Ir ao conteúdo
  • Cadastre-se
Gislaine Ortiz Dos Santos

Malware com navegador chromium

Recommended Posts

Cara @Gislaine Ortiz Dos Santos

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

 

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

# Etapa nº 1 #
 
Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop)

Execute o arquivo adwcleaner.exe

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome"
  • Clique no botão Verificar e aguarde o exame finalizar.
  • Clique no botão Limpar.
  • Abrirá um bloco de notas com o resultado.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.
  • O log também será salvo em C:\AdwCleaner


NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar.
 
# Etapa nº 2 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Junkware Removal Tool (JRT) e salve em sua Área de trabalho (Desktop)

 

Clique duas vezes para executar o jrt.exe.
 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • A ferramenta começará o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Ao final um log se abrirá. Será salvo no desktop com o nome de JRT.txt.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 
# Etapa nº 3 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

# AdwCleaner v6.020 - Relatório criado 22/09/2016 às 21:35:21
# *Updated on 14/09/2016 by ToolsLib
# Banco de dados : 2016-09-22.1 [Servidor]
# Sistema operacional : Windows 7 Ultimate  (X86)
# Usuário : Alexandre - ALEXANDRE-PC
# Executando de : C:\Users\Alexandre\Desktop\adwcleaner_6.020.exe
# *Mode: Scan
# Apoio : https://toolslib.net/forum

***** [ Serviços ] *****

*No malicious services found.


***** [ Pastas ] *****

Encontrado C:\Users\Alexandre\AppData\Roaming\WeatherTool
Encontrado C:\Users\Public\Documents\Guid
Encontrado C:\Program Files\WeatherTool
Encontrado C:\Windows\system32\config\systemprofile\AppData\Roaming\WeatherTool


***** [ Arquivos ] *****

Encontrado C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
Encontrado C:\Users\Alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\yf5cr89m.default\searchplugins\yahoo! powered.xml
Encontrado C:\Users\Alexandre\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage


***** [ DLL ] *****

*No malicious DLLs found.


***** [ WMI ] *****

*No malicious keys found.


***** [ Atalhos ] *****

Procurando por atalhos infectados ...


***** [ Tarefas agendadas ] *****

*No malicious task found.


***** [ Registro ] *****

Encontrado HKU\S-1-5-21-4063513852-685800511-1533012106-1000\Software\Conduit
Encontrado HKU\S-1-5-21-4063513852-685800511-1533012106-1000\Software\PRODUCTSETUP
Encontrado HKU\S-1-5-21-4063513852-685800511-1533012106-1000\Software\WeatherTool
Encontrado HKU\S-1-5-21-4063513852-685800511-1533012106-1000\Software\csastats
Encontrado HKCU\Software\Conduit
Encontrado HKCU\Software\PRODUCTSETUP
Encontrado HKCU\Software\WeatherTool
Encontrado HKCU\Software\csastats
Encontrado HKLM\SOFTWARE\WeatherTool
Encontrado HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeatherTool
Encontrado HKU\S-1-5-21-4063513852-685800511-1533012106-1000\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_vdnldre_16_
Encontrado HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_vdnldre_16_39&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%2
Encontrado HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_vdnldre_16_39&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%2
Encontrado HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_vdnldre_16_39&param1=1&param2=f%3D2%26b%3DIE%26cc%3Dbr%26
Encontrado HKU\S-1-5-21-4063513852-685800511-1533012106-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Encontrado HKU\S-1-5-21-4063513852-685800511-1533012106-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Encontrado HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Encontrado HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Encontrado HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Encontrado HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Encontrado HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
Encontrado HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej


***** [ Navegadores ] *****

Encontrado [C:\Users\Alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\yf5cr89m.default\prefs.js] - "browser.search.defaultenginename" -  "Yahoo! Powered"
Encontrado [C:\Users\Alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\yf5cr89m.default\prefs.js] - "browser.search.selectedEngine" -  "Yahoo! Powered"
Encontrado [C:\Users\Alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\yf5cr89m.default\prefs.js] - "browser.startup.homepage" -  "hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wb
*Chromium pref Found: [C:\Users\Alexandre\AppData\Local\Chromium\User Data\Default\Web data] - yahoo! powered
*Chromium pref Found: [C:\Users\Alexandre\AppData\Local\Chromium\User Data\Default\Secure Preferences] - hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_vdnldre_16_39&param1=1&param2=f%3D7%
*Chromium pref Found: [C:\Users\Alexandre\AppData\Local\Chromium\User Data\Default\Secure Preferences ] - hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_vdnldre_16_39&param1=1&param2=f%3D1
*Chromium pref Found: [C:\Users\Alexandre\AppData\Local\Google\Chrome\User Data\Default\Web data] - br.ask.com

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [4889 *Bytes] - [22/09/2016 21:35:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4963 *Bytes] ##########
 

~ ZHPCleaner v2016.9.24.144 by Nicolas Coolman (2016/09/24)
~ Run by Alexandre (Administrator)  (24/09/2016 09:27:03)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Users\Alexandre\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Alexandre\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 32-bit  (Build 7600)


---\\  Serviços (0)


---\\  Navegadores de Internet (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Arquivo hosts (1)
~ O arquivo hosts é legítimo (20)


---\\  Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Explorer ( Arquivos, Pastas) (5)
MOVIDO pasta: C:\Users\Alexandre\AppData\Roaming\logpath\execute.exe    =>
MOVIDO pasta: C:\Users\Alexandre\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pt-br.gameofthrones.wikia.com_0.localstorage    =>.Superfluous.IronSourceLtd
MOVIDO pasta: C:\Users\Alexandre\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pt-br.gameofthrones.wikia.com_0.localstorage-journal    =>.Superfluous.IronSourceLtd
MOVIDO arquivo: C:\Users\Alexandre\AppData\Roaming\logpath  =>
MOVIDO arquivo: C:\ProgramData\Microsoft\Network\Dsq  =>PUP.Optional.WindowsSecurity


---\\  Registro ( Chaves, Valores, Dados ) (5)
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\TheFreeWeatherService [C:\Program Files\WeatherTool\2.0.1.5000028\WeatherService.exe (Not File)]  =>PUP.Optional.WeatherTool
SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-4063513852-685800511-1533012106-1000\SOFTWARE\Conduit []  =>.Superfluous.Conduit
SUPRIMIDO chave: HKCU\Software\Conduit []  =>.Superfluous.Conduit
SUPRIMIDO chave*: HKLM\SOFTWARE\DtsEncodeTools []  =>PUP.Optional.WeatherTool
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.]  =>Heuristic.Suspect


---\\  Resumo dos elementos encontrados na sua estação de trabalho (5)
https://www.anti-malware.top/2016/05/02/superfluous-ironsourceltd/  =>.Superfluous.IronSourceLtd
https://www.nicolascoolman.com/fr/repaquetage-et_infections/  =>PUP.Optional.WindowsSecurity
https://www.nicolascoolman.com/fr/pup-optional-weathertool  =>PUP.Optional.WeatherTool
https://www.nicolascoolman.com/fr/toolbar-conduit/  =>.Superfluous.Conduit
https://www.anti-malware.top/2016/04/22/heuristic-suspect/  =>Heuristic.Suspect


---\\  Dodatkowe oczyszczenie. (11)
~ Chave de registro Tracing Supprimido (8)
~ Remover os relatórios antigos ZHPCleaner. (3)


---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Opera Software)


---\\ Estatísticas
~ Items scan : 664
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 11


~ End of clean in 00h00mn17s
~====================
ZHPCleaner-[R]-24092016-09_27_20.txt
ZHPCleaner-[R]-27022016-14_32_12.txt
ZHPCleaner--24092016-09_20_49.txt
 

 

***O junkware removal tool não funciona no meu computador. Deixo até amanhecer ligado para ver se ele verifica e não adianta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara @Gislaine Ortiz Dos Santos

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop).


32 bit (x86) ou 64 bit (x64)

 

  • Clique duas vezes para executar a ferramenta.
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
  • Marque a caixa Arquivos 90 dias,  e clique no botão Examinar.
  • Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop).
  • Selecione, copie e cole o conteúdo do log  FRST.txt em sua próxima resposta.
  • Anexe o log Addition.txt

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 21-09-2016
Executado por Alexandre (administrador) em ALEXANDRE-PC (24-09-2016 09:30:18)
Executando a partir de C:\Users\Alexandre\Desktop
Perfis Carregados: Alexandre (Perfis Disponíveis: Alexandre)
Platform: Microsoft Windows 7 Ultimate  (X86) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(QNT) C:\Users\Alexandre\AppData\Roaming\Netlog\Netlog.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1681408 2009-09-21] (VIA)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-28] (AVAST Software)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [792112 2016-06-22] (GAS Tecnologia LTDA)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1065024 2014-06-10] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll [2016-06-16] (Banco do Brasil)
Winlogon\Notify\ GbPluginCef: C:\Program Files\GbPlugin\gbiehCef.dll [2016-09-13] (Caixa Economica Federal)
HKU\S-1-5-21-4063513852-685800511-1533012106-1000\...\Run: [uTorrent] => C:\Users\Alexandre\AppData\Roaming\uTorrent\uTorrent.exe [2139840 2016-09-08] (BitTorrent Inc.)
HKU\S-1-5-21-4063513852-685800511-1533012106-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6638296 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-4063513852-685800511-1533012106-1000\...\Run: [Chromium] => c:\users\alexandre\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-4063513852-685800511-1533012106-1000\...\Run: [VDownloader] => C:\Program Files\VDownloader\Vdownloader4.exe /silent
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GbPlugin\gbieh.dll [1947872 2016-06-16] (Banco do Brasil)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\PROGRAM FILES\GbPlugin\gbiehcef.dll [1903328 2016-09-13] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-02-24] (AVAST Software)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A25673A7-D310-4FA5-9B29-2D043240CAAD}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-4063513852-685800511-1533012106-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4063513852-685800511-1533012106-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-22] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-24] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2014-11-14] (SEIKO EPSON CORPORATION)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll [2007-02-16] (IDM)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES\GBPLUGIN\gbieh.dll [2016-06-16] (Banco do Brasil)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\PROGRAM FILES\GBPLUGIN\gbiehcef.dll [2016-09-13] (Caixa Economica Federal)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-22] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2014-11-14] (SEIKO EPSON CORPORATION)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\yf5cr89m.default
FF NewTab: about:newtab
FF Keyword.URL: user_pref("keyword.URL", true);
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-22] (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-4063513852-685800511-1533012106-1000: gastecnologia.com.br/sf/bb -> C:\Users\Alexandre\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-03-06] (GAS Tecnologia)
FF Extension: (Firefox Hotfix) - C:\Users\Alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\yf5cr89m.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-24]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-24]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\Alexandre\AppData\Local\Google\Chrome\User Data\Default [2016-09-24]
CHR Extension: (AdBlock) - C:\Users\Alexandre\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-22]
CHR Extension: (Avast Online Security) - C:\Users\Alexandre\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-18]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Alexandre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Alexandre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-24]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

"Warsaw Technology" => serviço foi desbloqueado. <===== ATENÇÃO

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-24] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [593392 2015-06-25] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [631520 2016-06-16] (GAS Tecnologia)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Arquivo não assinado]
R2 mfevtp; C:\Windows\system32\mfevtps.exe [238288 2016-04-04] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [Arquivo não assinado]
R2 NetLogHandler; C:\Users\Alexandre\AppData\Roaming\Netlog\Netlog.exe [167704 2015-06-08] (QNT)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [Arquivo não assinado]
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [792112 2016-06-22] (GAS Tecnologia LTDA)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-02-24] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-03-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-02-24] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-02-24] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-03-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-02-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [127432 2016-02-24] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2016-08-05] (AVAST Software)
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [49496 2015-11-25] (GAS Tecnologia)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [648552 2016-04-04] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [91840 2016-04-04] (McAfee, Inc.)
R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2015-03-29] (GAS Tecnologia)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1086976 2009-09-17] (VIA Technologies, Inc.)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert32.sys [31448 2015-07-07] (Basil)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [80728 2016-09-23] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [79064 2015-03-18] (GAS Tecnologia)
S0 gbpddreg; system32\drivers\gbpddreg32.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-09-24 09:30 - 2016-09-24 09:30 - 00014791 _____ C:\Users\Alexandre\Desktop\FRST.txt
2016-09-24 09:30 - 2016-09-24 09:30 - 00000000 ____D C:\FRST
2016-09-24 09:29 - 2016-09-24 09:29 - 01753088 _____ (Farbar) C:\Users\Alexandre\Desktop\FRST.exe
2016-09-24 09:20 - 2016-09-24 09:27 - 00003161 _____ C:\Users\Alexandre\Desktop\ZHPCleaner.txt
2016-09-24 09:14 - 2016-09-24 09:14 - 00000796 _____ C:\Users\Alexandre\Desktop\ZHPCleaner.lnk
2016-09-24 09:13 - 2016-09-24 09:14 - 02413568 _____ C:\Users\Alexandre\Desktop\ZHPCleaner.exe
2016-09-23 23:22 - 2016-09-23 23:22 - 01615456 _____ (Malwarebytes) C:\Users\Alexandre\Desktop\JRT.exe
2016-09-23 23:12 - 2016-09-23 23:12 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-09-22 23:29 - 2016-09-22 18:22 - 00043068 _____ C:\Users\Alexandre\Desktop\S01E01 Winter Is Coming BluRay 720p x264 Ganool-por.srt
2016-09-22 21:31 - 2016-09-22 21:36 - 00000000 ____D C:\AdwCleaner
2016-09-22 21:30 - 2016-09-22 21:31 - 03861056 _____ C:\Users\Alexandre\Desktop\adwcleaner_6.020.exe
2016-09-22 21:20 - 2016-09-22 21:20 - 437935093 _____ C:\Users\Alexandre\Desktop\Game of thrones season 1.mp4
2016-09-22 20:25 - 2016-09-22 21:30 - 00000000 ____D C:\Users\Alexandre\AppData\Roaming\avidemux
2016-09-22 20:24 - 2016-09-22 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux (32 bits)
2016-09-22 20:24 - 2016-09-22 20:24 - 00000000 ____D C:\Program Files\Avidemux 2.6 - 32 bits
2016-09-22 20:14 - 2016-09-22 20:16 - 24982849 _____ C:\Users\Alexandre\Downloads\avidemux_2.6.14_win32.exe
2016-09-22 20:01 - 2016-09-22 20:13 - 00000000 ____D C:\Users\Alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Debugmode
2016-09-22 20:01 - 2016-09-22 20:13 - 00000000 ____D C:\Program Files\DebugMode
2016-09-22 20:01 - 2016-09-22 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugmode
2016-09-22 19:57 - 2016-09-22 20:00 - 02715366 _____ C:\Users\Alexandre\Downloads\wax20e.zip
2016-09-22 19:53 - 2016-09-22 19:54 - 01225872 _____ C:\Users\Alexandre\Downloads\filmora_setup_full1083.exe
2016-09-22 19:21 - 2016-09-22 19:40 - 191918680 _____ C:\Users\Alexandre\Downloads\shotcut-win64-160901.exe
2016-09-22 19:15 - 2012-06-02 19:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-09-22 19:15 - 2012-06-02 19:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-09-22 19:15 - 2012-06-02 19:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-09-22 19:15 - 2012-06-02 19:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-09-22 19:15 - 2012-06-02 19:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-09-22 19:15 - 2012-06-02 19:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-09-22 19:15 - 2012-06-02 19:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-09-22 19:14 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-09-22 19:14 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-09-22 19:08 - 2016-09-22 19:08 - 00001320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-09-22 19:08 - 2016-09-22 19:08 - 00001251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-09-22 19:08 - 2016-09-22 19:08 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2016-09-22 19:06 - 2016-09-22 19:08 - 00000000 ____D C:\Program Files\Windows Live
2016-09-22 19:06 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-09-22 19:06 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-09-22 19:06 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-09-22 19:06 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-09-22 19:05 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-09-22 19:05 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-09-22 19:04 - 2010-08-11 01:44 - 02983424 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2016-09-22 19:04 - 2010-08-11 01:35 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2016-09-22 19:03 - 2010-05-23 07:15 - 01619456 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-09-22 19:03 - 2010-05-23 07:11 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-09-22 19:03 - 2010-05-23 07:11 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2016-09-22 19:02 - 2016-09-22 19:13 - 00000000 ____D C:\Users\Alexandre\AppData\Local\Windows Live
2016-09-22 19:01 - 2016-09-22 19:01 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2016-09-22 19:00 - 2016-09-22 19:01 - 01242312 _____ (Microsoft Corporation) C:\Users\Alexandre\Downloads\wlsetup-web.exe
2016-09-22 18:30 - 2016-09-22 18:30 - 00020441 _____ C:\ZA-Scan.txt
2016-09-21 23:07 - 2016-09-21 23:07 - 00115640 _____ C:\Users\Alexandre\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-21 23:05 - 2016-09-21 23:05 - 00436408 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-21 21:38 - 2016-09-21 21:38 - 00000000 ____D C:\zoek_backup
2016-09-21 21:37 - 2016-09-21 21:37 - 01370112 _____ C:\Users\Alexandre\Desktop\ZA-Scan.exe
2016-09-21 21:34 - 2016-09-21 21:34 - 00023503 _____ C:\Users\Alexandre\Downloads\ZA-Scan.txt
2016-09-21 21:19 - 2016-09-21 21:19 - 00319488 _____ (Realtek Semiconductor Corp.) C:\Windows\HideWin.exe
2016-09-21 21:18 - 2016-09-21 21:18 - 00000000 ____D C:\Users\Alexandre\Downloads\0001-6305_Vista_Win7_PG537
2016-09-21 21:17 - 2016-09-21 21:18 - 31126033 _____ C:\Users\Alexandre\Downloads\0001-6305_Vista_Win7_PG537.zip
2016-09-20 00:10 - 2016-09-20 00:11 - 02612028 _____ C:\Users\Alexandre\Downloads\Deus tem pressa - Misnistério Unção e Avivamento.mp4
2016-09-19 23:46 - 2016-09-19 23:46 - 00002239 _____ C:\Users\Alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2016-09-19 23:45 - 2016-09-19 23:46 - 00000000 ____D C:\Users\Alexandre\AppData\Local\chromium
2016-09-19 23:43 - 2009-11-25 16:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2016-09-19 23:43 - 2009-11-25 16:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2016-09-19 23:43 - 2009-11-25 16:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2016-09-19 23:43 - 2009-11-25 16:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2016-09-19 23:43 - 2009-11-25 16:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2016-09-19 23:42 - 2016-09-23 23:42 - 00000000 ____D C:\Users\Todos os Usuários\{075CC23F-8D1E-48F9-0BD8-D6BB919A5D75}
2016-09-19 23:42 - 2016-09-23 23:42 - 00000000 ____D C:\ProgramData\{075CC23F-8D1E-48F9-0BD8-D6BB919A5D75}
2016-09-19 23:42 - 2016-09-22 21:36 - 00000008 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-09-19 23:42 - 2016-09-22 21:36 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-09-19 23:42 - 2016-09-19 23:46 - 00000000 ____D C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}
2016-09-19 23:42 - 2016-09-19 23:42 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-09-19 23:42 - 2016-09-19 23:42 - 00000000 ____D C:\Users\Alexandre\AppData\Roaming\{6E4358F8-4B11-358E-2027-125CFCF5EF62}
2016-09-19 23:42 - 2016-09-19 23:42 - 00000000 ____D C:\Users\Alexandre\AppData\Local\Setup4905404
2016-09-19 23:40 - 2016-09-19 23:40 - 01281568 _____ (Cumakun ) C:\Users\Alexandre\Downloads\VDownloader_Setup.exe
2016-09-18 23:32 - 2016-09-18 23:32 - 00436093 _____ C:\Users\Alexandre\Desktop\img056.pdf
2016-09-18 22:33 - 2016-09-18 22:33 - 00004770 _____ C:\Users\Alexandre\Downloads\Bradesco_18092016_223248.pdf
2016-09-18 22:33 - 2016-09-18 22:33 - 00004770 _____ C:\Users\Alexandre\Downloads\Bradesco_18092016_223228.pdf
2016-09-18 12:21 - 2016-09-18 12:22 - 00512596 _____ C:\Users\Alexandre\Downloads\AEF1_File2_TestA.pdf
2016-09-17 16:03 - 2016-09-23 23:08 - 00000000 ____D C:\Users\Alexandre\AppData\LocalLow\uTorrent
2016-09-16 13:12 - 2016-09-16 13:12 - 00742688 _____ C:\Users\Alexandre\Desktop\Curitiba_Le_2015.pdf
2016-09-11 18:41 - 2016-09-11 19:26 - 00010086 _____ C:\Users\Alexandre\Desktop\Numbers dominoes.xlsx
2016-09-11 15:13 - 2016-09-11 15:13 - 00018703 _____ C:\Users\Alexandre\Downloads\gotye-somebody-that-i-used-to-know.odt
2016-09-11 15:08 - 2016-09-11 15:08 - 00082456 _____ C:\Users\Alexandre\Downloads\gbg_unit10b_two_sides_worksheet (1).pdf
2016-09-11 15:07 - 2016-09-11 15:07 - 00082456 _____ C:\Users\Alexandre\Downloads\gbg_unit10b_two_sides_worksheet.pdf
2016-09-02 13:00 - 2016-09-02 13:00 - 00176758 _____ C:\Users\Alexandre\Desktop\ESL Teachers Ask_ How Do I Begin My First Lesson_.pdf
2016-09-02 12:58 - 2016-09-02 12:58 - 00148896 _____ C:\Users\Alexandre\Desktop\Help students bond.pdf
2016-09-02 12:57 - 2016-09-02 12:57 - 00911707 _____ C:\Users\Alexandre\Desktop\Backtoschool lessons.pdf
2016-09-02 12:57 - 2016-09-02 12:57 - 00139913 _____ C:\Users\Alexandre\Desktop\Ice-breakers.pdf
2016-08-28 21:08 - 2016-08-28 21:17 - 00005630 _____ C:\Users\Alexandre\Desktop\AEF videos.msdvd
2016-07-26 23:44 - 2016-09-03 16:18 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-07-22 15:07 - 2016-09-24 09:12 - 00000964 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-07-22 15:07 - 2016-09-24 09:12 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-22 15:07 - 2016-09-13 18:34 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-07-22 15:07 - 2016-09-13 18:34 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-07-22 13:54 - 2016-07-22 13:54 - 00000000 ____D C:\Program Files\Common Files\Java
2016-07-21 15:25 - 2016-07-21 15:25 - 02520962 _____ C:\Users\Alexandre\Desktop\LUCIANE_MUNIZ_RIBEIRO_BARBOSA_rev.pdf
2016-07-21 15:02 - 2016-07-21 15:02 - 00188655 _____ C:\Users\Alexandre\Desktop\aspectos-constitucionais-e-infraconstitucionais-do-ensino-fundamental-em-casa-pela-famc3adlia.pdf
2016-07-18 13:55 - 2016-07-18 15:25 - 00001805 _____ C:\Users\Alexandre\Desktop\Novo Documento de Texto (2).txt
2016-07-17 02:25 - 2016-07-17 02:25 - 04703917 _____ C:\Users\Alexandre\Desktop\C-S-Lewis-Cartas-de-Um-Diabo-a-Seu-Aprendiz.pdf
2016-07-14 22:13 - 2016-09-22 23:26 - 00185396 _____ C:\Users\Alexandre\Desktop\custos mensais final.xlsx
2016-07-14 16:19 - 2016-07-14 16:20 - 00000000 ____D C:\Users\Alexandre\AppData\Roaming\excdir

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-09-24 09:27 - 2016-02-27 14:07 - 00000000 ____D C:\Users\Alexandre\AppData\Roaming\ZHP
2016-09-24 09:12 - 2016-05-18 23:02 - 00000919 _____ C:\Windows\Tasks\EPSON L375 Series Update {CB370599-FD25-41B5-8F8D-5DB2AE7A6EAF}.job
2016-09-24 09:12 - 2015-03-27 19:13 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-24 01:05 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\rescache
2016-09-24 00:08 - 2015-03-29 09:02 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2016-09-24 00:08 - 2015-03-29 09:02 - 00000000 ____D C:\ProgramData\GbPlugin
2016-09-23 23:23 - 2015-03-27 19:27 - 00000000 ____D C:\Users\Alexandre\AppData\Roaming\uTorrent
2016-09-23 23:15 - 2009-07-14 01:34 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-23 23:15 - 2009-07-14 01:34 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-23 23:14 - 2015-03-29 15:50 - 00000000 ____D C:\Users\Alexandre\AppData\Roaming\Skype
2016-09-23 23:14 - 2015-03-26 20:29 - 01626900 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-23 23:14 - 2009-07-14 05:31 - 00702882 _____ C:\Windows\system32\prfh0416.dat
2016-09-23 23:14 - 2009-07-14 05:31 - 00145668 _____ C:\Windows\system32\prfc0416.dat
2016-09-23 23:14 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf
2016-09-23 23:12 - 2015-03-29 15:49 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-09-23 23:12 - 2015-03-29 15:49 - 00000000 ____D C:\ProgramData\Skype
2016-09-23 23:08 - 2016-04-02 22:52 - 00080728 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-09-23 23:08 - 2015-03-27 19:13 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-23 23:08 - 2015-03-26 20:29 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2016-09-23 23:08 - 2015-03-26 20:29 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-23 23:08 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-22 19:06 - 2009-07-13 23:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-09-22 18:47 - 2015-07-23 19:04 - 00000000 ____D C:\Users\Alexandre\AppData\Roaming\Anvsoft
2016-09-21 21:22 - 2015-03-26 21:17 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2016-09-21 21:21 - 2015-03-26 21:18 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-09-19 23:34 - 2015-05-10 23:39 - 00000000 ____D C:\Users\Alexandre\AppData\Roaming\Audacity
2016-09-16 20:08 - 2015-03-27 19:14 - 00002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-13 18:34 - 2015-03-28 12:55 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-09 09:33 - 2016-05-18 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2016-09-09 09:33 - 2016-05-18 22:52 - 00000000 ____D C:\Users\Todos os Usuários\EPSON
2016-09-09 09:33 - 2016-05-18 22:52 - 00000000 ____D C:\ProgramData\EPSON
2016-09-09 09:32 - 2016-05-18 22:54 - 00000000 ____D C:\Program Files\EPSON Software
2016-09-08 23:05 - 2016-03-01 18:20 - 00000000 ___SD C:\Users\Alexandre\AppData\LocalLow\Temp
2016-08-29 16:39 - 2015-04-09 13:12 - 00000000 ___RD C:\Program Files\Skype
2016-08-28 19:31 - 2015-09-04 17:45 - 00000000 ____D C:\Users\Alexandre\Documents\Gislaine
2016-08-26 23:11 - 2015-09-04 14:06 - 00000000 ____D C:\Users\Alexandre\Documents\Snackr

==================== Arquivos na raiz de alguns diretórios =======

2014-08-13 08:03 - 2014-08-13 08:03 - 118475348 _____ () C:\Program Files\openoffice1.cab
2014-08-13 08:01 - 2014-08-13 08:01 - 2314240 _____ () C:\Program Files\openoffice411.msi
2014-08-13 08:01 - 2014-08-13 08:01 - 0478720 _____ () C:\Program Files\setup.exe
2014-08-13 08:01 - 2014-08-13 08:01 - 0000279 _____ () C:\Program Files\setup.ini
2015-03-29 09:01 - 2015-03-29 09:09 - 0065240 _____ () C:\Users\Alexandre\AppData\Roaming\unins000.dat
2015-12-13 20:45 - 2015-12-13 20:45 - 0000017 _____ () C:\Users\Alexandre\AppData\Local\resmon.resmoncfg
2015-03-28 12:52 - 2016-05-27 17:42 - 0006518 _____ () C:\ProgramData\hpzinstall.log

Alguns arquivos em TEMP:
====================
C:\Users\Alexandre\AppData\Local\Temp\libeay32.dll
C:\Users\Alexandre\AppData\Local\Temp\msvcr120.dll
C:\Users\Alexandre\AppData\Local\Temp\sqlite3.dll
C:\Users\Alexandre\AppData\Local\Temp\VDownloaderSetup.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-09-16 12:45

==================== Fim de FRST.txt ============================

Addition.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara @Gislaine Ortiz Dos Santos

 

1ª Etapa

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está abaixo:

 

Citação

CreateRestorePoint:
CloseProcesses:

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4063513852-685800511-1533012106-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S0 gbpddreg; system32\drivers\gbpddreg32.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
Task: {556C2E8D-4750-41C9-B869-D8687422361E} - \Registry Optimizer_UPDATES -> Nenhum Arquivo <==== ATENÇÃO
Task: {B9C5C794-F563-4C94-A66A-99B50C0AE1E8} - System32\Tasks\Yahoo! Powered molif => Wscript.exe "C:\ProgramData\{075CC23F-8D1E-48F9-0BD8-D6BB919A5D75}\cona.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b30373543433233462d384431452d343846392d304244382d4436424239313941354437357d5c6c697269726f" "433a5c50726f6772616d446174615c7b30373543433233462d384431452d343846392d304244 (a entrada de dados tem 78 mais caracteres).
C:\ProgramData\{075CC23F-8D1E-48F9-0BD8-D6BB919A5D75}\cona.txt

CMD:ipconfig /flushdns
EmptyTemp:

 

  • Salve este arquivo na Área de Trabalho (Desktop) como fixlist.txt
  • Execute novamente o FRST e clique no botão Corrigir;
  • Aguarde... ao final será gerado o log Fixlog.txt em sua Área de Trabalho (Desktop).
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 

2ª Etapa

 

Leia as instruções contidas neste link: "Como usar o ComboFix"
 
Faça o download do ComboFix e salve em sua Área de Trabalho (Desktop).

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

  • Clique duas vezes em ComboFix.exe salvo em sua Área de Trabalho (Desktop).
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
  • Leia e aceite as condições, teclando ENTER.
  • Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.
  • Poderá surgir o aviso que é necessário reiniciar o computador.  
  • NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.
  • Quando a ferramenta terminar, será gerado um log (o arquivo C:\ComboFix.txt).
  • Copie e cole o conteúdo desse arquivo em sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Resultado da Correção pela Farbar Recovery Scan Tool (x86) Versão: 30-09-2016
Executado por Alexandre (30-09-2016 20:45:59) Run:1
Executando a partir de C:\Users\Alexandre\Desktop
Perfis Carregados: Alexandre (Perfis Disponíveis: Alexandre)
Modo da Inicialização: Normal

==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4063513852-685800511-1533012106-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S0 gbpddreg; system32\drivers\gbpddreg32.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
Task: {556C2E8D-4750-41C9-B869-D8687422361E} - \Registry Optimizer_UPDATES -> Nenhum Arquivo <==== ATENÇÃO
Task: {B9C5C794-F563-4C94-A66A-99B50C0AE1E8} - System32\Tasks\Yahoo! Powered molif => Wscript.exe "C:\ProgramData\{075CC23F-8D1E-48F9-0BD8-D6BB919A5D75}\cona.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b30373543433233462d384431452d343846392d304244382d4436424239313941354437357d5c6c697269726f" "433a5c50726f6772616d446174615c7b30373543433233462d384431452d343846392d304244 (a entrada de dados tem 78 mais caracteres).
C:\ProgramData\{075CC23F-8D1E-48F9-0BD8-D6BB919A5D75}\cona.txt
CMD:ipconfig /flushdns
EmptyTemp:
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
HKU\S-1-5-21-4063513852-685800511-1533012106-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
AvastVBoxSvc => serviço Não pode ser removido
gbpddreg => serviço removido (a) com sucesso.
MBAMSwissArmy => serviço removido (a) com sucesso.
VBoxAswDrv => serviço Não pode ser removido
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{556C2E8D-4750-41C9-B869-D8687422361E}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{556C2E8D-4750-41C9-B869-D8687422361E}" => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Registry Optimizer_UPDATES => chave não encontrado (a). 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9C5C794-F563-4C94-A66A-99B50C0AE1E8}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9C5C794-F563-4C94-A66A-99B50C0AE1E8}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\Yahoo! Powered molif => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Powered molif" => chave removido (a) com sucesso.
C:\ProgramData\{075CC23F-8D1E-48F9-0BD8-D6BB919A5D75}\cona.txt => movido com sucesso

========= ipconfig /flushdns =========


Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10152380 B
Java, Flash, Steam htmlcache => 709 B
Windows/system/drivers => 42661351 B
Edge => 0 B
Chrome => 438453136 B
Firefox => 12050466 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 18043 B
LocalService => 132244 B
NetworkService => 1248 B
Alexandre => 240583226 B

RecycleBin => 45480085 B
EmptyTemp: => 761 MB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 20:46:59 ====

 

ComboFix 16-09-28.01 - Alexandre 30/09/2016  21:05:14.1.6 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.55.1046.18.3071.2211 [GMT -3:00]
Executando de: c:\users\Alexandre\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - system32: deleted 4 bytes in 2 streams.
ADS - drivers: deleted 569 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alexandre\videos\ADORADORES_2_compact.exe
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2016-09-01 to 2016-10-01  ))))))))))))))))))))))))))))
.
.
2016-10-01 00:18 . 2016-10-01 00:18    --------    d-----w-    c:\users\Default\AppData\Local\temp
2016-10-01 00:01 . 2016-10-01 00:01    12568    ----a-w-    c:\windows\system32\drivers\PROCEXP113.SYS
2016-09-26 23:56 . 2016-09-26 23:56    --------    d-----w-    c:\users\Alexandre\AppData\Local\CEF
2016-09-26 15:53 . 2016-09-26 15:52    35096    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2016-09-26 15:52 . 2016-09-26 15:52    921280    ----a-w-    c:\windows\ucrtbase.dll
2016-09-26 15:52 . 2016-09-26 15:52    319760    ----a-w-    c:\windows\system32\aswBoot.exe
2016-09-26 15:52 . 2016-09-26 15:52    53208    ----a-w-    c:\windows\avastSS.scr
2016-09-25 14:52 . 2016-09-25 14:52    --------    d-----w-    c:\program files\FinalWire
2016-09-25 00:05 . 2016-09-25 00:15    --------    d-----w-    c:\users\Alexandre\AppData\Roaming\logpath
2016-09-24 12:30 . 2016-09-30 23:48    --------    d-----w-    C:\FRST
2016-09-24 02:12 . 2016-09-24 02:12    --------    d-----w-    c:\program files\Common Files\Skype
2016-09-23 00:31 . 2016-09-23 00:36    --------    d-----w-    C:\AdwCleaner
2016-09-22 23:25 . 2016-09-23 00:30    --------    d-----w-    c:\users\Alexandre\AppData\Roaming\avidemux
2016-09-22 23:24 . 2016-09-22 23:24    --------    d-----w-    c:\program files\Avidemux 2.6 - 32 bits
2016-09-22 23:02 . 2016-08-17 23:54    9654712    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D17113F-FDE9-455A-8617-EABA038F4985}\mpengine.dll
2016-09-22 23:01 . 2016-09-22 23:13    --------    d-----w-    c:\program files\DebugMode
2016-09-22 22:15 . 2012-06-02 22:19    53784    ----a-w-    c:\windows\system32\wuauclt.exe
2016-09-22 22:15 . 2012-06-02 22:19    45080    ----a-w-    c:\windows\system32\wups2.dll
2016-09-22 22:15 . 2012-06-02 22:19    1933848    ----a-w-    c:\windows\system32\wuaueng.dll
2016-09-22 22:15 . 2012-06-02 22:12    2422272    ----a-w-    c:\windows\system32\wucltux.dll
2016-09-22 22:15 . 2012-06-02 22:19    35864    ----a-w-    c:\windows\system32\wups.dll
2016-09-22 22:15 . 2012-06-02 22:19    577048    ----a-w-    c:\windows\system32\wuapi.dll
2016-09-22 22:15 . 2012-06-02 22:12    88576    ----a-w-    c:\windows\system32\wudriver.dll
2016-09-22 22:14 . 2012-06-02 18:19    171904    ----a-w-    c:\windows\system32\wuwebv.dll
2016-09-22 22:14 . 2012-06-02 18:12    33792    ----a-w-    c:\windows\system32\wuapp.exe
2016-09-22 22:08 . 2016-09-22 22:08    --------    d-----w-    c:\program files\Microsoft SQL Server Compact Edition
2016-09-22 22:06 . 2016-09-22 22:08    --------    d-----w-    c:\program files\Windows Live
2016-09-22 22:06 . 2010-06-02 07:55    74072    ----a-w-    c:\windows\system32\XAPOFX1_5.dll
2016-09-22 22:06 . 2010-06-02 07:55    527192    ----a-w-    c:\windows\system32\XAudio2_7.dll
2016-09-22 22:06 . 2010-05-26 14:41    248672    ----a-w-    c:\windows\system32\d3dx11_43.dll
2016-09-22 22:06 . 2010-05-26 14:41    2106216    ----a-w-    c:\windows\system32\D3DCompiler_43.dll
2016-09-22 22:05 . 2009-09-04 20:29    453456    ----a-w-    c:\windows\system32\d3dx10_42.dll
2016-09-22 22:05 . 2006-11-29 16:06    3426072    ----a-w-    c:\windows\system32\d3dx9_32.dll
2016-09-22 22:04 . 2010-08-11 04:44    2983424    ----a-w-    c:\windows\system32\UIRibbon.dll
2016-09-22 22:04 . 2010-08-11 04:35    1164800    ----a-w-    c:\windows\system32\UIRibbonRes.dll
2016-09-22 22:03 . 2010-05-23 10:11    196608    ----a-w-    c:\windows\system32\mfreadwrite.dll
2016-09-22 22:03 . 2010-05-23 10:11    3181568    ----a-w-    c:\windows\system32\mf.dll
2016-09-22 22:03 . 2010-05-23 10:15    1619456    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2016-09-22 22:02 . 2016-09-22 22:13    --------    d-----w-    c:\users\Alexandre\AppData\Local\Windows Live
2016-09-22 22:01 . 2016-09-22 22:01    --------    d-----w-    c:\program files\Common Files\Windows Live
2016-09-22 00:38 . 2016-09-22 00:38    --------    d-----w-    C:\zoek_backup
2016-09-22 00:22 . 2006-02-07 18:40    204800    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ius7AA6.tmp
2016-09-22 00:22 . 2006-02-07 18:40    69715    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2016-09-22 00:22 . 2006-02-07 18:40    274432    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2016-09-22 00:22 . 2005-11-14 02:19    5632    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2016-09-22 00:22 . 2016-09-22 00:22    331908    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2016-09-22 00:22 . 2016-09-22 00:22    200836    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2016-09-22 00:19 . 2016-09-22 00:19    319488    ----a-w-    c:\windows\HideWin.exe
2016-09-20 02:45 . 2016-09-20 02:46    --------    d-----w-    c:\users\Alexandre\AppData\Local\chromium
2016-09-20 02:43 . 2009-11-25 19:47    49472    ----a-w-    c:\windows\system32\netfxperf.dll
2016-09-20 02:43 . 2009-11-25 19:47    297808    ----a-w-    c:\windows\system32\mscoree.dll
2016-09-20 02:43 . 2009-11-25 19:47    99176    ----a-w-    c:\windows\system32\PresentationHostProxy.dll
2016-09-20 02:43 . 2009-11-25 19:47    295264    ----a-w-    c:\windows\system32\PresentationHost.exe
2016-09-20 02:43 . 2009-11-25 19:47    1130824    ----a-w-    c:\windows\system32\dfshim.dll
2016-09-20 02:42 . 2016-09-30 23:46    --------    d-----w-    c:\programdata\{075CC23F-8D1E-48F9-0BD8-D6BB919A5D75}
2016-09-20 02:42 . 2016-09-20 02:42    --------    d-----w-    c:\users\Alexandre\AppData\Roaming\{6E4358F8-4B11-358E-2027-125CFCF5EF62}
2016-09-20 02:42 . 2016-09-20 02:42    --------    d-----w-    c:\users\Alexandre\AppData\Local\Setup4905404
2016-09-20 02:42 . 2016-09-20 02:46    --------    d-----w-    c:\users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-09-30 23:48 . 2016-04-03 01:52    80728    ----a-w-    c:\windows\system32\drivers\wsddfac.sys
2016-09-26 15:53 . 2015-03-27 22:13    433768    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2016-09-26 15:53 . 2015-03-27 22:12    735488    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2016-09-26 15:52 . 2015-03-27 22:13    118664    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2016-09-26 15:52 . 2015-03-27 22:13    92256    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2016-09-26 15:52 . 2015-03-27 22:13    60424    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2016-09-26 15:52 . 2015-03-27 22:13    224616    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2016-09-26 15:52 . 2015-03-27 22:13    91232    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2016-09-26 15:52 . 2015-03-27 22:13    34008    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2016-09-22 22:07 . 2012-07-17 17:37    24800    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2016-09-13 21:34 . 2016-07-22 18:07    796352    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2016-09-13 21:34 . 2016-07-22 18:07    142528    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2016-07-26 17:24 . 2015-03-27 22:18    406184    ------w-    c:\windows\system32\MpSigStub.exe
2016-07-22 16:53 . 2015-04-03 22:29    95808    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2016-07-18 03:27 . 2016-05-26 01:37    170200    ----a-w-    c:\windows\system32\drivers\1C64223D.sys
2014-08-13 11:01 . 2014-08-13 11:01    478720    ----a-w-    c:\program files\setup.exe
2014-08-13 11:01 . 2014-08-13 11:01    2314240    ----a-w-    c:\program files\openoffice411.msi
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-09-26 15:52    832488    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"uTorrent"="c:\users\Alexandre\AppData\Roaming\uTorrent\uTorrent.exe" [2016-09-09 2139840]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-02-12 6638296]
"Chromium"="c:\users\alexandre\appdata\local\chromium\application\chrome.exe" [2016-03-18 1068544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 1681408]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-09-26 9107616]
"Diebold - Warsaw"="c:\program files\Diebold\Warsaw\core.exe" [2016-06-22 792112]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2014-06-10 1065024]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-06-22 598552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2016-06-16 14:34    1947872    ----a-w-    c:\program files\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2016-09-14 00:32    1903328    ----a-w-    c:\program files\GbPlugin\gbiehcef.dll
.
R0 gbpddreg;Gbpddreg svc;c:\windows\system32\drivers\gbpddreg32.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2016-07-25 324224]
R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2016-09-26 34008]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2016-04-04 91840]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2015-11-25 49496]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2016-09-26 35096]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2016-09-26 735488]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2016-09-26 433768]
S1 ndisrd;GAS Tecnologia Filter Driver;c:\windows\system32\DRIVERS\gbpndisrdn.sys [2015-03-29 29400]
S1 wsddfac;wsddfac;c:\windows\system32\drivers\wsddfac.sys [2016-09-30 80728]
S1 wsddpp;Warsaw - Driver (PP);c:\windows\system32\drivers\wsddpp.sys [2015-03-18 79064]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2016-09-26 92256]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2016-09-26 118664]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2016-05-25 1364096]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2016-05-25 1687680]
S2 EpsonCustomerResearchParticipation;EpsonCustomerResearchParticipation;c:\program files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [2015-06-25 593392]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [2012-05-17 126128]
S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2016-06-16 631520]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2016-04-04 238288]
S2 NetLogHandler;Internet Log Handler;c:\users\Alexandre\AppData\Roaming\Netlog\Netlog.exe [2015-06-08 167704]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
S2 Warsaw Technology;Warsaw Technology;c:\program files\Diebold\Warsaw\core.exe [2016-06-22 792112]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-17 1086976]
S4 WinDivert1.1;WinDivert1.1;c:\program files\Diebold\Warsaw\WinDivert32.sys [2015-07-07 31448]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*Deregistered* - GbFtIn
*Deregistered* - mad_inj_driver
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-09-16 23:07    1267528    ----a-w-    c:\program files\Google\Chrome\Application\53.0.2785.116\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2016-09-25 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe [2016-09-13 21:34]
.
2016-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-22 21:34]
.
2016-10-01 c:\windows\Tasks\EPSON L375 Series Update {CB370599-FD25-41B5-8F8D-5DB2AE7A6EAF}.job
- c:\windows\system32\spool\DRIVERS\W32X86\3\E_TTSN8E.EXE [2016-05-19 16:30]
.
2016-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-03-27 12:35]
.
2016-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-03-27 12:35]
.
.
------- Scan Suplementar -------
.
uStart Page = 
mStart Page = 
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\seg
Trusted Zone: bb.com.br\www
Trusted Zone: caixa.gov.br\imagem
Trusted Zone: caixa.gov.br\imagem2
Trusted Zone: caixa.gov.br\internetbanking
Trusted Zone: caixa.gov.br\internetbankingpf
Trusted Zone: caixa.gov.br\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\yf5cr89m.default\
FF - prefs.js: keyword.URL - true
.
- - - - ORFÃOS REMOVIDOS - - - -
.
HKCU-Run-VDownloader - c:\program files\VDownloader\Vdownloader4.exe
AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\Alexandre\AppData\Roaming\unins000.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Warsaw Technology]
"ImagePath"="\"c:\program files\Diebold\Warsaw\core.exe\""
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2016-09-30  21:24:41
ComboFix-quarantined-files.txt  2016-10-01 00:24
.
Pré-execução: 108.264.591.360 bytes disponíveis
Pós execução: 108.185.886.720 bytes disponíveis
.
- - End Of File - - DD8C9599D39EF0A02299C5CA62914132
A36C5E4F47E84449FF07ED3517B43A31
 

adicionado 4 minutos depois

Ah, detalhe. A minha caixinha de som parou de funcionar coincidentemente com essa situação do malware. Será que o vírus fica no usb da caixinha? As outras estão funcionando.Estou com muito dó, são minhas melhores caixinhas.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Meu cunhado testou no computador dele e não estava funcionando, aí ele atualizou o drive e funcionou lá, ele não trouxe aqui para casa ainda para testar. Outro detalhe, o programa que eu utilizei por último não reiniciou o meu computador e o Chromium ainda está abrindo sozinho. Era para ter atualizado automaticamente?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara @Gislaine Ortiz Dos Santos

 

Não entendi o que deveria ser atualizado automaticamente.

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está abaixo:
 

Citação

File::
c:\users\alexandre\appdata\local\chromium\application\chrome.exe

Folder::
c:\users\Alexandre\AppData\Local\chromium

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Chromium"=-


Salve este arquivo na Área de Trabalho (Desktop) como CFScript.txt
Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe.

 

2872959479_997d4500c4_o.gif

 

Quando a ferramenta terminar, será gerado um log C:\ComboFix.txt

Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá! Eu quis dizer que o computador não reiniciou (escrevi que não atualizou,desculpe...) após o scan com o Combofix. Fiz a tarefa que você me pediu por último mas o Combofix não gerou o log. 

 

Sobre as caixinhas de som, meu esposo me trouxe de volta e elas continuam não funcionando aqui. Ele disse que o irmão dele atualizou o drive no computador dele e elas funcionaram, mas não sei como fazer isso aqui :/

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara @Gislaine Ortiz Dos Santos

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está abaixo:

 

Citação

CreateRestorePoint:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\S-1-5-21-4063513852-685800511-1533012106-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2016-09-19 23:46 - 2016-09-19 23:46 - 00002239 _____ C:\Users\Alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2016-09-19 23:45 - 2016-09-19 23:46 - 00000000 ____D C:\Users\Alexandre\AppData\Local\chromium
S3 catchme; \??\C:\Users\ALEXAN~1\AppData\Local\Temp\catchme.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg32.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

Reboot:

 

  • Salve este arquivo na Área de Trabalho (Desktop) como fixlist.txt
  • Execute novamente o FRST e clique no botão Corrigir;
  • Aguarde... ao final será gerado o log Fixlog.txt em sua Área de Trabalho (Desktop).
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Resultado da Correção pela Farbar Recovery Scan Tool (x86) Versão: 30-09-2016
Executado por Alexandre (18-10-2016 10:05:47) Run:2
Executando a partir de C:\Users\Alexandre\Desktop
Perfis Carregados: Alexandre (Perfis Disponíveis: Alexandre)
Modo da Inicialização: Normal

==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\S-1-5-21-4063513852-685800511-1533012106-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2016-09-19 23:46 - 2016-09-19 23:46 - 00002239 _____ C:\Users\Alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2016-09-19 23:45 - 2016-09-19 23:46 - 00000000 ____D C:\Users\Alexandre\AppData\Local\chromium
S3 catchme; \??\C:\Users\ALEXAN~1\AppData\Local\Temp\catchme.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg32.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
Reboot:
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => chave removido (a) com sucesso.
"HKU\S-1-5-21-4063513852-685800511-1533012106-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
C:\Users\Alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk => movido com sucesso
C:\Users\Alexandre\AppData\Local\chromium => movido com sucesso
catchme => serviço removido (a) com sucesso.
gbpddreg => serviço removido (a) com sucesso.
VBoxAswDrv => serviço Não pode ser removido


O sistema precisou ser reiniciado.

==== Fim de Fixlog 10:06:11 ====

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara @Gislaine Ortiz Dos Santos

 

Baixe a Malwarebytes Anti-Malware (MBAM).
 
Clique duas vezes no mbam-setup.exe para instalar o programa.

  • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas..
  • Clique em Configurações, clique em Detecção e proteção, marque Verificar por Rootkits.
  • Volte ao Painel e por fim clique em Verificar agora.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Registros do aplicativo na janela principal do programa.
  • Clique duas vezes no log (Registro de verificação). Utilize o formato .txt para exportar o log.
  • O log de Proteção é desnecessário para a análise, exporte sempre o log correto.
  • Selecione, copie e cole o conteúdo deste log em sua próxima resposta.

 

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Data da verificação: 24/10/2016
Hora da verificação: 22:14
Arquivo de registro: Mbamlog.txt
Administrador: Sim

Versão: 2.2.1.1043
Banco de dados de malware: v2016.10.24.11
Banco de dados de rootkit: v2016.09.26.02
Licença: Gratuita
Proteção contra malware: Desabilitado
Proteção contra website malicioso: Desabilitado
Autoproteção: Desabilitado

Sistema operacional: Windows 7
CPU: x86
Sistema de arquivos: NTFS
Usuário: Alexandre

Tipo de verificação: Verificação da ameaça
Resultado: Concluído
Objetos verificados: 282928
Tempo decorrido: 8 min, 51 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Desabilitado
Rootkits: Habilitado
Heurística: Desabilitado
PUP: Habilitado
PUM: Habilitado

Processos: 0
(Nenhum item malicioso detectado)

Módulos: 0
(Nenhum item malicioso detectado)

Chaves de registro: 1
PUP.Optional.WinYahoo, HKU\S-1-5-21-4063513852-685800511-1533012106-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT, Quarentena, [ca41c8d5cad037ffb4b4897554af3dc3], 

Valores de registro: 2
PUP.Optional.WinYahoo, HKU\S-1-5-21-4063513852-685800511-1533012106-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, https://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_vdnldre_16_39¶m1=1¶m2=f[0a0116875b3f54e263d6d12b2ad98c74]D2%26b[0a0116875b3f54e263d6d12b2ad98c74]DIE%26cc[0a0116875b3f54e263d6d12b2ad98c74]Dbr%26pa[0a0116875b3f54e263d6d12b2ad98c74]Dwincy%26cd[0a0116875b3f54e263d6d12b2ad98c74]D2XzuyEtN2Y1L1Qzu0B0CyD0F0FyE0Dzz0D0A0CtAtAtD0ByEtN0D0Tzu0StCyBtBtAtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCzy0AtA0ByD0DtGyE0AyCzztGzzyDyBzztGtD0FyEtDtGtAzy0A0FtAtAyB0Bzy0EyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0FyE0CyC0DtCtAtG0C0BzytCtGyEtDtCzytG0BtDzz0BtGyCzyyC0E0F0Azz0CtC0C0EyB2QtN0A0LzuyE%26cr[0a0116875b3f54e263d6d12b2ad98c74]D55561639%26a[0a0116875b3f54e263d6d12b2ad98c74]Dwbf_vdnldre_16_39%26os_ver[0a0116875b3f54e263d6d12b2ad98c74]D6.1%26os[0a0116875b3f54e263d6d12b2ad98c74]DWindowsQuarentenaB7QuarentenaBUltimate, %4, %5
PUP.Optional.WinYahoo, HKU\S-1-5-21-4063513852-685800511-1533012106-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT|filename, C:\Users\Alexandre\AppData\Roaming\{6E4358F8-4B11-358E-2027-125CFCF5EF62}\ProductUpdate.exe, Quarentena, [ca41c8d5cad037ffb4b4897554af3dc3]

Dados de registro: 0
(Nenhum item malicioso detectado)

Pastas: 2
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\HowToRemove, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 

Arquivos: 28
Adware.Jiangt, C:\Users\Alexandre\AppData\Roaming\logpath\autoupdate.exe, Quarentena, [32d9306d5743fb3b2009816747bafc04], 
Adware.Jiangt, C:\Users\Alexandre\AppData\Roaming\logpath\temp\autoupdate.exe, Quarentena, [917a07966139fe38e84115d3c839af51], 
Adware.FileFinder, C:\Users\Alexandre\Downloads\American_English_File_Starter_downloader.exe, Quarentena, [57b47e1f6436f73f40e6e6fb47bd946c], 
PUP.Optional.InstallCore, C:\Users\Alexandre\Downloads\VDownloader_Setup.exe, Quarentena, [3dce128b9ffb66d00b324aa2d92b2fd1], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\HowToRemove\HowToRemove.html, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\HowToRemove\chromium-min.jpg, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\HowToRemove\control panel-min-min.JPG, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\HowToRemove\down.png, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\HowToRemove\ff menu.JPG, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\HowToRemove\ff search engine-min.png, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\HowToRemove\hp-min ff.png, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\HowToRemove\hp-min ie.png, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\HowToRemove\search engine.gif, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\HowToRemove\setup pages.gif, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\HowToRemove\sp-min.png, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\HowToRemove\start-min.jpg, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\HowToRemove\up.png, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\bapi_ff.dat, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\bapi_ie.dat, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\cole, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\install.log, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\lada, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\sica.dat, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\sine, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\Sqlite3.dll, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\tice.cfg, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\uninst.dat, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 
PUP.Optional.WinYahoo, C:\Users\Alexandre\AppData\Local\{6E1E5842-4AB6-34FA-272E-11120346ED8A}\uninst.exe, Quarentena, [19f218858f0b69cd2217930a1ce88f71], 

Setores físicos: 0
(Nenhum item malicioso detectado)


(end)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara @Gislaine Ortiz Dos Santos

 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Stinger e salve em sua Área de trabalho (Desktop).
32 bit (x86) ou 64 bit (x64)

  • Execute o arquivo Stinger.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
  • Clique no botão “I Accept”


Stinger%20a.png

Na nova janela clique em “Advanced” e depois “Settings”

Stinger%20b.png

Na janela configurações deixe conforme imagem abaixo e clique no botão “Save”

9hnsyu.png

Clique em “Customize my Scan”

Stinger%20f.png

Selecione as unidades do sistema e em seguida clique no botão “Scan”

Stinger%20g.png

Ao final clique em “View log”, será aberto uma janela com o log em seu navegador.
Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

McAfee Stinger Scan Results

McAfee® Labs Stinger™ Version 12.1.0.2148 built on Oct 26 2016 at 13:01:00 Copyright© 2015, McAfee, Inc. All Rights Reserved. AV Engine version v5800.7501 for Windows. Virus data file v1000.0 created on Oct 26, 2016 Ready to scan for 9928 viruses, trojans and variants. Custom scan initiated on quarta-feira, outubro 26, 2016 12:32:28 Rootkit scan result : Not Scanned. C:\Users\Alexandre\AppData\Roaming\excdir\gh3.0.2\gh3.0.2.exe [MD5:e96971be5927029844150c3723f65bb5] is infected with Artemis!E96971BE5927 C:\Users\Alexandre\AppData\Roaming\excdir\gh3.0.2\gh3.0.2.exe has been Deleted C:\Users\Alexandre\AppData\Roaming\excdir\gh3.0.2.zip\gh3.0.2.exe is infected with Artemis!E96971BE5927 C:\Users\Alexandre\AppData\Roaming\excdir\gh3.0.2.zip\gh3.0.2.exe has been Deleted Summary Report on C: D: File(s) TotalFiles:............ 400862 Clean:................. 105193 Not Scanned:........... 295667 Possibly Infected:..... 2 Time: 01:56:54 Scan completed on quarta-feira, outubro 26, 2016 14:29:22

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara @Gislaine Ortiz Dos Santos

 

Baixe Security Check, by glax24 e salve em sua Área de trabalho (Desktop).

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • Aguarde enquanto a ferramenta faz o exame.
  • Ao final salve log como SecurityCheck.html
  • Abra o arquivo com o bloco de notas;
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 27.10.2016 17:46:37
Path starting: C:\Users\Alexandre\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Alexandre
VersionXML: 3.47is-25.10.2016
___________________________________________________________________________

Windows 7(6.1.7600) (x86) Ultimate Lang: Portuguese(0416)
Installation date OS: 26.03.2015 23:24:47
LicenseStatus: Windows(R) 7, Ultimate edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [170.8 Gb] Used: [78.6 Gb] Free: [92.2 Gb]
------------------------------- [ Windows ] -------------------------------
Service Pack not Installed Warning! Download Update
Possible re-activation of Windows will be needed.
Internet Explorer 8.0.7600.16385 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled
Never check for updates
Date install updates: 2016-09-22 23:03:16
Windows Update (wuauserv) - The service is running
Central de Segurança (wscsvc) - The service is running
Registro remoto (RemoteRegistry) - The service has stopped
Descoberta SSDP (SSDPSRV) - The service is running
Serviços de Área de Trabalho Remota (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2007 v.12.0.6514.5001
---------------------------- [ Antivirus_WMI ] ----------------------------
Avast Antivirus (disabled and out of date)
--------------------------- [ FirewallWindows ] ---------------------------
Firewall do Windows (MpsSvc) - The service is running
Disabled the public profile of Windows Firewall
Disabled the standard profile for Windows Firewall
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and up to date)
Avast Antivirus (disabled and out of date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Avast Free Antivirus v.12.3.2280
ESET Online Scanner v3
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware versão 2.2.1.1043 v.2.2.1.1043
--------------------------- [ OtherUtilities ] ----------------------------
Foxit Reader v.7.3.4.311 Warning! Download Update
VLC media player v.2.2.2 Warning! Download Update
WinRAR 5.31 (32-bit) v.5.31.0 Warning! Download Update
OpenOffice 4.1.1 v.4.11.9775 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.29 v.7.29.102
--------------------------------- [ P2P ] ---------------------------------
µTorrent v.3.4.8.42576 Warning! P2P-client.
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 101 v.8.0.1010.13 Warning! Download Update
Uninstall old version and install new one (jre-8u112-windows-i586.exe).
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.21.0.0.215 Warning! Download Update
Adobe Flash Player 23 PPAPI v.23.0.0.205 [+]
------------------------------- [ Browser ] -------------------------------
Google Chrome v.54.0.2840.71
Mozilla Firefox 45.0.2 (x86 pt-BR) v.45.0.2 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files\Google\Chrome\Application\chrome.exe v.54.0.2840.71
------------------ [ AntivirusFirewallProcessServices ] -------------------
Avast Antivirus (avast! Antivirus) - The service is running
C:\Program Files\AVAST Software\Avast\AvastSvc.exe v.12.3.3154.0
C:\Program Files\AVAST Software\Avast\avastui.exe v.12.3.3154.19
AvastVBox COM Service (AvastVBoxSvc) - The service has stopped
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe v.2.3.173.0
MBAMService (MBAMService) - The service is running
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe v.3.2.21.0
McAfee Validation Trust Protection Service (mfevtp) - The service is running
C:\Windows\System32\mfevtps.exe v.15.4.0.543
Windows Defender (WinDefend) - The service has stopped
---------------------------- [ UnwantedApps ] -----------------------------
Skype Click to Call v.8.5.0.9167 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
----------------------------- [ End of Log ] ------------------------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara @Gislaine Ortiz Dos Santos

 

Como está seu Windows?

 

# Etapa nº 1 #

 

Baixe o Delfix by Xplode e salve na sua área de trabalho.

 

Clique duas vezes no delfix.exe para executá-lo. Marque as caixas conforme imagem.

 

** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo delfix.exe, depois clique em execadmin.png.

 

2mez6ld.png

 

Clique no botão Executar.

 

Ao final será gerado um log, mas não é necessário postar.
 
# Etapa nº 2 #
 
imageproxy.php?img=http%3A%2F%2Fi65.tiny Versões antigas de programas têm vulnerabilidades que alguns malwares podem usar para infectar o seu sistema.
 
Por isso, é recomendável atualizar os programas que o Security Check apontou como desatualizados (os updates opcionais ficam ao seu critério).
 
Basta clicar no Download Update de cada aviso (post acima), que irá para o site do desenvolvedor.

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

 

# Etapa nº 3 #

 

O Ccleaner é um excelente utilitário de limpeza para o computador.

 

Faça o download dele aqui Ccleaner

 

  • Após a instalação vá até o local onde o programa foi instalado, geralmente em C:\Arquivos de programas\CCleaner.
  • Clique duas vezes nesta pasta;
  • Numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta;
  • Coloque o nome de backups.
  • Abra o programa e clique em Executar Limpeza;
  • Clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
  • Observação: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×