Ir ao conteúdo
  • Cadastre-se
MTRAV93

Tela Azul com erro no fastfat.SYS (Antivírus Kasper não detectou infecção)

Recommended Posts

Meu Windows 7 Ultimate 64x vez ou outra aparece uma telinha azul e hoje ela apareceu com o seguinte erro (detalhe abaixo). Alguém poderia me dar uma força?
Ele trava às vezes, fica lento. Limpei os módulos de memória e tal, mas volta e meia a telinha azul me pega de surpresa. Meu antivírus (Kasper) não encontrou sinal de infecção. 

 

 

 

DETALHES DO PROBLEMA

 

ADDITIONAL_DEBUG_TEXT:  
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

MODULE_NAME: fastfat

FAULTING_MODULE: fffff80003053000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  58c2cc6e

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - A instru  o no 0x%08lx fez refer ncia   mem ria no 0x%08lx. A mem ria n o p de ser %s.

FAULTING_IP: 
fastfat+d538
fffff880`04a94538 448b4944        mov     r9d,dword ptr [rcx+44h]

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  0000000000000044

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
 0000000000000044 

ERROR_CODE: (NTSTATUS) 0xc0000005 - A instru  o no 0x%08lx fez refer ncia   mem ria no 0x%08lx. A mem ria n o p de ser %s.

BUGCHECK_STR:  0x1E_c0000005

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff800031d6d98 to fffff800030f74a0

STACK_TEXT:  
fffff880`09abe648 fffff800`031d6d98 : 00000000`0000001e ffffffff`c0000005 fffff880`04a94538 00000000`00000000 : nt+0xa44a0
fffff880`09abe650 00000000`0000001e : ffffffff`c0000005 fffff880`04a94538 00000000`00000000 00000000`00000044 : nt+0x183d98
fffff880`09abe658 ffffffff`c0000005 : fffff880`04a94538 00000000`00000000 00000000`00000044 fffff880`0a7ab001 : 0x1e
fffff880`09abe660 fffff880`04a94538 : 00000000`00000000 00000000`00000044 fffff880`0a7ab001 fffffa80`07cff873 : 0xffffffff`c0000005
fffff880`09abe668 00000000`00000000 : 00000000`00000044 fffff880`0a7ab001 fffffa80`07cff873 fffff800`030a6231 : fastfat+0xd538


STACK_COMMAND:  kb

FOLLOWUP_IP: 
fastfat+d538
fffff880`04a94538 448b4944        mov     r9d,dword ptr [rcx+44h]

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  fastfat+d538

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  fastfat.SYS

BUCKET_ID:  WRONG_SYMBOLS

Followup: MachineOwner
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

@MTRAV93

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • IMPORTANTE: Caso tenha programas de ativação do windows ou de compartilhamento de torrent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do forum;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas;
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Siga os passos abaixo:

ETAPA 1

Baixe o Malwarebytes Anti-Malware (MBAM) do link abaixo e salve no seu desktop.
https://downloads.malwarebytes.org/file/mbam_current/
 
Clique duas vezes no mbam-setup.exe e siga o solicitado para instalar o programa.

  • Na aba Análise > Analise Personalizada marque a opção Procurar rootkits e as entradas referente a instalação do sistema operacional. Normalmente é o drive C:;
  • Clique em Analisar Agora. Aguarde, pois o scan pode demorar;
  • Ao acabar o scan, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas ou Colocar em Quarentena;
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo);
  • Caso o mbam não seja executado automaticamente após a reinicialização, execute manualmente;
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Relatórios na janela principal do programa;
  • Clique duas vezes no log (Registro de verificação). Clique no botão Exportar e utilize o formato .txt para exportar o log. Salve na Área de Trabalho.


ATENÇÃO: Abra o arquivo, selecione tudo, copie e cole o conteúdo deste log em sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

ETAPA 2

Faça o download do AdwCleaner de um dos links abaixo e salve no desktop.
https://toolslib.net/downloads/viewdownload/1-adwcleaner/
http://www.bleepingcomputer.com/download/adwcleaner/

Clique em DOWNLOAD NOW para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em VRIfczU.png

Clique em VERIFICAR. Após o termino clique em LIMPAR e aguarde.

Será aberto o bloco de notas com o resultado.

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.
 

ETAPA 3


Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.


Faça o download do ZHPCleaner no link abaixo e salve em sua Área de trabalho (Desktop)

https://www.nicolascoolman.com/download/zhpcleaner/


Execute o arquivo ZHPCleaner.exe Como Administrador

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seguem os 3 relatórios:

 

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data do evento de proteção: 15/04/18
Hora do evento de proteção: 09:36
Arquivo de registro: 58c53fe0-3e85-11e8-af4f-00ff7034b73f.json
Administrador: Sim

-Informação do software-
Versão: 3.4.5.2467
Versão de componentes: 1.0.342
Versão do pacote de definições: 1.0.4714
Licença: Versão de Avaliação

-Informação do sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x64
Sistema de arquivos: NTFS
Usuário: System

-Detalhes do website bloqueado-
Website malicioso: 1
, , Bloqueado, [-1], [-1],0.0.0

-Dados do website-
Categoria: Malware
Domínio: www.guitars.ru
Endereço IP: 92.53.96.133
Porta: [54167]
Tipo: Saída
Arquivo: C:\Users\Mtrav93\AppData\Local\Google\Chrome\Application\chrome.exe

(end)

 

 

 

 

 

=========

# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build:    04-15-2018
# Database: 2018-04-11.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-15-2018
# Duration: 00:01:15
# OS:       Windows 7 Ultimate
# Cleaned:  4
# Failed:   1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKU\S-1-5-18\SOFTWARE\d48bdcb534bd49
Deleted       HKU\.DEFAULT\SOFTWARE\d48bdcb534bd49

***** [ Chromium (and derivatives) ] *****

Deleted       bbjciahceamgodcoidkjpchnokgfpphh

***** [ Chromium URLs ] *****

Deleted       Ask Brasil
Not Deleted   Ask Brasil

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************


########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

 

 

 

 

====================

~ ZHPCleaner v2018.4.14.66 by Nicolas Coolman (2018/04/14)
~ Run by Mtrav93 (Administrator)  (15/04/2018 23:06:26)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\Mtrav93\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Mtrav93\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)

---\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found. (ADS)

---\  Services (0)
~ No malicious or unnecessary items found. (Service)

---\  Browser internet (0)
~ No malicious or unnecessary items found. (Browser)

---\  Hosts file (1)
~ The hosts file is legitimate (27)

---\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found. (Task)

---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.

---\  Registry ( Key, Value, Data) (2)
DELETED key*: HKLM\SOFTWARE\Wow6432Node\Winmend []  =>.SUP.SunnyDigit
DELETED key: HKLM\SOFTWARE\Winmend []  =>.SUP.SunnyDigit

---\  Summary of the elements found (1)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.SunnyDigit

---\  Other deletions. (13)
~ Registry Keys Tracing deleted (13)
~ Remove the old reports ZHPCleaner. (0)

---\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)

---\ Statistics
~ Items scanned : 1113
~ Items found : 0
~ Items cancelled : 0
~ Items options : 0/7
~ Space saving (bytes) : 0
~ End of clean in 00h00mn21s

---\  Reports (1)
ZHPCleaner-[R]-16042018-10_06_47.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

@MTRAV93

 

Faça o download do RogueKiller by Tigzy, e salve na sua área de trabalho (Desktop).
roguekiller.exe (x64) << link

  • Feche todos os programas
  • Execute o RogueKiller.exe.
    ** Usuários do Windows Vista, Windows 7, 8, 8.1 e Windows 10:
    Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em VRIfczU.png.
  • Quando a janela da Eula aparecer, clique em Accept.
  • Selecione a aba SCAN
  • Clique em START SCAN
  • Aguarde ate que o scan termine...
  • Clique no botão OPEN REPORT
  • Clique na opção EXPORT TXT e salve na Área de Trabalho com o nome de roguekiller.txt
  • Clique em OK e feche o RogueKiller.


Atente para abrir o arquivo, copiar e colar todo o conteúdo na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue...

 

 

RogueKiller V12.12.13.0 (x64) [Apr 16 2018] (Free) por Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Site : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciou : Modo normal
Usuário : Mtrav93 [Administrador]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Modo : Escanear -- Data : 04/16/2018 14:42:34 (Duration : 00:51:27)

¤¤¤ Processos : 3 ¤¤¤
[PUP.HackTool|VT.Detected] KMS-R@1nHook.exe(4272) -- C:\Windows\KMS-R@1nHook.exe[-] -> Encontrado
[PUP.uTorrentAds|VT.Detected] utorrentie.exe(4768) -- C:\Users\Mtrav93\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe[7] -> Encontrado
[PUP.uTorrentAds|VT.Detected] utorrentie.exe(5000) -- C:\Users\Mtrav93\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe[7] -> Encontrado

¤¤¤ Registro : 18 ¤¤¤
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMS-R@1n (C:\Windows\KMS-R@1n.exe) -> Encontrado
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\KMS-R@1n (C:\Windows\KMS-R@1n.exe) -> Encontrado
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Encontrado
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{629806E0-69F0-44D6-ABE8-8023CFDD338C} | DhcpNameServer : 172.20.10.1 ([])  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{629806E0-69F0-44D6-ABE8-8023CFDD338C} | DhcpNameServer : 172.20.10.1 ([])  -> Encontrado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{AA367EDD-EAEB-43B8-BBE5-2F8CE680A8E9}C:\windows\kmsemulator.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\windows\kmsemulator.exe|Name=KMSEmulator|Desc=KMSEmulator|Defer=User| [x] -> Encontrado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{C64A9C59-8304-441E-86AB-1BABFB5EFFE3}C:\windows\kmsemulator.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\windows\kmsemulator.exe|Name=KMSEmulator|Desc=KMSEmulator|Defer=User| [x] -> Encontrado
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2264B4CF-820D-4852-8E52-C9E5290A43D1} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| [x] -> Encontrado
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4DEC1F22-5DF4-4743-B70D-B20BDA4A7092} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| [x] -> Encontrado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{AA367EDD-EAEB-43B8-BBE5-2F8CE680A8E9}C:\windows\kmsemulator.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\windows\kmsemulator.exe|Name=KMSEmulator|Desc=KMSEmulator|Defer=User| [x] -> Encontrado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{C64A9C59-8304-441E-86AB-1BABFB5EFFE3}C:\windows\kmsemulator.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\windows\kmsemulator.exe|Name=KMSEmulator|Desc=KMSEmulator|Defer=User| [x] -> Encontrado
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2264B4CF-820D-4852-8E52-C9E5290A43D1} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| [x] -> Encontrado
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4DEC1F22-5DF4-4743-B70D-B20BDA4A7092} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| [x] -> Encontrado
[PUP.HackTool|VT.Detected] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OSppSvc.exe | Debugger : KMS-R@1nHook.exe [-] -> Encontrado
[PUP.HackTool|VT.Detected] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppSvc.exe | Debugger : KMS-R@1nHook.exe [-] -> Encontrado
[PUP.HackTool|VT.Detected] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OSppSvc.exe | Debugger : KMS-R@1nHook.exe [-] -> Encontrado
[PUP.HackTool|VT.Detected] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppSvc.exe | Debugger : KMS-R@1nHook.exe [-] -> Encontrado

¤¤¤ Tarefas : 1 ¤¤¤
[Hj.Name] \MindManagerV18 Notifications Check {S-1-5-21-3915900886-2842767957-3865804-1000} -- rundll32.exe ("C:\Program Files\Mindjet\MindManager 18\MmProductNotifications.dll",InvokeNotificationsShellable) -> Encontrado

¤¤¤ Arquivos : 5 ¤¤¤
[PUP.HackTool][Arquivo] C:\Windows\KMS-R@1nHook.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\Mtrav93\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\Mtrav93\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\Mtrav93\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\Mtrav93\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe -> Encontrado

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

¤¤¤ Navegadores : 1 ¤¤¤
[PUM.Proxy][Firefox:Config] wmnwb9k0.default : user_pref("network.proxy.type", 2); -> Encontrado

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AVCS-632DY1 ATA Device +++++
--- User ---
[MBR] 181e00dfcffd6dd7a6e7b582a270a686
[BSP] 316c489727e81e4c13e71aef77efc9e1 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 220996 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 452808090 | Size: 255839 MB
User = LL1 ... OK
User = LL2 ... OK

Compartilhar este post


Link para o post
Compartilhar em outros sites

@MTRAV93

 

Feche todos os programas

  • Execute RogueKiller.exe.
    ** Usuários do Windows Vista, 7, 8/8.1 e windows 10:
    Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em VRIfczU.png
  • Quando a Eula aparecer, clique em Accept.
  • Selecione a aba SCAN e clique em START SCAN
  • Aguarde ate que o scan termine.
  • >>>>>>> Navegue entre as abas e marque todas as entradas encontradas <<<<<<<
  • Clique em REMOVE SELECTED
  • Aguarde ate que o programa termine de deletar as infecções.
  • Clique no botão OPEN REPORT e depois em EXPORT TXT
  • Salve como report.txt na sua Área de Trabalho

Abra o arquivo report.txt salvo no sua Área de Trabalho, copie e cole todo o conteudo na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Elias Pereira

 

Teria algum problema de eu ter executado em Modo Seguro?

Segue o relatório...

 

 

RogueKiller V12.12.13.0 (x64) [Apr 16 2018] (Free) por Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Site : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciou : Modo de segurança com rede
Usuário : Mtrav93 [Administrador]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Modo : Deletar -- Data : 04/19/2018 13:27:50 (Duration : 00:37:51)

¤¤¤ Processos : 0 ¤¤¤

¤¤¤ Registro : 26 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04192018132442897\Software\Headlight -> Deletado
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04192018132442897\Software\Headlight -> Deletado
[PUP.Funmoods|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04192018132442897\Software\Microsoft\Windows\CurrentVersion\Uninstall\funmoods -> Deletado
[PUP.Funmoods|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04192018132442897\Software\Microsoft\Windows\CurrentVersion\Uninstall\funmoods -> Deletado
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMS-R@1n (C:\Windows\KMS-R@1n.exe) -> Deletado
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\KMS-R@1n (C:\Windows\KMS-R@1n.exe) -> Deletado
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04192018132442897\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal  -> Substituído (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04192018132442897\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal  -> Substituído (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Substituído (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Substituído (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04192018132436628\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Substituído (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04192018132436628\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Substituído (http://search.msn.com/spbasic.htm)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{629806E0-69F0-44D6-ABE8-8023CFDD338C} | DhcpNameServer : 172.20.10.1 ([])  -> Substituído ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{629806E0-69F0-44D6-ABE8-8023CFDD338C} | DhcpNameServer : 172.20.10.1 ([])  -> Substituído ()
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{AA367EDD-EAEB-43B8-BBE5-2F8CE680A8E9}C:\windows\kmsemulator.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\windows\kmsemulator.exe|Name=KMSEmulator|Desc=KMSEmulator|Defer=User| [x] -> Não selecionado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{C64A9C59-8304-441E-86AB-1BABFB5EFFE3}C:\windows\kmsemulator.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\windows\kmsemulator.exe|Name=KMSEmulator|Desc=KMSEmulator|Defer=User| [x] -> Não selecionado
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2264B4CF-820D-4852-8E52-C9E5290A43D1} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| [x] -> Não selecionado
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4DEC1F22-5DF4-4743-B70D-B20BDA4A7092} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| [x] -> Não selecionado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{AA367EDD-EAEB-43B8-BBE5-2F8CE680A8E9}C:\windows\kmsemulator.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\windows\kmsemulator.exe|Name=KMSEmulator|Desc=KMSEmulator|Defer=User| [x] -> Deletado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{C64A9C59-8304-441E-86AB-1BABFB5EFFE3}C:\windows\kmsemulator.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\windows\kmsemulator.exe|Name=KMSEmulator|Desc=KMSEmulator|Defer=User| [x] -> Deletado
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2264B4CF-820D-4852-8E52-C9E5290A43D1} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| [x] -> Deletado
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4DEC1F22-5DF4-4743-B70D-B20BDA4A7092} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| [x] -> Deletado
[PUP.HackTool|VT.Detected] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OSppSvc.exe | Debugger : KMS-R@1nHook.exe [-] -> Deletado
[PUP.HackTool|VT.Detected] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppSvc.exe | Debugger : KMS-R@1nHook.exe [-] -> Deletado
[PUP.HackTool|VT.Detected] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OSppSvc.exe | Debugger : KMS-R@1nHook.exe [-] -> ERROR [2]
[PUP.HackTool|VT.Detected] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppSvc.exe | Debugger : KMS-R@1nHook.exe [-] -> ERROR [2]

¤¤¤ Tarefas : 0 ¤¤¤

¤¤¤ Arquivos : 1 ¤¤¤
[PUP.HackTool][Arquivo] C:\Windows\KMS-R@1nHook.exe -> Deletado

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Não carregado [0xc000035f]) ¤¤¤

¤¤¤ Navegadores : 1 ¤¤¤
[PUM.Proxy][Firefox:Config] wmnwb9k0.default : user_pref("network.proxy.type", 2); -> Substituído (0)

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AVCS-632DY1 ATA Device +++++
--- User ---
[MBR] 181e00dfcffd6dd7a6e7b582a270a686
[BSP] 316c489727e81e4c13e71aef77efc9e1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 220996 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 452808090 | Size: 255839 MB
User = LL1 ... OK
User = LL2 ... OK

Compartilhar este post


Link para o post
Compartilhar em outros sites

@MTRAV93

 

Pressione as teclas Windows tecla-windows.gif + R e digite: msconfig
 
- Clique na guia Serviços, marque a opção Ocultar todos os serviços Microsoft e depois clique em Desativar tudo
- Clique na guia Inicialização de Programas e clique em Desativar tudo
 
Siga as mensagens ate que seja solicitado a reiniciar.

Após isso me informe se os problemas em relação a malwares ainda persistem.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Elias , 

Bom, impossível negar que o computador não tenha dado uma melhorada muito boa, visto que os constantes travamentos cessaram. Agora  confesso que fiquei com muito receio de realizar por completo este último procedimento, porque da última vez que eu fiz isso, o meu outro computador simplesmente não ligou mais, aí eu tive que recuperar meus documentos através de um tal de "Live-CD", porém o Windows foi pro "beleléu", daí tive que formatá-lo. Agora dá uma verificada nos processos da aba "INICIALIZAÇÃO DE PROGRAMAS" que eu não desabilitei por puro receio, segue a imagem mais abaixo.

Olha, nesse exato momento o meu Windows ainda tá com um travamentozinho, principalmente quando tento acessar o "MEU COMPUTADOR" ou alguma outra janela pela primeira vez depois do S.O já carregado, ele demora muito pra abrir. Fora isso, você conseguiu recuperá-lo divinamente bem. Deixando aqui já de antemão um obrigado com louvor pra você.

image.png.b15774ae1c44a69da983aa82f1384a40.png

Editado por MTRAV93

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Elias Pereira

 

Ok, aí eu fui até o caminho dos executáveis, em vez de eles aparecerem lá com a extensão ".exe", eu me deparei com os dois primeiros do msconfig compactados (fig.1). Daí abri os compactados e encontrei o executável deles com um sinal de asterisco (fig.2). Até aí, beleza! O problema é que quando tentei descompactar, foi pedido uma senha, como não tinha a senha, resolvi subir os compactados assim mesmo, e no final da varredura, teve apenas um único antivírus que detectou o "compulsório.zip" como "PossibleThreat" (fig.3). Já o terceiro desconhecido, o "BgMonitor", o caminho mostrado no msconfig pra ele não existe. (fig.4). E aí, o que poderia ser, seria uma ameaça?! Porque embutiram uma senha justamente pra não descompactar os executáveis.

image.png.9dedcd83d9e0e40f88d42dbec11df99a.png

 

image.png.05e4fd51d4178237977c8e39f5c06100.png

 

image.png.2d922eb5945d770791041842c20f6e2c.png

 

image.thumb.png.328601a719661241fbae8a164e6d97d0.png

 

Scan do compulsorio: https://www.virustotal.com/#/file/7a1137464b5fd67287f4232ebf5fa0453dbe2d5e439162d4d6c332b993eaf2ab/detection

Scan do liskidisa: https://www.virustotal.com/#/file/346fec86af1789b3c5d135fd8be85a2a919abfaca85c4c8fccd67c94258cf917/detection

Não escaneou o "BgMonitor" pelo motivo citado acima.

Editado por MTRAV93
Havia esquecido de adicionar os links solicitados

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Elias Pereira

 

Enfim, eu deletei, com muito receio, aí o cara começou a ficar lento. A janela do meu computador tá demorando pra abrir novamente. Eu notei também quando faço o login na conta, ele me apresenta uma tela totalmente azul (não é a tela azul da morte) mas sim depois que faço o login na minha conta de usuário, daí ele demora uns 20 segundos nessa tela azul, que é um azul claro, aí só depois que os ícones da área de trabalho começam aparecer aos poucos.

Compartilhar este post


Link para o post
Compartilhar em outros sites

@MTRAV93

 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.
 
OBS1: Leia tudo atentamente antes de realizar qualquer tarefa descrita nesse procedimento.

Importante:

  • É necessário estar conectado a internet durante o procedimento com o ComboFix;
  • É preciso estar logado no sistema com privilégios de administrador.
  • Mantenha seu antivirus, antispywares e firewall desativados durante os procedimentos com o ComboFix. Torne a ativá-los quando terminar tudo.
  • Caso você já tenha usado o Combofix anteriormente, então delete-o e baixe-o novamente.
  • Caso o Console de Recuperação já esteja instalado nesta máquina, o ComboFix não irá lhe sugerir a instalação.
  • Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e atrasará a remoção do(s) malware(s)
  • O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.


Após ler as instruções acima com atenção, faça o download do ComboFix clicando em download.png no link abaixo:
http://www.bleepingcomputer.com/download/combofix/
 
OBS2: Salve-o na sua área de trabalho com o nome de iexplore e não execute o ComboFix na janela do seu navegador.
<

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Elias Pereira

 

Agora ele tá rodando direitinho. Aparentemente tá tranquilo, mas só agora a pouco, enquanto navegava pelo Youtube, ele deu uma travada de uns 4 minutos, sendo que ele sempre dava essa travada mesmo, no entanto as janelas do explorer tão abrindo rapidinho, os programas também. Enfim, tô achando que tá joia, melhorou demais. Segue o documento:

 

ComboFix 18-03-14.01 - Mtrav93 29/04/2018  15:22:05.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.3817.2223 [GMT -4:00]
Executando de: e:\programas\Segurança\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: Kaspersky Internet Security *Disabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
SP: Kaspersky Internet Security *Disabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SEC1037.tmp
c:\programdata\SEC121B.tmp
c:\programdata\SEC16FC.tmp
c:\programdata\SEC1872.tmp
c:\programdata\SEC190D.tmp
c:\programdata\SEC194C.tmp
c:\programdata\SEC1B3E.tmp
c:\programdata\SEC1C87.tmp
c:\programdata\SEC1D31.tmp
c:\programdata\SEC1F3.tmp
c:\programdata\SEC2054.tmp
c:\programdata\SEC2443.tmp
c:\programdata\SEC25F8.tmp
c:\programdata\SEC2637.tmp
c:\programdata\SEC26D2.tmp
c:\programdata\SEC27AC.tmp
c:\programdata\SEC2F6A.tmp
c:\programdata\SEC2FD9.tmp
c:\programdata\SEC3312.tmp
c:\programdata\SEC3504.tmp
c:\programdata\SEC3562.tmp
c:\programdata\SEC36A9.tmp
c:\programdata\SEC36EB.tmp
c:\programdata\SEC3775.tmp
c:\programdata\SEC384F.tmp
c:\programdata\SEC3B9A.tmp
c:\programdata\SEC3F13.tmp
c:\programdata\SEC40C7.tmp
c:\programdata\SEC4134.tmp
c:\programdata\SEC42FA.tmp
c:\programdata\SEC43C4.tmp
c:\programdata\SEC44B0.tmp
c:\programdata\SEC44FC.tmp
c:\programdata\SEC453C.tmp
c:\programdata\SEC48A5.tmp
c:\programdata\SEC4D06.tmp
c:\programdata\SEC4E2F.tmp
c:\programdata\SEC4F48.tmp
c:\programdata\SEC4FD8.tmp
c:\programdata\SEC516A.tmp
c:\programdata\SEC51DB.tmp
c:\programdata\SEC54C3.tmp
c:\programdata\SEC56E7.tmp
c:\programdata\SEC56F5.tmp
c:\programdata\SEC58EB.tmp
c:\programdata\SEC5A8E.tmp
c:\programdata\SEC5AFD.tmp
c:\programdata\SEC5D99.tmp
c:\programdata\SEC5FFA.tmp
c:\programdata\SEC6191.tmp
c:\programdata\SEC6587.tmp
c:\programdata\SEC65B6.tmp
c:\programdata\SEC6604.tmp
c:\programdata\SEC6891.tmp
c:\programdata\SEC6B21.tmp
c:\programdata\SEC71B6.tmp
c:\programdata\SEC7232.tmp
c:\programdata\SEC7253.tmp
c:\programdata\SEC7284.tmp
c:\programdata\SEC73E8.tmp
c:\programdata\SEC7474.tmp
c:\programdata\SEC7BD5.tmp
c:\programdata\SEC7EE0.tmp
c:\programdata\SEC7F5E.tmp
c:\programdata\SEC8141.tmp
c:\programdata\SEC81BE.tmp
c:\programdata\SEC83F0.tmp
c:\programdata\SEC86C.tmp
c:\programdata\SEC8881.tmp
c:\programdata\SEC94A2.tmp
c:\programdata\SEC9770.tmp
c:\programdata\SEC9AE8.tmp
c:\programdata\SEC9B28.tmp
c:\programdata\SEC9B48.tmp
c:\programdata\SEC9B64.tmp
c:\programdata\SEC9C.tmp
c:\programdata\SEC9D49.tmp
c:\programdata\SEC9DB6.tmp
c:\programdata\SECA533.tmp
c:\programdata\SECA718.tmp
c:\programdata\SECA89E.tmp
c:\programdata\SECA9B7.tmp
c:\programdata\SECAA63.tmp
c:\programdata\SECAB5B.tmp
c:\programdata\SECABED.tmp
c:\programdata\SECAC48.tmp
c:\programdata\SECB116.tmp
c:\programdata\SECB260.tmp
c:\programdata\SECB837.tmp
c:\programdata\SECBB43.tmp
c:\programdata\SECC0B1.tmp
c:\programdata\SECC562.tmp
c:\programdata\SECC707.tmp
c:\programdata\SECC792.tmp
c:\programdata\SECC8E.tmp
c:\programdata\SECC919.tmp
c:\programdata\SECCA72.tmp
c:\programdata\SECCBB9.tmp
c:\programdata\SECCBE6.tmp
c:\programdata\SECCC65.tmp
c:\programdata\SECCCC.tmp
c:\programdata\SECCF9D.tmp
c:\programdata\SECD0F8.tmp
c:\programdata\SECD135.tmp
c:\programdata\SECD1F0.tmp
c:\programdata\SECD39.tmp
c:\programdata\SECD3E1.tmp
c:\programdata\SECD69F.tmp
c:\programdata\SECD8F2.tmp
c:\programdata\SECDE4D.tmp
c:\programdata\SECE254.tmp
c:\programdata\SECE4D4.tmp
c:\programdata\SECE518.tmp
c:\programdata\SECE580.tmp
c:\programdata\SECE60B.tmp
c:\programdata\SECE917.tmp
c:\programdata\SECEB5D.tmp
c:\programdata\SECED4C.tmp
c:\programdata\SECEFE.tmp
c:\programdata\SECF326.tmp
c:\programdata\SECF824.tmp
c:\programdata\SECFB20.tmp
c:\programdata\SECFB52.tmp
c:\programdata\SECFD80.tmp
c:\programdata\SECFED7.tmp
c:\users\Mtrav93\Documents\~WRL1035.tmp
c:\users\Mtrav93\ZHPCleaner.exe
c:\windows\SysWow64\CA23042B-0876-4abc-9D76-29DCE1E858CC.dll
c:\windows\SysWow64\Config.ini
E:\autorun.inf
E:\uninstall.exe
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2018-03-28 to 2018-04-29  ))))))))))))))))))))))))))))
.
.
2018-04-29 19:39 . 2018-04-29 19:39    --------    d-----w-    c:\users\LTM\AppData\Local\temp
2018-04-29 19:39 . 2018-04-29 19:39    --------    d-----w-    c:\users\Default\AppData\Local\temp
2018-04-29 19:35 . 2018-04-29 19:35    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{292840CA-5C66-4E44-A585-D37A64DAE1D2}\offreg.3032.dll
2018-04-28 18:19 . 2018-04-28 18:19    --------    d-----w-    c:\users\Mtrav93\AppData\Roaming\Opera Software
2018-04-28 18:19 . 2018-04-28 18:19    --------    d-----w-    c:\users\Mtrav93\AppData\Local\Opera Software
2018-04-28 14:24 . 2018-04-28 14:24    --------    d-----w-    c:\users\Mtrav93\AppData\Roaming\IceDragon
2018-04-28 14:20 . 2018-04-28 14:20    --------    d-----w-    c:\users\Mtrav93\AppData\Local\Comodo
2018-04-28 14:19 . 2018-04-28 14:19    --------    d-----w-    c:\users\Mtrav93\AppData\Roaming\Comodo
2018-04-28 14:14 . 2018-04-28 14:14    1060864    ----a-w-    c:\windows\SysWow64\mfc71.dll
2018-04-28 10:57 . 2018-04-28 10:57    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{292840CA-5C66-4E44-A585-D37A64DAE1D2}\offreg.4092.dll
2018-04-27 10:24 . 2018-04-13 19:08    14575456    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{292840CA-5C66-4E44-A585-D37A64DAE1D2}\mpengine.dll
2018-04-21 23:22 . 2018-04-22 00:32    --------    d-----w-    c:\users\Mtrav93\AppData\Roaming\audacity
2018-04-21 23:22 . 2018-04-21 23:24    --------    d-----w-    c:\users\Mtrav93\AppData\Local\Audacity
2018-04-19 19:21 . 2018-04-21 20:55    93816    ----a-w-    c:\windows\system32\drivers\mwac.sys
2018-04-19 17:22 . 2018-04-21 20:55    253664    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2018-04-18 19:16 . 2018-04-18 19:16    --------    d-----w-    c:\program files (x86)\Common Files\Oracle
2018-04-16 18:42 . 2018-04-19 17:27    28272    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2018-04-16 18:39 . 2018-04-17 03:01    --------    d-----w-    c:\programdata\RogueKiller
2018-04-16 15:40 . 2018-04-16 15:42    --------    d-----w-    c:\program files (x86)\LibreOffice 5
2018-04-14 20:15 . 2018-04-14 20:21    --------    d-----w-    C:\Mtl-Multisync
2018-04-14 19:30 . 2018-04-21 20:56    112864    ----a-w-    c:\windows\system32\drivers\farflt.sys
2018-04-13 20:04 . 2018-04-13 20:04    --------    d-----w-    c:\program files\DIFX
2018-04-13 13:46 . 2018-03-31 01:35    361984    ----a-w-    c:\windows\system32\wow64win.dll
2018-04-13 12:26 . 2018-04-21 20:56    44768    ----a-w-    c:\windows\system32\drivers\mbam.sys
2018-04-13 12:26 . 2018-04-19 17:22    193768    ----a-w-    c:\windows\system32\drivers\MbamChameleon.sys
2018-04-12 10:33 . 2018-03-19 16:57    76192    ----a-w-    c:\windows\system32\drivers\mbae64.sys
2018-04-12 10:33 . 2018-04-12 10:33    --------    d-----w-    c:\programdata\Malwarebytes
2018-04-12 10:33 . 2018-04-12 10:33    --------    d-----w-    c:\program files\Malwarebytes
2018-04-11 14:18 . 2018-03-14 17:14    135360    ----a-w-    c:\windows\system32\CompatTelRunner.exe
2018-04-11 14:18 . 2018-03-14 17:09    656384    ----a-w-    c:\windows\system32\aeinv.dll
2018-04-11 14:18 . 2018-03-14 13:05    739840    ----a-w-    c:\windows\system32\generaltel.dll
2018-04-11 14:18 . 2018-03-14 13:05    599552    ----a-w-    c:\windows\system32\devinv.dll
2018-04-11 14:18 . 2018-03-14 13:05    450048    ----a-w-    c:\windows\system32\centel.dll
2018-04-11 14:18 . 2018-03-14 13:05    414720    ----a-w-    c:\windows\system32\invagent.dll
2018-04-11 14:18 . 2018-03-14 13:05    1559552    ----a-w-    c:\windows\system32\appraiser.dll
2018-04-11 14:18 . 2018-03-14 13:05    291840    ----a-w-    c:\windows\system32\acmigration.dll
2018-04-11 14:18 . 2018-03-14 13:05    237056    ----a-w-    c:\windows\system32\aepic.dll
2018-04-11 14:18 . 2018-03-14 13:05    1993728    ----a-w-    c:\windows\system32\aitstatic.exe
2018-04-08 00:38 . 2018-04-08 00:38    --------    d-----w-    C:\Symbols
2018-04-08 00:36 . 2018-04-08 00:42    --------    d-----w-    C:\Depurar
2018-04-07 23:23 . 2018-04-07 23:23    --------    d-----w-    c:\users\Mtrav93\AppData\Local\Mindjet
2018-04-07 23:21 . 2018-04-07 23:21    --------    d-----w-    c:\programdata\Mindjet
2018-04-07 23:20 . 2018-04-07 23:20    --------    d-----w-    c:\program files\Mindjet
2018-04-07 23:14 . 2018-04-07 23:14    --------    d-----w-    c:\users\Mtrav93\AppData\Local\Downloaded Installations
2018-04-07 22:30 . 2018-04-07 22:30    --------    d-----w-    c:\users\Mtrav93\AppData\Roaming\Edraw Max
2018-04-06 21:46 . 2018-04-06 22:28    --------    d-----w-    c:\users\Mtrav93\AppData\Local\Recovery Toolbox for CD Free
2018-04-06 21:46 . 2018-04-06 21:46    --------    d-----w-    c:\program files (x86)\Recovery Toolbox for CD Free
2018-04-05 01:12 . 2018-04-05 01:13    --------    d-----w-    c:\program files (x86)\Ditto
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-04-18 19:16 . 2017-06-01 00:23    111048    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2018-04-13 14:40 . 2017-10-12 23:04    136971704    -c--a-w-    c:\windows\system32\MRT-KB890830.exe
2018-04-13 14:40 . 2012-04-24 00:08    136971704    -c--a-w-    c:\windows\system32\MRT.exe
2018-04-12 22:21 . 2012-04-14 18:13    804864    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2018-04-12 22:21 . 2012-04-14 18:12    144896    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2018-03-31 01:09 . 2018-04-13 13:46    44544    ----a-w-    c:\windows\apppatch\acwow64.dll
2018-03-14 02:17 . 2018-03-14 03:22    5309104    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2018-03-01 19:53 . 2018-03-01 19:53    83792    ----a-w-    c:\windows\SysWow64\vcruntime140.dll
2018-03-01 19:53 . 2018-03-01 19:53    440128    ----a-w-    c:\windows\SysWow64\msvcp140.dll
2018-03-01 19:53 . 2018-03-01 19:53    263856    ----a-w-    c:\windows\SysWow64\vccorlib140.dll
2018-03-01 19:53 . 2018-03-01 19:53    242496    ----a-w-    c:\windows\SysWow64\concrt140.dll
2018-03-01 19:50 . 2018-03-01 19:50    87728    ----a-w-    c:\windows\system32\vcruntime140.dll
2018-03-01 19:50 . 2018-03-01 19:50    641696    ----a-w-    c:\windows\system32\msvcp140.dll
2018-03-01 19:50 . 2018-03-01 19:50    389296    ----a-w-    c:\windows\system32\vccorlib140.dll
2018-03-01 19:50 . 2018-03-01 19:50    331432    ----a-w-    c:\windows\system32\concrt140.dll
2018-02-22 03:28 . 2018-03-13 18:08    217600    ----a-w-    c:\windows\system32\WinSCard.dll
2018-02-22 03:06 . 2018-03-13 18:08    134656    ----a-w-    c:\windows\SysWow64\WinSCard.dll
2018-02-21 17:30 . 2018-02-09 22:49    1072840    ----a-w-    c:\windows\system32\drivers\klif.sys
2018-02-21 17:30 . 2016-10-11 18:14    57024    ----a-w-    c:\windows\system32\drivers\klim6.sys
2018-02-21 17:26 . 2017-12-24 08:58    119496    ----a-w-    c:\windows\system32\drivers\klbackupflt.sys
2018-02-18 21:34 . 2018-03-13 18:08    634272    ----a-w-    c:\windows\system32\winload.exe
2018-02-10 18:35 . 2018-03-13 18:08    68288    ----a-w-    c:\windows\system32\drivers\volmgr.sys
2018-02-10 18:35 . 2018-03-13 18:08    64192    ----a-w-    c:\windows\system32\drivers\ULIAGPKX.SYS
2018-02-10 18:35 . 2018-03-13 18:08    63168    ----a-w-    c:\windows\system32\drivers\termdd.sys
2018-02-10 18:35 . 2018-03-13 18:08    12096    ----a-w-    c:\windows\system32\drivers\swenum.sys
2018-02-10 18:35 . 2018-03-13 18:08    36032    ----a-w-    c:\windows\system32\drivers\vdrvroot.sys
2018-02-10 18:35 . 2018-03-13 18:08    23744    ----a-w-    c:\windows\system32\streamci.dll
2018-02-10 18:35 . 2018-03-13 18:08    367296    ----a-w-    c:\windows\system32\drivers\msrpc.sys
2018-02-10 18:35 . 2018-03-13 18:08    185024    ----a-w-    c:\windows\system32\drivers\pci.sys
2018-02-10 18:35 . 2018-03-13 18:08    31936    ----a-w-    c:\windows\system32\drivers\mssmbios.sys
2018-02-10 18:35 . 2018-03-13 18:08    122560    ----a-w-    c:\windows\system32\drivers\NV_AGP.SYS
2018-02-10 18:35 . 2018-03-13 18:08    15040    ----a-w-    c:\windows\system32\drivers\msisadrv.sys
2018-02-10 18:35 . 2018-03-13 18:08    20160    ----a-w-    c:\windows\system32\drivers\isapnp.sys
2018-02-10 18:35 . 2018-03-13 18:08    334528    ----a-w-    c:\windows\system32\drivers\acpi.sys
2018-02-10 18:35 . 2018-03-13 18:08    60608    ----a-w-    c:\windows\system32\drivers\AGP440.sys
2018-02-10 18:23 . 2018-03-13 18:08    330240    ----a-w-    c:\windows\SysWow64\zipfldr.dll
2018-02-10 18:23 . 2018-03-13 18:08    111616    ----a-w-    c:\windows\SysWow64\racpldlg.dll
2018-02-10 18:23 . 2018-03-13 18:08    2292224    ----a-w-    c:\windows\SysWow64\MSVidCtl.dll
2018-02-10 18:11 . 2018-03-13 18:08    369664    ----a-w-    c:\windows\system32\zipfldr.dll
2018-02-10 18:11 . 2018-03-13 18:08    119296    ----a-w-    c:\windows\system32\racpldlg.dll
2018-02-10 18:11 . 2018-03-13 18:08    3665920    ----a-w-    c:\windows\system32\MSVidCtl.dll
2018-02-10 18:11 . 2018-03-13 18:08    133120    ----a-w-    c:\windows\system32\msrahc.dll
2018-02-10 17:36 . 2018-03-13 18:08    40960    ----a-w-    c:\windows\SysWow64\sdchange.exe
2018-02-10 17:36 . 2018-03-13 18:08    108032    ----a-w-    c:\windows\SysWow64\msra.exe
2018-02-10 17:36 . 2018-03-13 18:08    7168    ----a-w-    c:\windows\SysWow64\MsraLegacy.tlb
2018-02-10 17:26 . 2018-03-13 18:08    653312    ----a-w-    c:\windows\system32\msra.exe
2018-02-10 17:26 . 2018-03-13 18:08    51712    ----a-w-    c:\windows\system32\sdchange.exe
2018-02-10 17:25 . 2018-03-13 18:08    7168    ----a-w-    c:\windows\system32\MsraLegacy.tlb
2018-02-10 17:25 . 2018-03-13 18:08    14336    ----a-w-    c:\windows\system32\drivers\wmiacpi.sys
2018-02-10 17:25 . 2018-03-13 18:08    9728    ----a-w-    c:\windows\system32\drivers\errdev.sys
2018-02-09 22:49 . 2018-02-09 22:49    350944    ----a-w-    c:\windows\system32\drivers\klhk.sys
2018-02-09 22:49 . 2018-02-09 22:49    206040    ----a-w-    c:\windows\system32\drivers\klflt.sys
2018-02-09 22:49 . 2018-02-09 22:49    149304    ----a-w-    c:\windows\system32\klhkum.dll
2018-02-02 18:40 . 2018-03-13 18:08    114368    ----a-w-    c:\windows\system32\consent.exe
2018-02-02 18:29 . 2018-03-13 18:08    2365952    ----a-w-    c:\windows\SysWow64\msi.dll
2018-02-02 18:29 . 2018-03-13 18:08    337408    ----a-w-    c:\windows\SysWow64\msihnd.dll
2018-02-02 18:29 . 2018-03-13 18:08    25088    ----a-w-    c:\windows\SysWow64\msimsg.dll
2018-02-02 18:28 . 2018-03-13 18:08    1806848    ----a-w-    c:\windows\SysWow64\authui.dll
2018-02-02 18:16 . 2018-03-13 18:08    3246080    ----a-w-    c:\windows\system32\msi.dll
2018-02-02 18:16 . 2018-03-13 18:08    504320    ----a-w-    c:\windows\system32\msihnd.dll
2018-02-02 18:16 . 2018-03-13 18:08    25088    ----a-w-    c:\windows\system32\msimsg.dll
2018-02-02 18:14 . 2018-03-13 18:08    1942016    ----a-w-    c:\windows\system32\authui.dll
2018-02-02 18:14 . 2018-03-13 18:08    70144    ----a-w-    c:\windows\system32\appinfo.dll
2018-02-02 17:46 . 2018-03-13 18:08    73216    ----a-w-    c:\windows\SysWow64\msiexec.exe
2018-02-02 17:36 . 2018-03-13 18:08    128512    ----a-w-    c:\windows\system32\msiexec.exe
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2018-03-21 20:54    2669728    ----a-w-    c:\users\Mtrav93\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2018-03-21 20:54    2669728    ----a-w-    c:\users\Mtrav93\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2018-03-21 20:54    2669728    ----a-w-    c:\users\Mtrav93\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2018-03-21 20:54    2669728    ----a-w-    c:\users\Mtrav93\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2018-03-21 20:54    2669728    ----a-w-    c:\users\Mtrav93\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive6]
@="{9AA2F32D-362A-42D9-9328-24A483E2CCC3}"
[HKEY_CLASSES_ROOT\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}]
2018-03-21 20:54    2669728    ----a-w-    c:\users\Mtrav93\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2018-03-14 02:54    2197680    ----a-w-    c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2018-03-14 02:54    2197680    ----a-w-    c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2018-03-14 02:54    2197680    ----a-w-    c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2014-09-24 3858000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-02-22 3019376]
"DSATray"="c:\program files (x86)\Intel Driver and Support Assistant\DsaTray.exe" [2018-01-17 131360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{D2BF470E-ED1C-487F-AAAA-2BD8835EB6CE}"= "mscoree.dll" [2010-11-05 297808]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\Drivers\BUSB2902.sys;c:\windows\SYSNATIVE\Drivers\BUSB2902.sys [x]
R3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys;c:\windows\SYSNATIVE\drivers\busbwdm.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 klvssbridge64_18.0.0;klvssbridge64_18.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\vssbridge64.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\vssbridge64.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 MBAMFarflt;MBAMFarflt;c:\windows\system32\DRIVERS\farflt.sys;c:\windows\SYSNATIVE\DRIVERS\farflt.sys [x]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\DRIVERS\mbam.sys;c:\windows\SYSNATIVE\DRIVERS\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x]
R3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\DRIVERS\mwac.sys;c:\windows\SYSNATIVE\DRIVERS\mwac.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 semav6msr64;semav6msr64;c:\windows\system32\drivers\semav6msr64.sys;c:\windows\SYSNATIVE\drivers\semav6msr64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys;c:\windows\SYSNATIVE\DRIVERS\usb2ser.sys [x]
R4 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
R4 DSAService;Intel(R) Driver & Support Assistant;c:\program files (x86)\Intel Driver and Support Assistant\DSAService.exe;c:\program files (x86)\Intel Driver and Support Assistant\DSAService.exe [x]
R4 ESRV_SVC_QUEENCREEK;Energy Server Service queencreek;c:\program files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe;c:\program files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [x]
R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R4 Intel(R) SUR QC SAM;Intel(R) SUR QC Software Asset Manager;c:\program files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe;c:\program files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [x]
R4 IUFileFilter;IUFileFilter;c:\program files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys;c:\program files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [x]
R4 KSDE2.0.0;Kaspersky Secure Connection Service 2.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [x]
R4 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R4 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe;c:\windows\SYSNATIVE\PuranDefragS.exe [x]
R4 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe;c:\windows\SYSNATIVE\spool\drivers\x64\3\NetFaxServer64.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 SystemUsageReportSvc_QUEENCREEK;Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK;c:\program files\Intel\SUR\QUEENCREEK\SurSvc.exe;c:\program files\Intel\SUR\QUEENCREEK\SurSvc.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R4 USER_ESRV_SVC_QUEENCREEK;User Energy Server Service queencreek;c:\program files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe;c:\program files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [x]
R4 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x]
S0 cm_km;AO Kaspersky Lab Cryptographic Module x64 (56 bit);c:\windows\system32\DRIVERS\cm_km.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km.sys [x]
S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupdisk.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 Bfilter;Baidu Antivirus Minifilter Driver;c:\windows\System32\drivers\Bfilter.sys;c:\windows\SYSNATIVE\drivers\Bfilter.sys [x]
S1 Bfmon;Baidu FS Monitor Driver;c:\windows\System32\drivers\Bfmon.sys;c:\windows\SYSNATIVE\drivers\Bfmon.sys [x]
S1 Bprotect;Baidu Protect;c:\windows\System32\drivers\Bprotect.sys;c:\windows\SYSNATIVE\drivers\Bprotect.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae64.sys;c:\windows\SYSNATIVE\drivers\mbae64.sys [x]
S1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupflt.sys [x]
S1 KLHK;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;KLwtp - WFP callout traffic inspector;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AVP18.0.0;Kaspersky Anti-Virus Service 18.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avp.exe [x]
S2 ClickToRunSvc;?Microsoft Office Click-to-Run Service?;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S2 MBAMChameleon;MBAMChameleon;c:\windows\System32\Drivers\MbamChameleon.sys;c:\windows\SYSNATIVE\Drivers\MbamChameleon.sys [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 kltap;Kaspersky Security Data Escort Adapter;c:\windows\system32\DRIVERS\kltap.sys;c:\windows\SYSNATIVE\DRIVERS\kltap.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr QWAVE wcncsvc
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9C142C0C-124C-4467-B117-EBCC62801D7B}]
2017-05-31 23:24    13072504    ----a-w-    c:\program files (x86)\Vivaldi\Application\1.9.818.50\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\    OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2018-03-21 20:55    2941600    ----a-w-    c:\users\Mtrav93\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\    OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2018-03-21 20:55    2941600    ----a-w-    c:\users\Mtrav93\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\    OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2018-03-21 20:55    2941600    ----a-w-    c:\users\Mtrav93\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\    OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2018-03-21 20:55    2941600    ----a-w-    c:\users\Mtrav93\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\    OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2018-03-21 20:55    2941600    ----a-w-    c:\users\Mtrav93\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\    OneDrive6]
@="{9AA2F32D-362A-42D9-9328-24A483E2CCC3}"
[HKEY_CLASSES_ROOT\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}]
2018-03-21 20:55    2941600    ----a-w-    c:\users\Mtrav93\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 13:52    25624    ----a-w-    c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2018-03-14 02:43    3207856    ----a-w-    c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2018-03-14 02:43    3207856    ----a-w-    c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2018-03-14 02:43    3207856    ----a-w-    c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-02-21 456704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2015-06-02 183216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2015-06-02 411056]
"Persistence"="c:\windows\system32\igfxpers.exe" [2015-06-02 453552]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{D2BF470E-ED1C-487F-AAAA-2BD8835EB6CE}"= "mscoree.dll" [2010-11-05 444752]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.br/
mStart Page = https://br.yahoo.com/?fr=hp-avast&type=avastbcl
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = https://br.yahoo.com/?fr=hp-avast&type=avastbcl
uInternet Settings,ProxyOverride = *.local
IE:     
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Fazer o download de todos os links usando o IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Fazer o download usando o IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Send Image To MindManager - c:\program files\Mindjet\MindManager 18\Mm8InternetExplorer.dll/201
IE: Send Link To MindManager - c:\program files\Mindjet\MindManager 18\Mm8InternetExplorer.dll/203
IE: Send Page To MindManager - c:\program files\Mindjet\MindManager 18\Mm8InternetExplorer.dll/204
IE: Send Text To MindManager - c:\program files\Mindjet\MindManager 18\Mm8InternetExplorer.dll/202
Trusted Zone: ginfes.com.br\manausginfes
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{50426029-AD04-4D07-95CA-11EFF9C366A7}: NameServer = 8.8.8.8,8.8.4.4
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Wow6432Node-HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe
SafeBoot-mbamchameleon
WebBrowser-{E0301295-AB3E-4AF3-979F-3D453C5F9F48} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-IRPF2015 - E:\uninstall.exe
AddRemove-IRPF2017 - c:\users\Mtrav93\Desktop\uninstall.exe
AddRemove-{10CD364B-FFCC-48BE-B469-B9622A033075} - c:\programdata\{3FEE7452-4825-40BC-8A99-94EF27F43EE8}\FencesInstaller.exe
AddRemove-PDF Reader - c:\program files (x86)\PDFReader\Uninstall\Uninstall.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1000_Classes\Wow6432Node\CLSID\{3e747178-51a9-4c8c-b536-bc82a7d03ce6}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000049
"Therad"=dword:0000001f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (S-1-5-32)
@SACL=
"scansk"=hex(0):22,7e,ca,21,04,54,cd,e5,e9,33,e1,1b,7a,2f,25,12,c4,01,06,32,f0,
   e8,2e,76,f5,ae,95,fa,10,77,21,42,ae,2e,e0,d4,e1,57,1b,29,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_29_0_0_140_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_29_0_0_140_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_29_0_0_140_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_29_0_0_140_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_140.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.29"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_140.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_140.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_140.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2018-04-29  15:44:08
ComboFix-quarantined-files.txt  2018-04-29 19:44
.
Pré-execução: 79.509.209.088 bytes disponíveis
Pós execução: 80.726.917.120 bytes disponíveis
.
- - End Of File - - 167C087C3C31AC75D1DE5FBFC59392CB
A36C5E4F47E84449FF07ED3517B43A31

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Elias Pereira

 

Seguem os relatórios:

Obs.:  Só com esse Malwarebytes minha conta de energia desse mês vai ser um absurdo. Meu desktop ficou ligado por mais de 8h a fio. Varredura é absurdamente lenta!

 

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 30/04/18
Hora da análise: 12:24
Arquivo de registro: ff407ec8-4c92-11e8-9a10-00ff7034b73f.json
Administrador: Sim

-Informação do software-
Versão: 3.4.5.2467
Versão de componentes: 1.0.342
Versão do pacote de definições: 1.0.4926
Licença: Gratuita

-Informação do sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x64
Sistema de arquivos: NTFS
Usuário: MTRAV93-TEC-CEL\Mtrav93

-Resumo da análise-
Tipo de análise: Análise Customizada
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 487656
Ameaças detectadas: 1
Ameaças em quarentena: 1
Tempo decorrido: 8 hr, 12 min, 34 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 0
(Nenhum item malicioso detectado)

Valor de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 0
(Nenhum item malicioso detectado)

Arquivo: 1
MachineLearning/Anomalous.95%, C:\PROGRAM FILES (X86)\INSTALLJAMMER REGISTRY\WINDOWS\INSTALLKIT.EXE, Quarentena, [0], [392687],1.0.4926
Setor físico: 0
(Nenhum item malicioso detectado)


(end)
 

=============

 

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build:    04-27-2018
# Database: 2018-04-30.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    05-01-2018
# Duration: 00:00:32
# OS:       Windows 7 Ultimate
# Scanned:  40814
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[c01].txt ##########
 

 

 

=======================

 

 

~ ZHPCleaner v2018.4.29.89 by Nicolas Coolman (2018/04/29)
~ Run by Mtrav93 (Administrator)  (01/05/2018 15:55:12)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Scan
~ Report : C:\Users\Mtrav93\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Mtrav93\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (1)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.


---\\  Registry ( Key, Value, Data) (2)
FOUND key: HKLM\SOFTWARE\Wow6432Node\Winmend []  =>.SUP.SunnyDigit
FOUND key: HKLM\SOFTWARE\Winmend []  =>.SUP.SunnyDigit


---\\  Summary of the elements found (1)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.SunnyDigit


---\\ Result of repair
~ Any repair made


---\\ Statistics
~ Items scanned : 80586
~ Items found : 4
~ Items cancelled : 0
~ Items options : 0/7
~ Space saving (bytes) : 0


~ End of search in 00h10mn11s

---\\  Reports (2)
ZHPCleaner-[R]-16042018-10_06_47.txt
ZHPCleaner--01052018-16_05_23.txt
 

Editado por MTRAV93

Compartilhar este post


Link para o post
Compartilhar em outros sites

@MTRAV93

 

Em relação a malwares, não temos mais problemas.

Ultimas instruções.
 

Baixe o Delfix by Xplode do link abaixo e salve na sua área de trabalho.
http://www.bleepingcomputer.com/download/delfix/dl/281/

Dê dois cliques no delfix.exe para executá-lo. Marque as caixas conforme imagem.

*** Usuários do Windows Vista, 7, 8/8.1 e Windows 10clique com o direito sobre o arquivo delfix.exe, depois clique emVRIfczU.png

ipb9zl.png

Clique no botão Executar.

Ao final será gerado um log, mas não é necessário postar.

MANTENHA O SO ATUALIZADO:
Mantenha como "automatica" as atualizações do windows. Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações. Por isso é fundamental manter o seu sistema atualizado.

Se não tiver mais problema em relação a malwares, clique em Denunciar Post localizado no topo da pagina e diga que seu topico está RESOLVIDO. Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do CdH.

Att.
Elias Pereira

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×