start
createrestorepoint:
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\ GbPluginAbn-x32: C:\Program Files (x86)\GbPlugin\gbiehAbn.dll [X]
HKU\S-1-5-21-3624556783-1921902013-1688194335-1001\...\MountPoints2: {9e8e737a-0abc-11e1-8d0e-90e6ba3eb41f} - E:\SETUP.EXE
HKU\S-1-5-21-3624556783-1921902013-1688194335-1001\...\MountPoints2: {ae035a41-5718-11e4-8aec-90e6ba3eb41f} - E:\setup.exe
CHR HKU\S-1-5-21-3624556783-1921902013-1688194335-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Plugin HKU\S-1-5-21-3624556783-1921902013-1688194335-1001: gastecnologia.com.br/sf/abn -> C:\Users\x\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll No File
FF Plugin HKU\S-1-5-21-3624556783-1921902013-1688194335-1001: gastecnologia.com.br/sf/abn64 -> C:\Users\x\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll No File
C:\ProgramData\hash.dat
C:\Users\Todos os Usuários\hash.dat
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
system32\DRIVERS\Lbd.sys
AlternateDataStreams: C:\Windows\System32:5CD8EBDA_Abn.gbp
AlternateDataStreams: C:\Windows\TEMP:temp
emptytemp:
end