11:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-19 22:08 - 2017-09-07 11:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-19 22:08 - 2017-09-07 11:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-19 22:08 - 2017-09-07 11:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-11-19 22:08 - 2017-09-07 11:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-19 22:08 - 2017-09-07 11:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-19 22:08 - 2017-09-07 11:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-19 22:08 - 2017-09-07 11:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-11-19 22:08 - 2017-09-07 11:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-11-19 17:24 - 2017-11-19 17:24 - 007649280 _____ C:\Program Files\GUT6191.tmp
2017-11-19 17:24 - 2017-11-19 17:24 - 000000000 ____D C:\Program Files\GUM6190.tmp
2017-11-19 16:38 - 2017-11-19 16:42 - 000000000 ____D C:\Users\isabecris\Desktop\novembro17
2017-11-14 02:03 - 2017-12-21 22:54 - 000158224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2017-11-12 03:18 - 2017-11-12 00:28 - 000160546 _____ C:\Users\luis.computnine\Downloads\LC_MGPU_OCT07_web.pdf
2017-11-12 03:18 - 2017-11-12 00:26 - 001725367 _____ C:\Users\luis.computnine\Downloads\NVMediaShield_UGv6.pdf
2017-11-08 00:29 - 2017-11-08 00:29 - 001620960 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\GoogleChromePortable_62.0.3202.89_online.paf.exe
2017-11-03 04:42 - 2017-11-03 04:42 - 007220356 _____ C:\Users\luis.computnine\Downloads\CutyCapt-Win32-2010-04-26.zip
2017-11-03 02:43 - 2017-11-03 02:43 - 000000000 ____D C:\Users\luis.computnine\AppData\Local\enchant
2017-11-01 01:05 - 2017-11-01 01:05 - 000062742 _____ C:\Users\isabecris\Downloads\Feliz Dia dos Professores!.pptx
2017-10-30 22:31 - 2017-10-30 22:32 - 012593715 _____ C:\Users\luis.computnine\Downloads\WAVTools_2.00.zip
2017-10-30 21:51 - 2017-10-30 21:51 - 005155815 _____ C:\Users\luis.computnine\Downloads\delaycut-1.4.3.9-win32-msvc.7z
2017-10-30 21:36 - 2017-10-30 21:36 - 042756392 _____ C:\Users\luis.computnine\Downloads\ffmpeg-3.4-win32-static.zip
2017-10-30 21:19 - 2017-10-30 21:19 - 000471946 _____ C:\Users\luis.computnine\Downloads\wavpack-5.1.0-x86.zip
2017-10-30 21:19 - 2017-10-30 21:19 - 000000000 ____D C:\Users\luis.computnine\Downloads\wavpack-5.1.0-x86
2017-10-30 21:07 - 2017-10-30 21:07 - 003444021 _____ C:\Users\luis.computnine\Downloads\FFmpeg_v0.6.2_for_Audacity_on_Windows.zip
2017-10-30 21:07 - 2017-10-30 21:07 - 000000000 ____D C:\Users\luis.computnine\Downloads\FFmpeg_v0.6.2_for_Audacity_on_Windows
2017-10-30 21:06 - 2017-10-30 21:06 - 000000000 ____D C:\Users\luis.computnine\Downloads\libmp3lame-win-3.99.3
2017-10-30 21:04 - 2017-10-30 21:04 - 008546565 _____ C:\Users\luis.computnine\Downloads\audacity-win-2.0.5.zip
2017-10-30 21:00 - 2017-10-30 21:00 - 000202295 _____ C:\Users\luis.computnine\Downloads\libmp3lame-win-3.99.3.zip
2017-10-30 20:59 - 2017-10-30 23:06 - 000000000 ____D C:\Users\luis.computnine\AppData\Roaming\audacity
2017-10-30 20:59 - 2017-10-30 20:59 - 000000000 ____D C:\Users\luis.computnine\AppData\Local\Audacity
2017-10-30 20:56 - 2017-10-30 20:56 - 011995493 _____ C:\Users\luis.computnine\Downloads\audacity-win-2.1.3.zip
2017-10-30 20:50 - 2017-10-30 20:50 - 014402781 _____ C:\Users\luis.computnine\Downloads\mkvtoolnix-32-bit-17.0.0.7z
2017-10-28 23:11 - 2017-10-29 02:20 - 000000000 ____D C:\Users\luish.computnine\Desktop\Teste_(Download)_(AI_CS6)
2017-10-28 22:51 - 2017-10-28 22:51 - 000000000 ____D C:\Users\luish.computnine\Desktop\Adobe Illustrator CS6
2017-10-28 22:20 - 2017-10-28 22:50 - 000000000 ____D C:\Users\luish.computnine\Downloads\Illustrator_CS6_(Downloads)
2017-10-28 22:17 - 2017-10-28 22:17 - 000000000 ____D C:\Users\luish.computnine\Desktop\28-10-2017
2017-10-28 17:10 - 2017-10-28 17:10 - 000095681 _____ C:\Users\isabecris\Downloads\Documento sem título.pdf
2017-10-27 22:14 - 2017-10-27 22:15 - 078106616 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\FirefoxPortable_56.0.2_PortugueseBR.paf.exe
2017-10-27 21:50 - 2017-10-27 21:51 - 042283704 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\OperaPortable_48.0.2685.52.paf.exe
2017-10-27 21:50 - 2017-10-27 21:50 - 001620808 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\GoogleChromePortable_62.0.3202.75_online.paf.exe
2017-10-24 19:43 - 2017-10-24 19:39 - 000032323 _____ C:\Users\luis.computnine\Desktop\Teste_(.SVG_(2).html.bak
2017-10-23 01:08 - 2017-10-23 01:08 - 000000000 ____D C:\Users\isabecris\Downloads\fireshot_ie_install
2017-10-23 01:06 - 2017-10-23 01:06 - 003953654 _____ C:\Users\isabecris\Downloads\fireshot_ie_install.zip
2017-10-22 18:03 - 2017-10-22 18:03 - 000020280 _____ C:\Users\isabecris\Downloads\GABARITO 4BIM.xlsx
2017-10-22 17:57 - 2017-10-22 17:57 - 000020280 _____ C:\Users\isabecris\Downloads\2017_GABARITO 4BIM.xlsx
2017-10-22 16:51 - 2017-10-22 16:51 - 001645524 _____ C:\Users\marcopai\Desktop\YouTube.htmeletronicaIndia.htm
2017-10-22 16:51 - 2017-10-22 16:51 - 000000000 ____D C:\Users\marcopai\Desktop\YouTube.htmeletronicaIndia_arquivos
2017-10-21 20:43 - 2017-10-21 20:43 - 000109950 _____ C:\Users\isabecris\Downloads\MAPAO_EMYGDIO_DE_BARROS_PROFESSOR-2ª_SERIE_H_NOITE-CONSELHO-TERCEIRO-BIMESTRE-21-10-2017 20-42.pdf
2017-10-21 00:51 - 2017-10-21 00:51 - 018169202 _____ C:\Users\isabecris\Downloads\Escolhidas-20171021T025107Z-001.zip
2017-10-21 00:12 - 2017-10-21 00:12 - 002678074 _____ C:\Users\isabecris\Downloads\QuickHash-Windows-v2.8.2.zip
2017-10-20 23:21 - 2017-10-20 23:21 - 001620784 _____ (PortableApps.com) C:\Users\luis.computnine\Downloads\GoogleChromePortable_62.0.3202.62_online.paf.exe
 
==================== Três Meses Modificados arquivos e pastas ========
 
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
 
2018-01-18 02:18 - 2016-05-17 21:27 - 000000000 ____D C:\Program Files\DebugDiag
2018-01-18 02:18 - 2015-05-07 02:41 - 000000000 ____D C:\FRST
2018-01-18 01:59 - 2017-10-17 00:13 - 000000676 _____ C:\Windows\Tasks\WpsPdf2WordUpdateTask_luis.job
2018-01-18 01:44 - 2014-07-05 21:04 - 000000000 ____D C:\Users\Todos os Usuários\GbPlugin
2018-01-18 01:44 - 2014-07-05 21:04 - 000000000 ____D C:\ProgramData\GbPlugin
2018-01-18 01:35 - 2009-07-14 00:37 - 000000000 ____D C:\Windows\registration
2018-01-18 01:33 - 2009-07-14 02:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-18 01:17 - 2009-07-14 02:34 - 000027728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-18 01:17 - 2009-07-14 02:34 - 000027728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-18 01:16 - 2017-03-09 17:18 - 000000000 ____D C:\Users\luis.computnine\AppData\Roaming\Mozilla
2018-01-17 21:49 - 2015-11-01 18:43 - 000000008 __RSH C:\Users\isabecris\ntuser.pol
2018-01-17 21:49 - 2014-08-30 18:56 - 000000000 ____D C:\Users\isabecris
2018-01-16 23:03 - 2011-04-12 02:47 - 000787844 _____ C:\Windows\system32\prfh0416.dat
2018-01-16 23:03 - 2011-04-12 02:47 - 000178310 _____ C:\Windows\system32\prfc0416.dat
2018-01-16 23:03 - 2010-11-20 19:01 - 001880494 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-16 23:03 - 2009-07-14 00:37 - 000000000 ____D C:\Windows\inf
2018-01-16 22:39 - 2014-05-30 02:36 - 000000000 ____D C:\Users\Public\teste
2018-01-16 01:00 - 2017-03-09 17:43 - 000000000 ____D C:\Users\luish.computnine\.gimp-2.8
2018-01-16 00:26 - 2014-08-07 19:04 - 000000000 ____D C:\Users\luish.computnine\Desktop\EULA's
2018-01-16 00:09 - 2017-03-09 18:31 - 000000000 ____D C:\Users\luish.computnine\AppData\LocalLow\Mozilla
2018-01-15 23:36 - 2016-01-18 19:23 - 000000000 ____D C:\Users\luis.computnine\Desktop\compactados
2018-01-15 23:36 - 2014-09-11 15:25 - 000000000 ____D C:\Users\luish.computnine\Desktop\vrs
2018-01-15 22:17 - 2014-05-30 18:50 - 000000000 ____D C:\Users\marcopai
2018-01-14 00:38 - 2017-03-09 18:31 - 000000000 ____D C:\Users\luish.computnine\AppData\Roaming\Mozilla
2018-01-13 22:55 - 2009-07-14 00:37 - 000000000 ___HD C:\Windows\system32\GroupPolicyUsers
2018-01-12 21:00 - 2014-05-30 02:37 - 000000000 ____D C:\Users\luish.computnine\Documents\Softwares
2018-01-11 00:04 - 2014-07-05 21:04 - 000000000 ____D C:\Program Files\GbPlugin
2018-01-10 23:26 - 2017-03-09 18:01 - 000000000 ____D C:\Users\luish.computnine\AppData\Local\gtk-2.0
2018-01-10 23:26 - 2017-03-09 17:19 - 000000000 ____D C:\Users\luish.computnine
2018-01-10 22:58 - 2014-06-22 02:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-01-10 22:47 - 2017-03-09 17:19 - 000000008 __RSH C:\Users\luish.computnine\ntuser.pol
2018-01-10 22:44 - 2017-03-09 17:16 - 000000008 __RSH C:\Users\luis.computnine\ntuser.pol
2018-01-10 22:44 - 2017-03-09 17:16 - 000000000 ____D C:\Users\luis.computnine
2018-01-10 22:42 - 2014-03-30 15:02 - 000000000 ____D C:\Users\UpdatusUser
2018-01-10 22:30 - 2015-09-04 04:05 - 000000000 ____D C:\Users\isabecris\AppData\LocalLow\Temp
2018-01-10 22:30 - 2015-01-14 15:49 - 000000000 ____D C:\Users\marcopai\AppData\LocalLow\Temp
2018-01-10 22:29 - 2016-08-25 22:30 - 000000000 ____D C:\Program Files\Diebold
2018-01-10 22:29 - 2014-12-30 21:28 - 000000000 ____D C:\Users\marcoaufer\AppData\LocalLow\Temp
2018-01-10 22:28 - 2009-07-14 00:37 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-01-10 22:01 - 2014-06-15 18:33 - 000000000 ____D C:\Users\Todos os Usuários\TEMP
2018-01-10 22:01 - 2014-06-15 18:33 - 000000000 ____D C:\ProgramData\TEMP
2018-01-10 21:36 - 2016-02-09 00:04 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-01-10 21:36 - 2016-02-09 00:04 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-01-10 21:36 - 2014-05-30 19:05 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-10 21:15 - 2016-07-01 03:01 - 000390256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-01-10 21:15 - 2016-07-01 03:00 - 000123880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-01-08 20:27 - 2016-06-11 23:21 - 000000000 ____D C:\Users\luis.computnine\Documents\Softwares
2018-01-07 21:23 - 2015-06-19 18:28 - 000000000 ____D C:\Windows\Minidump
2018-01-07 20:13 - 2016-01-18 19:52 - 000000000 ____D C:\Users\luis.computnine\Desktop\TXT's
2018-01-07 19:43 - 2017-01-12 01:19 - 000000114 _____ C:\Users\luish.computnine\Desktop\USB Disk Format Tool.url
2018-01-07 18:59 - 2017-09-03 22:10 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-07 18:59 - 2014-03-30 13:50 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-01-06 01:31 - 2014-08-17 13:14 - 000002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-06 01:31 - 2014-08-17 13:14 - 000002087 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-06 00:22 - 2014-05-30 01:50 - 000000000 ____D C:\Users\luish.computnine\Desktop\Arquivos
2018-01-05 22:12 - 2009-07-14 00:37 - 000000000 ____D C:\Windows\system32\NDF
2018-01-05 22:11 - 2017-03-26 00:42 - 000000000 ____D C:\Users\luish.computnine\AppData\Local\ElevatedDiagnostics
2018-01-03 17:18 - 2016-01-18 19:16 - 000000000 ____D C:\Users\luis.computnine\Desktop\Backup
2018-01-03 16:21 - 2016-07-01 03:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-12-29 01:45 - 2014-08-30 19:55 - 000000000 ____D C:\Users\isabecris\AppData\Roaming\Mozilla
2017-12-29 00:08 - 2015-11-08 20:52 - 000000000 ____D C:\Users\isabecris\.gimp-2.8
2017-12-28 23:56 - 2015-01-28 19:38 - 000000000 ____D C:\Users\isabecris\AppData\Local\gtk-2.0
2017-12-26 23:26 - 2014-08-30 21:47 - 000000000 ____D C:\Users\isabecris\Documents\Softwares
2017-12-26 23:25 - 2016-11-22 15:48 - 000000000 ____D C:\Users\isabecris\AppData\LocalLow\Mozilla
2017-12-26 23:15 - 2014-11-12 23:14 - 000000000 ____D C:\Users\isabecris\Documents\Backups
2017-12-26 18:01 - 2015-01-03 19:57 - 000000000 ____D C:\Users\isabecris\dwhelper
2017-12-25 20:57 - 2015-06-27 17:09 - 000000000 ____D C:\Users\Public\Mãe
2017-12-23 17:27 - 2015-02-11 18:06 - 000000000 ____D C:\Users\isabecris\Documents\Compras
2017-12-21 23:53 - 2015-05-29 17:40 - 000000000 ____D C:\Users\luish.computnine\Desktop\Backups
2017-12-21 22:56 - 2016-07-01 02:59 - 000000000 ____D C:\Users\Todos os Usuários\AVAST Software
2017-12-21 22:56 - 2016-07-01 02:59 - 000000000 ____D C:\ProgramData\AVAST Software
2017-12-21 22:56 - 2016-07-01 02:59 - 000000000 ____D C:\Program Files\AVAST Software
2017-12-21 22:54 - 2016-07-01 03:01 - 000294680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-12-21 22:54 - 2016-07-01 03:01 - 000151328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-12-21 22:54 - 2016-07-01 03:00 - 000099528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-12-21 22:54 - 2016-07-01 03:00 - 000070832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-12-21 22:54 - 2016-07-01 03:00 - 000042824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-12-21 22:53 - 2017-03-09 16:54 - 000276696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblogx.sys
2017-12-21 22:53 - 2017-03-09 16:54 - 000255584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-12-21 22:53 - 2017-03-09 16:54 - 000157376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidshx.sys
2017-12-21 22:53 - 2017-03-09 16:54 - 000050344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbunivx.sys
2017-12-21 22:53 - 2016-07-01 03:00 - 000783104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-12-21 22:53 - 2016-07-01 03:00 - 000436104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2017-12-20 22:13 - 2017-03-13 02:03 - 000000000 ____D C:\Users\luis.computnine\.gimp-2.8
2017-12-20 22:13 - 2016-06-16 23:20 - 000000000 ____D C:\Users\luis.computnine\AppData\Local\gtk-2.0
2017-12-20 21:13 - 2016-01-18 19:25 - 000000000 ____D C:\Users\luis.computnine\Desktop\Edições_de_Imagem
 
==================== Arquivos na raiz de alguns diretórios =======
 
2017-11-19 17:24 - 2017-11-19 17:24 - 007649280 _____ () C:\Program Files\GUT6191.tmp
2018-01-10 23:26 - 2018-01-10 23:26 - 000002818 _____ () C:\Users\luish.computnine\AppData\Local\recently-used.xbel
 
==================== Bamital & volsnap ======================
 
(Não há correção automática para arquivos que não passaram na verificação.)
 
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
C:\Windows\system32\drivers\wsddin32.sys -> Acesso Negado <======= ATENÇÃO
 
==================== BCD ================================
 
Gerenciador de Inicializa‡Æo do Windows
--------------------
identificador           {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  pt-BR
inherit                 {globalsettings}
default                 {current}
resumeobject            {e78ea204-872f-11e3-89a7-dad743570716}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Carregador de Inicializa‡Æo do Windows
-------------------
identificador           {e78ea202-872f-11e3-89a7-dad743570716}
device                  ramdisk=[C:]\Recovery\e78ea202-872f-11e3-89a7-dad743570716\Winre.wim,{e78ea203-872f-11e3-89a7-dad743570716}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\e78ea202-872f-11e3-89a7-dad743570716\Winre.wim,{e78ea203-872f-11e3-89a7-dad743570716}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Carregador de Inicializa‡Æo do Windows
-------------------
identificador           {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  pt-BR
inherit                 {bootloadersettings}
recoverysequence        {e78ea206-872f-11e3-89a7-dad743570716}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {e78ea204-872f-11e3-89a7-dad743570716}
nx                      OptIn
 
Carregador de Inicializa‡Æo do Windows
-------------------
identificador           {e78ea206-872f-11e3-89a7-dad743570716}
device                  ramdisk=[C:]\Recovery\e78ea206-872f-11e3-89a7-dad743570716\Winre.wim,{e78ea207-872f-11e3-89a7-dad743570716}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\e78ea206-872f-11e3-89a7-dad743570716\Winre.wim,{e78ea207-872f-11e3-89a7-dad743570716}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Continuar da Hiberna‡Æo
---------------------
identificador           {e78ea204-872f-11e3-89a7-dad743570716}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  pt-BR
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Testador de Mem¢ria do Windows
---------------------
identificador           {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Diagn¢stico de Mem¢ria do Windows
locale                  pt-BR
inherit                 {globalsettings}
badmemoryaccess         Yes
 
Configura‡äes de EMS
------------
identificador           {emssettings}
bootems                 Yes
 
Configura‡äes do Depurador
-----------------
identificador           {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
Defeitos de RAM
-----------
identificador           {badmemory}
 
Configura‡äes Globais
---------------
identificador           {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Configura‡äes do Carregador de Inicializa‡Æo
--------------------
identificador           {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Configura‡äes do Hypervisor
-------------------
identificador           {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
Configura‡äes do Carregador de Retorno
----------------------
identificador           {resumeloadersettings}
inherit                 {globalsettings}
 
Op‡äes de dispositivo
--------------
identificador           {e78ea203-872f-11e3-89a7-dad743570716}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\e78ea202-872f-11e3-89a7-dad743570716\boot.sdi
 
Op‡äes de dispositivo
--------------
identificador           {e78ea207-872f-11e3-89a7-dad743570716}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\e78ea206-872f-11e3-89a7-dad743570716\boot.sdi
 
 
LastRegBack: 2018-01-18 00:39
 
==================== Fim de FRST.txt ============================
 
[...]
 
My PC is still having some problems in the DNS part, even with all these perfomed scans. At the moment, I cannot isolate the problem, but I will follow the advice of this below linked Article, so that maybe I do fix the problem within the 10 probable related causes, or discover if the origin of problems in the DNS comes from some of the hypotheses described on the below mentioned webpage:
 
 
Please, help me to possibly fix the DNS problems, or another existent problems that I came across with RKill since the middle of December of last year (the deactivation of Network and Internet accesses after that the RKill software is ran; before, I do remember that the things with RKill were Ok before this month), and now seeing here the posted logs and looking for the symptoms caused (maybe) by some intrinsic strange modules in "msconfig" (maybe a malware of the type Trojan or Rootkit), you could now point that part of the problems were coming from some found "msconfig" illegitimates Services, that all them now seems to be disabled (encountered as such, according to the AdwCleaner scan logs), or maybe you could find another causes not obvious at a first search and in previous seeings, and in previous results with the previously given recommendations. Examine the files of logs yourself at the below Shared link, for indicate to me the possible and remaining problems, that maybe have something related to the DNS Browsing errors (again as a note: these that can be debug on Google Chrome):
 

• 'DNS_PROBE_FINISHED_BAD_CONFIG' ;

• ‘DNS_PROBE_FINISHED_NXDOMAIN’ ;
• 'DNS_PROBE_FINISHED_NO_INTERNET' ;
• "DNS (*something) RESET").
 

 

In short words, I can give the troubleshooting (as all it almost totally resolved) of the presented Browser problems by your advice of make some scans with the FRST software and its cleanings done (as the strange comportment of have opened a window of the "Notepad.exe" at the very first time that I was writting the first post here on this Forum). But the problem seems to be more deep on my Windows 7 installation, and thus I'll need a more specific AV solution with a detailed and a complete scan, to this computer be cleaned and the malwares be properly and completely removed. Some Services on my Windows 7 installation were not starting properly (and some are still thus in this situation at the moment..), and the Windows Defender and the Action Center of Windows 7 appeared again, for the first time after a long period of time that they were off, and they were occulted again after a necessary reboot made after that (my Network and Internet access were blocked, and the WAT (Windows Activation Technology) was broken at that initialization, only with some reboot the problem was fixed at that occasion). Again, I can notify an error (here showed in English) that seems have been occured like this illustration at that time:
 
mqdefault.jpg
 
For now, maybe I'll try the "TDSSKiller", the "SUPERAntiSpyware Pro", and "ESET-NOD32 Online Scanner", if in your response back nothing be found that be related to the case of this Topic, that in the case is being about DNS problems and the strange comportment in the "NDISRD" Service, that after the RKill kill it, the Network and Internet connections are lose, and also the infections that were found, and the remaining or hidden found malwares modules on my Windows 7 OS, that now are being discovered in the scans (thanks to the "AdwCleaner" for have discovered thisand to attempt to remove the illegitimate entries in the "msconfig", also related to the hindering of removing of the unused Online Bank modules (and maybe infected by some malware taking control of it) of the "Bank of Brazil("Banco do Brasil" in Portuguese -- the "WarSaw" modules in the logs, that after this, finally could be deactivated, also according to the logs).
 
 
Follow below the here promised shared folder with the original log files on a Google shortened link:
 
 
 
 
Note: I can't here in all recent attempts attach the logs (this option has been disabled in my Forum Panel within the controllings). If it is a bug, this should be thus corrected. I'll not use my Smartphone anymore for edit posts here, since doing this the formattation and text indentation in the posts often times are lose.
 
 
Obs.: Today my MBAM Premium 14-day Trial evaluation software already have been expired today, within some hours that I'm here posting. All the scans with the FRST software were made with all options enabled. I think that the MBAM Premium (since nothing harmful was found with it) is not being much necessary here. The problem with the Windows License was resolved itself by rebooting the computer (maybe coming from some payload inherent from the intrinsec malware infections, when some pieces of them were being removed or disabled in the "msconfig" by the cleaning of the "AdwCleaner" software). And again, sorry for my bad English.
 
 
Waiting a response ASAP.
 
 
Best Regards.
 
Thanks.
@LHVF (Brazil).

Edited by LHVF, 19 January 2018 - 12:26 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:52 AM

Posted 19 January 2018 - 09:24 AM


Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
S2 HPSLPSVC; C:\Users\marcoaufer\AppData\Local\temp\7zS477D\hpslpsvc32.dll [X] <==== ATENÇÃO
S2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [X]

AlternateDataStreams: C:\Program Files\GbPlugin:IncompleteStartProcessProtection.cnt [8]
AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst [514]
AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]
AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10]


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\48611155.sys => ""="Driver"


Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
---

Windows Defender and Avast should normally be listed in this section.

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

Is Avast working correctly?
If not reinstall the program.
===

Error in the Addition.txt file.

Name: Warsaw - Driver (PP)
Description: Warsaw - Driver (PP)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: wsddpp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


This is part of GAS INFORMATICA LTDA
https://www.herdprotect.com/wsddpp.sys-188fa141ae785fbf2293b30567ccc5942b701d71.aspx

and this "NDISRD" Service is also part of GAS INFORMATICA LTDA

Do you still need this application and is it working correctly?

If "NDISRD" is reported as bad with RKILL it may be a false positive. Leave it alone.

Please let me know what problem persists with this computer.

#11 LHVF

LHVF
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 20 January 2018 - 11:05 PM

Hi again!
 
After the solicited scans, here is the output log of FRST (fixlist.txt related log) done a little time before that I'm here writting this reply:
 
Fixlog.txt:
 

 
Resultado da Correção pela Farbar Recovery Scan Tool (x86) Versão: 17.01.2018 01
Executado por luish (20-01-2018 23:46:40) Run:2
Executando a partir de C:\Users\luish.computnine\Desktop\AV_(2018)\FRST_(latest)
Perfis Carregados: luish & UpdatusUser (Perfis Disponíveis: luish & marcoaufer & luis & marcopai & lula & UpdatusUser & isabecris & acronimo & IsabelCris)
Modo da Inicialização: Normal
 
==============================================
 
fixlist Conteúdo:
*****************
 
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restri��o <==== ATEN��O
S2 HPSLPSVC; C:\Users\marcoaufer\AppData\Local\temp\7zS477D\hpslpsvc32.dll [X] <==== ATEN��O
S2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [X]
 
AlternateDataStreams: C:\Program Files\GbPlugin:IncompleteStartProcessProtection.cnt [8]
AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst [514]
AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]
AlternateDataStreams: C:\Users\Todos os Usu�rios\GbPlugin:IncompleteStartGbprcm.cnt [10]
 
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\48611155.sys => ""="Driver"
 
 
Reboot:
 
End
*****************
 
Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Services\HPSLPSVC" => removido (a) com sucesso.
HPSLPSVC => serviço removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Services\Warsaw Technology" => removido (a) com sucesso.
Warsaw Technology => serviço removido (a) com sucesso.
C:\Program Files\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removido (a) com sucesso.
C:\Windows\system32\drivers => ":GbpKmAp.lst" ADS removido (a) com sucesso.
C:\ProgramData\GbPlugin => ":IncompleteStartGbprcm.cnt" ADS removido (a) com sucesso.
"C:\Users\Todos os Usu�rios\GbPlugin" => ":IncompleteStartGbprcm.cnt" ADS não encontrado (a).
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\48611155.sys" => removido (a) com sucesso.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15894573 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 42 B
Edge => 0 B
Chrome => 201313 B
Firefox => 11971297 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 0 B
luish.computnine => 6147472 B
marcoaufer => 0 B
luis.computnine => 6182795 B
marcopai => 0 B
lula => 0 B
UpdatusUser => 0 B
isabecris => 6267037 B
acronimo => 0 B
IsabelCris => 0 B
 
RecycleBin => 10754857 B
EmptyTemp: => 62.8 MB de dados temporários Removidos.
 
================================
 
 
O sistema precisou ser reiniciado.
 
==== Fim de Fixlog 23:50:36 ====

 
. Then after that, I could complain that the problems of DNS maybe are still existing (didn't leave from my OS installation with all these scans). 
 
 

Windows Defender and Avast should normally be listed in this section.

 
 

==================== Central de Segurança ========================
(Se uma entrada for incluída na fixlist, será removida.)

 

Is Avast working correctly?If not reinstall the program.

 
I don't know how to discover if Avast Premier paid is working correctly for FRST, but the software didn't make any notice that something is going wrong with its Modules. And the Windows Defender, also according to the logs of the RKill software that were previously generated, has something wrong with it, maybe due to some incorrect Policies now discovered on the Windows 7 Register by the FRST software. And this seems to be clearly a symptom of some OS alteration made by some intrinsec malware, that left some alterations more recently, that now are being discovered and undone:
 

"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removido (a) com sucesso.

 
. Do you not thinks in my described symptoms, that are being often times here complainted in the last posts, noticed recently, such as the Windows Actions Center deactivation (and I think also the Windows Firewall or Defender be being disabled) is it not due to some intrinsec malware that is still running in background on my Windows 7 installation? Because this Windows feature wasn't being showed on my "Taskbar" "tray system icons" for a long time, since the malware infections had seems to be more evident, and only after the scans of the "AdwCleaner" software, is that I went able to see these system parts working again, but at that occasion, the Network and Internet accesses seemed to be broken, and again I can state that I needed a system reboot to have in order my Windows License (WAT things, maybe) and the Network and Internet accesses in the status of be properly functioning and effectively at that time. After, with some delay the Actions Center appeared on my installation in the last recently done reboot required by the FRST software. Maybe the AdwCleaner software seems to be made all that is possible in its capabilities. And now the things seems to be more hidden on my machine on the remaining problems, and I am still seeing some of the described and presented symptoms previously, and only a few results or nothing relevant are being encountered lately, according to the logs, because the utilized softwares don't find more anything critic for now. Can you help and advice me if the OS things seems to be Ok now? I don't think that all aspects of my Windows 7 are Ok at the moment, because if I decide to remove my installation of the "Clean Boot" ('Selective Startup' feature), the things will go wrong, and BSODS will probably appear on my computer screen.
 
I can also list as a problem, that some Windows Services seems to be not loading correctly, and a FixIt related to it don't works on my computer. The FixIt "50981" probably related to some Windows Service problem that is related to Network or the Windows Firewall, don't works on my PC, because (don't know if it is because something that the Baidu AV did in the past, that has also something related to some change that these Spyware / Rootkit that these softwares made..) some Windows Registry has been altered, this maybe hindered to this Hotfix Software to work properly, leaving the FixIt fooled, making thus this Hotfix to not work anymore (maybe by making some alteration in some registry entry, and making this OS register part to be not recognized correctly anymore -- a Windows 7 version entry maybe -- something to complain in the adequated Microsoft TechNet Forums), and I haven't tried to debug it in the command line interface generating some logs, for discover the status of the error or what can be related with this impediment (maybe my Windows 7 was many times updated, and thus this Hotfix no longer works by this motive). The Windows Fixit's were removed from the Microsoft website some time ago, being replaced with the Diagnostics Assistents (*.diagcab), and only this still exists nowadays in the Microsoft support pages for the Windows 7.
 
Note: I'll share with you the mentioned softwares, for you look what is going wrong at the moment.
 
The scans with the "TDSSKiller", the "SUPERAntiSpyware Pro", and the "ESET-NOD32 Online Scanner all them together wouldn't should be also considered at this moment and in this situation?
 
Obs.: All the GAS TECNOLOGIA drivers are not necessary here to nothing, because the Online Bank of "Bank of Brazil" ("Banco do Brasil" in Portuguese) uses in nowadays only a Mobile Client App for Banking accesses, and thus these "Java Modules" for Online Banking (listed in the latest fixlist.txt requested file) are not useful or still work correctly to this finality anymore (maybe they are recently infected by some malwares -- "NDISRD" Modules as shown in the logs), and they need thus to be completely removed from my computer, since that they no longer works, and are causing conflicts with the Network drivers, or probably some malware took control of these unused/unndeded Java Modules, seeming that they are thus infected by some malware on my OS recently, and now seems to have some strange comportments on my computer, because such modules cannot be utilized together the "RKill" (not a normal comportment here), and they need to be removed for running on my OS. The RKill software only after middle of December presented this comportment of conflict with the NDISRD Module. Before of this, I used it, and no conflict existed in the last year earlier months. Only recently is that RKill encounters some conflict with these drivers, attempting to kill it, and the Network and Internet acceses are lose after this. I don't guess that this be a normal comportment here. Eliminating these drivers maybe will make the DNS problems to go away, and with another Antivirus / Anti-malware Solutions, that certainly will be very needed here, is that will be possible to assure that this computer is truly clean after all the solicited proceedings. Do you not recommends and considers more AV Solutions for resolve at least the problems in the DNS part? I think that some "ESET-NOD32 Online Scanner" or "SuperAntiSpyware Pro" scans should be considered at least here in this situation. I'll verify the "msconfig" entries for certify if all is going Ok, after all the solicited scans. And RogueKiller or an another specific Anti-Rootkit will reveal something, I will try to utilize another options. 'Trend Micro HouseCall' is certainly another possible option here, for assure a complete disinfection. The attachment feature appeared back on my Phone. Again, sorry for my bad English
 
 
Here follow the same folder on Google Drive, with the files and softwares here described on this reply (folder named '21-01-2018'):
 
EDIT: I will only share the files via PMs nowor I will try at least to attach the files to the replies. The text of the logs will be under the quotes or in the body of my replies of this Topic.
 
 
  Waiting a return ASAP.

 

 

Thanks.

 

 

Best Regards.

 

@LHVF (Brazil).

Attached Files


Edited by LHVF, 21 January 2018 - 06:56 PM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:52 AM

Posted 21 January 2018 - 08:44 AM

Hi,

When Avast is enabled the Windows Defender will be disabled. This is normal. Both cannot work at the same time.

===

Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [590048 2018-01-10] (GAS Tecnologia)
S2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [X]
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [49496 2015-08-26] (GAS Tecnologia)
R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-08-15] (GAS Tecnologia)
S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [80728 2016-10-16] (GAS Tecnologia)
S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [79064 2015-03-18] (GAS Tecnologia)
C:\Program Files\GbPlugin
C:\Program Files\Diebold\Warsaw
C:\Windows\System32\drivers\gbpkm.sys
C:\Windows\System32\DRIVERS\gbpndisrdn.sys
C:\Windows\System32\drivers\wsddfac.sys
C:\Windows\system32\drivers\wsddpp.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

This will remove all traces dof NDISRD from the tegistry.

Copy the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.
 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{CD75C963-E19F-4139-BC3B-14019EF72F19}]
"LocDescription"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{CD75C963-E19F-4139-BC3B-14019EF72F19}]
"ComponentId"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{CD75C963-E19F-4139-BC3B-14019EF72F19}\Ndi]
"Service"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{CD75C963-E19F-4139-BC3B-14019EF72F19}\Ndi]
"CoServices"=-
[=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NDISRD]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ndisrd]


Restart the computer when completed.

You can delete the fixme.reg file when done.
===

Repair these services.

Boot with Safe Mode with Networking. Execute the following.

Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    16 - Repair Windows Updates
    20 - Repair MSI (Windows Installer)
    25 - Restore Important Windows Services
    26 - Set Windows Service to Default Startup
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.
===

Restart the computer normally.

How is the computer running now?

#13 LHVF

LHVF
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 26 January 2018 - 10:57 PM

Hi again @nasdaq!
 
  According to the solicited proceedings, here is the output logs of the recommended steps on this Topic in your advices:
 
Fixlog.txt:
 

 
Resultado da Correção pela Farbar Recovery Scan Tool (x86) Versão: 21.01.2018
Executado por luish (21-01-2018 22:27:47) Run:3
Executando a partir de C:\Users\luish.computnine\Desktop\AV_(2018)\21-01-2018\FRST_(21-01-2018)
Perfis Carregados: luish & UpdatusUser (Perfis Disponíveis: luish & marcoaufer & luis & marcopai & lula & UpdatusUser & isabecris & acronimo & IsabelCris)
Modo da Inicialização: Normal
 
==============================================
 
fixlist Conteúdo:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [590048 2018-01-10] (GAS Tecnologia)
S2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [X]
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [49496 2015-08-26] (GAS Tecnologia)
R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-08-15] (GAS Tecnologia)
S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [80728 2016-10-16] (GAS Tecnologia)
S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [79064 2015-03-18] (GAS Tecnologia)
C:\Program Files\GbPlugin
C:\Program Files\Diebold\Warsaw
C:\Windows\System32\drivers\gbpkm.sys
C:\Windows\System32\DRIVERS\gbpndisrdn.sys
C:\Windows\System32\drivers\wsddfac.sys
C:\Windows\system32\drivers\wsddpp.sys
 
End
*****************
 
Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
C:\Program Files\GbPlugin\gbpsv.exe
[784] C:\Program Files\GbPlugin\gbpsv.exe => processo fechado com sucesso.
C:\Program Files\GbPlugin\gbpsv.exe
[784] C:\Program Files\GbPlugin\gbpsv.exe => processo fechado com sucesso.
GbpSv => Serviço finalizado com sucesso.
HKLM\System\CurrentControlSet\Services\GbpSv => Não pode ser removido. ErrorCode1: 0x00000002
Warsaw Technology => serviço não encontrado (a).
GbpKm => Não foi possível finalizar o serviço.
"HKLM\System\CurrentControlSet\Services\GbpKm" => removido (a) com sucesso.
GbpKm => serviço removido (a) com sucesso.
ndisrd => Serviço finalizado com sucesso.
"HKLM\System\CurrentControlSet\Services\ndisrd" => removido (a) com sucesso.
ndisrd => serviço removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Services\wsddfac" => removido (a) com sucesso.
wsddfac => serviço removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Services\wsddpp" => removido (a) com sucesso.
wsddpp => serviço removido (a) com sucesso.
 
"C:\Program Files\GbPlugin" pasta mover:
 
Não pode ser movido "C:\Program Files\GbPlugin" => Agendado para ser movido na reinicialização.
 
"C:\Program Files\Diebold\Warsaw" => não encontrado (a)
Não pode ser movido "C:\Windows\System32\drivers\gbpkm.sys" => Agendado para ser movido na reinicialização.
C:\Windows\System32\DRIVERS\gbpndisrdn.sys => movido com sucesso
C:\Windows\System32\drivers\wsddfac.sys => movido com sucesso
C:\Windows\system32\drivers\wsddpp.sys => movido com sucesso
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12001784 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 327244 B
Edge => 0 B
Chrome => 7339603 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 0 B
luish.computnine => 5617648 B
marcoaufer => 0 B
luis.computnine => 0 B
marcopai => 0 B
lula => 0 B
UpdatusUser => 0 B
isabecris => 0 B
acronimo => 0 B
IsabelCris => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 32.1 MB de dados temporários Removidos.
 
================================
 
Resultado dos arquivos que foram agendados para serem movidos (Modo de Inicialização: Normal) (Data&Hora: 21-01-2018 22:56:14)
 
"C:\Program Files\GbPlugin" => Não pode ser movido.
"C:\Windows\System32\drivers\gbpkm.sys" => Não pode ser movido.
 
==== Fim de Fixlog 22:56:18 ====

 
. And, by this above log, I could indicate to you that something went wrong in this requested procedure, and a little time after, my computer, rebooting, had clearly a BSOD, and it had no chance and possibility to finish the removing of an only "Bank of Brazil" ("Banco do Brasil" in Portuguese) unused and remaining Module to be removed from my computer, since it's causing conflict in this PC. Installing the "DebugDiag" Microsoft software, you will can Browsing the Crashdump that I'm here only noticing that was shared to you particularly in this Topic, independently of your region, Idiom and OS language, simply open it by the intermediation of Internet Explorer (or also the Microsoft Edge nowadays, maybe) and you will can analyse the mentioned Crash Dump generated on the related BSOD to the FRST software.
 
 
Here is the link to the "DebugDiag" software that also works in Windows 10 (maybe you will need the I.E. Browser to see this log translated for your English idiom, according with what you have installed on your computer):
 
https://www.microsoft.com/en-us/download/details.aspx?id=49924 ( * )
 
The Crash Dump related to the generated BSOD is under the ".dmp" file format, and I'm indicating that is at some sharing site folder, that I've shared to you via PM, that I'm here reporting to your analysis, since I cannot upload it to the my last post here, it wasn't a permitted file format (if you can see something in this crashing someway.. -- the BSOD logs of Windows are not always clear).
 
 
And the "Tweaking.com" logs are also attached to this post, and should be long to write at this reply. So, I'm here only attaching the refererred logs, to you to decide what have I to do with its results with you reading the same logs.
 
 
Obs.: The part of the "Tweaking.com" software that left me doubtful was the below part:
 
VPF8z52.png
 
 
where the section "Repair Environment Variables" was strange, maybe doing something wrong on my installation of wherever that if been utilized and not being automatical. So that, I decide to jump this part in Pre-Scan of "Tweaking.com" software.
 
 
So, I guess that for now, within the results, its all that I've to provide to you at the moment.
 
 
Note: According to the link that I have provided to you in my last Private Message (PM), remembering that in this shared folder is all the related data and information, if something is not clear here (all the stuff in folders, of the last 21-01, 22-01 and 23-01 days). The Windows 7 Network Driver had to be reinstalled, after be killedl by the FRST software of the strange and maybe infected Bank Module ("NDISRD" -- having I stood without Internet and Network accesses after the FRST required reboot at that time, doing your recommended steps and "fixme.reg" registry merging), that may had been infected, and probably a malware took the control in the part of Network in my computer using this today unnecessary Module for doing this, and I can notify that the RKill software back to operate normally after this module deactivation and removing of traces on my installation and Windows registry. But the DNS errors that debug in Chrome are still happening eventually. Follows also attached the Snapshots of the last DNS errors of the Google Chrome that lastly are occuring on my computer.

 
Note[2]: The "IPCONFIG /flushdns" Network issue command resolved temporarily the presented DNS errors last time. My computer in Internet Browsing looks faster now, and significantly better after all scans navigating web pages and loading the websites, for the short time I've used it. Into the OS performance somethings improved (as the comportment of flashing on the screen using MS-Office 2013 in the last year -- my Windows 7 installation according to the logs was clearly infected), as the time needed and maybe the speed for the System Services to load someway. As a note, I can notify that my Windows 7 installation freezes and hang to load sometimes the Windows 7 core programs (e.g. Explorer.exe) and others. Again, sorry for my bad English.

 
Best Regards.
 
 
Thanks.
 
 
@LHVF (Brazil).

Attached Files


Edited by LHVF, 27 January 2018 - 06:56 AM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:52 AM

Posted 27 January 2018 - 09:46 AM



Hi,

I do not have the expertise to read or understand the Dump log.

Looks like your program is with Windows 7.

You may be able to Repair Windows 7.
Read the instructions on this page.

https://answers.microsoft.com/en-us/windows/forum/windows_7-update/is-it-possible-to-use-win-7-repair-installin-place/f898041c-15ce-460a-be96-231b32cdade3?auth=1

If you need additional information before proceeding I suggest you Start a new topic in the Windows 7 Forum.
https://www.bleepingcomputer.com/forums/f/167/windows-7/

An expert may be able to read the Dunp log and guide you to repair your Windows 7.

This is not caused by malware and not my forte.

I will leave this topic open for 6 days.

Good luck.

#15 LHVF

LHVF
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 02 February 2018 - 12:22 AM

Hi,

I do not have the expertise to read or understand the Dump log.

Looks like your program is with Windows 7.

You may be able to Repair Windows 7.
Read the instructions on this page.

https://answers.microsoft.com/en-us/windows/forum/windows_7-update/is-it-possible-to-use-win-7-repair-installin-place/f898041c-15ce-460a-be96-231b32cdade3?auth=1

If you need additional information before proceeding I suggest you Start a new topic in the Windows 7 Forum.
https://www.bleepingcomputer.com/forums/f/167/windows-7/

An expert may be able to read the Dunp log and guide you to repair your Windows 7.

This is not caused by malware and not my forte.

I will leave this topic open for 6 days.

Good luck.

 

 

Hi again @nasdaq !

  After all solicited proceedings, don't know if it is because of "Tweaking.com" software, now I ran into problems in my Windows 7 installation, these related to the Windows Update system resource. The Windows 7 Update Diagnostic Tool (in such case the Windows 7/8 Update Troubleshooter) warns that something is going wrong with this System feature, and I don't know how to fix it easily (I've searched on Google and found the external website "sevenforums.com", and find some relevant results there, telling to do some proceedings, but one of these instructions from the Microsoft Support webpage left deleted the Windows 7 Updates database of my installation). Seems to be the moment to open a new Topic at the BleepingComputer Windows 7 section Forums.

  In relation to the "Bank of Brazil" (*Banco do Brasil" in Portuguese) remaining module to be removed from my computer, I will try to pursue another methods, some of them involving a Live or installed Linux Distribution, for can successfully remove the GAS Tecnologia and G-BUSTER spywares (that served in the past only as Online Banking, and nowadays are totally unnecessary, since the Bank in question uses currently only a Mobile Client App). This Bank Module, probably, is affecting the performance of my Windows 7, or the "Tweaking.com" software made something wrong in my installation, leaving broken the Windows Update System part, probably.

  I think that I'll need this Topic open yet, since this computer still freezes and hangs to load the processes related to the Explorer.exe or with some Windows system part, or the softwares frequently stays with unresponsive windows.

  Please, let me aware if I may open this Topic again if necessary, since I cannot manage very well my time for can pay attention on this insistent Bank module (maybe mutually related to the FRST and the last BSOD), that is someway malicious and harmful, because it spies the user without consent of him / her, according to some sources that I found on the Internet recently.

Note: We may have reached a certain point where more than one routing will be needed to resolve all the parts, being thus separately treatments. I need to know what is occuring for the slowness issues on this computer, because previously this computer did not take long time or took many minutes to load the System Services and the softwares previously, as also yesterday took several minutes to make a simple do logoff of the session in the last boot. Maybe something is going wrong with this installation, and a Cleaner or Optimizer to can make this work correctly again might be needed (I'll try the "Avast Cleanup" from my Premier paid License pack that I've installed in my computer, in a first attempt to fix the problems of this PC definitively). Pratically all Windows Updates are failing to install properly on this installation. My father shutdowned abruptly this computer several times along these four years of this Windows 7 installation and also recently (or sometimes a blackout in the energy of my street also made this, certainly), and I think this is the reason and the why some parts of Windows Update are broken at the moment, and I'll also try (as the recommended steps from the "sevenfoums.com" that I found initially) the command "SFC /SCANNOW" from the Console present on the Windows 7 DVD installation disc. Something else will be also necessary for remedy the problems with Windows 7 installation, as the System Restore feature that will be tried by me, mainly for fix in the parts of the Windows Update, because something is corrupted within this installation. After the hour that you normally post here in this Forum, is that I will can try to remove the unused / unnecessary Bank Module again, that probably generated the BSOD with the FRST, and could post my progresses and results. And besides the Windows 7 Forums to post my problem recommended by you, I'll post the Crashdump file too (with he interrelated problem of the BSOD), to the Expert Team in BSODs here at the BleepingComputer Forums, in a specific section available there.  I guess that I'll still need your help for remove this Bank Module from my computer, if the another methods that I've found on the Internet not solve this my case and situation. Then, I'll can post definitively a feedback for my presented case, and will document what I did to resolve my problem here described.

 

I hope that I may have provided the needed information to proceed correctly with this Topic open, and I'm requesting you at least to wait until tomorrow, when I will can managing better the time for look exclusively at the issues of this Topic.

 

Hope that you may have understood the quantity of problems to handle at the same time, some new here these last days, and hope that this my solicitation of let the Topic open more time may be attended at the moment (don't know about a Forum Rule on this). Again, sorry for my bad English.

 

Best Regards.


Thanks for the your provided help and support offered until the moment.

 

 

@LHVF, ( Brazil ).


Edited by LHVF, 02 February 2018 - 07:56 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users