Ir ao conteúdo
  • Cadastre-se
Henrique Miranda

Processo svchost.exe "estourando" processador

Recommended Posts

Olá pessoal,

 

Estava observando esses dias que um processo estava consumindo muito do processador.

Após uma breve verificação, observei que era o processo svchost.exe... Mas o mais estranho foi o caminha oriundo do processo, C:\Windows\temp

Pesquisei sobre mas não achei nada conclusivo...

Gostaria da ajuda de vocês... Desde de já, obrigado!!!

ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Henrique Miranda

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

 

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

# Etapa nº 1 #
 
Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop)

Execute o arquivo adwcleaner.exe

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome"
  • Clique no botão Verificar e aguarde o exame finalizar.
  • Clique no botão Limpar.
  • Abrirá um bloco de notas com o resultado.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.
  • O log também será salvo em C:\AdwCleaner


NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar.
 
# Etapa nº 2 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Junkware Removal Tool (JRT) e salve em sua Área de trabalho (Desktop)

 

Clique duas vezes para executar o jrt.exe.
 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • A ferramenta começará o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Ao final um log se abrirá. Será salvo no desktop com o nome de JRT.txt.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 
# Etapa nº 3 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vamos lá...

Os log's estão em anexo, assim como uns print's do processo que está estourando o processador.

Grato

 

ZHPCleaner.txt

AdwCleaner[C0].txt

AdwCleaner[S0].txt

JRT.txt

 

svchost_proc.png

svchost_prop.png

adicionado 1 minuto depois

AdwCleaner

 

# AdwCleaner v6.030 - Relatório criado 19/11/2016 às 10:45:39
# *Updated on 19/10/2016 by Malwarebytes
# Banco de dados : 2016-11-19.1 [Servidor]
# Sistema operacional : Windows 7 Professional Service Pack 1 (X64)
# Usuário : Henrique - FULLDELL
# Executando de : C:\Users\Henrique\Desktop\adwcleaner_6.030.exe
# *Mode: Scan
# Apoio : https://www.malwarebytes.com/support

***** [ Serviços ] *****

Serviço Update service


***** [ Pastas ] *****

*No malicious folders found.


***** [ Arquivos ] *****

*No malicious files found.


***** [ DLL ] *****

*No malicious DLLs found.


***** [ WMI ] *****

*No malicious keys found.


***** [ Atalhos ] *****

Procurando por atalhos infectados ...


***** [ Tarefas agendadas ] *****

*No malicious task found.


***** [ Registro ] *****

Encontrado HKU\S-1-5-21-3108107671-957423610-2852066713-1000\Software\AppDataLow\Software\Settings Manager
Encontrado HKCU\Software\AppDataLow\Software\Settings Manager
Encontrado [x64] HKCU\Software\AppDataLow\Software\Settings Manager
Encontrado HKU\S-1-5-21-3108107671-957423610-2852066713-1000\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://br.search.yahoo.com/?type=435371&fr=spigot-yhp-ie
Encontrado HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://br.search.yahoo.com/?type=435371&fr=spigot-yhp-ie
Encontrado [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://br.search.yahoo.com/?type=435371&fr=spigot-yhp-ie
Encontrado HKU\S-1-5-21-3108107671-957423610-2852066713-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BA065F81-54C9-45B9-89A9-E0B0FBBFD888}
Encontrado HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BA065F81-54C9-45B9-89A9-E0B0FBBFD888}
Encontrado [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BA065F81-54C9-45B9-89A9-E0B0FBBFD888}


***** [ Navegadores ] *****

Procurando por itens do registro 
*Chromium pref Found: [C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Web data] - gamevicio.com
*Chromium pref Found: [C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Web data] - eu.ask.com
*Chromium pref Found: [C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Web data] - ifrn.edu.br
*Chromium pref Found: [C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Web data] - virtual-clonedrive.softonic.com.br
*Chromium pref Found: [C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Web data] - br.ask.com

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [2569 *Bytes] - [19/11/2016 10:45:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2643 *Bytes] ##########
 

 

# AdwCleaner v6.030 - Relatório criado 19/11/2016 às 10:46:49
# *Updated on 19/10/2016 by Malwarebytes
# Banco de dados : 2016-11-19.1 [Servidor]
# Sistema operacional : Windows 7 Professional Service Pack 1 (X64)
# Usuário : Henrique - FULLDELL
# Executando de : C:\Users\Henrique\Desktop\adwcleaner_6.030.exe
# Limpar
# Apoio : hxxps://www.malwarebytes.com/support

***** [ Serviços ] *****

[-] Políticas do IE excluídasUpdate service


***** [ Pastas ] *****

***** [ Arquivos ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Atalhos ] *****

***** [ Tarefas agendadas ] *****

***** [ Registro ] *****

[-] RestauradoHKU\S-1-5-21-3108107671-957423610-2852066713-1000\Software\AppDataLow\Software\Settings Manager
[#] *Key deleted on reboot: HKCU\Software\AppDataLow\Software\Settings Manager
[#] *Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Settings Manager
[-] RestauradoHKU\S-1-5-21-3108107671-957423610-2852066713-1000\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] Restaurado[x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] RestauradoHKU\S-1-5-21-3108107671-957423610-2852066713-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BA065F81-54C9-45B9-89A9-E0B0FBBFD888}
[#] *Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BA065F81-54C9-45B9-89A9-E0B0FBBFD888}
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BA065F81-54C9-45B9-89A9-E0B0FBBFD888}


***** [ Verificando navegadores ... ] *****

[-] [C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Excluídogamevicio.com
[-] [C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Excluídoeu.ask.com
[-] [C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Excluídoifrn.edu.br
[-] [C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Excluídovirtual-clonedrive.softonic.com.br
[-] [C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Excluídobr.ask.com


*************************

:: Chaves "Tracing" excluídas
:: Políticas do IE excluídas
:: Políticas do Chrome excluídas

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2463 *Bytes] - [19/11/2016 10:46:49]
C:\AdwCleaner\AdwCleaner[S0].txt - [2735 *Bytes] - [19/11/2016 10:45:39]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2611 *Bytes] ##########

adicionado 2 minutos depois

ZHPCleaner

 

~ ZHPCleaner v2016.11.19.197 by Nicolas Coolman (2016/11/19)
~ Run by Henrique (Administrator)  (19/11/2016 11:14:27)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Users\Henrique\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Henrique\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)


---\\  Serviços (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Navegadores de Internet (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Arquivo hosts (1)
~ O arquivo hosts é legítimo (1)


---\\  Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Explorer ( Arquivos, Pastas) (18)
MOVIDO pasta: C:\Windows\temp\lsass.exe    =>Heuristic.Suspect
MOVIDO pasta: C:\Windows\temp\svchost.exe    =>Heuristic.Suspect
MOVIDO pasta: C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_popcorntime-online.io_0.localstorage    =>.Superfluous.PopcornTime
MOVIDO pasta: C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_popcorntime-online.io_0.localstorage-journal    =>.Superfluous.PopcornTime
MOVIDO pasta: C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage    =>PUP.Optional.Generic
MOVIDO pasta: C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal    =>PUP.Optional.Generic
MOVIDO pasta: C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage    =>PUP.Optional.Chatango
MOVIDO pasta: C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage-journal    =>PUP.Optional.Chatango
MOVIDO pasta: C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.com.br_0.localstorage    =>.Superfluous.Softonic
MOVIDO pasta: C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.com.br_0.localstorage-journal    =>.Superfluous.Softonic
MOVIDO pasta: C:\Windows\AutoKMS\AutoKMS.exe [CODYQX4 - AutoKMS]  =>HackTool.AutoKMS
MOVIDO pasta: C:\Windows\AutoKMS\AutoKMS.log    =>HackTool.AutoKMS
MOVIDO arquivo: C:\ProgramData\Microsoft Toolkit  =>HackTool.AutoKMS
MOVIDO arquivo: C:\Windows\AutoKMS  =>HackTool.AutoKMS
MOVIDO arquivo: C:\Users\Henrique\Downloads\PopcornTime  =>.Superfluous.PopcornTime
MOVIDO arquivo: C:\Users\Henrique\AppData\Local\PopcornTimeDesktop  =>.Superfluous.PopcornTime
MOVIDO arquivo: C:\Users\Henrique\AppData\Local\Temp\scoped_dir_2896_14622  =>.Superfluous.Temporary.Steam
MOVIDO arquivo: C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\File System\008  =>PUP.Optional.DomaIQ


---\\  Registro ( Chaves, Valores, Dados ) (17)
SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-3108107671-957423610-2852066713-1000\SOFTWARE\Popcorn Time []  =>.Superfluous.PopcornTime
SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-3108107671-957423610-2852066713-1000\SOFTWARE\PopcornTime []  =>.Superfluous.PopcornTime
SUPRIMIDO chave: HKCU\Software\Popcorn Time []  =>.Superfluous.PopcornTime
SUPRIMIDO chave: HKCU\Software\PopcornTime []  =>.Superfluous.PopcornTime
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\CscService []  =>.Superfluous.PCSpeedUp
SUPRIMIDO valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{9CA14AE0-23EF-437A-BF88-2680843F04B8} [C:\Program Files (x86)\Popcorn Time\Updater.exe]  =>.Superfluous.PopcornTime
SUPRIMIDO valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{BE712295-3F51-4C0C-AB4E-7CD31F79DE13} [C:\Program Files (x86)\Popcorn Time\Updater.exe]  =>.Superfluous.PopcornTime
SUPRIMIDO valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{721378E4-08A3-4A14-9A73-D8633C71CF3A} [C:\Program Files (x86)\Popcorn Time\Updater.exe]  =>.Superfluous.PopcornTime
SUPRIMIDO valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{57DDAF3B-C209-46B8-9F1D-8AA2BCDBFFE6} [C:\Program Files (x86)\Popcorn Time\Updater.exe]  =>.Superfluous.PopcornTime
SUPRIMIDO valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{2009ED05-1BDD-44C2-B730-19954FD045DE} [C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe]  =>.Superfluous.PopcornTime
SUPRIMIDO valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{A68A2C8A-A967-494F-86B1-ED654A788FBF} [C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe]  =>.Superfluous.PopcornTime
SUPRIMIDO valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{58D52172-E544-469B-A6CD-B9B5EAFF3ED4} [C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe]  =>.Superfluous.PopcornTime
SUPRIMIDO valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{BA703674-2F9F-4377-AD0D-D44B23568154} [C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe]  =>.Superfluous.PopcornTime
SUPRIMIDO valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{B02DD899-4FFD-4CC0-80EB-F81D5163ACE8} [C:\Program Files (x86)\Popcorn Time\chromecast\node.exe]  =>.Superfluous.PopcornTime
SUPRIMIDO valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{263C8ED2-F116-4915-A6D8-03168A0D9308} [C:\Program Files (x86)\Popcorn Time\chromecast\node.exe]  =>.Superfluous.PopcornTime
SUPRIMIDO valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{38808742-A243-4090-B188-46F8DC73FE80} [C:\Program Files (x86)\Popcorn Time\chromecast\node.exe]  =>.Superfluous.PopcornTime
SUPRIMIDO valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{1BE7F44B-DEB9-45F8-904E-515F832349CD} [C:\Program Files (x86)\Popcorn Time\chromecast\node.exe]  =>.Superfluous.PopcornTime


---\\  Resumo dos elementos encontrados na sua estação de trabalho (9)
https://www.anti-malware.top/2016/04/22/heuristic-suspect/  =>Heuristic.Suspect
https://www.anti-malware.top/2016/09/28/superfluous-popcorntime/  =>.Superfluous.PopcornTime
https://www.anti-malware.top/2016/05/01/definition-dun-logiciel-pup-lpi/  =>PUP.Optional.Generic
https://www.nicolascoolman.com/fr/repaquetage-et_infections/  =>PUP.Optional.Chatango
https://www.nicolascoolman.com/fr/logiciels-superflus  =>.Superfluous.Softonic
https://www.anti-malware.top/2016/05/04/hacktool-autokms/  =>HackTool.AutoKMS
https://www.nicolascoolman.com/fr/logiciels-superflus  =>.Superfluous.Temporary.Steam
https://www.nicolascoolman.com/fr/adware-domaiq/  =>PUP.Optional.DomaIQ
https://www.nicolascoolman.com/fr/superfluous-pcspeeduppro/  =>.Superfluous.PCSpeedUp


---\\  Dodatkowe oczyszczenie. (25)
~ Chave de registro Tracing Supprimido (25)
~ Remover os relatórios antigos ZHPCleaner. (0)


---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Opera Software)


---\\ Estatísticas
~ Items scan : 600
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 35


~ End of clean in 00h00mn37s
~====================
ZHPCleaner-[R]-19112016-11_15_04.txt
ZHPCleaner--19112016-11_10_05.txt
 

adicionado 3 minutos depois

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Professional x64 
Ran by Henrique (Administrator) on 19/11/2016 at 10:50:17,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 16 

Successfully deleted: C:\Users\Henrique\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Henrique\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XMYLTUP (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Henrique\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54GT8FQN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Henrique\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Henrique\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6N462T9R (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Henrique\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8WYY51A0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Henrique\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Henrique\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XMYLTUP (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54GT8FQN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6N462T9R (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8WYY51A0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 

Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/11/2016 at 10:53:03,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Editado por Henrique Miranda

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Henrique Miranda

 

O svchost é um processo legítimo. ;)

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop).


32 bit (x86) ou 64 bit (x64)

 

  • Clique duas vezes para executar a ferramenta.
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
  • Marque a caixa Arquivos 90 dias,  e clique no botão Examinar.
  • Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop).
  • Selecione, copie e cole o conteúdo do log  FRST.txt em sua próxima resposta.
  • Anexe o log Addition.txt

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego,

 

Mesmo o processo consumindo todo o recurso da CPU e não tendo nenhum serviço vinculado a ele?

 

FRST.txt

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 19-11-2016 01
Executado por Henrique (administrador) em FULLDELL (20-11-2016 09:13:29)
Executando a partir de C:\Users\Henrique\Desktop
Perfis Carregados: Henrique (Perfis Disponíveis: Henrique & MSSQLSERVER)
Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
() C:\Windows\temp\lsass.exe
() C:\Windows\temp\svchost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registro (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2806512 2014-04-09] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-05-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  Nenhum Arquivo
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  Nenhum Arquivo
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  Nenhum Arquivo

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B4DDC843-11A1-4DA3-B475-A73DA7086CFB}: [DhcpNameServer] 10.30.0.158 10.30.0.155
Tcpip\..\Interfaces\{EA81F0A5-59F0-4B85-9DF2-5B944DB01B51}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3108107671-957423610-2852066713-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3108107671-957423610-2852066713-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3108107671-957423610-2852066713-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKU\S-1-5-21-3108107671-957423610-2852066713-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-25] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-25] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Henrique\AppData\Roaming\Mozilla\Firefox\Profiles\j1x4nlm9.default-1469216977359 [2016-11-19]
FF Session Restore: Mozilla\Firefox\Profiles\j1x4nlm9.default-1469216977359 -> está habilitado.
FF Extension: (MEGA) - C:\Users\Henrique\AppData\Roaming\Mozilla\Firefox\Profiles\j1x4nlm9.default-1469216977359\Extensions\firefox@mega.co.nz.xpi [2016-08-28]
FF Extension: (Adblock Plus) - C:\Users\Henrique\AppData\Roaming\Mozilla\Firefox\Profiles\j1x4nlm9.default-1469216977359\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-09]
FF Extension: (DownThemAll!) - C:\Users\Henrique\AppData\Roaming\Mozilla\Firefox\Profiles\j1x4nlm9.default-1469216977359\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-10-13]
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)

Chrome: 
=======
CHR Session Restore: Default -> está habilitado.
CHR Profile: C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default [2016-11-20]
CHR Extension: (Google Apresentações) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-07]
CHR Extension: (Google Docs) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-07]
CHR Extension: (Lucidchart Diagrams - Online) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn [2016-05-07]
CHR Extension: (Google Drive) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-07]
CHR Extension: (ColorZilla) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2016-05-07]
CHR Extension: (YouTube) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-07]
CHR Extension: (Google Cast) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-11-20]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2016-11-18]
CHR Extension: (Redmine Issue Timer) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpdgfeieiefjnnakjibhdfaldeaahlpa [2016-05-07]
CHR Extension: (Planilhas do Google) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-07]
CHR Extension: (Causality Games) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2016-05-07]
CHR Extension: (Documentos Google off-line) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-07]
CHR Extension: (AdBlock) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-08]
CHR Extension: (Creatures & Castles (Criaturas e Castelos)) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpeacgpdnhofhebmincihdelcemhagd [2016-05-07]
CHR Extension: (Skyrama) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap [2016-05-07]
CHR Extension: (Pocket Legends) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpdbcnfpodnaefldpdohoibdajcfabp [2016-10-12]
CHR Extension: (Curling) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhalnajmigjnpjpdbpkpgfhekbjmolhp [2016-05-07]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-07]
CHR Extension: (Gmail) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-07]
CHR Extension: (Chrome Media Router) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-27]

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [323200 2015-01-04] (Windows (R) Win 7 DDK provider) [Arquivo não assinado]
S4 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
S3 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2014-05-13] (Atheros) [Arquivo não assinado]

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2015-01-04] (Qualcomm Atheros)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [119712 2016-04-18] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [192352 2016-04-18] (Oracle Corporation)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
R3 WirelessKeyboardFilter; C:\Windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation)
R1 XQHDrv; C:\Windows\System32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-11-20 09:13 - 2016-11-20 09:13 - 00013643 _____ C:\Users\Henrique\Desktop\FRST.txt
2016-11-20 09:13 - 2016-11-20 09:13 - 00000000 ____D C:\FRST
2016-11-20 08:56 - 2016-11-20 08:56 - 02413056 _____ (Farbar) C:\Users\Henrique\Desktop\FRST64.exe
2016-11-19 11:10 - 2016-11-19 11:15 - 00007792 _____ C:\Users\Henrique\Desktop\ZHPCleaner.txt
2016-11-19 10:58 - 2016-11-19 11:15 - 00000000 ____D C:\Users\Henrique\AppData\Roaming\ZHP
2016-11-19 10:58 - 2016-11-19 10:58 - 00000795 _____ C:\Users\Henrique\Desktop\ZHPCleaner.lnk
2016-11-19 10:57 - 2016-11-19 10:57 - 02508800 _____ C:\Users\Henrique\Desktop\ZHPCleaner.exe
2016-11-19 10:53 - 2016-11-19 10:53 - 00003206 _____ C:\Users\Henrique\Documents\JRT.txt
2016-11-19 10:53 - 2016-11-19 10:53 - 00003206 _____ C:\Users\Henrique\Desktop\JRT.txt
2016-11-19 10:46 - 2016-11-19 10:46 - 00000008 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-11-19 10:46 - 2016-11-19 10:46 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-11-19 10:43 - 2016-11-19 10:46 - 00000000 ____D C:\AdwCleaner
2016-11-18 11:58 - 2016-11-18 11:58 - 03910208 _____ C:\Users\Henrique\Desktop\adwcleaner_6.030.exe
2016-11-18 11:58 - 2016-11-18 11:58 - 01631928 _____ (Malwarebytes) C:\Users\Henrique\Desktop\JRT.exe
2016-11-06 22:30 - 2016-11-06 22:30 - 00017315 _____ C:\ZA-Scan.txt
2016-11-06 14:51 - 2016-11-06 14:51 - 00025875 _____ C:\Users\Henrique\Documents\ZA-Scan.txt
2016-11-06 12:35 - 2016-11-06 12:35 - 00000000 ____D C:\zoek_backup
2016-11-06 12:34 - 2016-11-06 12:34 - 01370112 _____ C:\Users\Henrique\Downloads\ZA-Scan.exe
2016-11-05 08:53 - 2016-11-05 08:53 - 00000000 ____D C:\Users\Henrique\Downloads\Xeno-Save-Editor
2016-11-05 08:52 - 2016-11-05 08:52 - 00887820 _____ C:\Users\Henrique\Downloads\Xeno-Save-Editor.rar
2016-11-03 16:54 - 2016-11-03 16:54 - 00012298 _____ C:\ComboFix.txt
2016-11-03 16:50 - 2016-11-03 16:50 - 00283176 _____ C:\Windows\Minidump\110316-13135-01.dmp
2016-11-03 16:42 - 2016-11-03 16:54 - 00000000 ____D C:\Qoobox
2016-11-03 16:42 - 2016-11-03 16:53 - 00000000 ____D C:\Windows\erdnt
2016-11-03 16:42 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe
2016-11-03 16:42 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe
2016-11-03 16:42 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-11-03 16:42 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-11-03 16:42 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-11-03 16:42 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe
2016-11-03 16:42 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe
2016-11-03 16:42 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe
2016-11-03 16:40 - 2016-11-03 16:41 - 05658651 _____ (Swearware) C:\Users\Henrique\Downloads\ComboFix.exe
2016-10-31 17:54 - 2016-11-03 16:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-24 18:15 - 2016-10-24 18:15 - 00493646 _____ C:\Users\Henrique\Downloads\legendas_tv_20160430143941000000.rar
2016-10-22 15:11 - 2016-10-22 15:11 - 00283344 _____ C:\Windows\Minidump\102216-13603-01.dmp
2016-10-13 21:27 - 2016-10-13 21:27 - 00000000 ____D C:\Users\Henrique\Downloads\c7200-jk9s-mz.124-13b.bin
2016-10-13 21:26 - 2016-11-03 21:43 - 00000000 ____D C:\Users\Henrique\AppData\Roaming\GNS3
2016-10-13 21:26 - 2016-10-13 21:29 - 00000000 ____D C:\Users\Henrique\GNS3
2016-10-13 21:24 - 2016-10-13 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GNS3
2016-10-13 21:18 - 2016-10-13 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-10-13 21:18 - 2016-10-13 21:18 - 00000000 ____D C:\Program Files (x86)\WinPcap
2016-10-13 21:17 - 2016-10-13 21:24 - 00000000 ____D C:\Program Files\GNS3
2016-10-13 21:16 - 2016-10-13 21:16 - 00000000 ____D C:\d89642940598a6a68e
2016-10-13 21:15 - 2015-07-18 10:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-10-13 21:15 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-10-13 21:09 - 2016-10-13 21:10 - 31133872 _____ C:\Users\Henrique\Downloads\c7200-jk9s-mz.124-13b.bin.zip
2016-10-13 21:03 - 2016-10-13 21:03 - 01034556 _____ C:\Users\Henrique\Downloads\Windows6.1-KB2999226-x64.msu
2016-10-13 21:01 - 2016-10-13 21:01 - 52361376 _____ C:\Users\Henrique\Downloads\GNS3-1.5.2-all-in-one.exe
2016-10-09 23:39 - 2016-10-09 23:39 - 00000000 ____D C:\Users\Henrique\AppData\Local\BANDAI NAMCO Games
2016-10-05 20:29 - 2016-10-05 20:29 - 00545951 _____ C:\Users\Henrique\Downloads\organograma_abril_2016.pdf
2016-10-05 17:21 - 2016-10-05 17:21 - 00376043 _____ C:\Users\Henrique\Downloads\legendas_tv_20160917201106000000.rar
2016-10-05 17:17 - 2016-10-05 17:17 - 00627178 _____ C:\Users\Henrique\Downloads\legendas_tv_20160928232138000000.rar
2016-10-05 16:33 - 2016-10-05 16:34 - 00093242 _____ C:\Users\Henrique\Downloads\legendas_tv_20160922054746000000.rar
2016-10-05 16:28 - 2016-10-05 16:28 - 00164075 _____ C:\Users\Henrique\Downloads\legendas_tv_20161002143910000000.rar
2016-09-28 15:12 - 2016-09-28 15:12 - 00000000 ____D C:\Users\Henrique\Documents\Modelos Personalizados do Office
2016-09-22 15:42 - 2016-09-22 15:42 - 00000000 ____D C:\Users\Henrique\AppData\Roaming\Steam
2016-09-22 15:30 - 2016-09-22 15:30 - 00003132 _____ C:\Windows\System32\Tasks\Origin
2016-09-22 15:30 - 2016-09-22 15:30 - 00000000 ___HD C:\Users\Henrique\AppData\Roaming\Origin
2016-09-22 15:30 - 2016-09-22 15:30 - 00000000 ___HD C:\Users\Henrique\AppData\Roaming\GoogleUpp
2016-09-22 15:11 - 2016-09-22 15:39 - 00000000 ____D C:\Program Files (x86)\LEGO STAR WARS The Force Awakens
2016-09-21 23:10 - 2016-09-21 23:10 - 00000000 ____D C:\Users\Henrique\AppData\Local\LucasArts
2016-09-20 10:29 - 2016-09-19 15:14 - 00000000 ____D C:\Users\Henrique\Downloads\PokemonGo-Bot-master
2016-09-15 16:01 - 2016-09-15 16:02 - 00000000 ____D C:\Users\Henrique\Downloads\BPGM_v0.1.2-alpha.2
2016-09-15 16:00 - 2016-09-15 16:01 - 05215301 _____ C:\Users\Henrique\Downloads\BPGM_v0.1.2-alpha.2.zip
2016-09-13 15:14 - 2016-09-24 12:36 - 00000000 ____D C:\Users\Henrique\.android
2016-09-13 15:13 - 2016-09-13 15:13 - 00000000 ____D C:\Users\Henrique\Nox_share
2016-09-13 15:13 - 2016-09-13 15:13 - 00000000 ____D C:\Users\Henrique\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
2016-09-13 15:12 - 2016-09-24 12:35 - 00000000 ____D C:\Users\Henrique\vmlogs
2016-09-13 15:12 - 2016-09-24 12:35 - 00000000 ____D C:\Users\Henrique\.BigNox
2016-09-13 15:12 - 2015-09-16 03:07 - 00127432 _____ (BigNox Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2016-09-13 15:11 - 2016-09-13 15:11 - 00000000 ____D C:\Program Files\DIFX
2016-09-13 15:11 - 2015-09-16 00:29 - 00253384 _____ (BigNox Corporation) C:\Windows\system32\Drivers\XQHDrv.sys
2016-09-13 15:10 - 2016-09-24 13:59 - 00000000 ____D C:\Users\Henrique\AppData\Local\Nox
2016-09-13 15:10 - 2016-09-13 15:12 - 00000000 ____D C:\Program Files\Bignox
2016-09-13 15:10 - 2016-09-13 15:10 - 00000000 ____D C:\Users\Henrique\AppData\Roaming\Nox
2016-09-10 18:21 - 2016-09-10 10:44 - 00000000 ____D C:\Users\Henrique\Downloads\PokemonGo-Bot-master_42
2016-09-10 18:20 - 2016-09-20 10:28 - 24039631 _____ C:\Users\Henrique\Downloads\PokemonGo-Bot-master.zip
2016-09-10 18:20 - 2016-09-14 10:01 - 12142042 _____ C:\Users\Henrique\Downloads\PokemonGo-Bot-master_42.zip
2016-09-10 18:20 - 2016-09-10 18:21 - 10966558 _____ C:\Users\Henrique\Downloads\PokemonGo-Bot-master__.zip
2016-09-01 14:58 - 2016-09-01 14:58 - 00023652 _____ C:\Users\Henrique\Documents\SUAP_ Sistema Unificado de Administração Pública.pdf
2016-08-31 18:36 - 2016-08-31 18:42 - 06143308 _____ C:\Users\Henrique\Downloads\PokemonGo-Bot-master_12.zip
2016-08-31 12:29 - 2016-08-31 12:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMT-MAX.ORG
2016-08-31 12:16 - 2016-08-31 12:16 - 00000000 ____D C:\Program Files (x86)\GMT-MAX.ORG
2016-08-30 23:25 - 2016-08-31 13:15 - 00000000 ____D C:\Users\Todos os Usuários\Steam
2016-08-30 23:25 - 2016-08-31 13:15 - 00000000 ____D C:\ProgramData\Steam
2016-08-30 20:26 - 2016-08-30 20:27 - 00199509 _____ C:\Users\Henrique\Downloads\legendas_tv_20160830105221000000.rar
2016-08-30 17:08 - 2016-08-30 17:08 - 00188295 _____ C:\Users\Henrique\Downloads\legendas_tv_20160515141602000000.rar
2016-08-30 08:37 - 2016-09-24 18:10 - 00000000 ____D C:\Users\Henrique\AppData\Roaming\TeamViewer
2016-08-30 08:32 - 2016-08-30 08:33 - 08140224 _____ (TeamViewer) C:\Users\Henrique\Downloads\TeamViewerQS_pt-tkh.exe
2016-08-30 01:34 - 2016-08-30 01:34 - 00188340 _____ C:\Users\Henrique\Downloads\legendas_tv_20151030032251.rar
2016-08-30 01:33 - 2016-08-30 01:33 - 00191487 _____ C:\Users\Henrique\Downloads\legendas_tv_20160710201646000000.rar
2016-08-30 00:08 - 2016-08-30 00:09 - 02049653 _____ C:\Users\Henrique\Downloads\npp.6.9.2.bin.7z
2016-08-29 15:24 - 2016-08-29 15:24 - 06135446 _____ C:\Users\Henrique\Downloads\PokemonGo-Bot-master(1).zip
2016-08-28 22:28 - 2016-08-29 16:40 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2016-08-28 18:04 - 2016-08-28 18:04 - 00024233 _____ C:\Users\Henrique\Downloads\legendas_tv_20151127234841.rar
2016-08-28 17:10 - 2016-08-28 17:10 - 06132528 _____ C:\Users\Henrique\Downloads\PokemonGo-Bot-master_10.zip
2016-08-28 16:49 - 2016-08-28 16:49 - 00000000 _____ C:\Users\Henrique\Downloads\LBBG.part1.rar
2016-08-28 13:58 - 2016-08-28 13:58 - 00000000 ____D C:\Users\Henrique\AppData\Local\Mega Limited
2016-08-28 13:57 - 2016-08-28 14:01 - 00000000 ____D C:\Users\Henrique\AppData\Local\MEGAsync
2016-08-26 15:30 - 2016-08-26 15:30 - 06255262 _____ C:\Users\Henrique\Downloads\PokemonGo-Bot-master_.zip
2016-08-26 15:30 - 2016-08-26 11:30 - 00000000 ____D C:\Users\Henrique\Downloads\PokemonGo-Bot-master_
2016-08-26 13:51 - 2016-09-21 10:13 - 00000000 ____D C:\Users\Henrique\AppData\Local\GMap.NET
2016-08-26 13:50 - 2016-09-20 10:32 - 00000000 ____D C:\Users\Henrique\AppData\Local\PokemonGo
2016-08-23 21:11 - 2016-08-23 21:11 - 01090502 _____ C:\Users\Henrique\Documents\bank-slip.pdf
2016-08-23 20:44 - 2016-08-31 13:02 - 00000000 ____D C:\temp

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-11-20 08:38 - 2009-07-14 01:45 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-20 08:38 - 2009-07-14 01:45 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-20 08:37 - 2009-07-14 14:55 - 00792338 _____ C:\Windows\system32\prfh0416.dat
2016-11-20 08:37 - 2009-07-14 14:55 - 00180822 _____ C:\Windows\system32\prfc0416.dat
2016-11-20 08:37 - 2009-07-14 02:13 - 01879598 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-20 08:37 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-11-20 08:31 - 2016-05-07 16:04 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-20 08:31 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-19 11:26 - 2016-05-07 16:04 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-19 10:48 - 2016-05-19 18:24 - 00003756 _____ C:\Windows\System32\Tasks\AutoKMS
2016-11-18 14:16 - 2016-07-12 10:34 - 00001992 ____H C:\Users\Henrique\Documents\Default.rdp
2016-11-10 22:18 - 2016-05-07 15:59 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-11-10 20:27 - 2016-05-07 16:05 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-08 19:06 - 2009-07-14 02:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-11-05 11:26 - 2016-05-08 10:39 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-03 21:43 - 2016-05-07 16:03 - 00000000 ____D C:\Users\Henrique\.VirtualBox
2016-11-03 16:51 - 2009-07-13 23:34 - 00000215 _____ C:\Windows\system.ini
2016-11-03 16:50 - 2016-07-26 16:51 - 00000000 ____D C:\Windows\Minidump
2016-11-03 16:49 - 2016-07-26 16:51 - 548388383 _____ C:\Windows\MEMORY.DMP
2016-11-03 16:32 - 2016-06-20 20:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-02 18:05 - 2016-05-11 17:31 - 00000000 ____D C:\Users\Henrique\AppData\Local\CrashDumps
2016-11-01 21:58 - 2016-05-07 16:04 - 00000000 ____D C:\Users\Henrique\AppData\Local\Google
2016-10-31 21:59 - 2016-05-07 13:02 - 00000000 ____D C:\Users\Henrique\Documents\Bluetooth Folder
2016-10-30 11:47 - 2016-07-15 21:08 - 00000000 ____D C:\Users\Henrique\AppData\Roaming\uTorrent
2016-10-29 17:08 - 2016-05-14 10:39 - 00977328 _____ C:\Windows\ntbtlog.txt
2016-10-28 19:09 - 2016-05-10 23:14 - 00007593 _____ C:\Users\Henrique\AppData\Local\Resmon.ResmonCfg
2016-10-21 18:18 - 2009-07-14 02:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Arquivos na raiz de alguns diretórios =======

2016-05-09 10:31 - 2016-08-15 18:01 - 0000600 _____ () C:\Users\Henrique\AppData\Roaming\winscp.rnd
2016-05-09 10:31 - 2016-08-15 17:50 - 0000600 _____ () C:\Users\Henrique\AppData\Local\PUTTY.RND
2016-05-10 23:14 - 2016-10-28 19:09 - 0007593 _____ () C:\Users\Henrique\AppData\Local\Resmon.ResmonCfg

Arquivos para serem movidos ou deletados:
====================
C:\Users\Henrique\AppData\Roaming\Origin\update.vbe


Alguns arquivos em TEMP:
====================
C:\Users\Henrique\AppData\Local\Temp\libeay32.dll
C:\Users\Henrique\AppData\Local\Temp\msvcr120.dll
C:\Users\Henrique\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Henrique\AppData\Local\Temp\sfareca00001.dll
C:\Users\Henrique\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-11-15 19:47

==================== Fim de FRST.txt ============================

Addition.txt

adicionado 7 minutos depois

@diego_moicano,

 

Não sei se tem algo haver, mas dando uma olhada no log, observei dois processo que não tem serviços vinculados a eles e que ao finalizar os mesmos o Note volta ao normal...

São eles:

  • lsass.exe (C:\Windows\temp\lsass.exe)
  • svchost.exe (C:\Windows\temp\svchost.exe)

Grato

Editado por Henrique Miranda

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Henrique Miranda

 

Sim, agora com o log ficou mais claro! ;)

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está abaixo:

 

Citação

CreateRestorePoint:
CloseProcesses:

() C:\Windows\temp\lsass.exe
() C:\Windows\temp\svchost.exe
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  Nenhum Arquivo
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  Nenhum Arquivo
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  Nenhum Arquivo
HKU\S-1-5-21-3108107671-957423610-2852066713-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3108107671-957423610-2852066713-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3108107671-957423610-2852066713-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-3108107671-957423610-2852066713-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\Henrique\AppData\Local\Temp\libeay32.dll
C:\Users\Henrique\AppData\Local\Temp\msvcr120.dll
C:\Users\Henrique\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Henrique\AppData\Local\Temp\sfareca00001.dll
C:\Users\Henrique\AppData\Local\Temp\sqlite3.dll
Task: {7EEADB55-B320-45FB-91FD-E21AEDDBAAA2} - System32\Tasks\Origin => C:\Users\Henrique\AppData\Roaming\Origin\update.vbe [2016-09-22] () <==== ATENÇÃO
C:\Users\Henrique\AppData\Roaming\Origin\update.vbe
2016-11-19 11:20 - 2016-11-20 08:31 - 02614784 _____ () C:\Windows\temp\lsass.exe
2016-11-19 11:20 - 2016-11-20 08:32 - 01563136 _____ () C:\Windows\temp\svchost.exe

CMD:ipconfig /flushdns
EmptyTemp:

 

  • Salve este arquivo na Área de Trabalho (Desktop) como fixlist.txt
  • Execute novamente o FRST e clique no botão Corrigir;
  • Aguarde... ao final será gerado o log Fixlog.txt em sua Área de Trabalho (Desktop).
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá @diego_moicano,

 

Acho que agora deu certo!!!

 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 19-11-2016 01
Executado por Henrique (23-11-2016 13:41:09) Run:1
Executando a partir de C:\Users\Henrique\Desktop
Perfis Carregados: Henrique (Perfis Disponíveis: Henrique & MSSQLSERVER)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
() C:\Windows\temp\lsass.exe
() C:\Windows\temp\svchost.exe
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  Nenhum Arquivo
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  Nenhum Arquivo
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  Nenhum Arquivo
HKU\S-1-5-21-3108107671-957423610-2852066713-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3108107671-957423610-2852066713-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3108107671-957423610-2852066713-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-3108107671-957423610-2852066713-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\Henrique\AppData\Local\Temp\libeay32.dll
C:\Users\Henrique\AppData\Local\Temp\msvcr120.dll
C:\Users\Henrique\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Henrique\AppData\Local\Temp\sfareca00001.dll
C:\Users\Henrique\AppData\Local\Temp\sqlite3.dll
Task: {7EEADB55-B320-45FB-91FD-E21AEDDBAAA2} - System32\Tasks\Origin => C:\Users\Henrique\AppData\Roaming\Origin\update.vbe [2016-09-22] () <==== ATENÇÃO
C:\Users\Henrique\AppData\Roaming\Origin\update.vbe
2016-11-19 11:20 - 2016-11-20 08:31 - 02614784 _____ () C:\Windows\temp\lsass.exe
2016-11-19 11:20 - 2016-11-20 08:32 - 01563136 _____ () C:\Windows\temp\svchost.exe
CMD:ipconfig /flushdns
EmptyTemp:
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
C:\Windows\temp\lsass.exe => Não foi encontrado em execução o processo
C:\Windows\temp\svchost.exe => Não foi encontrado em execução o processo
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => valor removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending)" => chave removido (a) com sucesso.
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => chave não encontrado (a). 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced)" => chave removido (a) com sucesso.
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => chave não encontrado (a). 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing)" => chave removido (a) com sucesso.
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => chave não encontrado (a). 
"HKU\S-1-5-21-3108107671-957423610-2852066713-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => chave removido (a) com sucesso.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => valor removido (a) com sucesso.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => valor removido (a) com sucesso.
HKU\S-1-5-21-3108107671-957423610-2852066713-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso
HKU\S-1-5-21-3108107671-957423610-2852066713-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
HKU\S-1-5-21-3108107671-957423610-2852066713-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
catchme => serviço removido (a) com sucesso.
C:\Users\Henrique\AppData\Local\Temp\libeay32.dll => movido com sucesso
C:\Users\Henrique\AppData\Local\Temp\msvcr120.dll => movido com sucesso
C:\Users\Henrique\AppData\Local\Temp\sfamcc00001.dll => movido com sucesso
C:\Users\Henrique\AppData\Local\Temp\sfareca00001.dll => movido com sucesso
C:\Users\Henrique\AppData\Local\Temp\sqlite3.dll => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7EEADB55-B320-45FB-91FD-E21AEDDBAAA2}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EEADB55-B320-45FB-91FD-E21AEDDBAAA2}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\Origin => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => chave removido (a) com sucesso.
C:\Users\Henrique\AppData\Roaming\Origin\update.vbe => movido com sucesso
C:\Windows\temp\lsass.exe => movido com sucesso
C:\Windows\temp\svchost.exe => movido com sucesso

========= ipconfig /flushdns =========


Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 120115741 B
Java, Flash, Steam htmlcache => 253442897 B
Windows/system/drivers => 1963559 B
Edge => 0 B
Chrome => 866489072 B
Firefox => 378770812 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 46890029 B
systemprofile32 => 84897 B
LocalService => 66228 B
NetworkService => 87382 B
Henrique => 31937694 B
MSSQLSERVER => 0 B

RecycleBin => 0 B
EmptyTemp: => 1.6 GB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 13:41:51 ====

Grato! :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Henrique Miranda

 

Baixe a Malwarebytes Anti-Malware (MBAM).
 
Clique duas vezes no mbam-setup.exe para instalar o programa.

  • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas..
  • Clique em Configurações, clique em Detecção e proteção, marque Verificar por Rootkits.
  • Volte ao Painel e por fim clique em Verificar agora.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Registros do aplicativo na janela principal do programa.
  • Clique duas vezes no log (Registro de verificação). Utilize o formato .txt para exportar o log.
  • O log de Proteção é desnecessário para a análise, exporte sempre o log correto.
  • Selecione, copie e cole o conteúdo deste log em sua próxima resposta.

 

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

@diego_moicano ,

 

Eis ai o log...

Malwarebytes Anti-Malware
www.malwarebytes.org

Data da verificação: 03/12/2016
Hora da verificação: 13:07
Arquivo de registro: mbam.txt
Administrador: Sim

Versão: 2.2.1.1043
Banco de dados de malware: v2016.12.03.06
Banco de dados de rootkit: v2016.11.20.01
Licença: Gratuita
Proteção contra malware: Desabilitado
Proteção contra website malicioso: Desabilitado
Autoproteção: Desabilitado

Sistema operacional: Windows 7 Service Pack 1
CPU: x64
Sistema de arquivos: NTFS
Usuário: Henrique

Tipo de verificação: Verificação da ameaça
Resultado: Concluído
Objetos verificados: 329831
Tempo decorrido: 13 min, 58 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

Processos: 0
(Nenhum item malicioso detectado)

Módulos: 0
(Nenhum item malicioso detectado)

Chaves de registro: 0
(Nenhum item malicioso detectado)

Valores de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Pastas: 0
(Nenhum item malicioso detectado)

Arquivos: 2
HackTool.AutoKMS, C:\Users\Henrique\AppData\Roaming\ZHP\Quarantine\AutoKMS.exe, Quarentena, [dd15b72b2a7094a2f8c894ae7b85827e], 
Trojan.BitCoinMiner, C:\Users\Henrique\AppData\Roaming\ZHP\Quarantine\svchost.exe, Quarentena, [955d28ba574341f56bcb4f536b98fc04], 

Setores físicos: 0
(Nenhum item malicioso detectado)


(end)

Grato

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Henrique Miranda

 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Stinger e salve em sua Área de trabalho (Desktop).
32 bit (x86) ou 64 bit (x64)

  • Execute o arquivo Stinger.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
  • Clique no botão “I Accept”


Stinger%20a.png

Na nova janela clique em “Advanced” e depois “Settings”

Stinger%20b.png

Na janela configurações deixe conforme imagem abaixo e clique no botão “Save”

9hnsyu.png

Clique em “Customize my Scan”

Stinger%20f.png

Selecione as unidades do sistema e em seguida clique no botão “Scan”

Stinger%20g.png

Ao final clique em “View log”, será aberto uma janela com o log em seu navegador.
Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×