Ir ao conteúdo
  • Cadastre-se
sep_welder

Como remover my search

Recommended Posts

Bom dia,

 

O notebook da minha mãe foi infectado com esse My-Search, tentei remove-lo de várias formas porém não consegui. Ele fica como página inicial e toda link que clico em cima, ele redireciona pra uma página aleatoria.

Segue em anexo log do ZA-Scan.

ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

@sep_welder

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • IMPORTANTE: Caso tenha programas de ativação do windows ou de compartilhamento de torrent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do forum;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas;
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Baixe o Farbar Recovery Scan do link abaixo e salve na sua área de trabalho.


NOTA: Faça o download de acordo com sua arquitetura (32 bits ou 64 bits)
https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:
Clique com o direito sobre o arquivo FRST64.EXE, depois clique em VRIfczU.png .
Aceite o contrato e depois clique no botão Scan.

Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Abra cada arquivo em separado, copie seu conteúdo e cole na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite, Elias.

Segue:

 

FRST.txt:

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 09.01.2019 01
Executado por Welder (administrador) em PC-WELDER (11-01-2019 18:41:58)
Executando a partir de C:\Users\Welder\Desktop
Perfis Carregados: Welder (Perfis Disponíveis: Welder)
Platform: Windows 8.1 Pro (Update) (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.4.3.612\AsusWSPanel.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.4.3.612\AsusWSService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (IvoSoft)
HKLM\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.4.3.612\ASUSWSLoader.exe [63928 2018-09-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKU\S-1-5-21-2090145191-4100275604-1511405432-1015\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19589208 2018-12-10] (Piriform Software Ltd)
HKU\S-1-5-21-2090145191-4100275604-1511405432-1015\...\MountPoints2: {8eb2f582-0ad2-11e9-82d4-e03f49a83781} - "D:\Office_2016_All_In_One.exe" 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-28] (Google Inc.)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 189.7.72.72 189.7.72.62
Tcpip\Parameters: [NameServer] 82.163.142.9 95.211.158.137
Tcpip\..\Interfaces\{340B388A-5877-4254-BBBD-68462B581467}: [NameServer] 82.163.142.9 95.211.158.137
Tcpip\..\Interfaces\{340B388A-5877-4254-BBBD-68462B581467}: [DhcpNameServer] 189.7.72.61 189.7.72.71
Tcpip\..\Interfaces\{5B7FDF04-5FBF-4225-A8D8-A7658F5064AA}: [NameServer] 82.163.142.9 95.211.158.137
Tcpip\..\Interfaces\{5B7FDF04-5FBF-4225-A8D8-A7658F5064AA}: [DhcpNameServer] 189.7.72.72 189.7.72.62
Tcpip\..\Interfaces\{F40BDE69-4375-4310-B3EE-429115FCDB88}: [NameServer] 82.163.142.9 95.211.158.137
Tcpip\..\Interfaces\{F40BDE69-4375-4310-B3EE-429115FCDB88}: [DhcpNameServer] 82.163.142.9

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
URLSearchHook: [S-1-5-21-2090145191-4100275604-1511405432-1015] ATENÇÃO => A URLSearchHook Padrão está ausente
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-12-28] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-12-28] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: wq71g545.default
FF ProfilePath: C:\Users\Welder\AppData\Roaming\Mozilla\Firefox\Profiles\wq71g545.default [2019-01-11]
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-12-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-12-28] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Welder\AppData\Local\Google\Chrome\User Data\Default [2019-01-11]
CHR Extension: (Apresentações) - C:\Users\Welder\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-28]
CHR Extension: (Documentos) - C:\Users\Welder\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-28]
CHR Extension: (Google Drive) - C:\Users\Welder\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-28]
CHR Extension: (YouTube) - C:\Users\Welder\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-28]
CHR Extension: (Planilhas) - C:\Users\Welder\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-28]
CHR Extension: (Documentos Google off-line) - C:\Users\Welder\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-28]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Welder\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-28]
CHR Extension: (Gmail) - C:\Users\Welder\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-12-28]
CHR Extension: (Chrome Media Router) - C:\Users\Welder\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-28]

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-13] (Qualcomm Atheros Communications, Inc.)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2018-12-28] (Disc Soft Ltd)
S3 HyperVideo; C:\Windows\system32\DRIVERS\HyperVideo.sys [22016 2013-08-22] (Microsoft Corporation) [Arquivo não assinado]
S3 netvsc; C:\Windows\System32\drivers\netvsc63.sys [87040 2014-11-20] (Microsoft Corporation) [Arquivo não assinado]
R0 WofAdk; C:\Windows\System32\drivers\wofadk.sys [221376 2016-07-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2019-01-11 18:41 - 2019-01-11 18:42 - 000010749 _____ C:\Users\Welder\Desktop\FRST.txt
2019-01-11 18:37 - 2019-01-11 18:41 - 000000000 ____D C:\FRST
2019-01-11 18:37 - 2019-01-11 18:37 - 002425856 _____ (Farbar) C:\Users\Welder\Desktop\FRST64.exe
2019-01-09 22:57 - 2018-12-28 00:12 - 000444368 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-01-09 22:57 - 2018-12-28 00:12 - 000178128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-01-09 22:57 - 2018-12-27 22:24 - 000333768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-01-09 22:57 - 2018-12-27 22:01 - 025738240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-01-09 22:57 - 2018-12-27 21:38 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-01-09 22:57 - 2018-12-27 21:36 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-01-09 22:57 - 2018-12-27 21:31 - 005778944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-01-09 22:57 - 2018-12-27 21:25 - 020279808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-01-09 22:57 - 2018-12-27 21:25 - 000790016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-01-09 22:57 - 2018-12-27 21:17 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-01-09 22:57 - 2018-12-27 21:05 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-01-09 22:57 - 2018-12-27 21:02 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-01-09 22:57 - 2018-12-27 20:56 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2019-01-09 22:57 - 2018-12-27 20:55 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-01-09 22:57 - 2018-12-27 20:50 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-01-09 22:57 - 2018-12-27 20:49 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-01-09 22:57 - 2018-12-27 20:48 - 015284224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-01-09 22:57 - 2018-12-27 20:48 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-01-09 22:57 - 2018-12-27 20:48 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-01-09 22:57 - 2018-12-27 20:48 - 000381440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-01-09 22:57 - 2018-12-27 20:47 - 001441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-01-09 22:57 - 2018-12-27 20:45 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-01-09 22:57 - 2018-12-27 20:41 - 000963072 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-01-09 22:57 - 2018-12-27 20:34 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2019-01-09 22:57 - 2018-12-27 20:33 - 004860416 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-01-09 22:57 - 2018-12-27 20:33 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-01-09 22:57 - 2018-12-27 20:31 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-01-09 22:57 - 2018-12-27 20:29 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-01-09 22:57 - 2018-12-27 20:29 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-01-09 22:57 - 2018-12-27 20:29 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-01-09 22:57 - 2018-12-27 20:29 - 000333312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-01-09 22:57 - 2018-12-27 20:24 - 000780800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-01-09 22:57 - 2018-12-27 20:22 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-01-09 22:57 - 2018-12-27 20:11 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-01-09 22:57 - 2018-12-27 20:11 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-01-09 22:57 - 2018-12-27 20:11 - 000785408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll
2019-01-09 22:57 - 2018-12-27 20:07 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-01-09 22:57 - 2018-12-27 20:06 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-01-09 22:57 - 2018-12-27 20:05 - 000566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll
2019-01-09 22:57 - 2018-12-08 18:22 - 007371720 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-01-09 22:57 - 2018-12-08 18:22 - 002014152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2019-01-09 22:57 - 2018-12-08 17:00 - 000080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2019-01-09 22:57 - 2018-12-08 09:23 - 000121272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2019-01-09 22:57 - 2018-12-08 06:13 - 002534664 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-01-09 22:57 - 2018-12-08 04:25 - 002173040 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2019-01-09 22:57 - 2018-12-08 03:56 - 001901896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-01-09 22:57 - 2018-12-08 03:32 - 001563376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2019-01-09 22:57 - 2018-12-08 01:49 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-01-09 22:57 - 2018-12-07 12:24 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-01-09 22:57 - 2018-11-28 06:34 - 000323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2019-01-09 22:57 - 2018-11-28 06:17 - 000200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2019-01-09 22:39 - 2019-01-09 22:45 - 000000537 _____ C:\Users\Welder\Desktop\DIVIDA FANNY JANEIRO.txt
2019-01-07 12:24 - 2019-01-07 12:24 - 000011988 _____ C:\Users\Welder\Downloads\ZA-Scan.txt
2019-01-07 11:56 - 2019-01-07 11:56 - 000011988 _____ C:\ZA-Scan.txt
2019-01-07 11:53 - 2019-01-07 11:53 - 000000000 ____D C:\zoek_backup
2019-01-07 11:52 - 2019-01-07 11:52 - 006102389 _____ C:\Users\Welder\Desktop\zoek.zip
2019-01-07 11:52 - 2018-04-19 23:18 - 002041445 _____ C:\Users\Welder\Desktop\Z-Analyse.exe
2019-01-07 11:52 - 2018-04-18 01:39 - 002038755 _____ C:\Users\Welder\Desktop\zoek.exe
2019-01-07 11:52 - 2018-04-18 01:39 - 002038755 _____ C:\Users\Welder\Desktop\ZA-Scan.exe
2019-01-05 20:46 - 2019-01-07 11:43 - 000000000 ____D C:\Users\Todos os Usuários\Srjre
2019-01-05 20:46 - 2019-01-07 11:43 - 000000000 ____D C:\ProgramData\Srjre
2019-01-05 20:46 - 2019-01-05 20:46 - 000000000 ____D C:\Users\Todos os Usuários\Djvdip
2019-01-05 20:46 - 2019-01-05 20:46 - 000000000 ____D C:\Users\Todos os Usuários\{502f736f-112c-1}
2019-01-05 20:46 - 2019-01-05 20:46 - 000000000 ____D C:\Users\Todos os Usuários\{34330a92-512c-0}
2019-01-05 20:46 - 2019-01-05 20:46 - 000000000 ____D C:\Users\Todos os Usuários\{220032af-012c-0}
2019-01-05 20:46 - 2019-01-05 20:46 - 000000000 ____D C:\ProgramData\Djvdip
2019-01-05 20:46 - 2019-01-05 20:46 - 000000000 ____D C:\ProgramData\{502f736f-112c-1}
2019-01-05 20:46 - 2019-01-05 20:46 - 000000000 ____D C:\ProgramData\{34330a92-512c-0}
2019-01-05 20:46 - 2019-01-05 20:46 - 000000000 ____D C:\ProgramData\{220032af-012c-0}
2019-01-05 12:49 - 2019-01-05 12:49 - 000000000 ____D C:\Users\Welder\Documents\Modelos Personalizados do Office
2018-12-31 21:40 - 2019-01-11 18:37 - 000000000 ___RD C:\Users\Welder\OneDrive
2018-12-28 19:06 - 2018-12-28 19:10 - 000000000 ____D C:\Users\Welder\Desktop\Casamento Fanny e Welder_Nov2018
2018-12-28 18:38 - 2018-12-28 18:38 - 000110968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2018-12-28 18:38 - 2018-12-28 18:38 - 000000000 ____D C:\Users\Welder\AppData\Roaming\Sun
2018-12-28 18:38 - 2018-12-28 18:38 - 000000000 ____D C:\Users\Welder\AppData\LocalLow\Sun
2018-12-28 18:38 - 2018-12-28 18:38 - 000000000 ____D C:\Users\Todos os Usuários\Oracle
2018-12-28 18:38 - 2018-12-28 18:38 - 000000000 ____D C:\ProgramData\Oracle
2018-12-28 18:38 - 2018-12-28 18:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-12-28 18:38 - 2018-12-28 18:38 - 000000000 ____D C:\Program Files\Java
2018-12-28 18:27 - 2018-12-28 18:37 - 000000000 ____D C:\Users\Welder\AppData\LocalLow\Mozilla
2018-12-28 18:27 - 2018-12-28 18:27 - 000000000 ____D C:\Users\Welder\AppData\Roaming\Mozilla
2018-12-28 18:27 - 2018-12-28 18:27 - 000000000 ____D C:\Users\Welder\AppData\Local\Mozilla
2018-12-28 17:55 - 2018-12-28 17:55 - 000319042 _____ C:\Windows\system32\Drivers\RTWAVES40.dat
2018-12-28 17:55 - 2018-12-28 17:55 - 000006786 _____ C:\Windows\system32\Drivers\rtwavesEFX.dat
2018-12-28 17:55 - 2018-12-28 17:55 - 000003180 _____ C:\Windows\System32\Tasks\RtHDVBg_ListenToDevice
2018-12-28 17:55 - 2018-12-28 17:55 - 000003168 _____ C:\Windows\System32\Tasks\RTKCPL
2018-12-28 17:55 - 2018-12-28 17:55 - 000003152 _____ C:\Windows\System32\Tasks\RtHDVBg
2018-12-28 17:55 - 2018-12-28 17:55 - 000002626 _____ C:\Windows\system32\Drivers\rtwavesMFX.dat
2018-12-28 17:55 - 2018-12-28 17:55 - 000000000 ____H C:\Users\Todos os Usuários\DP45977C.lfl
2018-12-28 17:55 - 2018-12-28 17:55 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2018-12-28 17:55 - 2018-12-28 17:55 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2018-12-28 17:55 - 2018-12-28 17:55 - 000000000 ____D C:\Program Files\Realtek
2018-12-28 17:51 - 2018-11-28 07:39 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-12-28 17:51 - 2018-11-10 17:42 - 001368584 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-12-28 17:51 - 2018-11-10 16:54 - 001308456 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-12-28 17:51 - 2018-11-10 16:53 - 000356088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-12-28 17:51 - 2018-11-10 14:34 - 001754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2018-12-28 17:51 - 2018-11-10 14:25 - 001085440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-12-28 17:51 - 2018-11-10 14:22 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-12-28 17:51 - 2018-11-10 14:15 - 001491968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2018-12-28 17:51 - 2018-11-03 13:25 - 002348032 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-12-28 17:51 - 2018-11-03 13:11 - 001556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-12-28 17:51 - 2018-10-24 22:54 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2018-12-28 17:51 - 2018-10-24 22:51 - 000121344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2018-12-28 17:51 - 2018-10-24 22:46 - 000205824 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2018-12-28 17:51 - 2018-10-24 22:45 - 000168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2018-12-28 17:51 - 2018-10-16 01:39 - 001662504 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-12-28 17:51 - 2018-10-16 01:39 - 001063368 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2018-12-28 17:51 - 2018-10-16 01:18 - 001137472 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-12-28 17:51 - 2018-10-16 01:02 - 001214920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-12-28 17:51 - 2018-10-12 18:35 - 000862208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-12-28 17:51 - 2018-10-12 18:25 - 000189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2018-12-28 17:51 - 2018-10-12 18:16 - 000148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2018-12-28 17:51 - 2018-10-12 18:16 - 000131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2018-12-28 17:51 - 2018-10-12 17:51 - 000267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2018-12-28 17:51 - 2018-10-12 00:16 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll
2018-12-28 17:51 - 2018-10-12 00:10 - 000235520 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2018-12-28 17:51 - 2018-10-11 23:58 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2018-12-28 17:51 - 2018-10-11 23:58 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2018-12-28 17:51 - 2018-10-06 16:14 - 001547192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-12-28 17:51 - 2018-10-06 16:14 - 000388536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-12-28 17:51 - 2018-10-06 14:43 - 000148992 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-12-28 17:51 - 2018-10-06 14:13 - 000113664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-12-28 17:51 - 2018-10-06 13:41 - 002465792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-12-28 17:51 - 2018-10-06 13:34 - 002175488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-12-28 17:51 - 2018-10-05 15:06 - 001200640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2018-12-28 17:51 - 2018-10-05 14:20 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2018-12-28 17:51 - 2018-10-05 13:18 - 000513376 _____ C:\Windows\SysWOW64\locale.nls
2018-12-28 17:51 - 2018-10-05 13:18 - 000513376 _____ C:\Windows\system32\locale.nls
2018-12-28 17:51 - 2018-09-28 11:38 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll
2018-12-28 17:51 - 2018-09-28 11:34 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msisip.dll
2018-12-28 17:51 - 2018-09-12 16:30 - 000137008 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-12-28 17:51 - 2018-09-11 13:30 - 003718144 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-12-28 17:51 - 2018-08-21 11:39 - 000435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-12-28 17:51 - 2018-08-21 11:35 - 000358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-12-28 17:50 - 2018-10-12 17:47 - 001049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-12-28 17:50 - 2018-10-12 00:01 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-12-28 17:50 - 2018-10-11 23:12 - 002882048 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-12-28 17:40 - 2018-12-28 17:40 - 000000000 ____D C:\Users\Welder\AppData\Roaming\WinRAR
2018-12-28 17:39 - 2018-12-28 17:40 - 000000000 ____D C:\Program Files\WinRAR
2018-12-28 17:39 - 2018-12-28 17:39 - 000000000 ____D C:\Users\Welder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-12-28 17:39 - 2018-12-28 17:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-12-28 17:06 - 2018-12-28 17:06 - 000002881 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2018-12-28 17:06 - 2018-12-28 17:06 - 000002841 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2018-12-28 17:06 - 2018-12-28 17:06 - 000002807 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2018-12-28 17:06 - 2018-12-28 17:06 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2016
2018-12-28 17:06 - 2018-12-28 17:06 - 000000000 ____D C:\Windows\PCHEALTH
2018-12-28 17:06 - 2018-12-28 17:06 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2018-12-28 17:06 - 2018-12-28 17:06 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-12-28 17:06 - 2018-12-28 17:06 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2018-12-28 17:05 - 2018-12-28 17:05 - 000000000 ____D C:\Windows\SHELLNEW
2018-12-28 17:05 - 2018-12-28 17:05 - 000000000 ____D C:\Program Files\Microsoft Analysis Services
2018-12-28 17:05 - 2018-12-28 17:05 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2018-12-28 17:04 - 2018-12-28 17:06 - 000000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2018-12-28 17:04 - 2018-12-28 17:06 - 000000000 ____D C:\Program Files\Microsoft Office
2018-12-28 17:04 - 2018-12-28 17:04 - 000000000 __RHD C:\MSOCache
2018-12-28 17:04 - 2018-12-28 17:04 - 000000000 ____D C:\Users\Welder\AppData\Local\Microsoft Help
2018-12-28 17:04 - 2018-12-28 17:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-12-28 16:56 - 2018-12-28 22:20 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-12-28 16:56 - 2018-12-28 16:56 - 000000000 ____D C:\Users\Welder\AppData\Roaming\Adobe
2018-12-28 16:56 - 2018-12-28 16:56 - 000000000 ____D C:\Users\Welder\AppData\LocalLow\Adobe
2018-12-28 16:55 - 2019-01-04 21:14 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-12-28 16:55 - 2018-12-28 16:57 - 000000000 ____D C:\Users\Todos os Usuários\Adobe
2018-12-28 16:55 - 2018-12-28 16:57 - 000000000 ____D C:\ProgramData\Adobe
2018-12-28 16:55 - 2018-12-28 16:55 - 000002067 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2018-12-28 16:55 - 2018-12-28 16:55 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-12-28 16:53 - 2018-12-29 13:02 - 000000000 ____D C:\Users\Welder\AppData\Local\Adobe
2018-12-28 16:49 - 2019-01-05 20:47 - 000000000 ____D C:\Users\Todos os Usuários\{330AF105-B1E8-7868-90AC-EBF4904BB2A5}
2018-12-28 16:49 - 2019-01-05 20:47 - 000000000 ____D C:\ProgramData\{330AF105-B1E8-7868-90AC-EBF4904BB2A5}
2018-12-28 16:49 - 2019-01-05 20:46 - 000000000 ____D C:\Users\Todos os Usuários\{ACD019DC-5931-E7B2-4944-316B49A3683A}
2018-12-28 16:49 - 2019-01-05 20:46 - 000000000 ____D C:\ProgramData\{ACD019DC-5931-E7B2-4944-316B49A3683A}
2018-12-28 16:48 - 2018-12-28 18:52 - 000000000 ____D C:\Users\Welder\AppData\Roaming\DAEMON Tools Lite
2018-12-28 16:48 - 2018-12-28 16:48 - 000030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2018-12-28 16:47 - 2018-12-28 16:48 - 000000000 ____D C:\Users\Todos os Usuários\DAEMON Tools Lite
2018-12-28 16:47 - 2018-12-28 16:48 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2018-12-28 16:41 - 2018-12-28 16:41 - 000000000 ____D C:\Asus WebStorage
2018-12-28 16:39 - 2019-01-11 18:37 - 000000000 ____D C:\Users\Welder\AppData\Roaming\WebStorage
2018-12-28 16:39 - 2018-12-28 16:39 - 000000000 __SHD C:\aws
2018-12-28 16:39 - 2018-12-28 16:39 - 000000000 ____D C:\Users\Welder\AppData\Roaming\awsRun
2018-12-28 16:39 - 2018-12-28 16:39 - 000000000 ____D C:\Users\Todos os Usuários\WebStorage
2018-12-28 16:39 - 2018-12-28 16:39 - 000000000 ____D C:\Users\Todos os Usuários\ASUS WebStorage
2018-12-28 16:39 - 2018-12-28 16:39 - 000000000 ____D C:\ProgramData\WebStorage
2018-12-28 16:39 - 2018-12-28 16:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2018-12-28 16:39 - 2018-12-28 16:39 - 000000000 ____D C:\ProgramData\ASUS WebStorage
2018-12-28 16:39 - 2018-12-28 16:39 - 000000000 ____D C:\Program Files (x86)\ASUS
2018-12-28 16:31 - 2018-12-28 16:31 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-12-28 16:31 - 2018-12-28 16:31 - 000002812 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-12-28 16:31 - 2018-12-28 16:31 - 000000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-12-28 16:31 - 2018-12-28 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-12-28 16:31 - 2018-12-28 16:31 - 000000000 ____D C:\Program Files\CCleaner
2018-12-28 16:25 - 2018-12-28 16:26 - 085201971 _____ C:\Users\Welder\Downloads\Bluetooth_Ralink_Win81_64_VER1107482.zip
2018-12-28 16:22 - 2018-12-28 16:22 - 000000000 ____D C:\Users\Todos os Usuários\Ralink Driver
2018-12-28 16:22 - 2018-12-28 16:22 - 000000000 ____D C:\ProgramData\Ralink Driver
2018-12-28 16:16 - 2018-12-28 16:22 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-12-28 16:16 - 2018-12-28 16:16 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-12-28 16:13 - 2018-12-28 16:13 - 000000732 _____ C:\Users\Public\Desktop\Intel(R) HD Graphics Control Panel.lnk
2018-12-28 16:13 - 2018-12-28 16:13 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2018-12-28 16:06 - 2018-12-28 16:06 - 000000000 ____D C:\Users\Welder\AppData\Roaming\Google
2018-12-28 16:00 - 2018-12-28 16:00 - 000002318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-28 16:00 - 2018-12-28 16:00 - 000002277 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-12-28 16:00 - 2018-12-28 16:00 - 000000000 ____D C:\Windows\SysWOW64\sda
2018-12-28 16:00 - 2018-12-28 16:00 - 000000000 ____D C:\Intel
2018-12-28 16:00 - 2013-10-01 13:02 - 000064000 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2018-12-28 16:00 - 2013-10-01 13:02 - 000060416 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2018-12-28 15:59 - 2019-01-04 22:01 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2090145191-4100275604-1511405432-1015
2018-12-28 15:59 - 2018-12-28 15:59 - 000000000 ____D C:\Program Files\Intel
2018-12-28 15:58 - 2018-12-28 16:12 - 000000000 ____D C:\Users\Welder\AppData\Local\Google
2018-12-28 15:58 - 2018-12-28 16:00 - 000000000 ____D C:\Program Files (x86)\Google
2018-12-28 15:58 - 2018-12-28 15:58 - 000003502 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-12-28 15:58 - 2018-12-28 15:58 - 000003374 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-12-28 15:53 - 2019-01-09 23:15 - 000000000 ____D C:\Users\Welder\AppData\Local\ClassicShell
2018-12-28 15:53 - 2017-09-30 09:46 - 000002170 _____ C:\Users\Welder\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2018-12-28 15:52 - 2019-01-11 18:32 - 000003606 _____ C:\Windows\System32\Tasks\AutoKMS
2018-12-28 15:52 - 2018-12-28 15:54 - 000000000 ____D C:\Windows\AutoKMS
2018-12-28 15:50 - 2018-12-28 15:50 - 000000000 ____D C:\Users\Welder\AppData\Local\VirtualStore
2018-12-28 15:50 - 2018-12-28 15:50 - 000000000 ____D C:\Users\Welder\AppData\Local\Packages
2018-12-28 15:49 - 2018-12-31 21:40 - 000000000 ____D C:\Users\Welder
2018-12-28 15:49 - 2018-12-28 15:49 - 000000020 ___SH C:\Users\Welder\ntuser.ini
2018-12-28 15:49 - 2018-12-28 15:49 - 000000000 _SHDL C:\Users\Welder\Modelos
2018-12-28 15:49 - 2018-12-28 15:49 - 000000000 _SHDL C:\Users\Welder\Meus Documentos
2018-12-28 15:49 - 2018-12-28 15:49 - 000000000 _SHDL C:\Users\Welder\Menu Iniciar
2018-12-28 15:49 - 2018-12-28 15:49 - 000000000 _SHDL C:\Users\Welder\Documents\Minhas Músicas
2018-12-28 15:49 - 2018-12-28 15:49 - 000000000 _SHDL C:\Users\Welder\Documents\Minhas Imagens
2018-12-28 15:49 - 2018-12-28 15:49 - 000000000 _SHDL C:\Users\Welder\Documents\Meus Vídeos
2018-12-28 15:49 - 2018-12-28 15:49 - 000000000 _SHDL C:\Users\Welder\Dados de Aplicativos
2018-12-28 15:49 - 2018-12-28 15:49 - 000000000 _SHDL C:\Users\Welder\Configurações Locais
2018-12-28 15:49 - 2018-12-28 15:49 - 000000000 _SHDL C:\Users\Welder\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-12-28 15:49 - 2018-12-28 15:49 - 000000000 _SHDL C:\Users\Welder\AppData\Local\Histórico
2018-12-28 15:49 - 2018-12-28 15:49 - 000000000 _SHDL C:\Users\Welder\AppData\Local\Dados de Aplicativos
2018-12-28 15:49 - 2018-12-28 15:49 - 000000000 _SHDL C:\Users\Welder\Ambiente de Rede
2018-12-28 15:49 - 2018-12-28 15:49 - 000000000 _SHDL C:\Users\Welder\Ambiente de Impressão
2018-12-28 15:49 - 2018-12-28 15:49 - 000000000 ____D C:\Windows\CSC
2018-12-28 15:49 - 2014-11-20 21:17 - 000000369 _____ C:\Users\Welder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2018-12-28 15:49 - 2014-11-20 21:17 - 000000369 _____ C:\Users\Welder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2018-12-28 15:42 - 2018-12-28 15:42 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2019-01-11 18:34 - 2014-11-20 21:10 - 001728408 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-11 18:34 - 2014-11-20 20:18 - 000746184 _____ C:\Windows\system32\prfh0416.dat
2019-01-11 18:34 - 2014-11-20 20:18 - 000146930 _____ C:\Windows\system32\prfc0416.dat
2019-01-11 18:34 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\Inf
2019-01-11 18:29 - 2013-08-22 12:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-09 23:16 - 2013-08-22 13:20 - 000000000 ____D C:\Windows\CbsTemp
2019-01-09 22:59 - 2013-08-22 13:36 - 000000000 ____D C:\Windows\system32\FxsTmp
2019-01-07 11:43 - 2013-08-22 13:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-01-07 11:43 - 2013-08-22 13:36 - 000000000 ____D C:\Windows\system32\Macromed
2018-12-31 21:41 - 2013-08-22 13:36 - 000000000 ____D C:\Windows\rescache
2018-12-28 18:05 - 2013-08-22 12:44 - 000402032 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-28 17:06 - 2013-08-22 13:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-12-28 16:39 - 2013-08-22 13:36 - 000262144 _____ C:\Windows\system32\config\BCD-Template
2018-12-28 16:31 - 2017-09-28 21:39 - 000000000 ____D C:\Windows\Panther
2018-12-28 16:13 - 2018-09-01 21:14 - 000000000 ____D C:\Program Files (x86)\Intel
2018-12-28 16:11 - 2013-09-23 11:32 - 000449528 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2018-12-28 15:53 - 2013-08-22 13:36 - 000000000 ____D C:\Windows\AppReadiness
2018-12-28 15:50 - 2017-09-30 09:36 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-12-28 15:44 - 2013-08-22 11:25 - 000262144 ___SH C:\Windows\system32\config\BBI

Alguns arquivos em TEMP:
====================
2019-01-07 11:53 - 2009-11-10 20:09 - 000157184 _____ () C:\Users\Welder\AppData\Local\Temp\virustotal.exe

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2019-01-07 12:11

==================== Fim de FRST.txt ============================

 

Addition:

 

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 09.01.2019 01
Executado por Welder (11-01-2019 18:43:36)
Executando a partir de C:\Users\Welder\Desktop
Windows 8.1 Pro (Update) (X64) (2018-12-28 17:50:03)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================

Administrador (S-1-5-21-2090145191-4100275604-1511405432-500 - Administrator - Disabled)
Convidado (S-1-5-21-2090145191-4100275604-1511405432-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2090145191-4100275604-1511405432-1005 - Limited - Enabled)
Welder (S-1-5-21-2090145191-4100275604-1511405432-1015 - Administrator - Enabled) => C:\Users\Welder

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist,A será removida.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{4ffaf7b8-a84a-4813-840c-8b1f1343ae54}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{dd1e9bde-2ad6-4e92-8c07-7d4723eab8b8}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.41 - Ralink)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.27055 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.21.909.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.4.3.612 - ASUS Cloud Corporation)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

ShellIconOverlayIdentifiers: [     !AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.4.3.612\ASUSWSShellExt64.dll [2017-04-21] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [     !AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.4.3.612\ASUSWSShellExt64.dll [2017-04-21] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [     !AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.4.3.612\ASUSWSShellExt64.dll [2017-04-21] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-10-01] (Intel Corporation)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)

==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {0412058B-AF99-46DA-A9A6-1481BA83044D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-12-10] (Piriform Software Ltd)
Task: {05886BAC-C27F-41EE-9CB3-9427A75AC469} - \Optimize Start Menu Cache Files-S-1-5-21-2090145191-4100275604-1511405432-1002 -> Nenhum Arquivo <==== ATENÇÃO
Task: {40F3B9DD-E105-48BC-9D6F-922E2C83E63D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {419CD17E-FB50-4C71-9129-0807B0D7F7BE} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-12-10] (Piriform Ltd)
Task: {50925DC2-1EA2-4837-8BD0-5F58957A7BBD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {5F910F32-124C-48AF-B086-0CE4907B2023} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-04-13] (Realtek Semiconductor)
Task: {74F68829-01A8-4A3D-8C85-DC9D43D5C050} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-04-13] (Realtek Semiconductor)
Task: {8AFAD7E4-8867-45ED-B4E0-22ED50196AC0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-28] (Google Inc.)
Task: {986FCED0-F8B8-486D-8E75-8F347111FE14} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-28] (Google Inc.)
Task: {A61E4E7D-960C-47E0-82F2-BE37B1A5FAD7} - \Optimize Start Menu Cache Files-S-1-5-21-2090145191-4100275604-1511405432-1006 -> Nenhum Arquivo <==== ATENÇÃO
Task: {A942F7EE-8611-472D-A699-61B67F733B4A} - \Optimize Start Menu Cache Files-S-1-5-21-2090145191-4100275604-1511405432-1001 -> Nenhum Arquivo <==== ATENÇÃO
Task: {AB38EF7C-862D-4CEC-A66B-189D71D1E7AD} - \WPD\SqmUpload_S-1-5-21-2090145191-4100275604-1511405432-1008 -> Nenhum Arquivo <==== ATENÇÃO
Task: {B9E49595-1DEA-4E96-98D9-B6BA3411D566} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2018-12-28] ()
Task: {C6BCFEAD-0F4B-469E-9D28-CD3487E285FA} - \WPD\SqmUpload_S-1-5-21-2090145191-4100275604-1511405432-1009 -> Nenhum Arquivo <==== ATENÇÃO
Task: {CFB42E5E-5E9C-4D7A-852F-836DD92F24CA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {DEAD8955-1CC5-436A-91CD-B34A14377C62} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-04-13] (Realtek Semiconductor)
Task: {E26AA335-A99F-4E56-B516-B8B938CCDC8C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)


==================== Atalhos & WMI ========================

(As entradas podem ser listadas para serem restauradas ou removidas.)


==================== Módulos Carregados (Whitelisted) ==============

2013-10-01 13:02 - 2013-10-01 13:02 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-12-10 08:09 - 2018-12-10 08:09 - 000101960 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)


==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)


==================== Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)


==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)


==================== Hosts Conteúdo: ===============================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2013-08-22 11:25 - 2013-08-22 11:25 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-2090145191-4100275604-1511405432-1015\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 82.163.142.9 - 95.211.158.137
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

Se uma entrada for incluída na fixlist, será removida.


==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [{5D5685C1-F225-4CD4-8C7E-38005FDCFBFD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{0B85F5CE-8493-4D11-9339-60EC1099E69E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{DDFF4601-D5DE-4D86-AADD-DFD7DE3A0AEA}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)

==================== Pontos de Restauração =========================

ATENÇÃO: A Restauração do Sistema está desabilitada
Cheque o serviço "winmgmt" ou repare o WMI.


==================== Dispositivos Apresentando Falhas No Gerenciador =============


==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (12/28/2018 03:52:37 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Falha na Ativação de Licença (slui.exe). Código de erro:
hr=0x800706BE
Argumento de linha de comando:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=TimerEvent

Error: (12/28/2018 03:50:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Falha na Ativação de Licença (slui.exe). Código de erro:
hr=0xC004C003
Argumento de linha de comando:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8da2dfae-e4f5-4e6a-9272-96f8470e033e;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (12/28/2018 03:50:21 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Falha na aquisição da Licença de Usuário Final. hr=0xC004C003
Sku Id=8da2dfae-e4f5-4e6a-9272-96f8470e033e

Error: (12/28/2018 03:50:21 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Detalhes da falha na aquisição de licença. 
hr=0xC004C003

Error: (12/28/2018 03:50:20 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Falha na Ativação de Licença (slui.exe). Código de erro:
hr=0xC004E028
Argumento de linha de comando:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8da2dfae-e4f5-4e6a-9272-96f8470e033e;NotificationInterval=1440;Trigger=TimerEvent


Erros de Sistema:
=============
Error: (01/11/2019 06:28:44 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Falha na inicialização do despejo de memória!

Error: (12/28/2018 06:53:32 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Falha na inicialização do despejo de memória!

Error: (12/28/2018 06:41:46 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: O nome "PC-WELDER      :0" não pôde ser registrado na interface com o endereço IP 192.168.0.14.
O computador de endereço IP 192.168.0.15 não permitiu que o nome fosse reivindicado por
este computador.

Error: (12/28/2018 06:41:23 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: O nome "PC-WELDER      :0" não pôde ser registrado na interface com o endereço IP 192.168.0.14.
O computador de endereço IP 192.168.0.15 não permitiu que o nome fosse reivindicado por
este computador.

Error: (12/28/2018 06:41:01 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: O nome "PC-WELDER      :0" não pôde ser registrado na interface com o endereço IP 192.168.0.14.
O computador de endereço IP 192.168.0.15 não permitiu que o nome fosse reivindicado por
este computador.

Error: (12/28/2018 06:40:40 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: O nome "PC-WELDER      :0" não pôde ser registrado na interface com o endereço IP 192.168.0.14.
O computador de endereço IP 192.168.0.15 não permitiu que o nome fosse reivindicado por
este computador.

Error: (12/28/2018 06:40:36 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: O nome "PC-WELDER      :0" não pôde ser registrado na interface com o endereço IP 192.168.0.14.
O computador de endereço IP 192.168.0.15 não permitiu que o nome fosse reivindicado por
este computador.

Error: (12/28/2018 06:40:15 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: O nome "PC-WELDER      :0" não pôde ser registrado na interface com o endereço IP 192.168.0.14.
O computador de endereço IP 192.168.0.15 não permitiu que o nome fosse reivindicado por
este computador.


==================== Informações da Memória =========================== 

Processador: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentagem de memória em uso: 20%
RAM física total: 3981.75 MB
RAM física disponível: 3149.56 MB
Virtual Total: 3981.75 MB
Virtual disponível: 3205.67 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:465.21 GB) (Free:430.46 GB) NTFS

\\?\Volume{3da696b8-93c1-4e51-829a-98ba06b3e277}\ (Recuperação) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS

==================== MBR & Tabela de Partições ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 54750187)

Partition: GPT.

==================== Fim de Addition.txt ============================

Compartilhar este post


Link para o post
Compartilhar em outros sites

@sep_welder

 

Siga os passos abaixo:

ETAPA 1

Baixe o Malwarebytes Anti-Malware (MBAM) do link abaixo e salve no seu desktop.
https://downloads.malwarebytes.org/file/mbam_current/
 
Clique duas vezes no mbam-setup.exe e siga o solicitado para instalar o programa.

  • Na aba Análise > Analise Personalizada marque a opção Procurar rootkits e as entradas referente a instalação do sistema operacional. Normalmente é o drive C:;
  • Clique em Analisar Agora. Aguarde, pois o scan pode demorar;
  • Ao acabar o scan, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas ou Colocar em Quarentena;
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo);
  • Caso o mbam não seja executado automaticamente após a reinicialização, execute manualmente;
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Relatórios na janela principal do programa;
  • Clique duas vezes no log (Registro de verificação). Clique no botão Exportar e utilize o formato .txt para exportar o log. Salve na Área de Trabalho.


ATENÇÃO: Abra o arquivo, selecione tudo, copie e cole o conteúdo deste log em sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

ETAPA 2

Faça o download do AdwCleaner de um dos links abaixo e salve no desktop.
https://toolslib.net/downloads/viewdownload/1-adwcleaner/
http://www.bleepingcomputer.com/download/adwcleaner/

Clique em DOWNLOAD NOW para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em VRIfczU.png

Clique em VERIFICAR. Após o termino clique em LIMPAR e aguarde.

Será aberto o bloco de notas com o resultado.

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.
 

ETAPA 3


Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.


Faça o download do ZHPCleaner no link abaixo e salve em sua Área de trabalho (Desktop)

https://www.nicolascoolman.com/download/zhpcleaner/


Execute o arquivo ZHPCleaner.exe Como Administrador

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde. Segue logs:

 

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 14/01/2019
Hora da análise: 12:40
Arquivo de registro: 68166672-180a-11e9-8c97-e03f49a83781.json

-Informação do software-
Versão: 3.6.1.2711
Versão de componentes: 1.0.519
Versão do pacote de definições: 1.0.8772
Licença: Versão de Avaliação

-Informação do sistema-
Sistema operacional: Windows 8.1
CPU: x64
Sistema de arquivos: NTFS
Usuário: PC-WELDER\Welder

-Resumo da análise-
Tipo de análise: Análise Customizada
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 222398
Ameaças detectadas: 33
Ameaças em quarentena: 33
Tempo decorrido: 2 hr, 31 min, 22 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 1
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1800673f}, Quarentena, [2894], [260250],1.0.8772

Valor de registro: 4
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1800673f}|1, Quarentena, [2894], [260250],1.0.8772
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5B7FDF04-5FBF-4225-A8D8-A7658F5064AA}|NameServer, Quarentena, [7433], [260226],1.0.8772
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F40BDE69-4375-4310-B3EE-429115FCDB88}|NameServer, Quarentena, [7433], [260226],1.0.8772
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{340B388A-5877-4254-BBBD-68462B581467}|NAMESERVER, Quarentena, [7433], [260226],1.0.8772

Dados de registro: 10
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Substituído, [2894], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Substituído, [2894], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{340B388A-5877-4254-BBBD-68462B581467}|NameServer, Substituído, [2894], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{340B388A-5877-4254-BBBD-68462B581467}|DhcpNameServer, Substituído, [2894], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5B7FDF04-5FBF-4225-A8D8-A7658F5064AA}|NameServer, Substituído, [2894], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5B7FDF04-5FBF-4225-A8D8-A7658F5064AA}|DhcpNameServer, Substituído, [2894], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}|NameServer, Substituído, [2894], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{F40BDE69-4375-4310-B3EE-429115FCDB88}|NameServer, Substituído, [2894], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{F40BDE69-4375-4310-B3EE-429115FCDB88}|DhcpNameServer, Substituído, [2894], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters|NameServer, Substituído, [7433], [293494],1.0.8772

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 3
PUP.Optional.BitsInstall.BITSRST, C:\ProgramData\{220032af-012c-0}, Quarentena, [761], [407180],1.0.8772
PUP.Optional.BitsInstall.BITSRST, C:\ProgramData\{34330a92-512c-0}, Quarentena, [761], [407180],1.0.8772
PUP.Optional.BitsInstall.BITSRST, C:\ProgramData\{502f736f-112c-1}, Quarentena, [761], [407180],1.0.8772

Arquivo: 15
PUP.Optional.BitsInstall.BITSRST, C:\ProgramData\{220032af-012c-0}\BIT2C57.tmp, Quarentena, [761], [407180],1.0.8772
PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarentena, [761], [-1],0.0.0
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarentena, [761], [-1],0.0.0
PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarentena, [761], [-1],0.0.0
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarentena, [761], [-1],0.0.0
PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarentena, [761], [-1],0.0.0
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarentena, [761], [-1],0.0.0
PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarentena, [761], [-1],0.0.0
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarentena, [761], [-1],0.0.0
PUP.Optional.BitsInstall.BITSRST, C:\ProgramData\{34330a92-512c-0}\BIT2B6C.tmp, Quarentena, [761], [407180],1.0.8772
PUP.Optional.BitsInstall.BITSRST, C:\ProgramData\{502f736f-112c-1}\BIT2ABF.tmp, Quarentena, [761], [407180],1.0.8772
Adware.Adposhel, C:\PROGRAMDATA\{ACD019DC-5931-E7B2-4944-316B49A3683A}\{ACD019DC-5931-E7B2-4944-316B49A3683A}.TMP, Quarentena, [501], [620798],1.0.8772
Generic.Malware/Suspicious, C:\USERS\WELDER\DESKTOP\ZA-SCAN.EXE, Quarentena, [0], [392686],1.0.8772
Generic.Malware/Suspicious, C:\USERS\WELDER\DESKTOP\ZOEK.EXE, Quarentena, [0], [392686],1.0.8772
Generic.Malware/Suspicious, C:\USERS\WELDER\DESKTOP\ZOEK.ZIP, Quarentena, [0], [392686],1.0.8772

Setor físico: 0
(Nenhum item malicioso detectado)

Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)


(end)

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2019-01-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    01-14-2019
# Duration: 00:00:08
# OS:       Windows 8.1 Pro
# Scanned:  32265
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

~ ZHPCleaner v2019.1.11.7 by Nicolas Coolman (2019/01/11)
~ Run by Welder (Administrator)  (14/01/2019 15:32:20)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\Welder\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Welder\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1 Pro, 64-bit  (Build 9600)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (20)
MOVED file: C:\Ativador.exe [CODYQX4 - Microsoft Toolkit]  =>HackTool.WinActivator
MOVED file: C:\Users\Welder\AppData\Local\Temp\FXSTIFFDebugLogFile.txt    =>.SUP.Temporary.Empty
MOVED file: C:\Users\Welder\AppData\Local\Temp\LocalStorage.txt    =>.SUP.Temporary.Empty
MOVED file: C:\Windows\AutoKMS\AutoKMS.exe [CODYQX4 - AutoKMS]  =>HackTool.AutoKMS
MOVED file: C:\Windows\AutoKMS\AutoKMS.log    =>HackTool.AutoKMS
MOVED folder: C:\ProgramData\Microsoft Toolkit  =>HackTool.AutoKMS
MOVED folder: C:\Windows\AutoKMS  =>HackTool.AutoKMS
MOVED folder: C:\Users\Welder\AppData\Local\Google\Chrome\User Data\Default\File System\000  =>.SUP.Temporary.Chrome
MOVED folder: C:\Users\Welder\AppData\Local\Google\Chrome\User Data\Default\File System\001  =>.SUP.Temporary.Chrome
MOVED folder: C:\Users\Welder\AppData\Local\Google\Chrome\User Data\Default\File System\002  =>.SUP.Temporary.Chrome
MOVED folder: C:\Users\Welder\AppData\Local\Google\Chrome\User Data\Default\File System\003  =>.SUP.Temporary.Chrome
MOVED folder: C:\Users\Welder\AppData\Local\Google\Chrome\User Data\Default\File System\004  =>.SUP.Temporary.Chrome
MOVED folder: C:\Users\Welder\AppData\Local\Google\Chrome\User Data\Default\File System\005  =>.SUP.Temporary.Chrome
MOVED folder: C:\Users\Welder\AppData\Local\Google\Chrome\User Data\Default\File System\006  =>.SUP.Temporary.Chrome
MOVED folder: C:\Users\Welder\AppData\Local\Google\Chrome\User Data\Default\File System\007  =>.SUP.Temporary.Chrome
MOVED folder: C:\Users\Welder\AppData\Local\Google\Chrome\User Data\Default\File System\008  =>.SUP.Temporary.Chrome
MOVED folder: C:\Users\Welder\AppData\Local\Google\Chrome\User Data\Default\File System\009  =>.SUP.Temporary.Chrome
MOVED folder: C:\Users\Welder\AppData\Local\Google\Chrome\User Data\Default\File System\010  =>.SUP.Temporary.Chrome
MOVED folder: C:\Users\Welder\AppData\Local\Google\Chrome\User Data\Default\File System\011  =>.SUP.Temporary.Chrome
MOVED folder: C:\Users\Welder\AppData\Local\Google\Chrome\User Data\Default\File System\012  =>.SUP.Temporary.Chrome


---\\  Registry ( Key, Value, Data) (2)
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5B7FDF04-5FBF-4225-A8D8-A7658F5064AA}\\DhcpNameServer [Bad : 189.7.72.71 189.7.72.61]  =>Hijacker.Browser
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 189.7.72.71 189.7.72.61]  =>Hijacker.Browser


---\\  Summary of the elements found (5)
https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/  =>HackTool.WinActivator
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Empty
https://nicolascoolman.eu/2017/02/02/hacktool-autokms/  =>HackTool.AutoKMS
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Chrome
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/  =>Hijacker.Browser


---\\  Other deletions. (7)
~ Registry Keys Tracing deleted (7)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 640
~ Items found : 0
~ Items cancelled : 0
~ Items options : 12/12
~ Space saving (bytes) : 0


~ End of clean in 00h00mn12s

---\\  Reports (2)
ZHPCleaner--14012019-15_31_12.txt
ZHPCleaner-[R]-14012019-15_32_32.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

@sep_welder

 

Faça o download do RogueKiller by Tigzy, e salve na sua área de trabalho (Desktop).
roguekiller.exe (x64) << link

  • Feche todos os programas
  • Execute o RogueKiller.exe.
    ** Usuários do Windows Vista, Windows 7, 8, 8.1 e Windows 10:
    Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em VRIfczU.png.
  • Clique em SCAN
  • Clique no primeiro START "Standard Scan (recommended)" e aguarde o scan...
  • Clique no botão RESULTS
  • Clique na opção REPORT e em EXPORT e selecione a opção Text file...
  • Salve o arquivo na area de trabalho com o nome roguekiller_report


Atente para abrir o arquivo, copiar e colar todo o conteúdo na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia. Segue:

 

RogueKiller Anti-Malware V13.0.22.0 (x64) [Jan 14 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 8.1 (6.3.9600) 64 bits
Started in : Normal mode
User : Welder [Administrator]
Started from : C:\Users\Welder\Desktop\RogueKiller_portable64.exe
Mode : Standard Scan, Scan -- Date : 2019/01/15 11:27:11 (Duration : 00:07:53)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.HackTool (Potentially Malicious)] \AutoKMS -- C:\Windows\AutoKMS\AutoKMS.exe -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> XX - System Policies
  [PUM.Policies (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- 0 -> Found
  [PUM.Policies (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- 0 -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Feito, segue log.

 

RogueKiller Anti-Malware V13.0.22.0 (x64) [Jan 14 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 8.1 (6.3.9600) 64 bits
Started in : Normal mode
User : Welder [Administrator]
Started from : C:\Users\Welder\Desktop\RogueKiller_portable64.exe
Mode : Standard Scan, Delete -- Date : 2019/01/16 11:00:42 (Duration : 00:07:54)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.HackTool (Potentially Malicious)] \AutoKMS -- C:\Windows\AutoKMS\AutoKMS.exe -> Deleted
[PUM.Policies (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin --  -> Replaced (2)
[PUM.Policies (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin --  -> Replaced (2)
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Criar uma conta

Crie uma nova conta em nossa comunidade. É fácil!

Crie uma nova conta

Entrar

Já tem uma conta? Faça o login.

Entrar agora





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×