Ir ao conteúdo
  • Cadastre-se
loganxd

RESOLVIDO Consumo muito alto de Memória, provavelmente Vírus!!!

Recommended Posts

Uso o computador da minha esposa, casamos a pouco tempo, aí ela trouxe o computador que ela usava para nossa casa, quando eu liguei ele pela primeira vez, tudo quanto é tipo de avisos de vírus, travamentos, desligamentos, lentidão ele apresentou.

Com um tempo fui fazendo umas pesquisas aqui, outras ali, e resolvendo alguns destes problemas, mais nunca ficou 100%, nem perto disso, a lentidão e consumo de memória e CPU é gigante, tento usar o computador para divulgação, montagens para divulgação do nosso trabalho, mas, nunca consigo concluir, pelos problemas que apresentei, então gostaria muito, que alguém analisasse o log, e me desse uma ajuda, ou conselho, com o que fazer, com essa máquina, já que desfazer dela em nosso atual momento financeiro, é impossível.

Desde já agradeço.

ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @loganxd

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

 

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

# Etapa nº 1 #
 
Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop)

Execute o arquivo adwcleaner.exe Como Administrador

  • Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome"
  • Clique no botão Verificar e aguarde o exame finalizar.
  • Clique no botão Limpar.
  • Abrirá um bloco de notas com o resultado.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.
  • O log também será salvo em C:\AdwCleaner


NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar.
 
# Etapa nº 2 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

 

Execute o arquivo ZHPCleaner.exe Como Administrador

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

  • Curtir 2

Compartilhar este post


Link para o post
Compartilhar em outros sites

#LOG da Etapa 1#

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build:    07-17-2018
# Database: 2018-08-13.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-13-2018
# Duration: 00:00:17
# OS:       Windows 7 Home Basic
# Cleaned:  98
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Deleted       C:\Program Files (x86)\FLVPlayer
Deleted       C:\Users\glediane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player

***** [ Files ] *****

Deleted       C:\Windows\System32\REGISTRYDEFRAGBOOTTIME.EXE

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted       HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted       HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted       HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted       HKU\S-1-5-18\Software\Complitly
Deleted       HKCU\Software\Complitly
Deleted       HKU\.DEFAULT\Software\Complitly
Deleted       HKLM\Software\Wow6432Node\DealPly
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\defaultsearch.com
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Deleted       HKLM\Software\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Deleted       HKCU\Software\InstallCore
Deleted       HKLM\Software\Wow6432Node\SimplyGen
Deleted       HKLM\Software\Wow6432Node\hdcode
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\ToolbarBroker.EXE
Deleted       HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\Toolbar.DLL
Deleted       HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\Complitly.DLL
Deleted       HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Deleted       HKLM\Software\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Deleted       HKLM\Software\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Deleted       HKLM\Software\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Deleted       HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Deleted       HKLM\Software\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Deleted       HKLM\Software\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Deleted       HKLM\Software\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Deleted       HKLM\Software\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Deleted       HKLM\Software\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Deleted       HKLM\Software\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Deleted       HKLM\Software\Classes\Prod.cap
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5BFF654-C3EF-4E72-8FB9-96ADC4C68924}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5BFF654-C3EF-4E72-8FB9-96ADC4C68924}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mywebsearch.net
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\searchnow.ws
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\mysearchnow.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\youfindall.net
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\youfindall.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\hotbar.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\isearch.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\get-search.cc
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\yoursearchresults.net
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\yoursearcher.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\yoursearchbar.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\yoursearch247.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\whatsyoursearch.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\resultsyoursearch.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\crawlermachine.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\nicecodec.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\niceblowjob.info
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\fucknicepics.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\codecnice.net
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\ifinditall.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\icanfindit.net
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\findit-now.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\clearask.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\searchengine2000.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\best-searchengine.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\adultdatingsearchengine.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\http602.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\you-search.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\bestcrawler.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\tangounion.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\search-web.us
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\searchoutlaw.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\digistreamsa.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\searchable-sex.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\312A32BC1EC340D7A46602AEDDC5404C
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\securesurface.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\easy-search.net
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\startravelsnp.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\searchproject.net
Deleted       HKCU\Software\Softonic
Deleted       HKU\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar
Deleted       HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-744187190-1054338479-1497372811-1000\Software\StartNow Toolbar
Deleted       HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar
Deleted       HKLM\Software\Wow6432Node\StartNow Toolbar

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       Ask Brasil

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [12233 octets] - [13/08/2018 17:32:14]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

 

 

 

 

#LOG da Etapa 2##

 

 

~ ZHPCleaner v2018.8.12.159 by Nicolas Coolman (2018/08/12)
~ Run by glediane (Administrator)  (13/08/2018 18:10:39)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\glediane\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\glediane\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (2)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (9)
MOVED file: C:\Windows\temp\GURBF0A.exe    =>Heuristic.Suspect
MOVED file: C:\Users\glediane\Downloads\uTorrent.exe [BitTorrent Inc. - µTorrent]  =>BitTorrent (P2P)
MOVED folder: C:\ProgramData\Babylon  =>Adware.Babylon
MOVED folder: C:\Windows\System32\config\systemprofile\AppData\LocalLow\BabylonToolbar  =>Adware.Babylon
MOVED folder: C:\Users\glediane\AppData\Roaming\Babylon  =>Adware.Babylon
MOVED folder: C:\Users\glediane\AppData\Local\Loc.Mail.Bron.Tok  =>Worm.Brontok
MOVED folder: C:\Users\glediane\AppData\Local\Ok-SendMail-Bron-tok  =>Worm.Brontok
MOVED folder: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\BabylonToolbar  =>Adware.Babylon
MOVED folder: C:\Users\glediane\AppData\Local\Microsoft Toolkit  =>HackTool.AutoKMS


---\\  Registry ( Key, Value, Data) (4)
DELETED value: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F} [StartNow Toolbar]  =>Adware.StartNowToolbar
DELETED key*: HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje [C:\Program Files (x86)\DealPly\DealPly.crx (Not File)]  =>PUP.Optional.Dealply
DELETED key*: HKEY_USERS\.DEFAULT\Software\BabylonToolbar []  =>Adware.Babylon
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Babylon []  =>Adware.Babylon


---\\  Summary of the elements found (7)
https://nicolascoolman.eu/2017/01/28/heuristic-suspect/  =>Heuristic.Suspect
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/03/03/adware-babylon/  =>Adware.Babylon
https://www.nicolascoolman.com/fr/worm-brontok/  =>Worm.Brontok
https://nicolascoolman.eu/2017/02/02/hacktool-autokms/  =>HackTool.AutoKMS
https://nicolascoolman.eu/2017/11/19/adware-startnowtoolbar/  =>Adware.StartNowToolbar
https://www.nicolascoolman.com/fr/pup-dealply/  =>PUP.Optional.Dealply


---\\  Other deletions. (10)
~ Registry Keys Tracing deleted (10)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 329
~ Items found : 0
~ Items cancelled : 0
~ Items options : 0/7
~ Space saving (bytes) : 0


~ End of clean in 00h01mn01s

---\\  Reports (2)
ZHPCleaner--13082018-18_09_33.txt
ZHPCleaner-[R]-13082018-18_11_40.txt
 

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @loganxd

 

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop).


32 bit (x86) ou 64 bit (x64)

  • Clique com o botão direito e escolha Executar como Administrador;
  • Marque a caixa Arquivos 90 dias,  e clique no botão Examinar;
  • Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop);
  • Selecione, copie e cole o conteúdo do log  FRST.txt em sua próxima resposta;
  • Anexe o log Addition.txt.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Prezado@diego_moicano

 

Conforme o método acima, segue os logs, lembrando que apenas examinei com o FRST, não cliquei para corrigir, essa seria a próxima etapa, creio eu.

 

Segue FRST log:

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 02.08.2018
Executado por glediane (administrador) em GLEDIANE-PC (15-08-2018 15:33:32)
Executando a partir de C:\Users\glediane\Desktop
Perfis Carregados: glediane (Perfis Disponíveis: glediane)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 9 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\Philips SPM 7800\gmOpen.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [gmPoint] => C:\Program Files\Philips SPM 7800\gmPoint.ex
HKLM\...\Run: [gmOpen] => C:\Program Files\Philips SPM 7800\gmOpen.ex
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-07-18] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
HKU\S-1-5-21-744187190-1054338479-1497372811-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18364648 2018-05-24] (Piriform Ltd)
BootExecute: 

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1CA5F4CF-3276-48A1-ACA5-7D6EC98E18E5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EBEE8988-68DC-4BBE-AE04-5C7E4C20B866}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-744187190-1054338479-1497372811-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-744187190-1054338479-1497372811-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=071713&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-744187190-1054338479-1497372811-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-744187190-1054338479-1497372811-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=071713&q={searchTerms}&src=IE-SearchBox
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-07-18] (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26] (Adobe Systems Incorporated)
BHO-x32: Sem Nome -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Nenhum Arquivo
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-07-18] (AVAST Software)
Toolbar: HKLM - Sem Nome - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Nenhum Arquivo
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-07-18] (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  Nenhum Arquivo
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  Nenhum Arquivo

FireFox:
========
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-03-26] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\glediane\AppData\Local\Google\Chrome\User Data\Default [2018-08-15]
CHR Extension: (Google Tradutor) - C:\Users\glediane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2018-04-12]
CHR Extension: (Apresentações) - C:\Users\glediane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-27]
CHR Extension: (Documentos) - C:\Users\glediane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-28]
CHR Extension: (Google Drive) - C:\Users\glediane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-10]
CHR Extension: (YouTube) - C:\Users\glediane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-10]
CHR Extension: (Planilhas) - C:\Users\glediane\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-24]
CHR Extension: (Documentos Google off-line) - C:\Users\glediane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-10]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\glediane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-08]
CHR Extension: (Gmail) - C:\Users\glediane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-10]
CHR Extension: (Chrome Media Router) - C:\Users\glediane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-13]
CHR HKU\S-1-5-21-744187190-1054338479-1497372811-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dlfienamagdnkekbbbocojppncdambda] - C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx <não encontrado (a)>
CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx <não encontrado (a)>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-07-18] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-07-18] (AVAST Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATENÇÃO (não ServiceDLL)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [197160 2018-07-18] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [229392 2018-07-18] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201328 2018-07-18] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346664 2018-07-18] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59592 2018-07-18] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239680 2018-07-18] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-07-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159640 2018-07-18] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111872 2018-07-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-07-18] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027728 2018-07-18] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [463080 2018-07-18] (AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [211160 2018-07-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381584 2018-07-18] (AVAST Software)
R3 Atc002; C:\Windows\System32\DRIVERS\l260x64.sys [34304 2009-06-10] (Atheros Communications, Inc.)
S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [283480 2018-06-13] (Sysprogs OU)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2018-05-22] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2018-05-22] (Disc Soft Ltd)
S3 gmhidlow; C:\Windows\System32\DRIVERS\gmhidlow.sys [14720 2009-07-01] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2018-08-15 15:33 - 2018-08-15 15:34 - 000010498 _____ C:\Users\glediane\Desktop\FRST.txt
2018-08-15 15:31 - 2018-08-15 15:33 - 000000000 ____D C:\FRST
2018-08-15 15:28 - 2018-08-15 15:28 - 002412544 _____ (Farbar) C:\Users\glediane\Desktop\FRST64.exe
2018-08-13 18:09 - 2018-08-13 18:11 - 000003384 _____ C:\Users\glediane\Desktop\ZHPCleaner.txt
2018-08-13 17:57 - 2018-08-13 18:11 - 000000000 ____D C:\Users\glediane\AppData\Roaming\ZHP
2018-08-13 17:57 - 2018-08-13 17:57 - 000000795 _____ C:\Users\glediane\Desktop\ZHPCleaner.lnk
2018-08-13 17:57 - 2018-08-13 17:57 - 000000000 ____D C:\Users\glediane\AppData\Local\ZHP
2018-08-13 17:49 - 2018-08-13 17:50 - 003266432 _____ C:\Users\glediane\Downloads\ZHPCleaner.exe
2018-08-13 17:29 - 2018-08-13 17:34 - 000000000 ____D C:\AdwCleaner
2018-08-13 17:24 - 2018-08-13 17:25 - 007417040 _____ (Malwarebytes) C:\Users\glediane\Desktop\adwcleaner_7.2.2.exe
2018-08-11 00:08 - 2018-08-11 00:17 - 209180149 _____ C:\Users\glediane\Downloads\avg_arl_ffi_all_120_160420a12074.zip
2018-08-10 22:52 - 2018-08-10 22:52 - 000016214 _____ C:\ZA-Scan.txt
2018-08-10 22:43 - 2018-08-10 22:43 - 000000000 ____D C:\zoek_backup
2018-08-10 22:39 - 2018-08-10 22:40 - 006102389 _____ C:\Users\glediane\Desktop\zoek.zip
2018-08-01 17:32 - 2018-08-01 17:32 - 000084033 _____ C:\Users\glediane\Downloads\Currículo.pdf
2018-07-25 16:11 - 2018-07-25 15:53 - 000083181 ____N C:\Users\glediane\Desktop\Curriculum - BRUNO SILVA.pdf
2018-07-25 15:53 - 2018-07-25 15:53 - 000083181 ____N C:\Users\glediane\Downloads\Curriculum - BRUNO SILVA.pdf
2018-07-21 02:33 - 2018-07-21 02:37 - 090506402 ____N C:\Users\glediane\Downloads\ZIN 75 Live - 05 No Me Fio-Solita Pa Ti - Front.mp4
2018-07-21 02:28 - 2018-07-21 02:32 - 081996029 ____N C:\Users\glediane\Downloads\ZIN 75 Live - 09 Me Patina El Coco - Front (1).mp4
2018-07-21 02:22 - 2018-07-21 02:26 - 081996029 ____N C:\Users\glediane\Downloads\ZIN 75 Live - 09 Me Patina El Coco - Front.mp4
2018-07-21 02:17 - 2018-07-21 02:22 - 101931790 ____N C:\Users\glediane\Downloads\ZIN 75 Live - 07 Telephon Zoghayar - Front.mp4
2018-07-21 02:04 - 2018-07-21 02:14 - 108141640 ____N C:\Users\glediane\Downloads\ZIN 75 Live - 03 Tus Besitos - Front.mp4
2018-07-21 01:56 - 2018-07-21 02:02 - 087566587 ____N C:\Users\glediane\Downloads\ZIN 75 Live - 10 Love - Front.mp4
2018-07-21 01:50 - 2018-07-21 01:55 - 086892548 ____N C:\Users\glediane\Downloads\ZIN 75 Live - 08 Doh Play Dat - Front.mp4
2018-07-21 01:44 - 2018-07-21 01:49 - 089615252 ____N C:\Users\glediane\Downloads\ZIN 75 Live - 06 Familiar - Front.mp4
2018-07-21 01:35 - 2018-07-21 01:40 - 086093906 ____N C:\Users\glediane\Downloads\ZIN 75 Live - 04 Todo El Mundo - Front.mp4
2018-07-21 01:25 - 2018-07-21 01:31 - 118719067 ____N C:\Users\glediane\Downloads\ZIN 75 Live - 02 No Me Dejes Asi - Front.mp4
2018-07-21 01:16 - 2018-07-21 01:24 - 095479560 ____N C:\Users\glediane\Downloads\ZIN Volume Flashback - ZIN 42 - Pa Que lo Bailes - Front Cues Off.mp4
2018-07-21 01:07 - 2018-07-21 01:11 - 095833284 ____N C:\Users\glediane\Downloads\Mega Mix 58 Choreo - La Champetua - Champeta.mp4
2018-07-21 01:00 - 2018-07-21 01:06 - 124215690 ____N C:\Users\glediane\Downloads\Mega Mix 66 Choreo - Se Formo El Espeluque - Electro Champeta.mp4
2018-07-21 00:46 - 2018-07-21 00:54 - 115795224 ____N C:\Users\glediane\Downloads\Mega Mix 66 Choreo - A Mi Me Gusta - Merengue-Olodum.mp4
2018-07-18 18:09 - 2018-07-18 18:13 - 000000000 ____D C:\Users\glediane\AppData\Local\AVAST Software
2018-07-18 18:09 - 2018-07-18 18:09 - 000001924 ____N C:\Users\glediane\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Passwords.lnk
2018-07-18 18:09 - 2018-07-18 18:09 - 000001900 ____N C:\Users\glediane\Desktop\Avast Passwords.lnk
2018-07-18 17:57 - 2018-07-18 17:59 - 034790450 ____N C:\Users\glediane\Downloads\windows6.1-kb4012212-x64_2decefaa02e2058dcd965702509a992d8c4e92b3.msu
2018-07-18 16:03 - 2018-07-18 16:02 - 000378072 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-07-16 23:54 - 2018-07-17 03:25 - 000000000 ___HD C:\Users\glediane\Documents\.tmp.drivedownload
2018-07-16 18:25 - 2018-07-25 16:47 - 000000000 ___RD C:\Users\glediane\Google Drive
2018-07-16 18:13 - 2018-07-16 18:13 - 000001960 _____ C:\Users\Public\Desktop\Google Slides.lnk
2018-07-16 18:13 - 2018-07-16 18:13 - 000001958 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2018-07-16 18:13 - 2018-07-16 18:13 - 000001948 _____ C:\Users\Public\Desktop\Google Docs.lnk
2018-07-16 18:13 - 2018-07-16 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-07-16 18:13 - 2018-07-16 18:13 - 000000000 ____D C:\Program Files\Google
2018-07-16 18:09 - 2018-07-16 18:09 - 001130840 ____N (Google Inc.) C:\Users\glediane\Downloads\installbackupandsync.exe
2018-07-16 18:05 - 2018-07-31 02:04 - 000000000 ____D C:\Program Files (x86)\Cobian Backup 11
2018-07-16 18:00 - 2018-07-16 18:03 - 019709440 ____N (Luis Cobian, CobianSoft) C:\Users\glediane\Downloads\cbSetup.exe
2018-07-16 15:17 - 2018-07-16 15:19 - 000000000 ____D C:\Users\glediane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.7
2018-07-16 15:17 - 2018-07-16 15:17 - 000000000 ____D C:\Users\Todos os Usuários\Package Cache
2018-07-16 15:17 - 2018-07-16 15:17 - 000000000 ____D C:\Users\glediane\AppData\Local\Package Cache
2018-07-16 15:17 - 2018-07-16 15:17 - 000000000 ____D C:\ProgramData\Package Cache
2018-07-16 15:13 - 2018-07-16 15:14 - 026262280 ____N (Python Software Foundation) C:\Users\glediane\Downloads\python-3.7.0-amd64.exe
2018-07-15 02:39 - 2018-07-15 02:40 - 005432998 ____N C:\Users\glediane\Downloads\Guia-Definitivo-Para-Criar-Um-Negocio-Online-Do-Zero.pdf
2018-07-10 22:23 - 2018-07-10 22:23 - 000024080 ____N C:\Users\glediane\Downloads\contatos (1).csv
2018-07-10 22:22 - 2018-07-10 22:23 - 000024080 ____N C:\Users\glediane\Downloads\contatos.csv
2018-07-05 00:11 - 2018-08-15 15:05 - 000000000 ____D C:\Users\glediane\Desktop\BRUNERA
2018-07-05 00:09 - 2018-07-05 00:09 - 000163803 ____N C:\Users\glediane\Documents\Resultado Encceja.xps
2018-07-04 23:45 - 2018-07-05 00:03 - 003890257 ____N C:\Users\glediane\Desktop\Dança de Salão - Chamada.wmv
2018-07-04 18:48 - 2018-07-04 18:48 - 000000000 ____D C:\Users\Todos os Usuários\Wondershare
2018-07-04 18:48 - 2018-07-04 18:48 - 000000000 ____D C:\ProgramData\Wondershare
2018-07-04 18:26 - 2018-07-04 18:26 - 000000000 ____D C:\Users\glediane\AppData\Local\Wondershare
2018-07-04 18:25 - 2018-07-04 18:25 - 000001280 _____ C:\Users\Public\Desktop\Wondershare Filmora.lnk
2018-07-04 18:24 - 2018-07-04 18:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2018-07-04 18:16 - 2018-07-30 22:33 - 000000000 ____D C:\Users\glediane\Documents\Wondershare Filmora
2018-07-04 18:16 - 2018-07-04 18:16 - 000000000 ____D C:\Users\Todos os Usuários\Wondershare Video Editor
2018-07-04 18:16 - 2018-07-04 18:16 - 000000000 ____D C:\ProgramData\Wondershare Video Editor
2018-07-04 18:16 - 2018-07-04 18:16 - 000000000 ____D C:\Program Files (x86)\Wondershare
2018-07-04 18:16 - 2017-03-17 11:43 - 001250304 _____ (CineForm Inc.) C:\Windows\system32\CFDecode64.ax
2018-07-04 18:03 - 2018-07-04 18:26 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2018-07-04 18:03 - 2018-07-04 18:03 - 001040488 ____N C:\Users\glediane\Downloads\filmora_setup_full1083.exe
2018-07-04 17:48 - 2018-07-04 17:48 - 000498740 ____N C:\Users\glediane\Downloads\Animated-Font.zip
2018-07-04 17:23 - 2018-07-04 17:43 - 542061879 ____N C:\Users\glediane\Downloads\RS-Ribbon-Typeface.zip
2018-06-27 19:39 - 2018-06-27 19:39 - 000013809 ____N C:\Users\glediane\Downloads\flvto.zip
2018-06-27 04:10 - 2018-06-27 04:10 - 000062104 _____ (Python Software Foundation) C:\Windows\pyshellext.amd64.dll
2018-06-27 04:07 - 2018-06-27 04:07 - 000909976 _____ (Python Software Foundation) C:\Windows\pyw.exe
2018-06-27 04:07 - 2018-06-27 04:07 - 000908952 _____ (Python Software Foundation) C:\Windows\py.exe
2018-06-21 19:49 - 2018-06-21 19:49 - 003297953 ____N C:\Users\glediane\Downloads\PERSONA.pdf
2018-06-21 19:43 - 2018-06-21 19:44 - 000862353 ____N C:\Users\glediane\Downloads\nicho.pdf
2018-06-21 19:43 - 2018-06-21 19:44 - 000862353 ____N C:\Users\glediane\Downloads\nicho (1).pdf
2018-06-15 00:02 - 2018-07-04 18:48 - 000120376 _____ C:\Users\glediane\AppData\Local\GDIPFONTCACHEV1.DAT
2018-06-14 23:37 - 2018-06-14 23:37 - 000000000 __RHD C:\MSOCache
2018-06-14 23:17 - 2018-06-14 23:18 - 015838840 ____N (Piriform Ltd) C:\Users\glediane\Downloads\ccsetup543.exe
2018-06-14 22:05 - 2018-06-14 22:05 - 000023787 _____ C:\ComboFix.txt
2018-06-14 21:49 - 2011-06-26 03:45 - 000256000 _____ C:\Windows\PEV.exe
2018-06-14 21:49 - 2010-11-07 14:20 - 000208896 _____ C:\Windows\MBR.exe
2018-06-14 21:49 - 2009-04-20 01:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-06-14 21:49 - 2000-08-30 21:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-06-14 21:49 - 2000-08-30 21:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-06-14 21:49 - 2000-08-30 21:00 - 000098816 _____ C:\Windows\sed.exe
2018-06-14 21:49 - 2000-08-30 21:00 - 000080412 _____ C:\Windows\grep.exe
2018-06-14 21:49 - 2000-08-30 21:00 - 000068096 _____ C:\Windows\zip.exe
2018-06-14 21:33 - 2018-06-14 21:47 - 005660506 ____R (Swearware) C:\Users\glediane\Downloads\combofix-17-5-4-1.exe
2018-06-14 21:29 - 2018-06-14 21:49 - 000000000 ____D C:\ComboFix
2018-06-14 20:26 - 2018-07-06 10:34 - 005071336 _____ C:\Windows\system32\FNTCACHE.DAT
2018-06-13 21:26 - 2015-06-15 10:54 - 000000000 ____D C:\Users\glediane\Downloads\Microsoft Office 2013 PT-BR X64 + crack - By TecDiario
2018-06-13 20:20 - 2018-06-13 20:23 - 719561853 ____N C:\Users\glediane\Downloads\Microsoft Office 2013 PT-BR X64 + crack - By TecDiario.rar
2018-06-13 15:07 - 2018-06-14 20:26 - 000000000 ____D C:\Program Files\office.tmp
2018-06-13 14:40 - 2018-06-13 14:40 - 000283480 _____ (Sysprogs OU) C:\Windows\system32\Drivers\BazisPortableCDBus.sys
2018-06-13 14:38 - 2018-06-13 14:38 - 000682840 ____N (Sysprogs OU) C:\Users\glediane\Downloads\PortableWinCDEmu-4.0.exe
2018-06-13 14:19 - 2018-04-09 18:03 - 045730157 ____N C:\Users\glediane\Downloads\Microsoft Toolkit 2.4.1.exe
2018-06-13 14:04 - 2018-06-13 14:05 - 045433201 ____N C:\Users\glediane\Downloads\Microsoft Toolkit 2.4.1.rar
2018-06-04 22:52 - 2018-06-05 02:39 - 000000000 ___RD C:\Users\glediane\SkyDrive
2018-06-04 22:52 - 2018-06-04 22:52 - 000000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2018-06-04 22:50 - 2018-06-04 22:50 - 000000000 ____D C:\Users\Todos os Usuários\Microsoft SkyDrive
2018-06-04 22:50 - 2018-06-04 22:50 - 000000000 ____D C:\ProgramData\Microsoft SkyDrive
2018-06-04 22:34 - 2018-06-13 15:10 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2018-06-04 18:08 - 2018-06-04 21:47 - 2069096448 ____N C:\Users\glediane\Downloads\ProfessionalRetail.img
2018-06-04 18:04 - 2018-06-04 18:04 - 000002023 ____N C:\Users\glediane\Desktop\OFFICE.txt
2018-06-04 17:39 - 2018-06-04 17:39 - 003261952 ____N () C:\Users\glediane\Downloads\Windows ISO Downloader.exe
2018-06-04 16:32 - 2018-06-13 14:48 - 000000000 ____D C:\Users\glediane\Desktop\SINISTRO
2018-05-30 18:36 - 2018-05-30 18:37 - 000000000 ____D C:\Users\glediane\Desktop\kjk
2018-05-30 17:17 - 2018-05-31 22:09 - 000000000 ____D C:\Users\glediane\AppData\LocalLow\uTorrent
2018-05-24 19:55 - 2018-05-24 19:55 - 000092993 ____N C:\Users\glediane\Downloads\o15-ctrremove.diagcab
2018-05-22 17:21 - 2018-05-22 17:21 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2018-05-22 17:10 - 2018-06-14 23:31 - 000000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2018-05-22 17:10 - 2018-05-22 17:10 - 000000000 ____D C:\Users\glediane\AppData\Local\Microsoft Help
2018-05-22 10:55 - 2018-05-22 10:55 - 000000000 ____D C:\Users\Public\Documents\Catch!
2018-05-22 10:48 - 2018-05-22 17:21 - 000000000 ____D C:\Users\glediane\AppData\Local\Disc_Soft_Ltd
2018-05-22 09:31 - 2018-05-22 09:40 - 001598152 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-05-22 09:16 - 2018-05-22 09:16 - 000047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2018-05-22 09:14 - 2018-05-22 10:55 - 000000000 ____D C:\Users\glediane\AppData\Roaming\DAEMON Tools Lite
2018-05-22 09:14 - 2018-05-22 09:14 - 000030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2018-05-22 09:12 - 2018-06-04 21:57 - 000000000 ____D C:\Users\Todos os Usuários\DAEMON Tools Lite
2018-05-22 09:12 - 2018-06-04 21:57 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2018-05-22 08:53 - 2018-05-22 08:53 - 000791712 ____N (Disc Soft Ltd.) C:\Users\glediane\Downloads\DTLiteInstaller.exe

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2018-08-15 14:17 - 2009-07-14 01:45 - 000017536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-15 14:17 - 2009-07-14 01:45 - 000017536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-15 13:57 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-13 17:14 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\system32\NDF
2018-08-13 17:13 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
2018-08-13 17:06 - 2012-02-25 00:09 - 000000000 ____D C:\Windows\Minidump
2018-08-10 23:27 - 2018-04-13 00:54 - 000002182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-10 23:27 - 2018-04-13 00:54 - 000002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-09 17:50 - 2018-05-12 16:50 - 000000000 ____D C:\Users\glediane\Desktop\DS
2018-08-01 17:40 - 2009-07-14 14:55 - 000705070 _____ C:\Windows\system32\prfh0416.dat
2018-08-01 17:40 - 2009-07-14 14:55 - 000146910 _____ C:\Windows\system32\prfc0416.dat
2018-08-01 17:40 - 2009-07-14 02:13 - 001633534 _____ C:\Windows\system32\PerfStringBackup.INI
2018-07-20 18:30 - 2018-05-14 02:02 - 000000000 ____D C:\Users\glediane\Desktop\PROJETO
2018-07-18 16:38 - 2012-06-15 17:21 - 000000000 ____D C:\Users\glediane\AppData\Roaming\Media Player Classic
2018-07-18 16:37 - 2018-05-14 01:54 - 000000000 ____D C:\Users\glediane\AppData\Roaming\NCH Software
2018-07-18 16:34 - 2018-05-14 01:55 - 000000000 ____D C:\Windows\System32\Tasks\NCH Software
2018-07-18 16:02 - 2018-04-24 12:19 - 000463080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-07-18 16:02 - 2018-04-24 12:19 - 000381584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-07-18 16:02 - 2018-04-24 12:19 - 000211160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-07-18 16:02 - 2018-04-24 12:19 - 000197160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-07-18 16:02 - 2018-04-24 12:19 - 000159640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-07-18 16:02 - 2018-04-24 12:19 - 000111872 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-07-18 16:02 - 2018-04-24 12:19 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-07-18 16:02 - 2018-04-24 12:19 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-07-18 16:01 - 2018-04-24 12:19 - 001027728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-07-18 15:59 - 2018-04-24 12:19 - 000346664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-07-18 15:59 - 2018-04-24 12:19 - 000239680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-07-18 15:59 - 2018-04-24 12:19 - 000229392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-07-18 15:59 - 2018-04-24 12:19 - 000201328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-07-18 15:59 - 2018-04-24 12:19 - 000059592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-07-16 18:25 - 2012-02-23 17:01 - 000000000 ____D C:\Users\glediane
2018-07-16 18:13 - 2012-03-28 00:45 - 000000000 ____D C:\Users\glediane\AppData\Local\Google

==================== Arquivos na raiz de alguns diretórios =======

2018-04-24 11:59 - 2018-04-24 11:59 - 038077336 _____ () C:\Users\glediane\AppData\Roaming\gameboxsetup.exe
2018-03-28 00:24 - 2018-06-05 02:33 - 000007605 _____ () C:\Users\glediane\AppData\Local\Resmon.ResmonCfg
2018-04-22 20:08 - 2018-04-22 20:08 - 000000000 _____ () C:\Users\glediane\AppData\Local\{3ED27480-E123-463D-944B-5BC40162E9A8}
2018-03-29 22:33 - 2018-03-29 22:33 - 000000000 _____ () C:\Users\glediane\AppData\Local\{DE32790B-4829-468E-9886-A3F0F8220424}

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2018-08-13 13:10

==================== Fim de FRST.txt ============================

Addition.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @loganxd

 

Pereito! :joia:

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Baixe o arquivo (fixlist.txt) no anexo deste post e salve-o na Área de Trabalho (Desktop).

Execute o FRST.exe (ou FRST64.exe) e clique no botão Corrigir.

Aguarde... ao final será gerado o log Fixlog.txt  salvo em sua Área de Trabalho (Desktop).

Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 

Abraços :D

fixlist.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Prezado @diego_moicano

 

Segue abaixo.

 

FIXLOG:

 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 02.08.2018
Executado por glediane (16-08-2018 21:12:04) Run:1
Executando a partir de C:\Users\glediane\Desktop
Perfis Carregados: glediane (Perfis Disponíveis: glediane)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-744187190-1054338479-1497372811-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Sem Nome -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Nenhum Arquivo
Toolbar: HKLM - Sem Nome - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Nenhum Arquivo
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  Nenhum Arquivo
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  Nenhum Arquivo
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\ComboFix\catchme.sys
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATENÇÃO (não ServiceDLL)
2018-04-24 11:59 - 2018-04-24 11:59 - 038077336 _____ () C:\Users\glediane\AppData\Roaming\gameboxsetup.exe
Task: {5D6FDE24-9774-4372-AC62-BFEB4A224F3A} - System32\Tasks\{4AD4C4A6-4A2A-4501-8F3A-FEDAE1B371F2} => C:\Windows\system32\pcalua.exe -a F:\DCIM\100D5200\100D5200.exe -d F:\DCIM\100D5200
CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx <não encontrado (a)>
C:\Program Files (x86)\DealPly\DealPly.crx
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATENÇÃO (não ServiceDLL)
CMD: ipconfig /flushdns
EmptyTemp:

*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
"HKU\S-1-5-21-744187190-1054338479-1497372811-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => não encontrado (a)
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => removido (a) com sucesso.
HKLM\Software\Wow6432Node\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => não encontrado (a)
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => não encontrado (a)
"HKLM\Software\Classes\PROTOCOLS\Handler\livecall" => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => não encontrado (a)
"HKLM\Software\Classes\PROTOCOLS\Handler\msnim" => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => não encontrado (a)
"HKLM\System\CurrentControlSet\Services\catchme" => removido (a) com sucesso.
catchme => serviço removido (a) com sucesso.
"C:\ComboFix\catchme.sys" => não encontrado (a)
"HKLM\System\CurrentControlSet\Services\AppMgmt" => removido (a) com sucesso.
AppMgmt => serviço removido (a) com sucesso.
C:\Users\glediane\AppData\Roaming\gameboxsetup.exe => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D6FDE24-9774-4372-AC62-BFEB4A224F3A}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D6FDE24-9774-4372-AC62-BFEB4A224F3A}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\{4AD4C4A6-4A2A-4501-8F3A-FEDAE1B371F2} => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4AD4C4A6-4A2A-4501-8F3A-FEDAE1B371F2}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje" => removido (a) com sucesso.
"C:\Program Files (x86)\DealPly\DealPly.crx" => não encontrado (a)
AppMgmt => serviço não encontrado (a).

========= ipconfig /flushdns =========


Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6059857 B
Java, Flash, Steam htmlcache => 523 B
Windows/system/drivers => 9119898 B
Edge => 0 B
Chrome => 98772603 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 348061199 B
systemprofile32 => 91010 B
LocalService => 0 B
NetworkService => 0 B
glediane => 6537101 B

RecycleBin => 0 B
EmptyTemp: => 454.9 MB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 21:13:10 ====

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @loganxd

 

Acesse o site Malwarebytes, clique em Download Gratuito e baixe o arquivo para sua Área de Trabalho (Desktop).

 

Desative antivírus, antispywares, enfim, programas de prevenção para não causar conflitos.

 

Clique com o botão direito do mouse no arquivo setup.exe e escolha: Executar como Administrador

 

  • Siga os passos para a instalação;
  • Ao clicar em Concluir aguarde o programa ser aberto;
  • No alto à direita clique em Atualizar agora;
  • O navegador irá abrir, pode fechá-lo e aguarde o término das atualizações;
  • No painel à esquerda clique em Configurações;
  • Na aba Proteção ative Procurar rootkits;
  • Depois clique em Análise no painel à esquerda;
  • Então clique no botão Iniciar Análise e aguarde;
  • Quando o scan terminar uma janela irá se abrir próximo ao relógio;
  • Nela clique em Ver Resultado;
  • Deixe todas as entradas marcadas e clique no botão Colocar em Quarentena;
  • Na janela que abrir clique em Sim para que o computador seja reiniciado;
  • Uma vez reiniciado, abra novamente o Malwarebytes e clique em Histórico e cliquem em Excluir Tudo (opcional);
  • O log será salvo automaticamente pelo programa.
  • Para exportá-lo, clique na aba Histórico > Registros do aplicativo na janela principal do programa;
  • Clique duas vezes em cima do log mais atual e exporte em .TXT;
  • Poste em sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

@diego_moicano

 

Boa Noite, realizado o procedimento, segue abaixo, obrigado.

 

 

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 17/08/2018
Hora da análise: 17:59
Arquivo de registro: 75ebc974-a260-11e8-ba5b-001e8c962b57.json

-Informação do software-
Versão: 3.5.1.2522
Versão de componentes: 1.0.421
Versão do pacote de definições: 1.0.6391
Licença: Versão de Avaliação

-Informação do sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x64
Sistema de arquivos: NTFS
Usuário: glediane-PC\glediane

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 236244
Ameaças detectadas: 7
Ameaças em quarentena: 7
Tempo decorrido: 20 min, 19 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 3
PUP.Optional.Complitly, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dlfienamagdnkekbbbocojppncdambda, Quarentena, [836], [236683],1.0.6391
PUP.Optional.DealPly, HKU\S-1-5-21-744187190-1054338479-1497372811-1000\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, Quarentena, [66], [237621],1.0.6391
PUP.Optional.Babylon, HKU\S-1-5-21-744187190-1054338479-1497372811-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarentena, [325], [167673],1.0.6391

Valor de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 0
(Nenhum item malicioso detectado)

Arquivo: 4
Trojan.BitCoinMiner.BAT, C:\WINDOWS\WINDOWS.BAT, Quarentena, [14372], [506830],1.0.6391
Trojan.BitCoinMiner.VBS, C:\WINDOWS\SYSTEM32.VBS, Quarentena, [3872], [506829],1.0.6391
PUP.Optional.InstallCore.Generic, C:\USERS\GLEDIANE\DOWNLOADS\BAIXAKI_MEMU_0355866566.EXE, Quarentena, [6181], [512143],1.0.6391
Generic.Malware/Suspicious, C:\USERS\GLEDIANE\DOWNLOADS\NãO CONFIRMADO 152740.CRDOWNLOAD, Quarentena, [0], [392686],1.0.6391

Setor físico: 0
(Nenhum item malicioso detectado)

Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)


(end)

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @loganxd

 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Stinger e salve em sua Área de trabalho (Desktop).
32 bit (x86) ou 64 bit (x64)

  • Execute o arquivo Stinger.exe como Administrador.
  • Clique no botão “I Accept”


Stinger%20a.png

Na nova janela clique em “Advanced” e depois “Settings”

Stinger%20b.png

Na janela configurações deixe conforme imagem abaixo e clique no botão “Save”

9hnsyu.png

Clique em “Customize my Scan”

Stinger%20f.png

Selecione as unidades do sistema e em seguida clique no botão “Scan”

Stinger%20g.png

Ao final clique em “View log”, será aberto uma janela com o log em seu navegador.
Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

@diego_moicano

 

McAfee® Labs Stinger™ Version 12.1.0.2863 built on Aug 20 2018 at 03:03:04 Copyright© 2013-2018, McAfee, LLC. All Rights Reserved. AV Engine version v6000.8403 for Windows. Virus data file v1000.0 created on Jul 23, 2018 Ready to scan for 8815 viruses, trojans and variants. Custom scan initiated on segunda-feira, agosto 20, 2018 22:05:15 Rootkit scan result : Clean. C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\uninst.exe.vir [MD5:72e0ea31dd90cbebe092c46d19e368c2] is infected with Artemis!72E0EA31DD90 C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\uninst.exe.vir has been Deleted C:\Qoobox\Quarantine\C\Program Files (x86)\SempToshibaAtualizador\upImage.exe.vir [MD5:594eab7231b0e2112730990cfff1e6d6] is infected with Artemis!594EAB7231B0 C:\Qoobox\Quarantine\C\Program Files (x86)\SempToshibaAtualizador\upImage.exe.vir has been Deleted C:\Users\glediane\Desktop\zoek.zip\Z-Analyse.exe is infected with Artemis!C53B9428817F C:\Users\glediane\Desktop\zoek.zip\Z-Analyse.exe has been Deleted C:\Users\glediane\Desktop\zoek.zip\ZA-Scan.exe is infected with Artemis!294DBD73A55A C:\Users\glediane\Desktop\zoek.zip\ZA-Scan.exe has been Deleted C:\Users\glediane\Desktop\zoek.zip\zoek.exe is infected with Artemis!294DBD73A55A C:\Users\glediane\Desktop\zoek.zip\zoek.exe has been Deleted Summary Report on C: E: File(s) TotalFiles:............ 557437 Clean:................. 147463 Not Scanned:........... 409969 Possibly Infected:..... 5 Time: 05:30:56 Scan completed on terça-feira, agosto 21, 2018 03:36:11

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @loganxd

 

Amigo, desculpe a ausência, fiquei doente.

 

Baixe Security Check, by glax24 e salve em sua Área de trabalho (Desktop).

 

Execute o arquivo como Administrador

  • Aguarde enquanto a ferramenta faz o exame.
  • Ao final salve log como SecurityCheck.html
  • Abra o arquivo com o bloco de notas;
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

@diego_moicano

 

Muito obrigado, melhoras.

 

Segue abaixo:

 

 

SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17]
WebSite: www.safezone.cc
DateLog: 28.08.2018 00:32:05
Path starting: C:\Users\glediane\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: glediane
VersionXML: 5.33is-25.08.2018
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x64) HomeBasic Lang: Portuguese(0416)
Installation date OS: 23.02.2012 20:01:45
LicenseStatus: Windows(R) 7, HomeBasic edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [149 Gb] Used: [67.9 Gb] Free: [81.1 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 9.0.8112.16421 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled (Level 3)
Automatically download and schedule installation
Date install updates: 2014-01-07 02:23:10
Windows Update (wuauserv) - The service is running
Central de Segurança (wscsvc) - The service is running
Registro remoto (RemoteRegistry) - The service has stopped
Descoberta SSDP (SSDPSRV) - The service is running
Serviços de Área de Trabalho Remota (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Avast Antivirus (disabled and up to date)
Malwarebytes (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Firewall do Windows (MpsSvc) - The service has stopped
Disabled the public profile of Windows Firewall
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Malwarebytes (enabled and up to date)
Windows Defender (disabled and up to date)
Avast Antivirus (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes versão 3.5.1.2522 v.3.5.1.2522
Avast Free Antivirus v.18.5.2342 Warning! Download Update
--------------------------- [ OtherUtilities ] ----------------------------
Arquivo do WinRAR
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 11 ActiveX 64-bit v.11.1.102.62 Warning! Download Update
Adobe Reader 9.5.1 - Português v.9.5.1 Warning! This software is no longer supported. Please uninstall it and use Adobe Acrobat Reader DC.
------------------------------- [ Browser ] -------------------------------
Google Chrome v.68.0.3440.106
----------------------------- [ EmailClient ] -----------------------------
Windows Live Essentials v.14.0.8117.0416 Warning! This software is no longer supported.
Windows Live Sync v.14.0.8117.416 Warning! This software is no longer supported.
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.68.0.3440.106
------------------ [ AntivirusFirewallProcessServices ] -------------------
Avast Antivirus (avast! Antivirus) - The service is running
C:\Program Files\AVAST Software\Avast\AvastSvc.exe v.18.5.3931.0
aswbIDSAgent (aswbIDSAgent) - The service has stopped
C:\Program Files\AVAST Software\Avast\AvastUI.exe v.18.5.3931.338
aswbIDSAgent (aswbIDSAgent) - The service has stopped
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.3.1.0.1583
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.667
McAfee Validation Trust Protection Service (mfevtp) - The service is running
C:\Windows\System32\mfevtps.exe
Windows Defender (WinDefend) - The service has stopped

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @loganxd

 

Como está seu Windows?

 

# Etapa nº 1 #

 

Baixe o Delfix by Xplode e salve na sua área de trabalho.

 

Clique duas vezes no delfix.exe para executá-lo. Marque as caixas conforme imagem.

 

** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo delfix.exe, depois clique em execadmin.png.

 

2mez6ld.png

 

Clique no botão Executar.

 

Ao final será gerado um log, mas não é necessário postar.

# Etapa nº 2 #

imageproxy.php?img=http%3A%2F%2Fi65.tiny Versões antigas de programas têm vulnerabilidades que alguns malwares podem usar para infectar o seu sistema.

Por isso, é recomendável atualizar os programas que o Security Check apontou como desatualizados (os updates opcionais ficam ao seu critério).

Basta clicar no Download Update de cada aviso (post acima), que irá para o site do desenvolvedor.

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

 

# Etapa nº 3 #

 

O Ccleaner é um excelente utilitário de limpeza para o computador.

 

Faça o download dele aqui Ccleaner

 

  • Após a instalação vá até o local onde o programa foi instalado, geralmente em C:\Arquivos de programas\CCleaner.
  • Clique duas vezes nesta pasta;
  • Numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta;
  • Coloque o nome de backups.
  • Abra o programa e clique em Executar Limpeza;
  • Clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
  • Observação: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×