Ir ao conteúdo
  • Cadastre-se
Alan de Souza Almeida

Malwaree

Recommended Posts

Olá, já tive este problemas antes, porém foi por falta de proteção. Desta vez ele voltou e não tenho a minima ideia de como.

Segue o log (tive problemas ao anexar):


ZA-Scan V1.0.0.5 Updated 31-December-2015
Tool run by ASUS on 03/08/2016 at 13:01:53,14.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\ASUS\Desktop\Malware\ZA-Scan.exe [Z-Analyse Scan]

==== Running Processes ======================

C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\qksee\qkseeSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\SemLaunchSvc.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\bin\httpd.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\ASA\win32\dbsrv16.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\bin\rotatelogs.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\bin\httpd.exe
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files (x86)\Popcorn Time\Updater.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\bin\rotatelogs.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files (x86)\WinZipper\winzipersvc.exe
C:\Program Files (x86)\WinSaber\WinSaber.exe
C:\Users\ASUS\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Firefox\bin\FirefoxCommand.exe
C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\ProgramData\IHeeaWA\protect\protect.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\jre\bin\java.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\ProgramData\TwinpT\WFini.exe
C:\Users\ASUS\AppData\Roaming\TSv\TSvr.exe
C:\Program Files (x86)\SFK\SSFK.exe
C:\Program Files (x86)\Uncheckit\UncheckitSvc.exe
C:\Program Files (x86)\Uncheckit\uncheckitBsn.exe
C:\Program Files (x86)\Uncheckit\cktSvc.exe
C:\Users\ASUS\Desktop\Malware\ZA-Scan.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\ASUS\AppData\Local\Temp\ZAScan.exe

==== Services(whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [c2cautoupdatesvc] - Skype Click to Call Updater - c:\program files (x86)\skype\toolbars\autoupdate\skypec2cautoupdatesvc.exe
R2 - [c2cpnrsvc] - Skype Click to Call PNR Service - c:\program files (x86)\skype\toolbars\pnrsvc\skypec2cpnrsvc.exe
R2 - [CommandHandler] - Command Service(CommandHandler) - c:\program files (x86)\firefox\bin\firefoxcommand.exe
R2 - [FirefoxU] - Update Service(FirefoxU) - c:\program files (x86)\firefox\bin\firefoxupdate.exe
R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe
R2 - [IHeeaWA_protect] - Protect Service(IHeeaWA_protect) - c:\programdata\iheeawa\protect\protect.exe
R2 - [IhPul] - IhPul - c:\users\asus\appdata\roaming\tsv\tsvr.exe
R2 - [LMIGuardianSvc] - LMIGuardianSvc - c:\program files (x86)\logmein hamachi\x64\lmiguardiansvc.exe
R2 - [qkseeService] - qkseeService - c:\program files (x86)\qksee\qkseesvc.exe
R2 - [semlaunchsrv] - Symantec Endpoint Protection Launcher - c:\program files (x86)\symantec\symantec endpoint protection manager\bin\semlaunchsvc.exe
R2 - [semsrv] - Symantec Endpoint Protection Manager - c:\program files (x86)\symantec\symantec endpoint protection manager\tomcat\bin\semsvc.exe
R2 - [semwebsrv] - Symantec Endpoint Protection Manager Webserver - c:\program files (x86)\symantec\symantec endpoint protection manager\apache\bin\httpd.exe
R2 - [SlimService] - SlimWare Utility Service Launcher - c:\program files\slimservice\slimservicefactory.exe
R2 - [SQLANYs_sem5] - Symantec Embedded Database - c:\program files (x86)\symantec\symantec endpoint protection manager\asa\win32\dbsrv16.exe
R2 - [SSFK] - SSFK - c:\program files (x86)\sfk\ssfk.exe
R2 - [TeamViewer] - TeamViewer 11 - c:\program files (x86)\teamviewer\teamviewer_service.exe
R2 - [UncheckitSvc] - UncheckitSvc - c:\program files (x86)\uncheckit\uncheckitsvc.exe
R2 - [Update service] - Update service - c:\program files (x86)\popcorn time\updater.exe
R2 - [WdMan] - WFini WdMan Service - c:\programdata\twinpt\wfini.exe
R2 - [winsaber] - winsaber - c:\program files (x86)\winsaber\winsaber.exe
R2 - [winzipersvc] - WinZiper service - c:\program files (x86)\winzipper\winzipersvc.exe
R2 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [Disc Soft Lite Bus Service] - Disc Soft Lite Bus Service - c:\program files\daemon tools lite\discsoftbusservicelite.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [DeskTop_F] - DeskTop DispalyName - c:\programdata\desktopfind\desktop244.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Serviço Receptor do Windows Media Center - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Serviço Agendador do Windows Media Center - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [LiveUpdate] - LiveUpdate - c:\progra~2\symantec\liveup~1\lucoms~1.exe
S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - c:\program files (x86)\microsoft office\office14\groove.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [ose] - Office  Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
S3 - [PerfHost] - Host de DLL de Contador de Desempenho - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe
S3 - [Steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe
S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe
S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe
S3 - [WatAdminSvc] - Serviço de Tecnologias de Ativação do Windows - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [aspnet_state] - Serviço de estado do ASP.NET - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe

==== Drivers(whitelist) ======================
Powered by E Dev

R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Driver SMB 1.xxx do Servidor - C:\Windows\system32\Drivers\srv.sys
R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [aswRvrt] - avast! Revert - C:\Windows\system32\Drivers\aswRvrt.sys
R0 - [aswVmm] - avast! VM Monitor - C:\Windows\system32\Drivers\aswVmm.sys
R0 - [atapi] - Canal de IDE - C:\Windows\system32\Drivers\atapi.sys
R0 - [CLFS] - Log Comum (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Compbatt] - Microsoft Composite Battery Driver - C:\Windows\system32\Drivers\Compbatt.sys
R0 - [Disk] - Driver de disco - C:\Windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\Windows\system32\Drivers\fvevol.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [iaStorA] - iaStorA - C:\Windows\system32\Drivers\iaStorA.sys
R0 - [iaStorF] - iaStorF - C:\Windows\system32\Drivers\iaStorF.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msahci] - msahci - C:\Windows\system32\Drivers\msahci.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - Driver do Sistema NDIS - C:\Windows\system32\Drivers\NDIS.sys
R0 - [partmgr] - Gerenciador de Partições - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Driver de enumerador da unidade virtual Microsoft - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Volumes de armazenamento - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\Windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-461397753-587730011-3547315271-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\ASUS\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"
"GarenaPlus"="C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe -autolaunch"
"SlimCleaner Plus"="C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe /minimize /boot"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Spotify"="C:\Users\ASUS\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized"
"DAEMON Tools Lite Automount"="C:\Program Files\DAEMON Tools Lite\DTAgent.exe -autorun"

[HKEY_USERS\S-1-5-80-3784820641-2391269600-1434288029-1177689286-1786581930\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-80-3958276243-2739099675-334681800-2039304502-2384811254\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-80-948765316-811284391-187558744-2005173589-387111393\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-80-3784820641-2391269600-1434288029-1177689286-1786581930\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-80-3958276243-2739099675-334681800-2039304502-2384811254\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-80-948765316-811284391-187558744-2005173589-387111393\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"LogMeIn Hamachi Ui"="C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\ASUS\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"
"GarenaPlus"="C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe -autolaunch"
"SlimCleaner Plus"="C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe /minimize /boot"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Spotify"="C:\Users\ASUS\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized"
"DAEMON Tools Lite Automount"="C:\Program Files\DAEMON Tools Lite\DTAgent.exe -autorun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snp2uvc"="C:\Windows\vsnp2uvc.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14/07/2016 17:58]
C:\Windows\tasks\SlimCleaner Plus (Scheduled Scan - ASUS).job --a------ C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [13/04/2016 15:01]
C:\Windows\tasks\SlimDrivers Startup.job --a------ C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [19/08/2015 15:55]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Browser Updater Task(Core)" [""C:\Program Files (x86)\TXQQBrowser\Update\B9C966867971DFD90BD16EC00938E03B\Update\BrowserUpdate.exe""]
"C:\Windows\SysNative\tasks\Garena+ Plugin Host Service" [C:\Program Files (x86)\Garena Plus\ggdllhost.exe]
"C:\Windows\SysNative\tasks\SafeZone scheduled Autoupdate 1458835654" [C:\Program Files\AVAST Software\SZBrowser\launcher.exe]
"C:\Windows\SysNative\tasks\SlimCleaner Plus (Scheduled Scan - ASUS)" [C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe]
"C:\Windows\SysNative\tasks\SlimDrivers Startup" [C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe]
"C:\Windows\SysNative\tasks\Tybejisp" [C:\PROGRA~1\SHOPPE~1\Ybaosf.bat]
"C:\Windows\SysNative\tasks\UncheckitTaskMN" [""C:\Program Files (x86)\Uncheckit\cktSvc.exe""]
"C:\Windows\SysNative\tasks\UncheckitUpdateTaskC" [""C:\Program Files (x86)\Uncheckit\UncheckitUpdate.exe""]
"C:\Windows\SysNative\tasks\UncheckitUpdateTaskDB" [""C:\Program Files (x86)\Uncheckit\UncheckitUpdate.exe""]
"C:\Windows\SysNative\tasks\WinTaske" ["C:\Program Files (x86)\WinTaske\WinTaske\WinTaske.exe"]
"C:\Windows\SysNative\tasks\AVAST Software\Avast settings backup" [C:\Program Files\Common Files\AV\avast Antivirus\backup.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\ASUS\AppData\Roaming\Firefox\Firefox\Profiles\qm627vxj.default
user_pref("browser.startup.homepage", "http://www.searchinme.com/?type=hp&ts=1470157022326&z=4f64d7860ed74f87aa00c09g9z7m3e2g8wdbatfz5t&from=official&uid=WDCXWD3200BEVT-80A0RT0_WD-WXD1A50D7161D7161");

ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\qm627vxj.default
user_pref("browser.startup.homepage", "http://www.nuesearch.com/?type=hp&ts=1466031658&z=008a592bd588d8103a1f6bcgczbqaq6efccg2qcq7e&from=wpm0614&uid=WDCXWD3200BEVT-80A0RT0_WD-WXD1A50D7161D7161");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [06/07/2016 14:18]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [06/07/2016 14:18]

==== Firefox Extensions ======================

ProfilePath: C:\Users\ASUS\AppData\Roaming\Firefox\Firefox\Profiles\qm627vxj.default
- SimilarWeb - %ProfilePath%\extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi
- Portugus do Brasil Language Pack - %ProfilePath%\extensions\langpack-pt-BR@firefox.mozilla.org.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\qm627vxj.default
62D98B286C805E193568037B70D936D2    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll -    Shockwave Flash


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[09/03/2016 17:19]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[25/05/2016 10:31]

Google Slides - ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
selector is not a valid CSS selector - ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Avast Online Security - ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Treasure Arena - ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hedpcboianohjgdhoblpcpgapknkoojm
Chrome Web Store Payments - ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - ASUS\AppData\Local\IHeeaWA\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - ASUS\AppData\Local\IHeeaWA\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - ASUS\AppData\Local\IHeeaWA\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - ASUS\AppData\Local\IHeeaWA\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
selector is not a valid CSS selector - ASUS\AppData\Local\IHeeaWA\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - ASUS\AppData\Local\IHeeaWA\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
a - ASUS\AppData\Local\IHeeaWA\User Data\Default\Extensions\ekbmlhopnonkbfompbndcifmljkljhji
Google Sheets - ASUS\AppData\Local\IHeeaWA\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - ASUS\AppData\Local\IHeeaWA\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
xmlfeed - ASUS\AppData\Local\IHeeaWA\User Data\Default\Extensions\gmnmefifbeginfkndcckjchobjbndclk
Treasure Arena - ASUS\AppData\Local\IHeeaWA\User Data\Default\Extensions\hedpcboianohjgdhoblpcpgapknkoojm
Chrome Adr - ASUS\AppData\Local\IHeeaWA\User Data\Default\Extensions\knbdkcpkcpmiakimkhhmlgkjmchgahil
Chrome Web Store Payments - ASUS\AppData\Local\IHeeaWA\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
DozenSearch - ASUS\AppData\Local\IHeeaWA\User Data\Default\Extensions\odhjlphbhamhgplegmaamhehbhdpealn
Gmail - ASUS\AppData\Local\IHeeaWA\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Docs - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Sheets - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Chrome Web Store Payments - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - USURIO~2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - USURIO~2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - USURIO~2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - USURIO~2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Sheets - USURIO~2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - USURIO~2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Avast Online Security - USURIO~2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Web Store Payments - USURIO~2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - USURIO~2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Skype Calling - USURIO~2\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.nuesearch.com/?type=hp&ts=1466031658&z=008a592bd588d8103a1f6bcgczbqaq6efccg2qcq7e&from=wpm0614&uid=WDCXWD3200BEVT-80A0RT0_WD-WXD1A50D7161D7161"
"Default_Page_URL"="http://www.nuesearch.com/?type=hp&ts=1466031658&z=008a592bd588d8103a1f6bcgczbqaq6efccg2qcq7e&from=wpm0614&uid=WDCXWD3200BEVT-80A0RT0_WD-WXD1A50D7161D7161"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.nuesearch.com/search/?type=ds&ts=1466031658&z=008a592bd588d8103a1f6bcgczbqaq6efccg2qcq7e&from=wpm0614&uid=WDCXWD3200BEVT-80A0RT0_WD-WXD1A50D7161D7161&q={searchTerms}"
"Default_Page_URL"="http://www.nuesearch.com/?type=hp&ts=1466031658&z=008a592bd588d8103a1f6bcgczbqaq6efccg2qcq7e&from=wpm0614&uid=WDCXWD3200BEVT-80A0RT0_WD-WXD1A50D7161D7161"
"Search Page"="http://www.nuesearch.com/search/?type=ds&ts=1466031658&z=008a592bd588d8103a1f6bcgczbqaq6efccg2qcq7e&from=wpm0614&uid=WDCXWD3200BEVT-80A0RT0_WD-WXD1A50D7161D7161&q={searchTerms}"
"Start Page"="http://www.nuesearch.com/?type=hp&ts=1466031658&z=008a592bd588d8103a1f6bcgczbqaq6efccg2qcq7e&from=wpm0614&uid=WDCXWD3200BEVT-80A0RT0_WD-WXD1A50D7161D7161"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.nuesearch.com/search/?type=ds&ts=1466031658&z=008a592bd588d8103a1f6bcgczbqaq6efccg2qcq7e&from=wpm0614&uid=WDCXWD3200BEVT-80A0RT0_WD-WXD1A50D7161D7161&q={searchTerms}"
"Default_Page_URL"="http://www.nuesearch.com/?type=hp&ts=1466031658&z=008a592bd588d8103a1f6bcgczbqaq6efccg2qcq7e&from=wpm0614&uid=WDCXWD3200BEVT-80A0RT0_WD-WXD1A50D7161D7161"
"Search Page"="http://www.nuesearch.com/search/?type=ds&ts=1466031658&z=008a592bd588d8103a1f6bcgczbqaq6efccg2qcq7e&from=wpm0614&uid=WDCXWD3200BEVT-80A0RT0_WD-WXD1A50D7161D7161&q={searchTerms}"
"Start Page"="http://www.nuesearch.com/?type=hp&ts=1466031658&z=008a592bd588d8103a1f6bcgczbqaq6efccg2qcq7e&from=wpm0614&uid=WDCXWD3200BEVT-80A0RT0_WD-WXD1A50D7161D7161"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} - http://www.nuesearch.com/search/?type=ds&ts=1466031658&z=008a592bd588d8103a1f6bcgczbqaq6efccg2qcq7e&from=wpm0614&uid=WDCXWD3200BEVT-80A0RT0_WD-WXD1A50D7161D7161&q={searchTerms}
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} - http://www.nuesearch.com/search/?type=ds&ts=1466031658&z=008a592bd588d8103a1f6bcgczbqaq6efccg2qcq7e&from=wpm0614&uid=WDCXWD3200BEVT-80A0RT0_WD-WXD1A50D7161D7161&q={searchTerms}
HKCU\SearchScopes "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} - http://www.nuesearch.com/search/?type=ds&ts=1466031658&z=008a592bd588d8103a1f6bcgczbqaq6efccg2qcq7e&from=wpm0614&uid=WDCXWD3200BEVT-80A0RT0_WD-WXD1A50D7161D7161&q={searchTerms}

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nuesearch.com/?type=hp&ts=1466031658&z=008a592bd588d8103a1f6bcgczbqaq6efccg2qcq7e&from=wpm0614&uid=WDCXWD3200BEVT-80A0RT0_WD-WXD1A50D7161D7161
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nuesearch.com/?type=hp&ts=1466031658&z=008a592bd588d8103a1f6bcgczbqaq6efccg2qcq7e&from=wpm0614&uid=WDCXWD3200BEVT-80A0RT0_WD-WXD1A50D7161D7161
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nuesearch.com/search/?type=ds&ts=1466031658&z=008a592bd588d8103a1f6bcgczbqaq6efccg2qcq7e&from=wpm0614&uid=WDCXWD3200BEVT-80A0RT0_WD-WXD1A50D7161D7161&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nuesearch.com/search/?type=ds&ts=1466031658&z=008a592bd588d8103a1f6bcgczbqaq6efccg2qcq7e&from=wpm0614&uid=WDCXWD3200BEVT-80A0RT0_WD-WXD1A50D7161D7161&q={searchTerms}
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll

==== EOF on 03/08/2016 at 13:05:11,67 ======================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Alan de Souza Almeida

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

 

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

# Etapa nº 1 #
 
Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop)

Execute o arquivo adwcleaner.exe

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome"
  • Clique no botão Verificar e aguarde o exame finalizar.
  • Clique no botão Limpar.
  • Abrirá um bloco de notas com o resultado.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.
  • O log também será salvo em C:\AdwCleaner


NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar.
 
# Etapa nº 2 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Junkware Removal Tool (JRT) e salve em sua Área de trabalho (Desktop)

 

Clique duas vezes para executar o jrt.exe.
 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • A ferramenta começará o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Ao final um log se abrirá. Será salvo no desktop com o nome de JRT.txt.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 
# Etapa nº 3 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Alan de Souza Almeida

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop).


32 bit (x86) ou 64 bit (x64)

 

  • Clique duas vezes para executar a ferramenta.
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
  • Marque a caixa Arquivos 90 dias,  e clique no botão Examinar.
  • Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop).
  • Selecione, copie e cole o conteúdo do log  FRST.txt em sua próxima resposta.
  • Anexe o log Addition.txt

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Addition.txt

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 10-08-2016
Executado por ASUS (2016-08-10 15:39:01)
Executando a partir de C:\Users\ASUS\Desktop\Malware
Windows 7 Home Premium Service Pack 1 (X64) (2014-04-14 18:08:16)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================

Administrador (S-1-5-21-461397753-587730011-3547315271-500 - Administrator - Disabled)
ASUS (S-1-5-21-461397753-587730011-3547315271-1000 - Administrator - Enabled) => C:\Users\ASUS
Convidado (S-1-5-21-461397753-587730011-3547315271-501 - Limited - Disabled) => C:\Users\Convidado
HomeGroupUser$ (S-1-5-21-461397753-587730011-3547315271-1002 - Limited - Enabled)
Usuário (S-1-5-21-461397753-587730011-3547315271-1003 - Limited - Enabled) => C:\Users\Usuário

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-461397753-587730011-3547315271-1000\...\BitTorrent) (Version: 7.9.5.41866 - BitTorrent Inc.)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - Team Psykskallar)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0192 - Disc Soft Ltd)
Half-Life (HKLM-x32\...\Half-Life) (Version:  - )
Half-Life 2 (HKLM\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM\...\Steam App 420) (Version:  - Valve)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
K-Lite Codec Pack 10.4.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.4.0 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LiveUpdate 3.3 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.3.100.15 - Symantec Corporation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.493 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.493 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware versão 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\Minecraft) (Version: 1.8.9 - Mojang)
Mozilla Firefox 47.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 pt-BR)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
Portal (HKLM\...\Steam App 400) (Version:  - Valve)
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
Serious Sam 2 (HKLM-x32\...\SeriousSam2) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Software de dispositivo do Chipset Intel® (x32 Version: 10.0.27 - Intel(R) Corporation) Hidden
Spotify (HKU\S-1-5-21-461397753-587730011-3547315271-1000\...\Spotify) (Version: 1.0.34.146.g28f9eda2 - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sven Co-op (HKLM-x32\...\Steam App 225840) (Version:  - Sven Co-op Team)
Symantec Endpoint Protection Manager (HKLM-x32\...\{5BCAD129-5FF2-5238-81D3-CDC824EA2D9A}) (Version: 12.1.6306.6100 - Symantec Corporation)
Synergy (HKLM\...\Steam App 17520) (Version:  - Synergy Team)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Tree of Savior (English Ver.) (HKLM\...\Steam App 372000) (Version:  - IMCGAMES Co.,Ltd.)
Universe Sandbox (HKLM-x32\...\Universe Sandbox) (Version:  - )
USB2.0 UVC VGA WebCam (HKLM\...\USB2.0 UVC VGA WebCam) (Version: 5.8.55133.208 - Sonix)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Zuma Deluxe 1.0 (HKLM-x32\...\Zuma Deluxe 1.0) (Version:  - )

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {166BBB97-CFA9-4E3A-A0B7-DAD12B397B6D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-09] (AVAST Software)
Task: {32C492FD-DE3F-45AE-9E89-B673666DB39B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {7F1649CA-DD98-4D3E-BBC8-70A9114E610E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {A5DAB8E1-B3A4-4274-ACBD-C359EB393CAB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {D3B5FDC1-BFEB-4182-9719-921515AA15C1} - \svchost -> Nenhum Arquivo <==== ATENÇÃO
Task: {DB44AA10-70C9-42CB-A0D7-857D2450F923} - System32\Tasks\SafeZone scheduled Autoupdate 1458835654 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Atalhos =============================

(As entradas podem ser listadas para serem restauradas ou removidas.)

Shortcut: C:\Users\ASUS\AppData\Local\Microsoft\Windows\GameExplorer\{21CEAFE8-E42A-4E10-AEC3-44C118E65BCD}\SupportTasks\1\Suporte.lnk -> hxxp://www.sierrastudios.com/
Shortcut: C:\Users\ASUS\AppData\Local\Microsoft\Windows\GameExplorer\{21CEAFE8-E42A-4E10-AEC3-44C118E65BCD}\SupportTasks\0\Mais Jogos da Microsoft.lnk -> hxxp://www.sierrastudios.com/games/half-life/
Shortcut: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\IHeeaWA\IHeeaWA\chrome.exe (The IHeeaWA Authors)
Shortcut: C:\Users\ASUS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\IHeeaWA\IHeeaWA\chrome.exe (The IHeeaWA Authors)
Shortcut: C:\Users\ASUS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\IHeeaWA\IHeeaWA\chrome.exe (The IHeeaWA Authors)

==================== Módulos Carregados (Whitelisted) ==============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-04-14 15:14 - 2012-08-09 19:21 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-08-02 13:45 - 2016-08-01 23:46 - 00253824 _____ () C:\Program Files (x86)\Firefox\bin\FirefoxCommand.exe
2016-08-02 13:45 - 2016-08-01 23:46 - 00499072 _____ () C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
2016-04-22 18:10 - 2016-04-22 03:02 - 00303016 _____ () C:\ProgramData\IHeeaWA\protect\protect.exe
2015-10-22 08:22 - 2016-08-03 13:16 - 00174872 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2015-10-22 08:21 - 2016-08-03 13:16 - 00103192 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2015-10-22 08:21 - 2016-08-03 13:16 - 00107800 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2015-10-22 08:22 - 2016-08-03 13:16 - 00312088 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2015-10-22 08:22 - 2016-08-03 13:16 - 00485656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-01-21 15:54 - 2014-01-21 15:54 - 01301688 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2016-07-30 18:31 - 2016-07-30 18:31 - 02417144 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.24\deploy\LoLLauncher.exe
2016-07-30 18:32 - 2016-07-30 18:32 - 04702712 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.64\deploy\LoLPatcher.exe
2016-07-30 18:32 - 2016-07-30 18:32 - 02862584 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.64\deploy\LoLPatcherUx.exe
2016-03-09 17:22 - 2016-03-09 17:22 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-03-09 17:21 - 2016-03-09 17:21 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-09 17:00 - 2016-08-09 17:00 - 03016192 _____ () C:\Program Files\AVAST Software\Avast\defs\16080906\algo.dll
2016-04-14 07:31 - 2016-04-14 07:31 - 00509344 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-10 14:59 - 2016-08-10 14:59 - 03016192 _____ () C:\Program Files\AVAST Software\Avast\defs\16081004\algo.dll
2016-01-17 00:25 - 2016-08-02 19:08 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-01-17 00:25 - 2016-08-02 19:10 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-01-17 00:25 - 2016-08-02 19:09 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-01-17 00:25 - 2016-08-02 19:09 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-01-17 00:25 - 2016-08-02 21:00 - 02320160 _____ () C:\Program Files (x86)\Steam\video.dll
2016-01-17 00:24 - 2016-02-08 20:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-01-17 00:24 - 2016-02-08 20:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-01-17 00:24 - 2016-02-08 20:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-01-17 00:24 - 2016-02-08 20:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-01-17 00:24 - 2016-02-08 20:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-01-17 00:24 - 2016-08-02 20:59 - 00831776 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 15:16 - 2016-07-06 19:00 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-01-12 13:56 - 2016-08-05 23:38 - 52042352 _____ () C:\Users\ASUS\AppData\Roaming\Spotify\libcef.dll
2015-07-20 14:11 - 2015-07-20 14:11 - 00074592 _____ () C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\bin\pcre.dll
2016-01-12 13:56 - 2016-08-05 23:38 - 01741936 _____ () C:\Users\ASUS\AppData\Roaming\Spotify\libglesv2.dll
2016-01-12 13:56 - 2016-08-05 23:38 - 00087664 _____ () C:\Users\ASUS\AppData\Roaming\Spotify\libegl.dll
2016-01-17 00:24 - 2016-06-14 16:14 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-01-23 22:35 - 2016-01-23 22:35 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-07-30 18:32 - 2016-07-30 18:32 - 01491448 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.64\deploy\RiotLauncher.dll
2016-07-30 18:32 - 2016-07-30 18:32 - 34851320 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.64\deploy\libcef.dll
2016-07-30 18:32 - 2016-07-30 18:32 - 01383416 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.64\deploy\icui18n.dll
2016-07-30 18:32 - 2016-07-30 18:32 - 01142264 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.64\deploy\icuuc.dll
2016-07-30 18:32 - 2016-07-30 18:32 - 04382200 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.64\deploy\v8.dll
2016-07-30 18:31 - 2016-07-30 18:31 - 00953336 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.64\deploy\ffmpegsumo.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-07-14 17:58 - 2016-07-14 17:58 - 19483328 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll
2016-04-09 19:19 - 2016-08-10 15:23 - 01401248 ____C () C:\Level Up\Ragnarok\Ragexe.exe
2016-04-09 19:09 - 2002-08-09 12:38 - 00358963 ____C () C:\Level Up\Ragnarok\binkw32.dll
2016-04-09 19:19 - 2001-03-31 11:41 - 00346624 ____C () C:\Level Up\Ragnarok\mss32.dll
2016-04-09 19:09 - 2002-04-25 10:51 - 00073728 ____C () C:\Level Up\Ragnarok\cps.dll
2016-04-09 19:19 - 2002-07-06 12:16 - 00125952 ____C () C:\Level Up\Ragnarok\Mp3dec.asi
2016-04-09 19:19 - 2002-07-06 12:16 - 00062976 ____C () C:\Level Up\Ragnarok\Mssfast.m3d
2016-07-30 18:32 - 2016-07-30 18:32 - 00114680 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.64\deploy\jpatch.exe

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)


==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)


==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)


==================== Hosts Conteúdo: ==========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2009-07-13 23:34 - 2016-08-07 14:56 - 00001227 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

Existem ainda 4 mais linhas.


==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-461397753-587730011-3547315271-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 4.2.2.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Atualmente não há nenhuma correção automática para esta seção.)


==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [TCP Query User{86A0B403-F69D-4CBC-BFF3-BB98DA120153}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{0F79101E-1E2B-40A1-AA33-F81BD8A991A6}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [{F5CCD6EB-3DE5-4AB3-A526-EAE04584D425}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{3A15B09C-8E98-4751-8429-CB4C2B47C9F2}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{9B9ED266-7C12-440B-82DB-2F246E31A446}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{99471F4E-B6DF-42CE-973B-497320F82311}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [TCP Query User{03EEFCB6-01A5-4F0D-B325-05F3CF30EFE1}C:\users\asus\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asus\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{DC408C73-CE6E-4C6B-9471-BAD65D0F03CC}C:\users\asus\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asus\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{280BD390-2DA9-44B8-BE01-6F57F6080B79}C:\users\asus\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\asus\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{9858D9F9-8A9B-46A3-BED4-08D59531CA48}C:\users\asus\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\asus\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{A3C58B9B-4238-4B79-8E63-1ACE4CD3D0C9}C:\users\asus\appdata\roaming\.minecraft\java\bin\javaw.exe] => (Allow) C:\users\asus\appdata\roaming\.minecraft\java\bin\javaw.exe
FirewallRules: [UDP Query User{D9004496-0BB5-44BB-8B4B-E986AAD26680}C:\users\asus\appdata\roaming\.minecraft\java\bin\javaw.exe] => (Allow) C:\users\asus\appdata\roaming\.minecraft\java\bin\javaw.exe
FirewallRules: [{1EE909DE-612C-45D9-9EE9-9BF1849DC278}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B4A8A06E-A674-4D32-96C8-7CBDBF9CB4BB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4E158CC1-2B12-4862-AE0E-D2C2AF3AF9FB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{50D4BB1F-E7D0-47A4-8605-E8EB6FBD5F4D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{95830C73-7E49-4775-BDFF-08B9676D1694}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{CB8F4EE4-57AE-46DE-A7C3-7ACC5BF7E7B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [TCP Query User{666A0872-48B5-40E0-9122-4EED00E27821}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [UDP Query User{D90ED425-A354-4368-8A71-59E347CC7575}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{14F7AE37-B5C2-4B83-AD48-BC414A238273}] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{ECFA9CC4-E66A-44C7-BF75-60F4FD133365}] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{374DCB65-FBAF-42F9-B933-745D44F4E389}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{87467B40-4B9A-48D5-B397-D6A710D3DFD5}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{B470A214-41F8-457D-8DA8-CF67B2E51AC7}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{3E1BA5E3-85B7-4BD7-8618-EC156EE2B23E}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [TCP Query User{B326B879-AE51-426B-BD60-488929736A2B}C:\users\asus\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asus\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{306FA0E2-A122-415C-B326-EB03A1B4A8EA}C:\users\asus\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asus\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{BD9F0B81-0751-4402-96B2-377331DF0C06}C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [UDP Query User{9F39C270-FC63-4C83-8DA8-488F45857C9F}C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [{F4D88A3B-81A7-44F5-9B3E-D96D34BF99DA}] => (Block) C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [{AB5A4C5A-2056-4826-BBFB-7DDCC6706C1D}] => (Block) C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [{16389577-12E5-47FE-B995-4BF09BB8BEE7}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe
FirewallRules: [{1A86E3CC-90EB-489F-AAA6-49E4E40D448F}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\bin\httpd.exe
FirewallRules: [{F4A274A1-8083-4B42-A506-183322D2F2F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svencoop.exe
FirewallRules: [{31E8CCBE-40B4-4C7C-9B76-936F4B0D3342}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svencoop.exe
FirewallRules: [TCP Query User{FBE6B3B1-91EE-4037-A3C1-57AD67AD6801}C:\program files (x86)\steam\steamapps\common\sven co-op\svends.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sven co-op\svends.exe
FirewallRules: [UDP Query User{C634B290-01FE-44FF-894C-9CA44EC49A14}C:\program files (x86)\steam\steamapps\common\sven co-op\svends.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sven co-op\svends.exe
FirewallRules: [{07FD0747-638E-46E7-97A8-70C4B2BD7BFF}] => (Allow) C:\Program Files (x86)\Garena Plus\Room\garena_room.exe
FirewallRules: [{91272E38-4AAE-451E-8733-A2A5CED71027}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{D400EF7A-719B-4B93-AE10-D148792B27B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{BFFE4D6D-7A88-4FAA-91B9-AEE62BCDC50B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{69F55648-D58C-4365-8B0B-C2304C6EE565}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DBD231D6-6996-4E71-9A77-BFBCD7AD3F65}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2021FC04-056B-4E62-B465-AFADD190D8EC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E38EEEFF-00A0-4081-9807-1462357AD7CE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C8168ACA-CC9B-4230-8AB4-9487B2A1938E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A0396AD8-DD7B-4521-8DC5-67F29A5A1003}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{73EB609B-06C9-47FF-977B-8D48B0C08A13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Synergy\hl2.exe
FirewallRules: [{DB31F57A-87FE-4BDD-A42B-C993471D2401}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Synergy\hl2.exe
FirewallRules: [{B4CA0DC0-F2F7-41EE-A764-712FBB126318}] => (Allow) C:\Program Files (x86)\IHeeaWA\IHeeaWA\chrome.exe
FirewallRules: [{B416618A-2181-48BA-A0C4-3D146538D874}] => (Allow) C:\Program Files (x86)\IHeeaWA\IHeeaWA\bin\IHeeaWA_server.exe
FirewallRules: [{89BE2D18-CB49-48D1-BAB2-EAF17E144A2E}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{6A847614-74F4-48D3-9BB7-AF8ECB556F2C}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxCommand.exe
FirewallRules: [{DE75D3C0-18CB-4906-850A-739E0F82D2BC}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{3B294A56-3112-42C6-8648-C8F7ED53EFFC}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [TCP Query User{D116B3CD-EA89-4D08-A324-6E46399662F5}C:\program files (x86)\serious sam 2\bin\sam2.exe] => (Allow) C:\program files (x86)\serious sam 2\bin\sam2.exe
FirewallRules: [UDP Query User{AA0BAB8F-5FAF-48B7-8967-430923480E16}C:\program files (x86)\serious sam 2\bin\sam2.exe] => (Allow) C:\program files (x86)\serious sam 2\bin\sam2.exe
FirewallRules: [{DBAF3EE7-F911-4D28-87B9-49DF37B350A0}] => (Block) C:\program files (x86)\serious sam 2\bin\sam2.exe
FirewallRules: [{C88D1202-535F-497A-AA78-E232A51A9B8C}] => (Block) C:\program files (x86)\serious sam 2\bin\sam2.exe
FirewallRules: [TCP Query User{9B886D47-8279-41F5-8E0C-530F04992DBF}C:\program files (x86)\steam\steamapps\common\synergy\synergy.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\synergy\synergy.exe
FirewallRules: [UDP Query User{B75B01B9-822C-4E61-A670-EB98FF4ECBD6}C:\program files (x86)\steam\steamapps\common\synergy\synergy.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\synergy\synergy.exe
FirewallRules: [{972894E1-859A-46B6-9C5F-B8C4740EAF00}] => (Block) C:\program files (x86)\steam\steamapps\common\synergy\synergy.exe
FirewallRules: [{5064CCB4-91C4-409B-82FD-F983B76EDC2B}] => (Block) C:\program files (x86)\steam\steamapps\common\synergy\synergy.exe
FirewallRules: [{F58AD6C5-F99D-46D0-AF01-AAE74A3DC0DF}] => (Allow) C:\ProgramData\IHeeaWA\protect\protect.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe] => Enabled:Symantec Endpoint Protection Manager

==================== Pontos de Restauração =========================

03-08-2016 22:44:40 Removed LogMeIn Hamachi
03-08-2016 22:49:20 Installed LogMeIn Hamachi
07-08-2016 17:39:11 JRT Pre-Junkware Removal
10-08-2016 15:03:42 Windows Update

==================== Dispositivos Apresentando Falhas No Gerenciador =============

Name: Dispositivo do sistema básico
Description: Dispositivo do sistema básico
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Dispositivo do sistema básico
Description: Dispositivo do sistema básico
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Dispositivo do sistema básico
Description: Dispositivo do sistema básico
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de Túnel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (08/10/2016 03:40:26 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Não é possível inicializar o monitoramento de desempenho não para o objeto coletor, pois os contadores não estão carregados ou o objeto de memória compartilhado não pode ser aberto. Isso afeta somente a disponibilidade dos contadores de desempenho. Reinicie o computador.

Contexto: Aplicativo , Catálogo SystemIndex

Error: (08/10/2016 02:55:35 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> AH00558: httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.102. Set the 'ServerName' directive globally to suppress this message     .

Error: (08/09/2016 10:20:47 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> AH00558: httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.102. Set the 'ServerName' directive globally to suppress this message     .

Error: (08/09/2016 04:58:34 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> AH00558: httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.102. Set the 'ServerName' directive globally to suppress this message     .

Error: (08/08/2016 09:31:31 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> AH00558: httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.102. Set the 'ServerName' directive globally to suppress this message     .

Error: (08/08/2016 07:24:40 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> AH00558: httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.102. Set the 'ServerName' directive globally to suppress this message     .

Error: (08/07/2016 09:53:45 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> AH00558: httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.102. Set the 'ServerName' directive globally to suppress this message     .

Error: (08/07/2016 03:58:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: desktop244.exe, versão: 1.0.0.10, carimbo de hora: 0x56e96567
Nome do módulo de falhas: desktop244.exe, versão: 1.0.0.10, carimbo de hora: 0x56e96567
Código de exceção: 0x40000015
Deslocamento com falha: 0x00013cf7
Identificação do processo com falha: 0x494
Hora de início do aplicativo com falha: 0xdesktop244.exe0
Caminho do aplicativo com falha: desktop244.exe1
FCaminho do módulo de falhas: desktop244.exe2
Identificação do Relatório: desktop244.exe3

Error: (08/07/2016 01:13:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: desktop244.exe, versão: 1.0.0.10, carimbo de hora: 0x56e96567
Nome do módulo de falhas: desktop244.exe, versão: 1.0.0.10, carimbo de hora: 0x56e96567
Código de exceção: 0x40000015
Deslocamento com falha: 0x00013cf7
Identificação do processo com falha: 0x448
Hora de início do aplicativo com falha: 0xdesktop244.exe0
Caminho do aplicativo com falha: desktop244.exe1
FCaminho do módulo de falhas: desktop244.exe2
Identificação do Relatório: desktop244.exe3

Error: (08/07/2016 12:34:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: desktop244.exe, versão: 1.0.0.10, carimbo de hora: 0x56e96567
Nome do módulo de falhas: desktop244.exe, versão: 1.0.0.10, carimbo de hora: 0x56e96567
Código de exceção: 0x40000015
Deslocamento com falha: 0x00013cf7
Identificação do processo com falha: 0xd24
Hora de início do aplicativo com falha: 0xdesktop244.exe0
Caminho do aplicativo com falha: desktop244.exe1
FCaminho do módulo de falhas: desktop244.exe2
Identificação do Relatório: desktop244.exe3


Erros de Sistema:
=============
Error: (08/10/2016 02:57:38 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1BB2CAF7-8881-4CE8-B16A-3CA37C7C6F33}

Error: (08/10/2016 02:57:09 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (08/10/2016 02:56:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço LogMeIn Hamachi Tunneling Engine devido ao seguinte erro:
%%1053 = O serviço não respondeu à requisição de início ou controle em tempo hábil.

Error: (08/10/2016 02:56:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço LogMeIn Hamachi Tunneling Engine.

Error: (08/10/2016 02:55:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Update service devido ao seguinte erro:
%%2 = O sistema não pode encontrar o arquivo especificado.

Error: (08/10/2016 02:52:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: O desligamento anterior do sistema em 14:40:27 às ‎10/‎08/‎2016 não era esperado.

Error: (08/09/2016 10:21:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço LogMeIn Hamachi Tunneling Engine devido ao seguinte erro:
%%1053 = O serviço não respondeu à requisição de início ou controle em tempo hábil.

Error: (08/09/2016 10:21:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço LogMeIn Hamachi Tunneling Engine.

Error: (08/09/2016 10:20:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Update service devido ao seguinte erro:
%%2 = O sistema não pode encontrar o arquivo especificado.

Error: (08/09/2016 10:19:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: O desligamento anterior do sistema em 22:13:39 às ‎09/‎08/‎2016 não era esperado.


CodeIntegrity:
===================================
  Date: 2016-02-20 02:45:13.070
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-02-20 02:45:12.930
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Informações da Memória ===========================

Processador: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz
Percentagem de memória em uso: 86%
RAM física total: 3884.57 MB
RAM física disponível: 531.55 MB
Virtual Total: 7767.32 MB
Virtual disponível: 3657.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:102.32 GB) NTFS

==================== MBR & Tabela de Partições ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E0C5913D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== Fim de Addition.txt ============================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Alan de Souza Almeida

 

O FRST deve ser executado diretamente da Área de Trabalho (Desktop), no entanto você executou da pasta:

 

Executando a partir de C:\Users\ASUS\Desktop\Malware

 

Delete-o daí, baixe um novo para o Desktop, execute o FRST, marque a opção Addition e clique no botão Examinar. Anexe os logs.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá. Perdão por demorar a responder, mas estava com problemas de postar a pensagem, pois sempre quando clico em "responder", ou sou automaticamente deslogado, ou aparece que estou logado lá na parte extrema direita mas aparecepara mim no lugar que devo escrever a mensagem "Entrar", como se eu novamente estivesse deslogado. Já enfrentei esse problema antes. Será que tem a ver com o malware? Por esse motivo pedi para um amigo meu logar no pc dele e te passar os logs do meu PC juntamente com essa mensagem, espero que não tenha problema. Segue os logs:

Abraços. 

Addition.txt

FRST.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Alan de Souza Almeida

 

Se o problema do acesso ao fórum persistir, entre em contato com a coordenação.

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está abaixo:

 

Citação

CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-461397753-587730011-3547315271-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 gkernel; \??\C:\Users\ASUS\AppData\Local\Temp\gkernel.sys [X]
C:\Users\ASUS\AppData\Local\Temp\gkernel.sys
S3 JMCR; system32\DRIVERS\jmcr.sys [X]
C:\Users\ASUS\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\ASUS\AppData\Local\Temp\libeay32.dll
C:\Users\ASUS\AppData\Local\Temp\msvcr120.dll
C:\Users\ASUS\AppData\Local\Temp\sqlite3.dll
Task: {D3B5FDC1-BFEB-4182-9719-921515AA15C1} - \svchost -> Nenhum Arquivo <==== ATENÇÃO

CMD:ipconfig /flushdns
EmptyTemp:

 

  • Salve este arquivo na Área de Trabalho (Desktop) como fixlist.txt
  • Execute novamente o FRST e clique no botão Corrigir;
  • Aguarde... ao final será gerado o log Fixlog.txt em sua Área de Trabalho (Desktop).
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Alan de Souza Almeida

 

Baixe a Malwarebytes Anti-Malware (MBAM).
 
Clique duas vezes no mbam-setup.exe para instalar o programa.

  • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas..
  • Clique em Configurações, clique em Detecção e proteção, marque Verificar por Rootkits.
  • Volte ao Painel e por fim clique em Verificar agora.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Registros do aplicativo na janela principal do programa.
  • Clique duas vezes no log (Registro de verificação). Utilize o formato .txt para exportar o log.
  • O log de Proteção é desnecessário para a análise, exporte sempre o log correto.
  • Selecione, copie e cole o conteúdo deste log em sua próxima resposta.

 

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado. Caso você seja o autor do tópico e quer que o mesmo seja reaberto, entre em contato com um Analista de Segurança do Fórum solicitando o desbloqueio.

 

CarlosTurco

diego_moicano

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×