Este fórum foi descontinuado. LEIA AQUI e participe da Comunidade BABOO :)

Ir para conteúdo
turca

Analise de log

Mensagem Recomendada

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 29-01-2017
Executado por ATENDIMENTO (administrador) em NOT (30-01-2017 20:35:32)
Executando a partir de C:\Users\ATENDIMENTO\Desktop
Perfis Carregados: ATENDIMENTO (Perfis Disponíveis: ATENDIMENTO)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
() C:\Program Files\ThinkSky\iTools 3\iToolsDaemon.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Minimal ADB and Fastboot\adb.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registro (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [621616 2016-05-11] (GAS Tecnologia LTDA)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2295080 2011-10-01] (Synaptics Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-12-06] (Apple Inc.)
Winlogon\Notify\ GbPluginUni: C:\Program Files\GbPlugin\gbiehUni.dll [2016-12-02] (Banco Itaú Unibanco)
HKU\S-1-5-21-3828619231-1868183299-3799608553-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7173848 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-3828619231-1868183299-3799608553-1000\...\Run: [SH_AutoBackup] => C:\SHARMAQ\SHOficina\SHRecovery.exe [1950856 2015-12-06] (SHARMAQ)
HKU\S-1-5-21-3828619231-1868183299-3799608553-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATENÇÃO
HKU\S-1-5-21-3828619231-1868183299-3799608553-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)
HKLM\...\Providers\v6q9j7tw: C:\Program Files\Shuhish Host\local32spl.dll
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll [1951968 2016-12-02] (Banco Itaú Unibanco)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-12-10] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-12-10] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-12-10] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-08-20] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-11-15]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-09-14]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2CA2F255-4A43-4C3D-BF43-C8B7E87CEED4}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{48A1F1B0-D561-4334-84A5-EF13F8F83E62}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{48A1F1B0-D561-4334-84A5-EF13F8F83E62}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{842BA620-C749-498B-85CB-0B6F15FAEDA3}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{DBB96EA0-DCC9-45B0-ADF7-3C5DA1D4B5C8}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-3828619231-1868183299-3799608553-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3828619231-1868183299-3799608553-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope valor está ausente
SearchScopes: HKU\S-1-5-21-3828619231-1868183299-3799608553-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files\GbPlugin\gbiehuni.dll [2016-12-02] (Banco Itaú Unibanco)
BHO: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files\ThinkSky\iTools 3\Extensions\iToolsBHO.dll [2016-09-10] (iTools.hk)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)

FireFox:
========
FF ProfilePath: C:\Users\ATENDIMENTO\AppData\Roaming\Mozilla\Firefox\Profiles\my0jwqzu.default-1472675051146 [2017-01-30]
FF NewTab: Mozilla\Firefox\Profiles\my0jwqzu.default-1472675051146 -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\my0jwqzu.default-1472675051146 -> about:home
FF Session Restore: Mozilla\Firefox\Profiles\my0jwqzu.default-1472675051146 -> está habilitado.
FF Extension: (DownThemAll!) - C:\Users\ATENDIMENTO\AppData\Roaming\Mozilla\Firefox\Profiles\my0jwqzu.default-1472675051146\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-10-04]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-09-14] [não assinado]
FF HKU\S-1-5-21-3828619231-1868183299-3799608553-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files\ThinkSky\iTools 3\Extensions\npiTools.dll [2016-09-10] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3828619231-1868183299-3799608553-1000: @tools.google.com/Google Update;version=3 -> C:\Users\ATENDIMENTO\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3828619231-1868183299-3799608553-1000: @tools.google.com/Google Update;version=9 -> C:\Users\ATENDIMENTO\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

Chrome: 
=======
CHR DefaultProfile: ChromeDefaultData2
CHR HomePage: ChromeDefaultData2 -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c,
CHR StartupUrls: ChromeDefaultData2 -> "hxxps://search.yahoo.com/?fr=vmn&type=auslog_ya_hp","hxxp://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp","hxxp://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp"
CHR Session Restore: ChromeDefaultData2 -> está habilitado.
CHR Profile: C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-01-30] <==== ATENÇÃO
CHR Extension: (Google Apresentações) - C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-20]
CHR Extension: (Google Docs) - C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-20]
CHR Extension: (Google Drive) - C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-20]
CHR Extension: (YouTube) - C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-20]
CHR Extension: (Planilhas do Google) - C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-20]
CHR Extension: (Documentos Google off-line) - C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-20]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-20]
CHR Extension: (Chrome Media Router) - C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.7ZZKYKPNYL5EHO4ONW4FYFZUHM - C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

"Warsaw Technology" => serviço foi desbloqueado. <===== ATENÇÃO

R2 avast! antivírus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-20] (AVAST Software)
R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [590048 2016-12-02] (GAS Tecnologia)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [Arquivo não assinado]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [Arquivo não assinado]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [621616 2016-05-11] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 Lerdetain; C:\Program Files\Grokise\PlpHst.dll [X]

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2010-01-25] (LG Electronics Inc.)
S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus.sys [24576 2015-05-12] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [25088 2015-05-12] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [30208 2015-05-12] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis.sys [74752 2015-05-12] (LG Electronics Inc.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-08-20] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-08-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-08-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-08-20] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-08-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-08-20] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-13] (AVAST Software)
S3 cmnxusbser; C:\Windows\System32\DRIVERS\cmnxusbser.sys [130296 2015-11-24] (Wireless Data Device)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109184 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 eapihdrv; C:\Users\ATENDIMENTO\AppData\Local\temp\ehdrv.sys [135760 2017-01-29] (ESET)
S3 eGateUSB; C:\Windows\System32\Drivers\eGateUSB.sys [73728 2007-05-09] (Gemalto)
S2 eMMCUSBDEV; C:\Windows\System32\Drivers\GPGeMMC.sys [12287 2013-11-21] (cypress semiconductor) [Arquivo não assinado]
S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB.sys [16384 2015-09-12] (Intel Mobile Communications)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [96464 2016-10-04] (Future Technology Devices International Ltd.)
S3 FTSER2K; C:\Windows\System32\drivers\ftser2k.sys [74864 2016-10-04] ()
R0 gbpddreg; C:\Windows\System32\drivers\gbpddreg32.sys [25848 2017-01-30] (GAS Tecnologia)
R0 GbpKm; C:\Windows\System32\drivers\GbpKm.sys [49496 2015-12-04] (GAS Tecnologia)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2016-03-26] (Sony Mobile Communications)
S3 ghsdiagMDM; C:\Windows\System32\DRIVERS\ghsdiagMDM.sys [106624 2011-11-28] (HS Incorporated)
S3 imc1_com; C:\Windows\System32\DRIVERS\imc1_com.sys [42736 2014-03-07] (Intel Mobile Communications GmbH)
S3 imc1_mi; C:\Windows\System32\DRIVERS\imc1_mi.sys [43760 2014-03-07] (Intel Mobile Communications GmbH)
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [42592 2016-01-02] (hxxp://libusb-win32.sourceforge.net)
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [26240 2013-07-23] (Motorola)
S3 motport; C:\Windows\System32\DRIVERS\motport.sys [24960 2013-07-23] (Motorola Mobility Inc)
R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2016-08-24] (GAS Tecnologia)
R3 netr28; C:\Windows\System32\DRIVERS\netr28.sys [2075792 2014-12-10] (MediaTek Inc.)
R3 riffbox; C:\Windows\System32\DRIVERS\riffbox32.sys [27648 2016-05-21] (Microsoft Corporation)
S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [45080 2013-03-12] (Fuzhou Rockchip Electronics Co,Ltd.)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [171072 2016-10-06] (Prolific Technology Inc.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 SzCCID; C:\Windows\System32\DRIVERS\SzCCID.sys [26112 2011-12-23] (Generic)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2015-11-05] (Apple, Inc.) [Arquivo não assinado]
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [128704 2016-08-16] (MBB)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert32.sys [31448 2015-07-07] (Basil)
S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [80728 2017-01-23] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [79064 2015-03-18] (GAS Tecnologia)
S3 catchme; \??\C:\Users\ATENDI~1\AppData\Local\Temp\catchme.sys [X]
S3 qcusbser; system32\DRIVERS\qcusbser.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-01-30 20:35 - 2017-01-30 20:36 - 00019731 _____ C:\Users\ATENDIMENTO\Desktop\FRST.txt
2017-01-30 20:35 - 2017-01-30 20:35 - 00000000 ____D C:\FRST
2017-01-30 20:33 - 2017-01-30 20:34 - 01762816 _____ (Farbar) C:\Users\ATENDIMENTO\Desktop\FRST.exe
2017-01-30 19:09 - 2017-01-30 19:09 - 00000000 ____D C:\Users\ATENDIMENTO\.android
2017-01-30 19:08 - 2017-01-30 19:08 - 00001584 _____ C:\Users\Public\Desktop\InfinityBox CM2QLM.lnk
2017-01-30 17:10 - 2017-01-30 17:10 - 00000000 ____D C:\Program Files\Rocker Team
2017-01-30 13:06 - 2017-01-30 13:06 - 00001618 _____ C:\Users\ATENDIMENTO\Desktop\ZHPCleaner.txt
2017-01-30 12:56 - 2017-01-30 12:56 - 00000831 _____ C:\Users\ATENDIMENTO\Desktop\ZHPCleaner.lnk
2017-01-30 12:30 - 2017-01-30 12:30 - 00000550 _____ C:\Users\ATENDIMENTO\Desktop\JRT.txt
2017-01-30 12:25 - 2017-01-30 12:28 - 00192462 _____ C:\Windows\ntbtlog.txt
2017-01-30 11:31 - 2017-01-30 15:09 - 00003585 _____ C:\Users\ATENDIMENTO\Desktop\3 logs.txt
2017-01-30 11:24 - 2017-01-30 11:24 - 04015056 _____ C:\Users\ATENDIMENTO\Desktop\adwcleaner_6.043.exe
2017-01-30 11:23 - 2017-01-30 11:32 - 00000000 ____D C:\AdwCleaner
2017-01-30 11:22 - 2017-01-30 11:22 - 02698752 _____ C:\Users\ATENDIMENTO\Desktop\ZHPCleaner.exe
2017-01-30 11:21 - 2017-01-30 11:21 - 01663040 _____ (Malwarebytes) C:\Users\ATENDIMENTO\Desktop\JRT.exe
2017-01-29 12:16 - 2017-01-29 12:16 - 00014906 _____ C:\Users\ATENDIMENTO\Desktop\ESET.txt
2017-01-28 23:08 - 2017-01-28 23:08 - 02870984 _____ (ESET) C:\Users\ATENDIMENTO\Desktop\esetsmartinstaller_enu.exe
2017-01-28 15:14 - 2017-01-28 15:14 - 00004098 _____ C:\Users\ATENDIMENTO\Desktop\verificação.txt
2017-01-28 15:13 - 2017-01-28 15:13 - 00000428 _____ C:\Users\ATENDIMENTO\Desktop\protecao.txt
2017-01-28 15:02 - 2017-01-28 15:02 - 00000246 _____ C:\Users\ATENDIMENTO\Desktop\maln.txt
2017-01-28 15:02 - 2017-01-28 15:02 - 00000246 _____ C:\Users\ATENDIMENTO\Desktop\ma.txt
2017-01-27 13:21 - 2017-01-27 13:24 - 00000000 ____D C:\LinhaDefensiva
2017-01-26 10:05 - 2017-01-26 10:06 - 00002701 _____ C:\Users\ATENDIMENTO\Desktop\FSS.txt
2017-01-26 09:59 - 2017-01-26 10:01 - 00899584 _____ (Farbar) C:\Users\ATENDIMENTO\Desktop\FSS.exe
2017-01-26 09:58 - 2017-01-26 09:58 - 00147456 _____ (Eric_71) C:\Users\ATENDIMENTO\Desktop\MbrScan.exe
2017-01-25 21:48 - 2017-01-25 21:48 - 00388608 _____ (Trend Micro Inc.) C:\Users\ATENDIMENTO\Desktop\HijackThis.exe
2017-01-25 21:47 - 2017-01-28 15:10 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-25 21:47 - 2017-01-25 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-01-25 21:47 - 2017-01-25 21:47 - 00000000 ____D C:\Program Files\CCleaner
2017-01-25 19:52 - 2017-01-25 19:58 - 21949272 _____ C:\Users\ATENDIMENTO\Downloads\BaiduNetdisk_5.5.2.exe
2017-01-25 19:23 - 2017-01-25 19:23 - 00550179 _____ C:\Users\ATENDIMENTO\Downloads\mfastboot-v2.zip
2017-01-25 09:52 - 2017-01-25 09:52 - 00000000 ____D C:\Users\ATENDIMENTO\AppData\Local\VirtualStore
2017-01-25 09:15 - 2017-01-25 09:15 - 02514944 _____ C:\Users\ATENDIMENTO\ZHPCleaner.exe
2017-01-24 01:04 - 2017-01-22 12:27 - 00515858 _____ C:\Users\ATENDIMENTO\Desktop\cintrepair.zip
2017-01-23 18:43 - 2017-01-30 13:06 - 00000000 ____D C:\Users\ATENDIMENTO\AppData\Roaming\ZHP
2017-01-23 13:22 - 2017-01-23 13:22 - 00001335 _____ C:\Users\ATENDIMENTO\Downloads\Install_Adobe24player.zip
2017-01-23 13:09 - 2017-01-24 01:00 - 00000008 __RSH C:\Users\ATENDIMENTO\ntuser.pol
2017-01-23 11:45 - 2017-01-23 11:45 - 00000000 ____D C:\Users\Public\Documents\Tools
2017-01-23 11:45 - 2017-01-23 11:45 - 00000000 ____D C:\Users\Public\Documents\Baidu
2017-01-23 11:42 - 2017-01-23 11:42 - 00000000 ____D C:\Users\Todos os Usuários\Avira
2017-01-23 11:42 - 2017-01-23 11:42 - 00000000 ____D C:\Users\Todos os Usuários\Avg
2017-01-23 11:42 - 2017-01-23 11:42 - 00000000 ____D C:\ProgramData\Avira
2017-01-23 11:42 - 2017-01-23 11:42 - 00000000 ____D C:\ProgramData\Avg
2017-01-23 11:40 - 2017-01-23 12:05 - 00000000 ____D C:\Users\ATENDIMENTO\AppData\Local\Ckirese
2017-01-23 10:55 - 2017-01-29 05:24 - 00000000 ____D C:\Program Files\iRoot
2017-01-23 10:55 - 2017-01-28 15:10 - 00000920 _____ C:\Users\Public\Desktop\iRoot.lnk
2017-01-23 10:55 - 2017-01-23 10:57 - 00000000 ____D C:\Users\ATENDIMENTO\AppData\Roaming\mgyun
2017-01-23 10:55 - 2017-01-23 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iRoot
2017-01-23 10:21 - 2017-01-28 15:10 - 00001799 _____ C:\Users\Public\Desktop\Recuva.lnk
2017-01-23 10:21 - 2017-01-23 10:25 - 00000000 ____D C:\Program Files\Recuva
2017-01-23 10:21 - 2017-01-23 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2017-01-17 13:51 - 2017-01-17 13:51 - 00000000 ___RD C:\Users\ATENDIMENTO\Documents\Scanned Documents
2017-01-17 13:51 - 2017-01-17 13:51 - 00000000 ____D C:\Users\ATENDIMENTO\Documents\Fax
2017-01-14 15:57 - 2017-01-14 15:57 - 00000000 ____D C:\Users\ATENDIMENTO\Downloads\G360MVJU1AOI3_G360MZVV1AOI3_ZVV
2017-01-14 15:32 - 2015-10-12 21:06 - 771483989 _____ C:\Users\ATENDIMENTO\Downloads\G360MVJU1AOI3_G360MZVV1AOI3_ZVV.zip
2017-01-14 15:02 - 2017-01-14 15:02 - 00000000 ____D C:\Users\ATENDIMENTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-14 15:02 - 2017-01-14 15:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-14 15:02 - 2017-01-14 15:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-01-14 15:02 - 2017-01-14 15:02 - 00000000 ____D C:\Program Files\7-Zip
2017-01-14 13:57 - 2017-01-14 15:30 - 888166639 _____ C:\Users\ATENDIMENTO\Downloads\G360MVJS1BPK1_G360MZTR1BPI1_ZTR.zip-{7f025494-68ae-4a88-a15d-b496be26074c}.dtapart
2017-01-13 22:40 - 2017-01-13 23:42 - 46284782 _____ C:\Users\ATENDIMENTO\Downloads\G360MUBU1AOA1_UUB1AOB1_v4.4.4_Repair_Firmware.zip.crdownload
2017-01-10 15:47 - 2017-01-05 14:46 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-10 15:47 - 2017-01-05 14:46 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-10 15:47 - 2017-01-05 14:43 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-10 15:47 - 2017-01-05 14:43 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-10 15:47 - 2017-01-05 14:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-10 15:47 - 2017-01-05 14:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-10 15:47 - 2017-01-05 14:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-10 15:47 - 2017-01-05 14:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-10 15:47 - 2017-01-05 14:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-10 15:47 - 2017-01-05 14:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-10 15:47 - 2017-01-05 14:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-10 15:47 - 2017-01-05 14:43 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-10 15:47 - 2017-01-05 14:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-10 15:47 - 2017-01-05 14:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-10 15:47 - 2017-01-05 14:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-10 15:47 - 2017-01-05 14:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-10 15:47 - 2017-01-05 14:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-10 15:47 - 2017-01-05 14:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-10 15:47 - 2017-01-05 14:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-10 15:47 - 2017-01-05 14:19 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-10 15:47 - 2017-01-05 14:19 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-10 15:47 - 2017-01-05 14:19 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-10 15:47 - 2017-01-05 14:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-10 15:47 - 2017-01-05 14:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-10 15:47 - 2017-01-05 14:19 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-09 20:33 - 2017-01-09 20:33 - 00000000 ____D C:\Program Files\IMC
2017-01-09 20:33 - 2014-03-07 11:15 - 00043760 _____ (Intel Mobile Communications GmbH) C:\Windows\system32\Drivers\imc1_mi.sys
2017-01-09 20:33 - 2014-03-07 11:15 - 00042736 _____ (Intel Mobile Communications GmbH) C:\Windows\system32\Drivers\imc1_com.sys
2017-01-09 20:30 - 2017-01-28 15:10 - 00001136 _____ C:\Users\Public\Desktop\FactoryTool.lnk
2017-01-09 20:30 - 2017-01-09 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FactoryTool
2017-01-09 20:30 - 2017-01-09 20:30 - 00000000 ____D C:\Program Files\Rockchip
2017-01-09 20:30 - 2015-09-12 15:38 - 00016384 _____ (Intel Mobile Communications) C:\Windows\system32\Drivers\FlashUSB.sys
2017-01-09 14:41 - 2017-01-28 15:10 - 00001512 _____ C:\Users\Public\Desktop\InfinityBox SM.lnk
2017-01-05 09:33 - 2017-01-05 09:33 - 08327026 _____ C:\Users\ATENDIMENTO\Downloads\BLU-D910A-V13-GENERIC-20130830.zip.crdownload
2017-01-04 11:30 - 2017-01-04 11:30 - 00225412 _____ C:\Users\ATENDIMENTO\Downloads\Aa Amor e 1487 outros.vcf
2017-01-04 10:14 - 2017-01-04 10:14 - 00089754 _____ C:\Users\ATENDIMENTO\Downloads\contatos.csv
2017-01-03 16:54 - 2017-01-20 14:00 - 00000000 ____D C:\Users\ATENDIMENTO\AppData\Roaming\iFunbox_UserCache
2017-01-03 16:21 - 2017-01-03 16:21 - 00041093 _____ C:\Users\ATENDIMENTO\Downloads\Aa Pai Lucion e 224 outros (1).vcf
2017-01-03 16:20 - 2017-01-28 15:10 - 00001007 _____ C:\Users\Public\Desktop\CSV to vCard.lnk
2017-01-03 16:20 - 2017-01-23 11:42 - 00000000 ____D C:\Program Files\CSV to vCard
2017-01-03 16:20 - 2017-01-03 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSV to vCard
2017-01-03 16:19 - 2017-01-03 16:20 - 00348664 _____ (csvtovcard.com ) C:\Users\ATENDIMENTO\Downloads\csvtovcard_setup.exe
2017-01-03 15:32 - 2017-01-03 15:32 - 00041093 _____ C:\Users\ATENDIMENTO\Downloads\Aa Pai Lucion e 224 outros.vcf

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-01-30 20:31 - 2009-07-14 01:34 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-30 20:31 - 2009-07-14 01:34 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-30 20:16 - 2016-08-23 17:57 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2017-01-30 20:16 - 2016-08-23 17:57 - 00000000 ____D C:\ProgramData\GbPlugin
2017-01-30 19:49 - 2016-09-10 01:34 - 00000318 _____ C:\Windows\Tasks\iToolsDaemon.job
2017-01-30 19:13 - 2011-04-12 01:47 - 00705304 _____ C:\Windows\system32\prfh0416.dat
2017-01-30 19:13 - 2011-04-12 01:47 - 00147108 _____ C:\Windows\system32\prfc0416.dat
2017-01-30 19:13 - 2010-11-20 18:01 - 01633570 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-30 19:13 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf
2017-01-30 19:09 - 2016-08-20 13:08 - 00000000 ____D C:\Users\ATENDIMENTO
2017-01-30 19:08 - 2016-08-22 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox
2017-01-30 19:08 - 2016-08-22 11:48 - 00000000 ____D C:\InfinityBox
2017-01-30 17:43 - 2016-09-04 21:37 - 00000000 ____D C:\AdvanceBox Turbo Flasher
2017-01-30 17:10 - 2016-10-19 15:53 - 00001201 _____ C:\Users\Public\Desktop\RIFF JTAG Manager.lnk
2017-01-30 16:37 - 2016-11-15 18:38 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-30 12:56 - 2016-12-02 17:35 - 00000000 ____D C:\Users\ATENDIMENTO\AppData\LocalLow\Mozilla
2017-01-30 12:34 - 2016-08-23 17:57 - 00025848 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddreg32.sys
2017-01-30 12:31 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-28 15:15 - 2016-08-31 11:41 - 133456224 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-28 15:15 - 2016-08-31 11:41 - 00000000 ____D C:\Windows\system32\MRT
2017-01-28 15:11 - 2016-10-06 14:56 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-01-28 15:11 - 2016-09-14 17:18 - 00001327 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Central de Soluções HP.lnk
2017-01-28 15:11 - 2016-09-05 01:16 - 00001248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\MV Defrag 1.9.lnk
2017-01-28 15:11 - 2016-09-01 00:12 - 00001286 _____ C:\ProgramData\Microsoft\Windows\Start Menu\MV RegClean 6.9.1.lnk
2017-01-28 15:11 - 2016-09-01 00:11 - 00001296 _____ C:\ProgramData\Microsoft\Windows\Start Menu\MV RegCompact 1.3.lnk
2017-01-28 15:11 - 2016-08-20 17:43 - 00001214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-01-28 15:11 - 2016-08-20 17:00 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-28 15:11 - 2016-08-20 13:27 - 00001365 _____ C:\Users\ATENDIMENTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-28 15:11 - 2016-08-20 13:08 - 00001134 _____ C:\Users\ATENDIMENTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-28 15:11 - 2009-07-14 01:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2017-01-28 15:11 - 2009-07-14 01:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2017-01-28 15:10 - 2016-12-30 10:15 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-28 15:10 - 2016-12-29 11:17 - 00001967 _____ C:\Users\Public\Desktop\SigmaKey.lnk
2017-01-28 15:10 - 2016-12-19 12:36 - 00001584 _____ C:\Users\Public\Desktop\InfinityBox CM2MTK.lnk
2017-01-28 15:10 - 2016-12-12 20:33 - 00001559 _____ C:\Users\Public\Desktop\HDE By HUA Box TEAM.lnk
2017-01-28 15:10 - 2016-12-12 20:33 - 00001352 _____ C:\Users\Public\Desktop\ASANSAMBOX.lnk
2017-01-28 15:10 - 2016-11-15 14:59 - 00000652 _____ C:\Users\Public\Desktop\Volcano_MTK_V1.1.0.lnk
2017-01-28 15:10 - 2016-11-15 11:27 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-01-28 15:10 - 2016-09-12 20:54 - 00001062 _____ C:\Users\Public\Desktop\Minimal ADB and Fastboot.lnk
2017-01-28 15:10 - 2016-09-10 01:34 - 00001088 _____ C:\Users\Public\Desktop\iTools 3.lnk
2017-01-28 15:10 - 2016-09-05 22:51 - 00002073 _____ C:\Users\Public\Desktop\Smart Switch.lnk
2017-01-28 15:10 - 2016-09-05 12:27 - 00001584 _____ C:\Users\Public\Desktop\InfinityBox CM2RKT.lnk
2017-01-28 15:10 - 2016-09-05 01:16 - 00001242 _____ C:\Users\Public\Desktop\MV Defrag 1.9.lnk
2017-01-28 15:10 - 2016-09-01 00:12 - 00001280 _____ C:\Users\Public\Desktop\MV RegClean 6.9.1.lnk
2017-01-28 15:10 - 2016-09-01 00:11 - 00001290 _____ C:\Users\Public\Desktop\MV RegCompact 1.3.lnk
2017-01-28 15:10 - 2016-08-29 19:48 - 00001191 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-01-28 15:10 - 2016-08-22 19:32 - 00000952 _____ C:\Users\Public\Desktop\RIFF JTAG Manager COMPLETO.lnk
2017-01-28 15:10 - 2016-08-22 16:50 - 00000758 _____ C:\Users\Public\Desktop\MEGAsync.lnk
2017-01-28 15:10 - 2016-08-22 16:14 - 00000993 _____ C:\Users\Public\Desktop\Kingo ROOT.lnk
2017-01-28 15:10 - 2016-08-20 20:01 - 00002585 _____ C:\Users\Public\Desktop\RSD Lite.lnk
2017-01-28 15:10 - 2016-08-20 17:00 - 00002017 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-01-28 15:10 - 2016-08-20 14:36 - 00001011 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-01-28 15:09 - 2016-12-19 18:36 - 00000754 _____ C:\Users\ATENDIMENTO\Desktop\VOLCANO - Atalho.lnk
2017-01-28 15:09 - 2016-12-19 16:24 - 00001018 _____ C:\Users\ATENDIMENTO\Desktop\Hard Disk Low Level Format Tool.lnk
2017-01-28 15:09 - 2016-12-12 20:25 - 00001191 _____ C:\Users\ATENDIMENTO\Desktop\Octoplus Samsung Tool.lnk
2017-01-28 15:09 - 2016-12-06 15:59 - 00002191 _____ C:\Users\ATENDIMENTO\Desktop\Itaú.lnk
2017-01-28 15:09 - 2016-12-03 09:38 - 00001131 _____ C:\Users\ATENDIMENTO\Desktop\Octoplus LG Tool.lnk
2017-01-28 15:09 - 2016-11-16 15:53 - 00000960 _____ C:\Users\ATENDIMENTO\Desktop\ACESSORIOS SHARMAQ.txt - Atalho.lnk
2017-01-28 15:09 - 2016-11-15 10:01 - 00000831 _____ C:\Users\ATENDIMENTO\Desktop\LGMobile Support Tool.lnk
2017-01-28 15:09 - 2016-11-01 09:26 - 00000981 _____ C:\Users\ATENDIMENTO\Desktop\PEÇAS FORA DE ESTOQUE.lnk
2017-01-28 15:09 - 2016-09-28 11:49 - 00000939 _____ C:\Users\ATENDIMENTO\Desktop\PEDIDO PELICULA.lnk
2017-01-28 15:09 - 2016-09-09 19:00 - 00001848 _____ C:\Users\ATENDIMENTO\Desktop\Backup - Atalho.lnk
2017-01-28 15:09 - 2016-09-08 10:48 - 00000939 _____ C:\Users\ATENDIMENTO\Desktop\PEDIDO CLIENTES - Atalho.lnk
2017-01-28 15:09 - 2016-09-04 21:59 - 00001119 _____ C:\Users\ATENDIMENTO\Desktop\AdvanceBox - Atalho.lnk
2017-01-28 15:09 - 2016-09-04 02:10 - 00000688 _____ C:\Users\ATENDIMENTO\Desktop\SETOOL.lnk
2017-01-28 15:09 - 2016-09-04 01:32 - 00000762 _____ C:\Users\ATENDIMENTO\Desktop\Flashtool.lnk
2017-01-28 15:09 - 2016-09-02 19:00 - 00001134 _____ C:\Users\ATENDIMENTO\Desktop\Odin3 - Atalho.lnk
2017-01-28 15:09 - 2016-08-31 23:50 - 00001272 _____ C:\Users\ATENDIMENTO\Desktop\LGFlashTool2014 - Atalho.lnk
2017-01-28 15:09 - 2016-08-31 18:31 - 00000962 _____ C:\Users\ATENDIMENTO\Desktop\LGE Tool.lnk
2017-01-28 15:09 - 2016-08-30 22:33 - 00000955 _____ C:\Users\ATENDIMENTO\Desktop\3uTools.lnk
2017-01-28 15:09 - 2016-08-23 12:31 - 00002205 _____ C:\Users\ATENDIMENTO\Desktop\WhatsApp.lnk
2017-01-28 15:09 - 2016-08-22 19:08 - 00000720 _____ C:\Users\ATENDIMENTO\Desktop\GPGeMMC - Atalho.lnk
2017-01-28 15:09 - 2016-08-20 13:36 - 00000745 _____ C:\Users\ATENDIMENTO\Desktop\SHOficina5.lnk
2017-01-28 15:09 - 2016-08-20 13:36 - 00000728 _____ C:\Users\ATENDIMENTO\Desktop\SHVendas.lnk
2017-01-28 15:09 - 2016-08-20 13:27 - 00001357 _____ C:\Users\ATENDIMENTO\Desktop\Google Chrome.lnk
2017-01-27 14:55 - 2016-08-23 17:57 - 00000000 ____D C:\Program Files\GbPlugin
2017-01-25 19:46 - 2016-08-22 16:51 - 00000000 ____D C:\Users\ATENDIMENTO\Documents\MEGAsync Downloads
2017-01-25 09:15 - 2016-11-24 11:58 - 00000000 ____D C:\Users\ATENDIMENTO\AppData\Local\ElevatedDiagnostics
2017-01-24 19:31 - 2009-07-13 23:04 - 00000215 _____ C:\Windows\system.ini
2017-01-24 01:29 - 2016-08-29 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-01-24 00:44 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\GroupPolicy
2017-01-23 18:23 - 2016-08-20 14:36 - 00001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-23 15:46 - 2016-08-23 18:00 - 00080728 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2017-01-23 12:58 - 2016-09-30 14:32 - 00000000 ____D C:\Program Files\iPod
2017-01-23 11:44 - 2016-12-12 20:23 - 00000000 ____D C:\Program Files\Octoplus
2017-01-23 11:44 - 2016-10-06 14:56 - 00000000 ____D C:\Program Files\Apple Software Update
2017-01-23 11:42 - 2016-09-05 23:00 - 00000000 ____D C:\Program Files\Sony Mobile
2017-01-23 11:42 - 2016-08-31 18:31 - 00000000 ____D C:\Program Files\SgTool
2017-01-23 11:42 - 2016-08-20 14:36 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-01-23 11:05 - 2016-08-22 16:16 - 00000190 _____ C:\Users\ATENDIMENTO\AppData\Local\uts.ini
2017-01-17 13:52 - 2016-09-14 17:24 - 00000000 ____D C:\Users\ATENDIMENTO\Documents\Minhas digitalizações
2017-01-14 15:02 - 2016-08-20 14:19 - 00000000 ____D C:\Program Files\WinRAR
2017-01-14 08:26 - 2011-04-12 01:56 - 00000000 ____D C:\Windows\RemotePackages
2017-01-10 09:51 - 2016-08-25 15:06 - 07522883 _____ C:\SHBackup.zip
2017-01-09 21:04 - 2016-08-22 16:51 - 00000000 ___RD C:\Users\ATENDIMENTO\Documents\MEGAsync
2017-01-05 11:44 - 2016-08-31 18:31 - 00000000 ____D C:\Program Files\LGE Tool

==================== Arquivos na raiz de alguns diretórios =======

2016-12-19 16:24 - 2016-12-19 16:24 - 0000001 _____ () C:\Users\ATENDIMENTO\AppData\Local\llftool.4.40.agreement
2016-08-22 16:16 - 2017-01-23 11:05 - 0000190 _____ () C:\Users\ATENDIMENTO\AppData\Local\uts.ini
2016-09-14 17:12 - 2016-09-14 18:01 - 0000400 _____ () C:\ProgramData\hpzinstall.log

Arquivos para serem movidos ou deletados:
====================
C:\Users\ATENDIMENTO\ZHPCleaner.exe


==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2017-01-23 19:35

==================== Fim de FRST.txt ============================

 

 

Resultado do exame Adicional Farbar Recovery Scan Tool (x86) Versão: 29-01-2017
Executado por ATENDIMENTO (30-01-2017 20:37:10)
Executando a partir de C:\Users\ATENDIMENTO\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2016-08-20 16:08:18)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================

Administrador (S-1-5-21-3828619231-1868183299-3799608553-500 - Administrator - Disabled)
ATENDIMENTO (S-1-5-21-3828619231-1868183299-3799608553-1000 - Administrator - Enabled) => C:\Users\ATENDIMENTO
Convidado (S-1-5-21-3828619231-1868183299-3799608553-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3828619231-1868183299-3799608553-1003 - Limited - Enabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Avast antivírus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast antivírus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
3uTools (HKLM\...\3uTools) (Version: 1.13 - ShenZhen Waip Infomation Technology Co., Ltd.)
7-Zip 16.04 (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Advance Turbo Flasher 12.60 (HKLM\...\{BD431236-592C-4D68-A6A3-2F68AC1CD55A}) (Version: 12.60 - Advance-Box)
Alcor Micro Smart Card Reader Driver (HKLM\...\SZCCID) (Version: 1.7.26.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (Version: 1.7.26.0 - Alcor Micro Corp.) Hidden
Aplicativo Itaú (HKLM\...\{3DB32008-4479-49E3-886B-CD502BF4291E}) (Version: 1.0.76 - Banco Itaú)
Apple Mobile Device Support (HKLM\...\{D9F3D66A-9885-4DDD-A800-9DDF488359A1}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free antivírus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Copy (Version: 140.0.212.000 - Hewlett-Packard) Hidden
CSV to vCard (HKLM\...\{B9DCBBD4-20F5-424B-9C56-FFF62BE71CD7}_is1) (Version:  - csvtovcard.com)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_AIO_05_F4400_Software_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Emergency Download Driver (HKLM\...\{3F0F5AB4-C9CE-4226-8393-E9CFF8369D9D}) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
F4400 (Version: 140.0.696.000 - Hewlett-Packard) Hidden
FactoryTool version 1.28_0913 (HKLM\...\{17A847B9-2447-4D64-95F5-3881ED0F8613}_is1) (Version: 1.28_0913 - Rockchip,Inc.)
Flashtool (HKLM\...\Flashtool) (Version: 0.9.22.3 - Androxyde)
Google Chrome (HKU\S-1-5-21-3828619231-1868183299-3799608553-1000\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth (HKLM\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
Gordon's Gate Flash Driver 3.0.0.7 (HKLM\...\Gordon's Gate Flash Driver) (Version: 3.0.0.7 - Sony Mobile Communications AB)
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hard Disk Low Level Format Tool 4.40 (HKLM\...\Hard Disk Low Level Format Tool_is1) (Version:  - HDDGURU)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5 (HKLM\...\{A800FCC9-8E1E-4D84-9CED-47870701FDE1}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HST BOX (BY HUA TEAM) (HKLM\...\HST BOX (BY HUA TEAM)3.1.7) (Version: 3.1.7 - HUA TEAM)
InfinityBox CM2MTK (HKLM\...\InfinityBox CM2MTK) (Version:  - )
InfinityBox CM2QLM (HKLM\...\InfinityBox CM2QLM) (Version:  - )
InfinityBox CM2RKT (HKLM\...\InfinityBox CM2RKT) (Version:  - )
InfinityBox SM (HKLM\...\InfinityBox SM) (Version:  - )
Intel Mobile Family IMC1 v4.24.0 (HKLM\...\Intel Mobile Family IMC1 v4.24.0) (Version: 4.24.0 - Intel Mobile Communications GmbH)
iRoot (HKLM\...\{1295E43F-382A-4CB2-9E0F-079C0D7401BB}_is1) (Version: 1.8.8.20465 - SING)
iTools 3 (HKLM\...\ThinkSky) (Version:  - Shenzhen Thinksky Technology Co., Ltd.)
iTunes (HKLM\...\{4EEBA4CC-6719-4AA0-B36E-D7748E55804E}) (Version: 12.5.4.42 - Apple Inc.)
Kingo ROOT version 1.4.8.2793 (HKLM\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.4.8.2793 - Kingosoft Technology Ltd.)
LG Android Driver (HKLM\...\{4E4F8163-9889-4BAB-B2E7-DBAAE248C1EB}) (Version: 1.0 - LG Electronics)
LG Mobile Driver (HKLM\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.0.4 - LG Electronics)
LGE Tool 2.58 (HKLM\...\LGE Tool_is1) (Version:  - LGETool.com)
Malwarebytes Anti-Malware versão 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
MEGAsync (HKLM\...\MEGAsync) (Version:  - Mega Limited)
Mentor Graphics CAMCAD Runtime install (HKLM\...\{291F65CB-4D0E-48F3-8564-014B46C186B8}) (Version: 1.00.0000 - Mentor Graphics Corporation)
MICRO-BOX USB AIO Drivers Package (HKLM\...\MICRO-BOX USB AIO Drivers Package_is1) (Version: 1.3.0.0 - MICRO-BOX Team)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.3.1 (HKLM\...\{26AC9666-A2C6-4D33-8370-A50F50F277C4}_is1) (Version: 1.3.1 - Sam Rodberg)
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{BA562260-B4FA-4D87-ADC5-963783028C68}) (Version: 6.4.0 - Motorola Mobility LLC)
Mozilla Firefox 50.1.0 (x86 pt-BR) (HKLM\...\Mozilla Firefox 50.1.0 (x86 pt-BR)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MV Defrag 1.9 (HKLM\...\MV Defrag 1.9_is1) (Version:  - )
MV RegClean 6.9.1 (HKLM\...\MV RegClean 6.9.1_is1) (Version:  - )
MV RegCompact 1.3 (HKLM\...\MV RegCompact 1.3_is1) (Version:  - )
Octoplus/Octopus box LG software 2.5.4 (HKLM\...\Octoplus box LG software_is1) (Version:  - Octoplus team)
Octopus Box Samsung software 2.4.6 (HKLM\...\Octoplus Box Samsung software_is1) (Version:  - Octoplus team)
Pacote de Driver do Windows - FTDI CDM Driver Package - Bus/D2XX Driver (01/22/2016 2.12.14) (HKLM\...\87F12CF186FEB9213F021EDDBDC3F78869FDF333) (Version: 01/22/2016 2.12.14 - FTDI)
Pacote de Driver do Windows - FTDI CDM Driver Package - VCP Driver (01/22/2016 2.12.14) (HKLM\...\5AD9F6682B7B83C473FC47800C5F841EA004DC1B) (Version: 01/22/2016 2.12.14 - FTDI)
Pacote de Driver do Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Pacote de Driver do Windows - libusb-win32 MICRO-BOX USB Drivers Package (07/03/2016 1.3.0.0) (HKLM\...\BFD38B1CE30A8DCDD4C0E7D4E7A9513511E6D3BD) (Version: 07/03/2016 1.3.0.0 - libusb-win32)
Pacote de Driver do Windows - RIFF BOX Limited (c), 2012 (qcusbser) Ports  (20/02/2010 1.0.0000.0) (HKLM\...\41E9692E4D37801A63D9DBCF0C176E102554DC3C) (Version: 20/02/2010 1.0.0000.0 - RIFF BOX Limited (c), 2012)
Pacote de Driver do Windows - RIFF BOX Limited (c), 2012 (RIFFUSBSER) Ports  (20/02/2010 1.0.0000.0) (HKLM\...\1810514DC0183922AEEB6C3182B7EA3AB12CBFE2) (Version: 20/02/2010 1.0.0000.0 - RIFF BOX Limited (c), 2012)
Pacote de Driver do Windows - RIFF BOX Limited (c), 2016 (riffbox) Ports  (20/02/2010 1.0.0000.0) (HKLM\...\42C673DA039E2992F86468B66CAAB7CCB5ABC0CC) (Version: 20/02/2010 1.0.0000.0 - RIFF BOX Limited (c), 2016)
Qualcomm USB Drivers For Windows (HKLM\...\{D9FB7F91-9687-4B09-894D-072903CADEA4}) (Version: 1.0.14 - QUALCOMM Incorporated)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
RSDLite (HKLM\...\{494CAE58-BBC3-4782-B59F-02F163E4A32B}) (Version: 6.2.4 - Motorola)
SafeZone Stable 1.51.2220.62 (Version: 1.51.2220.62 - Avast Software) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SHOficina 6.10b (HKLM\...\SHOficina_is1) (Version: 6.10b - SHARMAQ)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SigmaKey (HKLM\...\{22604F25-797A-4967-A552-52F615CE77F8}) (Version: 2.22.00 - GsmServer)
Smart Switch (HKLM\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16084.4 - Samsung Electronics Co., Ltd.)
Smart Switch (Version: 4.1.16084.4 - Samsung Electronics Co., Ltd.) Hidden
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
Software WIDCOMM Bluetooth (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
SolutionCenter (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Suporte para Aplicativos Apple (32-bit) (HKLM\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - Synaptics Incorporated)
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
VolcanoBox_3.0_AKA_Inferno_For_VolcanoBox version Volcano_MTK_V1.1.0 (HKLM\...\{9E3D6AAC-501A-47BD-9CCA-E61659C64849}_is1) (Version: Volcano_MTK_V1.1.0 - VolcanoBox, GPGIndustries)
Warsaw 1.12.3.5 32 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.12.3.5 - GAS Tecnologia)
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
WhatsApp (HKU\S-1-5-21-3828619231-1868183299-3799608553-1000\...\WhatsApp) (Version: 0.2.2732 - WhatsApp)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinUsb CoInstallers (HKLM\...\{9755918A-CDF8-4F1E-8453-6359CF1A330A}) (Version:  - )
WinUSB Compatible ID Drivers (HKLM\...\{A4A0B236-6046-4CAB-8177-1EAF61112C75}) (Version:  - )
WinUSB Drivers ext (HKLM\...\{29BAAF65-09E5-4F52-8D15-2FAF2E23A8DC}) (Version:  - )

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-3828619231-1868183299-3799608553-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\ATENDIMENTO\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3828619231-1868183299-3799608553-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\ATENDIMENTO\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3828619231-1868183299-3799608553-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\ATENDIMENTO\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3828619231-1868183299-3799608553-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\ATENDIMENTO\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3828619231-1868183299-3799608553-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\ATENDIMENTO\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3828619231-1868183299-3799608553-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\ATENDIMENTO\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3828619231-1868183299-3799608553-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\ATENDIMENTO\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3828619231-1868183299-3799608553-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\ATENDIMENTO\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3828619231-1868183299-3799608553-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ATENDIMENTO\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)

==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {093E26C3-EB5F-4F61-A92A-6A69650CD59C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-20] (AVAST Software)
Task: {3FF03AC3-1329-4CE9-A4C0-3599632F1844} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! antivírus\backup.exe [2017-01-27] (AVAST Software)
Task: {453F744D-DE1D-46AD-B28D-EFDB7751215A} - System32\Tasks\iToolsDaemon => C:\Program Files\ThinkSky\iTools 3\iToolsDaemon.exe [2016-09-10] ()
Task: {8E5231C4-64FA-4D9A-B64C-46F86AB0FEEC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3828619231-1868183299-3799608553-1000Core => C:\Users\ATENDIMENTO\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-20] (Google Inc.)
Task: {9BB23B83-F8F3-4033-9272-C83C0D319933} - System32\Tasks\SafeZone scheduled Autoupdate 1471725804 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {BB3ABE08-3EA9-46F3-9328-802296B1AB33} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {BBFA0E01-2582-4BD0-B153-A629CFA2FF33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-09-02] (Google Inc.)
Task: {D69CD329-3734-4B26-943D-512CC02A13D5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3828619231-1868183299-3799608553-1000UA => C:\Users\ATENDIMENTO\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-20] (Google Inc.)
Task: {DBDF6969-3475-4956-9A1E-A49A77F780DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-09-02] (Google Inc.)
Task: {E6AB5268-0BC1-43EF-A77B-89EB3860EBDE} - System32\Tasks\Shuhish Host => C:\Program Files\Grokise\tuwe.exe
Task: {F6BC4472-030C-43C7-ABB2-A2CB6CC5ED4B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\Windows\Tasks\iToolsDaemon.job => C:\Program Files\ThinkSky\iTools 3\iToolsDaemon.exe

==================== Atalhos =============================

(As entradas podem ser listadas para serem restauradas ou removidas.)

==================== Módulos Carregados (Whitelisted) ==============

2016-08-20 17:20 - 2016-08-20 17:20 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-01-30 11:17 - 2017-01-30 11:17 - 04459608 _____ () C:\Program Files\AVAST Software\Avast\defs\17013000\algo.dll
2016-08-20 17:20 - 2016-08-20 17:20 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-09-01 19:13 - 2016-09-01 19:13 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:29 - 2016-11-17 01:29 - 01041720 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-10 01:34 - 2016-09-10 01:34 - 00486264 _____ () C:\Program Files\ThinkSky\iTools 3\iToolsDaemon.exe
2016-09-10 01:34 - 2016-09-10 01:34 - 02317688 _____ () C:\Program Files\ThinkSky\iTools 3\iOSDevice.dll
2016-09-10 01:34 - 2016-09-10 01:34 - 00044920 _____ () C:\Program Files\ThinkSky\iTools 3\Common.dll
2016-09-10 01:34 - 2016-09-10 01:34 - 00402808 _____ () C:\Program Files\ThinkSky\iTools 3\TSLib.dll
2016-09-10 01:34 - 2016-09-10 01:34 - 00103288 _____ () C:\Program Files\ThinkSky\iTools 3\ZLib.dll
2016-09-10 01:34 - 2016-09-10 01:34 - 01362808 _____ () C:\Program Files\ThinkSky\iTools 3\MiscCore.dll
2016-09-10 01:34 - 2016-09-10 01:34 - 00668536 _____ () C:\Program Files\ThinkSky\iTools 3\UICore.dll
2016-09-10 01:34 - 2016-09-10 01:34 - 00548728 _____ () C:\Program Files\ThinkSky\iTools 3\Sqlite.dll
2016-09-10 01:34 - 2016-09-10 01:34 - 00152952 _____ () C:\Program Files\ThinkSky\iTools 3\Network.dll
2016-09-10 01:34 - 2016-09-10 01:34 - 00180088 _____ () C:\Program Files\ThinkSky\iTools 3\MiscMods.dll
2016-09-10 01:34 - 2016-09-10 01:34 - 00385912 _____ () C:\Program Files\ThinkSky\iTools 3\MediaUtil.dll
2016-06-30 08:24 - 2016-12-10 15:29 - 00564736 _____ () C:\ProgramData\MEGAsync\ShellExtX32.dll
2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-08-20 17:20 - 2016-08-20 17:20 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-12-21 14:49 - 2016-12-21 14:49 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll
2016-09-12 20:54 - 2015-08-09 17:13 - 00944128 _____ () C:\Program Files\Minimal ADB and Fastboot\adb.exe

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\Program Files\GbPlugin:IncompleteStartProcessProtection.cnt [8]
AlternateDataStreams: C:\Program Files\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst [165]
AlternateDataStreams: C:\Windows\system32\Drivers\gbpddreg32.sys:X5ZN8aGvT4 [674]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1198]
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [292]
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:CB0AACC9 [292]

==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)


==================== Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)


==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)

IE trusted site: HKU\S-1-5-21-3828619231-1868183299-3799608553-1000\...\google.com -> www.google.com
IE trusted site: HKU\S-1-5-21-3828619231-1868183299-3799608553-1000\...\google.com.br -> www.google.com.br
IE trusted site: HKU\S-1-5-21-3828619231-1868183299-3799608553-1000\...\itau.b.br -> www.itau.b.br
IE trusted site: HKU\S-1-5-21-3828619231-1868183299-3799608553-1000\...\itau.com.br -> hxxps://bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-3828619231-1868183299-3799608553-1000\...\itau.com.br -> bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-3828619231-1868183299-3799608553-1000\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br
IE trusted site: HKU\S-1-5-21-3828619231-1868183299-3799608553-1000\...\itaupersonnalite.com.br -> www.itaupersonnalite.com.br

==================== Hosts Conteúdo: ===============================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2009-07-13 23:04 - 2017-01-27 13:23 - 00000838 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost 
::1             localhost 

==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-3828619231-1868183299-3799608553-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==


==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [TCP Query User{CA620516-8795-484C-B1E9-7584C0109BF6}C:\users\atendimento\appdata\local\google\chrome\application\chrome.exe] => C:\users\atendimento\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{368228E3-7A30-43ED-A1FC-4E1E2041203F}C:\users\atendimento\appdata\local\google\chrome\application\chrome.exe] => C:\users\atendimento\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{7A1FE192-399F-49C0-ABE3-92523C1E7BE4}C:\program files\motorola\rsd lite\sdl.exe] => C:\program files\motorola\rsd lite\sdl.exe
FirewallRules: [UDP Query User{EDD93371-8D0B-4413-AA57-CE6CFC639270}C:\program files\motorola\rsd lite\sdl.exe] => C:\program files\motorola\rsd lite\sdl.exe

==================== Pontos de Restauração =========================

29-01-2017 06:24:10 Ponto de Verificação Agendado
30-01-2017 11:34:44 JRT Pre-Junkware Removal
30-01-2017 18:16:15 Revo Uninstaller's restore point - InfinityBox CM2QLM

==================== Dispositivos Apresentando Falhas No Gerenciador =============

Name: Broadcom Bluetooth USB
Description: Broadcom Bluetooth USB
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (01/30/2017 06:16:11 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback.  hr =  0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
   Obtendo Dados do Gravador

Contexto:
   Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
   Nome do Gravador: System Writer
   ID de Instância de Gravador: {cbb37054-3edf-4491-b8ea-ad9bff478c94}

Error: (01/30/2017 12:32:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/30/2017 12:28:58 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Falha ao criar ponto de restauração (Processo = C:\Users\ATENDI~1\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Descrição = JRT Pre-Junkware Removal; Erro = 0x8007043c).

Error: (01/30/2017 12:27:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/30/2017 11:30:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/30/2017 11:16:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/29/2017 01:46:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: Explorer.exe, versão: 6.1.7601.17567, carimbo de hora: 0x4d6727a7
Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.23572, carimbo de hora: 0x57fd0335
Código de exceção: 0xc0000374
Deslocamento com falha: 0x000c3b9b
Identificação do processo com falha: 0xcdc
Hora de início do aplicativo com falha: 0x01d279ea848713f4
Caminho do aplicativo com falha: C:\Windows\Explorer.exe
FCaminho do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll
Identificação do Relatório: f385116b-e5dd-11e6-b201-00269e0596dc

Error: (01/29/2017 01:45:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: Explorer.exe, versão: 6.1.7601.17567, carimbo de hora: 0x4d6727a7
Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.23572, carimbo de hora: 0x57fd0335
Código de exceção: 0xc0000374
Deslocamento com falha: 0x000c3b9b
Identificação do processo com falha: 0x1324
Hora de início do aplicativo com falha: 0x01d279ea393434cc
Caminho do aplicativo com falha: C:\Windows\Explorer.exe
FCaminho do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll
Identificação do Relatório: bd84e1f0-e5dd-11e6-b201-00269e0596dc

Error: (01/29/2017 01:43:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: Explorer.EXE, versão: 6.1.7601.17567, carimbo de hora: 0x4d6727a7
Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.23572, carimbo de hora: 0x57fd0335
Código de exceção: 0xc0000374
Deslocamento com falha: 0x000c3b9b
Identificação do processo com falha: 0x920
Hora de início do aplicativo com falha: 0x01d279d40b85a6af
Caminho do aplicativo com falha: C:\Windows\Explorer.EXE
FCaminho do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll
Identificação do Relatório: 6f37a35d-e5dd-11e6-b201-00269e0596dc

Error: (01/28/2017 11:03:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


Erros de Sistema:
=============
Error: (01/30/2017 07:20:52 PM) (Source: SCardSvr) (EventID: 616) (User: )
Description: O monitor do leitor 'Gemalto e-gate Smart Card 0' recebeu código de erro não percebido:  Acesso negado.

Error: (01/30/2017 07:20:52 PM) (Source: SCardSvr) (EventID: 615) (User: )
Description: Atingido o limite de nova tentativa de erro do monitor para remoção do leitor:  Acesso negado.

Error: (01/30/2017 07:20:52 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: O Leitor de Cartão Inteligente 'Gemalto e-gate Smart Card 0' rejeitou o IOCTL POWER: Acesso negado.. Se o erro persistir, talvez o cartão inteligente ou o leitor não estejam funcionando corretamente.

Cabeçalho do comando: 01 00 00 00

Error: (01/30/2017 07:20:51 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: O Leitor de Cartão Inteligente 'Gemalto e-gate Smart Card 0' rejeitou o IOCTL POWER: Acesso negado.. Se o erro persistir, talvez o cartão inteligente ou o leitor não estejam funcionando corretamente.

Cabeçalho do comando: 01 00 00 00

Error: (01/30/2017 07:20:51 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: O Leitor de Cartão Inteligente 'Gemalto e-gate Smart Card 0' rejeitou o IOCTL POWER: O sistema não pode encontrar o arquivo especificado.. Se o erro persistir, talvez o cartão inteligente ou o leitor não estejam funcionando corretamente.

Cabeçalho do comando: 01 00 00 00

Error: (01/30/2017 12:31:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: 
wsddfac

Error: (01/30/2017 12:31:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Lerdetain terminou com o erro: 
Não foi possível encontrar o módulo especificado.

Error: (01/30/2017 12:31:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço GPG eMMC Device USB Driver(GPGeMMC.sys) devido ao seguinte erro: 
O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados.

Error: (01/30/2017 12:26:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: 
Não foi possível iniciar o serviço ou grupo de dependência.

Error: (01/30/2017 12:26:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: 
Não foi possível iniciar o serviço ou grupo de dependência.


==================== Informações da Memória =========================== 

Processador: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz
Percentagem de memória em uso: 33%
RAM física total: 3003.2 MB
RAM física disponível: 1988.36 MB
Virtual Total: 6002.66 MB
Virtual disponível: 4647.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.48 GB) (Free:36.66 GB) NTFS ==>[drive com componentes de inicialização (obtido através de BCD)]
Drive d: (BACKUP) (Fixed) (Total:319.27 GB) (Free:55.88 GB) NTFS

==================== MBR & Tabela de Partições ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 15574A90)
Partition 1: (Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=319.3 GB) - (Type=07 NTFS)

==================== Fim de Addition.txt ============================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o anexo deste post e extraia para o desktop.

Execute o FRST. Clique no botão Corrigir.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Selecione, copie e cole o conteúdo deste log em sua próxima resposta.

 

fixlist.zip


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Resultado da Correção pela Farbar Recovery Scan Tool (x86) Versão: 29-01-2017
Executado por ATENDIMENTO (01-02-2017 14:33:49) Run:1
Executando a partir de C:\Users\ATENDIMENTO\Desktop
Perfis Carregados: ATENDIMENTO (Perfis Disponíveis: ATENDIMENTO)
Modo da Inicialização: Normal

==============================================

fixlist Conteúdo:
*****************
start
CreateRestorePoint:

HKU\S-1-5-21-3828619231-1868183299-3799608553-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATENÇÃO
HKLM\...\Providers\v6q9j7tw: C:\Program Files\Shuhish Host\local32spl.dll
HKU\S-1-5-21-3828619231-1868183299-3799608553-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
SearchScopes: HKLM -> DefaultScope valor está ausente
FF Session Restore: Mozilla\Firefox\Profiles\my0jwqzu.default-1472675051146 -> está habilitado.
CHR DefaultProfile: ChromeDefaultData2
CHR HomePage: ChromeDefaultData2 -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c,
CHR StartupUrls: ChromeDefaultData2 -> "hxxps://search.yahoo.com/?fr=vmn&type=auslog_ya_hp","hxxp://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp","hxxp://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp"
CHR Session Restore: ChromeDefaultData2 -> está habilitado.
CHR Profile: C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-01-30] <==== ATENÇÃO
StartMenuInternet: Google Chrome.7ZZKYKPNYL5EHO4ONW4FYFZUHM - C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe 
2017-01-30 17:10 - 2017-01-30 17:10 - 00000000 ____D C:\Program Files\Rocker Team
2017-01-25 19:52 - 2017-01-25 19:58 - 21949272 _____ C:\Users\ATENDIMENTO\Downloads\BaiduNetdisk_5.5.2.exe
2017-01-23 13:22 - 2017-01-23 13:22 - 00001335 _____ C:\Users\ATENDIMENTO\Downloads\Install_Adobe24player.zip
2017-01-23 13:09 - 2017-01-24 01:00 - 00000008 __RSH C:\Users\ATENDIMENTO\ntuser.pol
2017-01-23 11:45 - 2017-01-23 11:45 - 00000000 ____D C:\Users\Public\Documents\Tools
2017-01-23 11:45 - 2017-01-23 11:45 - 00000000 ____D C:\Users\Public\Documents\Baidu
2017-01-23 11:42 - 2017-01-23 11:42 - 00000000 ____D C:\ProgramData\Avira
2017-01-23 11:42 - 2017-01-23 11:42 - 00000000 ____D C:\ProgramData\Avg
2017-01-23 11:40 - 2017-01-23 12:05 - 00000000 ____D C:\Users\ATENDIMENTO\AppData\Local\Ckirese
2017-01-23 10:55 - 2017-01-29 05:24 - 00000000 ____D C:\Program Files\iRoot
2017-01-23 10:55 - 2017-01-28 15:10 - 00000920 _____ C:\Users\Public\Desktop\iRoot.lnk
2017-01-23 10:55 - 2017-01-23 10:57 - 00000000 ____D C:\Users\ATENDIMENTO\AppData\Roaming\mgyun
2017-01-23 10:55 - 2017-01-23 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iRoot
2017-01-09 20:30 - 2017-01-28 15:10 - 00001136 _____ C:\Users\Public\Desktop\FactoryTool.lnk
2017-01-09 20:30 - 2017-01-09 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FactoryTool
2017-01-03 16:54 - 2017-01-20 14:00 - 00000000 ____D C:\Users\ATENDIMENTO\AppData\Roaming\iFunbox_UserCache
Task: {E6AB5268-0BC1-43EF-A77B-89EB3860EBDE} - System32\Tasks\Shuhish Host => C:\Program Files\Grokise\tuwe.exe
AlternateDataStreams: C:\Program Files\GbPlugin:IncompleteStartProcessProtection.cnt [8]
AlternateDataStreams: C:\Program Files\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst [165]
AlternateDataStreams: C:\Windows\system32\Drivers\gbpddreg32.sys:X5ZN8aGvT4 [674]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1198]
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [292]
C:\Program Files\Shuhish Host
C:\Program Files\Grokise

EmptyTemp:
end

*****************

Ponto de Restauração criado com sucesso.
HKU\S-1-5-21-3828619231-1868183299-3799608553-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\v6q9j7tw => chave removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order v6q9j7tw => removido (a) com sucesso.
HKU\S-1-5-21-3828619231-1868183299-3799608553-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
FF Session Restore: -> removido (a) com sucesso.

========================= CHR DefaultProfile: ChromeDefaultData2 ========================

"CHR DefaultProChromeDefaultData2" => não encontrado (a).
====== Fim de File: ======

Chrome HomePage => removido (a) com sucesso.
Chrome StartupUrls => removido (a) com sucesso.
Chrome Session Restore: => não encontrado (a).
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 => movido com sucesso
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome.7ZZKYKPNYL5EHO4ONW4FYFZUHM\shell\open\command\\Default => valor restaurado com sucesso
C:\Program Files\Rocker Team => movido com sucesso
"C:\Users\ATENDIMENTO\Downloads\BaiduNetdisk_5.5.2.exe" => não encontrado (a).
C:\Users\ATENDIMENTO\Downloads\Install_Adobe24player.zip => movido com sucesso
C:\Users\ATENDIMENTO\ntuser.pol => movido com sucesso
C:\Users\Public\Documents\Tools => movido com sucesso
C:\Users\Public\Documents\Baidu => movido com sucesso
C:\ProgramData\Avira => movido com sucesso
C:\ProgramData\Avg => movido com sucesso
C:\Users\ATENDIMENTO\AppData\Local\Ckirese => movido com sucesso
C:\Program Files\iRoot => movido com sucesso
C:\Users\Public\Desktop\iRoot.lnk => movido com sucesso
C:\Users\ATENDIMENTO\AppData\Roaming\mgyun => movido com sucesso
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iRoot => movido com sucesso
C:\Users\Public\Desktop\FactoryTool.lnk => movido com sucesso
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FactoryTool => movido com sucesso
C:\Users\ATENDIMENTO\AppData\Roaming\iFunbox_UserCache => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6AB5268-0BC1-43EF-A77B-89EB3860EBDE} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6AB5268-0BC1-43EF-A77B-89EB3860EBDE} => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\Shuhish Host => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Shuhish Host => chave removido (a) com sucesso.
C:\Program Files\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removido (a) com sucesso..
C:\Program Files\GbPlugin => ":u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==" ADS removido (a) com sucesso..
C:\Windows\system32\drivers => ":GbpKmAp.lst" ADS removido (a) com sucesso..
C:\Windows\system32\Drivers\gbpddreg32.sys => ":X5ZN8aGvT4" ADS removido (a) com sucesso..
C:\Windows\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso..
C:\ProgramData\TEMP => ":CB0AACC9" ADS removido (a) com sucesso..
"C:\Program Files\Shuhish Host" => não encontrado (a).
"C:\Program Files\Grokise" => não encontrado (a).

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22719029 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 460757 B
Edge => 0 B
Chrome => 0 B
Firefox => 21486856 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 19344 B
LocalService => 0 B
NetworkService => 0 B
ATENDIMENTO => 15193307 B

RecycleBin => 95871297 B
EmptyTemp: => 148.5 MB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 14:34:44 ====

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe Security Check, by glax24 e salve na sua área de trabalho.

* No Windows Vista, 7, 8 e 10:

Clique com o direito sobre o SecurityCheck.exe e selecione Executar como administrador.

Aguarde enquanto a ferramenta faz o exame.

Ao final, abrirá um log, o SecurityCheck.txt. Este log é salvo em C: (Disco local) na pasta SecurityCheck que foi criada.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 02.02.2017 13:28:04
Path starting: C:\Users\ATENDIMENTO\AppData\Local\temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: ATENDIMENTO
VersionXML: 3.87is-31.01.2017
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x86) Ultimate Lang: Portuguese(0416)
Installation date OS: 20.08.2016 16:08:18
LicenseStatus: Windows(R) 7, Ultimate edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [146.5 Gb] Used: [112.1 Gb] Free: [34.4 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18537
User Account Control disabled
The elevation prompt for administrators disabled
^It is recommended to enable: Win+R typing UserAccountControlSettings and Enter^
Automatically download and schedule installation
Date install updates: 2017-01-28 18:18:59
Windows Update (wuauserv) - The service is running
Central de Segurança (wscsvc) - The service is running
Registro remoto (RemoteRegistry) - The service has stopped
Descoberta SSDP (SSDPSRV) - The service is running
Serviços de Área de Trabalho Remota (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2010 x86 v.14.0.4763.1000
---------------------------- [ Antivirus_WMI ] ----------------------------
Avast Antivirus (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Firewall do Windows (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and up to date)
Avast Antivirus (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Avast Free Antivirus v.12.3.2280
ESET Online Scanner v3
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware versão 2.2.1.1043 v.2.2.1.1043
--------------------------- [ OtherUtilities ] ----------------------------
7-Zip 16.04 v.16.04
WinRAR 5.40 (32-bit) v.5.40.0
--------------------------- [ AppleProduction ] ---------------------------
iTunes v.12.5.5.5
Bonjour v.3.1.0.1
Serviço do Bonjour (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Acrobat Reader DC - Português v.15.023.20056
Adobe Flash Player 10 ActiveX v.10.0.32.18 Warning! Download Update
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 50.1.0 (x86 pt-BR) v.50.1.0 Warning! Download Update
Google Chrome v.55.0.2883.87 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe v.55.0.2883.87
------------------ [ AntivirusFirewallProcessServices ] -------------------
Avast Antivirus (avast! Antivirus) - The service is running
C:\Program Files\AVAST Software\Avast\AvastSvc.exe v.12.3.3154.0
C:\Program Files\AVAST Software\Avast\avastui.exe v.12.3.3154.23
Windows Defender (WinDefend) - The service has stopped
----------------------------- [ End of Log ] ------------------------------
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

É recomendável deixar o UAC (Controle de Conta do Usuário) habilitado, pois é mais uma ferramenta contra a instalação de programas indesejáveis, já que, abre um aviso se permite ou não, a instalação de um programa.

Sobre o Chrome, o SecurityCheck avisou que está desatualizado, inclusive o Firefox também:

------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 50.1.0 (x86 pt-BR) v.50.1.0 Warning! Download Update
Google Chrome v.55.0.2883.87 Warning! Download Update

Se já fez isso ou reinstalou, como está agora?


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

O travamento e reinício do computador, pode estar relacionado com hardware, como memória, super aquecimento por deficiência do cooler do processador, etc...

Veja este artigo da Microsoft: Diagnóstico de memória e hardware

Há também no log de eventos que o FRST leu e está no Addition.txt, diversos erros e um que pode causar também o problema:

Error: (01/29/2017 01:46:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: Explorer.exe, versão: 6.1.7601.17567, carimbo de hora: 0x4d6727a7
Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.23572, carimbo de hora: 0x57fd0335
Código de exceção: 0xc0000374
Deslocamento com falha: 0x000c3b9b
Identificação do processo com falha: 0xcdc
Hora de início do aplicativo com falha: 0x01d279ea848713f4
Caminho do aplicativo com falha: C:\Windows\Explorer.exe
FCaminho do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll
Identificação do Relatório: f385116b-e5dd-11e6-b201-00269e0596dc

Você pode para isso, solicitar orientação na área de Windows 7.

Para finalizar, baixe DelFix, by Xplode e salve na sua área de trabalho.

Dê um duplo-clique no delfix.exe para executá-lo.

* No Windows Vista, 7, 8 e 10:

Clique com o direito sobre o delfix.exe e selecione Executar como administrador.

Marque a caixa Remover ferramentas de desinfecção.

Se quiser ativar o UAC, marque a sua caixa também.

Clique no botão Executar. Isso removerá as ferramentas que usamos, pastas e arquivos criados por elas e o próprio DelFix.

Ao final será gerado um log, mas não é necessário postar.

(Y)

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

×
×
  • Criar Novo...