Ir ao conteúdo
  • Cadastre-se
0k4m1

Possibilidade de malware porém ZA-Scan não executa

Recommended Posts

Bom dia,

 

Salvei o ZA-Scan na área de trabalho, porém não consigo executá-lo de forma alguma (não acontece nada quando mando rodar como administrador).

Sobre o malware, rodei por conta própria anteriormente os programas Malwarebytes, ADW e ZHP, sendo que todos detectaram prováveis malwares (já deletei os que apareceram), sendo que no ZHP detectou um tal de Hijacker.Proxy que me deixou mais preocupado, inclusive perguntando durante o scan se eu tinha criado servidores de IP 189.xxx.xxx.xxx (eram 2 IPs na mesma pergunta) que não me recordo os números completos agora. Aguardo orientações de como proceder, obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

@0k4m1

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • IMPORTANTE: Caso tenha programas de ativação do windows ou de compartilhamento de torrent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do forum;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas;
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Baixe o Farbar Recovery Scan do link abaixo e salve na sua área de trabalho.


NOTA: Faça o download de acordo com sua arquitetura (32 bits ou 64 bits)
https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:
Clique com o direito sobre o arquivo FRST64.EXE, depois clique em VRIfczU.png .
Aceite o contrato e depois clique no botão Scan.

Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Abra cada arquivo em separado, copie seu conteúdo e cole na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia, grato pela ajuda!

 

Segue abaixo conforme solicitado:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-01-2019 01
Ran by Ricardo (administrator) on PC2-USIPROL (11-01-2019 11:07:49)
Running from C:\Users\Ricardo\Desktop
Loaded Profiles: Ricardo (Available Profiles: Ricardo)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fb_inet_server.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(A.E.T. Europe B.V.) C:\Windows\System32\aetcrss1.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
(Unimake Software) C:\Unimake\UniNFe\unidanfe.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CertificateRegistration] => C:\Windows\system32\aetcrss1.exe [151552 2011-03-24] (A.E.T. Europe B.V.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-26] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files\HP\HP UT LEDM\"
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\...\MountPoints2: {9b8996c9-6090-11e1-a91a-d027886071db} - F:\SETUP.EXE
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2972672 2016-08-29] (Microsoft Corporation) <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-14] (Google Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-09-20] (Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{53979C64-81F6-41f7-8739-696716EC5468}] -> C:\Windows\system32\aetcpss1.dll [2011-03-24] (A.E.T. Europe B.V.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corp.)
CHR HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1300964193-1459114441-3536200422-1000] => 127.0.0.1:8080
AutoConfigURL: [S-1-5-21-1300964193-1459114441-3536200422-1000] => 127.0.0.1:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{833CBE24-AA2E-4091-9847-93E99894666E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AB7CCDCF-E13A-4F86-99CF-1C508C693A51}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{AB7CCDCF-E13A-4F86-99CF-1C508C693A51}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CD9DD971-0312-4351-8B5B-F77615C2A0E8}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-10-18] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-18] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {FD3BEB0C-AB43-4253-9146-C371D48FBE0D} hxxp://200.98.128.50/video/web.cab

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll [2013-03-05] ()
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-02-26] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-09-13] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-09-13] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1300964193-1459114441-3536200422-1000: gastecnologia.com.br/sf/bb -> C:\Users\Ricardo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2014-08-15] (GAS Tecnologia)

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxps://www.google.com/
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/?hl=en"
CHR Profile: C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default [2016-10-20]
CHR Profile: C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-01-08]
CHR Profile: C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-01-11]
CHR Extension: (Apresentações) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Documentos) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-03]
CHR Extension: (YouTube) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-03]
CHR Extension: (Web PKI) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dcngeagmmhegagicpcmpinaoklddcgon [2018-06-18]
CHR Extension: (Planilhas) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Documentos Google off-line) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-13]
CHR Extension: (AdBlock) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-12-11]
CHR Extension: (Certisign) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jjoehgfmpefldljiipnmgnfmcbfjkaad [2018-06-25]
CHR Extension: (Google Maps) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-01-16]
CHR Extension: (Verificador de mensagens do Google) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-01-16]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-03]
CHR Extension: (Chrome Media Router) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-14]
CHR Profile: C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\System Profile [2019-01-08]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
S4 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
R2 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fb_inet_server.exe [3727360 2010-09-17] (Firebird Project) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [921208 2015-08-26] (NVIDIA Corporation)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S4 KMService; C:\Windows\system32\srvany.exe [8192 2012-04-19] () [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-26] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4305016 2015-08-26] (NVIDIA Corporation)
S4 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [72704 2012-05-16] (SolidWorks) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [11660528 2018-12-07] (TeamViewer GmbH)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [883544 2018-10-18] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Atc002; C:\Windows\System32\DRIVERS\l260x86.sys [29184 2009-07-13] (Atheros Communications, Inc.)
R3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [99968 2014-11-10] (Gemalto)
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [670208 2004-11-05] (Aladdin Knowledge Systems Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R1 Ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-04-03] (GAS Tecnologia)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18552 2015-08-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [44840 2015-08-11] (NVIDIA Corporation)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [22744 2019-01-11] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [41944 2018-04-25] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [42576 2017-12-14] (GAS Tecnologia)
R3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [41000 2018-04-10] (GAS Tecnologia)
S3 FXDrv32; \??\D:\FXDrv32.sys [X]
S3 NdisrdMP; system32\DRIVERS\gbpndisrd.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-11 11:05 - 2019-01-11 11:06 - 000041395 _____ C:\Users\Ricardo\Desktop\Addition.txt
2019-01-11 11:04 - 2019-01-11 11:07 - 000016425 _____ C:\Users\Ricardo\Desktop\FRST.txt
2019-01-11 11:04 - 2019-01-11 11:07 - 000000000 ____D C:\FRST
2019-01-11 11:03 - 2019-01-11 11:03 - 001785344 _____ (Farbar) C:\Users\Ricardo\Desktop\FRST.exe
2019-01-11 07:26 - 2018-04-19 22:18 - 002041445 _____ C:\Users\Ricardo\Downloads\Z-Analyse.exe
2019-01-11 07:26 - 2018-04-18 00:39 - 002038755 _____ C:\Users\Ricardo\Downloads\zoek.exe
2019-01-11 07:26 - 2018-04-18 00:39 - 002038755 _____ C:\Users\Ricardo\Downloads\ZA-Scan.exe
2019-01-11 07:26 - 2018-04-18 00:39 - 002038755 _____ C:\Users\Ricardo\Desktop\ZA-Scan.exe
2019-01-10 11:06 - 2019-01-10 11:17 - 000000000 ____D C:\Users\Ricardo\Downloads\zoek
2019-01-10 11:05 - 2019-01-10 11:06 - 006102389 _____ C:\Users\Ricardo\Downloads\zoek.zip
2019-01-10 11:01 - 2019-01-10 11:01 - 000000835 _____ C:\Users\Ricardo\Desktop\ZHPCleaner.lnk
2019-01-10 11:00 - 2019-01-10 11:00 - 003300224 _____ C:\Users\Ricardo\Downloads\ZHPCleaner.exe
2019-01-10 09:36 - 2019-01-10 09:36 - 000000000 ____D C:\LinhaDefensiva
2019-01-10 09:20 - 2019-01-10 09:20 - 000000000 ____D C:\Users\Ricardo\AppData\Local\mbam
2019-01-10 09:19 - 2019-01-10 09:19 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-10 09:19 - 2019-01-10 09:19 - 000000000 ____D C:\Users\Ricardo\AppData\Local\mbamtray
2019-01-10 09:19 - 2019-01-10 09:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-10 09:18 - 2019-01-10 09:18 - 000178597 _____ (Igor Pavlov) C:\Users\Ricardo\Downloads\bankerfix-3.0.0_3.0.0.exe
2019-01-10 09:18 - 2019-01-10 09:18 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-10 09:18 - 2019-01-10 09:18 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-10 09:18 - 2018-12-04 08:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-01-10 09:16 - 2019-01-10 11:03 - 000000000 ____D C:\Users\Ricardo\AppData\Roaming\ZHP
2019-01-10 09:16 - 2019-01-10 10:06 - 000000000 ____D C:\AdwCleaner
2019-01-10 09:16 - 2019-01-10 09:16 - 000000000 ____D C:\Users\Ricardo\AppData\Local\ZHP
2019-01-10 09:15 - 2019-01-10 09:16 - 007320272 _____ (Malwarebytes) C:\Users\Ricardo\Desktop\ADW.exe
2019-01-10 09:14 - 2019-01-10 09:17 - 081227760 _____ (Malwarebytes ) C:\Users\Ricardo\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2019-01-09 16:10 - 2019-01-09 16:10 - 000000009 _____ C:\Users\Ricardo\Desktop\VALDENIR.txt
2019-01-09 09:54 - 2019-01-09 09:54 - 000250382 _____ C:\Users\Ricardo\Downloads\vivoinv_845120328599 (2).pdf
2019-01-09 09:53 - 2019-01-09 09:53 - 000027900 _____ C:\Users\Ricardo\Downloads\01-20194530518543 (2).pdf
2019-01-09 09:41 - 2019-01-09 09:41 - 000027900 _____ C:\Users\Ricardo\Downloads\01-20194530518543 (1).pdf
2019-01-09 09:35 - 2019-01-09 09:35 - 000250382 _____ C:\Users\Ricardo\Downloads\vivoinv_845120328599 (1).pdf
2019-01-09 09:34 - 2019-01-09 09:34 - 000027657 _____ C:\Users\Ricardo\Downloads\01-20184115771394.pdf
2019-01-09 09:33 - 2019-01-09 09:33 - 000027711 _____ C:\Users\Ricardo\Downloads\01-20184328967208 (1).pdf
2019-01-09 09:33 - 2019-01-09 09:33 - 000027673 _____ C:\Users\Ricardo\Downloads\01-20184249975998.pdf
2019-01-09 09:33 - 2019-01-09 09:33 - 000027653 _____ C:\Users\Ricardo\Downloads\01-20184172769907.pdf
2019-01-09 09:32 - 2019-01-09 09:32 - 000027908 _____ C:\Users\Ricardo\Downloads\01-20184428434282 (1).pdf
2019-01-09 09:11 - 2019-01-09 09:11 - 000000025 _____ C:\Users\Ricardo\Desktop\CELESC 49401906.txt
2019-01-09 09:04 - 2019-01-09 09:04 - 000027900 _____ C:\Users\Ricardo\Downloads\01-20194530518543.pdf
2019-01-09 07:27 - 2019-01-09 07:27 - 000431616 _____ C:\Windows\system32\FNTCACHE.DAT
2019-01-08 16:58 - 2019-01-08 16:58 - 000000000 ____D C:\Users\Ricardo\AppData\Local\ElevatedDiagnostics
2019-01-08 16:52 - 2019-01-08 16:52 - 000002358 _____ C:\Users\Ricardo\Downloads\ICP-Brasilv9.crt
2019-01-08 16:52 - 2019-01-08 16:52 - 000002358 _____ C:\Users\Ricardo\Downloads\ICP-Brasilv8.crt
2019-01-08 16:52 - 2019-01-08 16:52 - 000002358 _____ C:\Users\Ricardo\Downloads\ICP-Brasilv5 (2).crt
2019-01-08 16:50 - 2019-01-08 16:50 - 000312815 _____ C:\Users\Ricardo\Downloads\v1_v2_v5_v8_v9_msie.p7b
2019-01-08 09:59 - 2019-01-08 10:00 - 000002464 _____ C:\Users\Ricardo\Downloads\Autoridade_Certificadora_SERPRORFBv5 (2).crt
2019-01-08 09:59 - 2019-01-08 09:59 - 000002273 _____ C:\Users\Ricardo\Downloads\AC_Secretaria_da_Receita_Federal_do_Brasil_v4 (3).crt
2019-01-08 09:58 - 2019-01-08 09:58 - 000002273 _____ C:\Users\Ricardo\Downloads\AC_Secretaria_da_Receita_Federal_do_Brasil_v3 (1).crt
2019-01-08 09:57 - 2019-01-08 09:57 - 000123288 _____ C:\Users\Ricardo\AppData\Local\GDIPFONTCACHEV1.DAT
2019-01-07 08:14 - 2019-01-07 08:14 - 000000000 _____ C:\Users\Ricardo\Downloads\ATT00001
2018-12-19 07:42 - 2018-12-19 07:43 - 000000000 ____D C:\Program Files\GUM49AC.tmp
2018-12-17 14:45 - 2018-12-17 14:45 - 000000929 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2018-12-17 14:45 - 2018-12-17 14:45 - 000000917 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk
2018-12-13 17:07 - 2018-12-13 17:07 - 000595849 _____ C:\Users\Ricardo\Downloads\relatorio (16).pdf
2018-12-13 17:06 - 2018-12-13 17:06 - 000120276 _____ C:\Users\Ricardo\Downloads\ExibirDAS-13122018_170641_12_2018.pdf
2018-12-13 17:05 - 2018-12-13 17:05 - 000120089 _____ C:\Users\Ricardo\Downloads\ExibirDAS-13122018_170522_12_2018.pdf
2018-12-12 10:10 - 2018-12-17 15:35 - 000011065 _____ C:\Users\Ricardo\Desktop\SUCATA.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-11 11:07 - 2009-07-14 02:34 - 000017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-11 11:07 - 2009-07-14 02:34 - 000017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-11 11:00 - 2018-01-12 15:34 - 000102912 _____ C:\Users\Ricardo\Desktop\Follow-up Perini.xls
2019-01-11 10:43 - 2018-05-14 12:13 - 000000000 ____D C:\Users\Ricardo\Desktop\Borderô
2019-01-11 08:04 - 2016-02-10 16:22 - 000000000 ____D C:\Users\Ricardo\Desktop\Materiais recebidos Perini
2019-01-11 07:41 - 2016-11-01 11:14 - 000000000 ____D C:\Users\Ricardo\Desktop\Motoboy
2019-01-11 07:26 - 2018-01-10 15:43 - 000708514 _____ C:\Users\Ricardo\Desktop\Programação Produção.xlsx
2019-01-11 07:20 - 2018-09-20 14:12 - 000000000 ____D C:\Program Files\TeamViewer
2019-01-11 07:20 - 2017-01-05 13:59 - 000022744 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2019-01-11 07:20 - 2015-09-22 20:45 - 000000000 ____D C:\ProgramData\NVIDIA
2019-01-11 07:20 - 2009-07-14 02:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-10 17:00 - 2012-03-12 12:40 - 000000000 ____D C:\Users\Ricardo\Documents\NF-e
2019-01-10 17:00 - 2009-07-14 00:04 - 000000682 _____ C:\Windows\win.ini
2019-01-10 09:19 - 2009-07-14 00:37 - 000000000 ____D C:\Windows\inf
2019-01-09 08:37 - 2012-03-19 16:10 - 000000000 ____D C:\Users\Ricardo\Desktop\Etiquetas
2019-01-09 08:29 - 2016-11-09 10:45 - 000030208 _____ C:\Users\Ricardo\Desktop\Follow-up KaVo.xls
2019-01-08 16:58 - 2009-07-14 00:37 - 000000000 ____D C:\Windows\system32\NDF
2019-01-08 16:14 - 2013-06-14 16:28 - 000000000 ____D C:\Users\Ricardo\Desktop\Ordem de Serviço
2019-01-08 09:49 - 2018-04-30 17:43 - 000000000 ____D C:\Program Files\Opera
2019-01-08 09:41 - 2018-09-28 08:21 - 000000000 ____D C:\Windows\Minidump
2019-01-08 09:41 - 2018-07-17 14:01 - 000000000 ____D C:\Users\Ricardo\AppData\Local\CrashDumps
2019-01-08 09:41 - 2018-06-14 12:08 - 000000000 ____D C:\Users\Ricardo\Desktop\Emissores antigos
2019-01-08 09:41 - 2017-11-21 08:01 - 000000000 ____D C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas Sebrae
2019-01-08 09:41 - 2013-08-29 11:53 - 000000000 ____D C:\Users\Ricardo\AppData\Roaming\uTorrent
2019-01-07 14:31 - 2016-07-26 19:18 - 001820160 _____ C:\Users\Ricardo\Desktop\Tempo Perini.xls
2019-01-07 10:36 - 2016-07-26 19:26 - 000053248 _____ C:\Users\Ricardo\Desktop\Estoque Perini.xls
2019-01-07 08:51 - 2018-06-19 08:48 - 000000000 ____D C:\Users\Ricardo\AppData\Roaming\FileZilla
2019-01-07 08:45 - 2017-09-18 08:40 - 000053608 _____ C:\Users\Ricardo\Desktop\60106502.xls
2019-01-07 07:26 - 2015-11-12 11:01 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-12-17 13:49 - 2018-06-28 16:35 - 000000000 ____D C:\Users\Ricardo\Documents\XML ENTRADA
2018-12-17 09:22 - 2012-03-19 16:10 - 000000000 ____D C:\Users\Ricardo\Desktop\Normas, manuais e tabelas de medida
2018-12-17 09:04 - 2012-03-17 12:13 - 000000000 ____D C:\Users\Ricardo\AppData\Roaming\SolidWorks
2018-12-17 08:42 - 2018-08-28 09:04 - 000000284 _____ C:\Users\Ricardo\Desktop\LISTA TELEFONES QUE INCOMODAM.txt
2018-12-14 15:36 - 2012-07-31 11:37 - 000046080 _____ C:\Users\Ricardo\Desktop\Cálculo Peso.xls
2018-12-14 13:33 - 2018-08-28 12:32 - 000000000 ____D C:\Users\Ricardo\Desktop\Usirota
2018-12-14 07:22 - 2018-08-30 14:16 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-14 07:17 - 2018-07-04 17:13 - 000001268 _____ C:\Users\Public\Desktop\Skype.lnk
2018-12-14 07:17 - 2018-07-04 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== Files in the root of some directories =======

2014-11-03 15:47 - 2014-11-03 15:47 - 000016603 _____ () C:\Users\Ricardo\AppData\Roaming\unins001.dat
2015-01-26 09:21 - 2015-08-05 09:20 - 000000039 _____ () C:\Users\Ricardo\AppData\Local\ppreview.ini
2015-06-17 08:56 - 2015-06-17 08:56 - 000007606 _____ () C:\Users\Ricardo\AppData\Local\Resmon.ResmonCfg
2015-05-27 16:40 - 2015-05-27 16:40 - 000732064 _____ (DivX, LLC) C:\Users\Ricardo\AppData\Local\Tempdivx3b78.exe
2015-05-19 03:43 - 2015-05-19 03:43 - 000247298 _____ () C:\Users\Ricardo\AppData\Local\Tempdivx3ee5
2015-05-19 03:43 - 2015-05-19 03:43 - 000247298 _____ () C:\Users\Ricardo\AppData\Local\Tempdivx3f36
2015-05-27 16:36 - 2015-05-27 16:36 - 000043682 _____ () C:\Users\Ricardo\AppData\Local\Tempdivx4237
2015-05-27 16:55 - 2015-05-27 16:55 - 000043682 _____ () C:\Users\Ricardo\AppData\Local\Tempdivx6608
2015-05-19 03:43 - 2015-05-19 03:43 - 000247298 _____ () C:\Users\Ricardo\AppData\Local\Tempdivx8194
2015-05-27 16:55 - 2015-05-27 16:55 - 000043682 _____ () C:\Users\Ricardo\AppData\Local\Tempdivx9ded
2015-05-27 16:40 - 2015-05-27 16:40 - 000043682 _____ () C:\Users\Ricardo\AppData\Local\Tempdivxa59c
2015-05-27 16:34 - 2015-05-27 16:34 - 000043682 _____ () C:\Users\Ricardo\AppData\Local\Tempdivxadb0
2015-05-19 03:43 - 2015-05-19 03:43 - 000247298 _____ () C:\Users\Ricardo\AppData\Local\Tempdivxb796
2015-05-27 16:55 - 2015-05-27 16:55 - 000635544 _____ (DivX, LLC) C:\Users\Ricardo\AppData\Local\Tempdivxb815.exe
2015-05-19 03:43 - 2015-05-19 03:43 - 000247298 _____ () C:\Users\Ricardo\AppData\Local\Tempdivxbdfa
2015-05-19 03:43 - 2015-05-19 03:43 - 000247298 _____ () C:\Users\Ricardo\AppData\Local\Tempdivxeadd
2015-05-27 16:37 - 2015-05-27 16:37 - 001328472 _____ (DivX, LLC) C:\Users\Ricardo\AppData\Local\Tempdivxf61e.exe
2015-05-27 16:37 - 2015-05-27 16:37 - 000043682 _____ () C:\Users\Ricardo\AppData\Local\Tempdivxf8c9

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-03 09:13

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-01-2019 01
Ran by Ricardo (11-01-2019 11:08:15)
Running from C:\Users\Ricardo\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2012-02-26 14:59:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1300964193-1459114441-3536200422-500 - Administrator - Disabled)
Guest (S-1-5-21-1300964193-1459114441-3536200422-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1300964193-1459114441-3536200422-1004 - Limited - Enabled)
Ricardo (S-1-5-21-1300964193-1459114441-3536200422-1000 - Administrator - Enabled) => C:\Users\Ricardo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.278 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.6.602.171 - Adobe Systems Incorporated)
Assistente de Instalação Certisign (HKLM\...\{6FBA74BD-149F-4521-B921-FFCC84876864}) (Version: 3.10.0.0 - CERTISIGN)
ASUSUpdate (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
CertiPlugin 1.0.0.11 (HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\...\{E74B2E92-1570-41FB-AB75-1A618DD3FCE3}_is1) (Version: 1.0.0.11 - Certisign)
CertiPlugin 1.1.0.2 (HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\...\{E74B2E92-1570-41FB-AB75-1A618DD3FCE3}}_is1) (Version: 1.1.0.2 - Certisign)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DANFE View (HKLM\...\DANFE View_is1) (Version: 2.4.13 - Unimake programas)
DWGeditor (HKLM\...\{F5125699-C01A-4ED8-BD3A-265DF29859FE}) (Version: 15.00.9022 - SolidWorks)
EditiX-XML Editor 2017 (HKLM\...\5246-0923-7551-7727) (Version: 2017 - JAPISoft SARL)
EPSON T25 Series Printer Uninstall (HKLM\...\EPSON T25 Series) (Version:  - SEIKO EPSON Corporation)
FileZilla Client 3.39.0 (HKLM\...\FileZilla Client) (Version: 3.39.0 - Tim Kosse)
Firebird 2.5.0.26074 (Win32) (HKLM\...\FBDBServer_2_5_is1) (Version: 2.5.0.26074 - Firebird Project)
GemPcCCID (HKLM\...\{8BD3AFAF-636E-4516-A7E8-D57CCDBE28B8}) (Version: 2.0.3 - Gemalto)
Gerenciador de Certificados Digitais - Certisign (HKLM\...\{B4C4CBBB-A7FF-4581-B7EC-A501781ADCA3}) (Version: 2.3.0.1 - Certisign Certificadora Digital S.A.)
Google Chrome (HKLM\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
hppLaserJetService (HKLM\...\{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}) (Version: 001.003.000145 - Hewlett-Packard) Hidden
hppM1130M1210SeriesLaserJetService (HKLM\...\{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}) (Version: 001.003.00073 - Hewlett-Packard) Hidden
hppusgM1130M1210Series (HKLM\...\{DA6CC3A5-1F5B-4068-8BFF-C597BB6B8158}) (Version: 1.0.0.2 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 8 Update 191 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Macro Recorder 5.8.0 (HKLM\...\Macro Recorder_is1) (Version: 5.8.0 - Jitbit Software)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
MarketResearch (HKLM\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft CAPICOM 2.1.0.2 SDK (HKLM\...\{2FF43F5D-5729-4E02-A548-310E30A5F29B}) (Version: 2.1.0.2 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Módulo de Segurança - Banco do Brasil (HKLM\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: 3.11.0.1 - )
MSI to redistribute MS VS2005 CRT libraries (HKLM\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.98 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Opera Stable 57.0.3098.106 (HKLM\...\Opera 57.0.3098.106) (Version: 57.0.3098.106 - Opera Software)
PC-CCID (HKLM\...\{BD3068DE-D53B-4CE8-B2BC-32E1323441CD}) (Version: 2.0.0 - Gemalto)
Readiris Pro 12 (HKLM\...\{3AC26580-A695-4134-84AE-5121B3AAE545}) (Version: 12.00.5965 - I.R.I.S.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6231 - Realtek Semiconductor Corp.)
SafeSign (HKLM\...\{66913111-2F8A-4950-AA93-51C26182FC35}) (Version: 3.0.45 - A.E.T. Europe B.V.)
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Skype version 8.36 (HKLM\...\Skype_is1) (Version: 8.36 - Skype Technologies S.A.)
SolidWorks 2007 SP0 (HKLM\...\{2B6E020C-F269-4E03-9994-818271E4BF4E}) (Version: 15.1.0003 - SolidWorks)
SolidWorks Installation Manager (HKLM\...\{26621E14-A45B-45CD-9ED9-7A0A9B585DB4}) (Version: 15.00.9022 - SolidWorks)
TeamViewer 14 (HKLM\...\TeamViewer) (Version: 14.1.3399 - TeamViewer)
UniDANFE (HKLM\...\UniDANFE_is1) (Version: 3.6.29 - Unimake Software)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
VueScan x32 (HKLM\...\VueScan x32) (Version:  - Hamrick Software)
Warsaw 2.7.0.135 32 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.7.0.135 - GAS Tecnologia)
Web PKI (HKLM\...\{4079BB26-9AFF-2C76-EE2E-D7B767B2EE49}) (Version: 2.6.2.290 - Lacuna Software)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.33.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-02-17] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-02-17] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-09-13] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-02-17] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0292E601-C993-4874-865F-187BCE64ED78} - System32\Tasks\Opera scheduled Autoupdate 1525117504 => C:\Program Files\Opera\launcher.exe [2018-12-19] (Opera Software)
Task: {0BBFA221-B2A0-4E8D-A9D8-0A2C64D879B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-08-30] (Google Inc.)
Task: {30815CFD-D6EB-4106-A267-4853506BDA90} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2015-12-04] ()
Task: {45C82E20-4F10-44E6-BD8F-7150E2EA25C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-08-30] (Google Inc.)
Task: {46178C1D-AAEB-4405-9012-DAB514469DE5} - System32\Tasks\{2DCDF007-A793-4745-85C5-948AA3025720} => C:\Windows\system32\pcalua.exe -a C:\Users\Ricardo\Downloads\zoek\Z-Analyse.exe -d C:\Users\Ricardo\Downloads\zoek
Task: {7C48C5AE-C33C-4B24-95BD-E492FCC33827} - System32\Tasks\{4CC22693-26A0-4A23-8727-EAF035EEA6B2} => C:\Windows\system32\pcalua.exe -a C:\Users\Ricardo\Downloads\zoek\zoek.exe -d C:\Users\Ricardo\Downloads\zoek
Task: {827B09B7-4C59-42A8-9EBE-C489DEB613DE} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2015-12-04] ()
Task: {E617AD31-097E-42E2-9BD2-6D3C80D99AE8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {F70545D6-3FF8-4D24-A22F-0DBCCEC5EA9C} - System32\Tasks\{83466C99-356B-4496-B10A-57FD99E34A45} => C:\Windows\system32\pcalua.exe -a C:\Users\Ricardo\Desktop\ZA-Scan.exe -d C:\Users\Ricardo\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-09-29 09:37 - 2012-09-29 14:24 - 000167936 ____N () C:\Windows\System32\HPM1210LM.DLL
2014-09-29 09:40 - 2012-09-29 14:24 - 000069632 ____N () C:\Windows\system32\spool\PRTPROCS\W32X86\HPM1210PP.dll
2014-09-29 09:37 - 2012-09-29 14:24 - 002396160 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\hpm1210su.dll
2014-09-29 09:37 - 2012-09-29 14:54 - 000794624 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\HPM1210GC.dll
2009-10-15 12:13 - 2009-10-15 12:13 - 000061440 _____ () C:\Program Files\HP\HPLaserJetService\HPTools.dll
2009-10-15 12:13 - 2009-10-15 12:13 - 000964096 _____ () C:\Program Files\HP\HPLaserJetService\LEDMXMLObjects.dll
2012-12-24 07:53 - 2012-12-24 07:53 - 000081920 _____ () C:\Windows\system32\mvusbews.DLL
2013-09-05 00:14 - 2013-09-05 00:14 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2018-11-30 10:48 - 2018-11-30 10:48 - 000049320 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2012-02-26 16:16 - 2012-02-17 21:55 - 000166912 _____ () C:\Program Files\WinRAR\rarext.dll
2015-09-22 20:45 - 2015-08-26 22:37 - 000011896 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2014-03-31 21:35 - 2014-03-31 21:35 - 000270016 _____ () C:\Program Files\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll
2014-03-31 21:35 - 2014-03-31 21:35 - 000278208 _____ () C:\Program Files\Windows Live\Writer\pt-BR\WindowsLive.Writer.Localization.resources.dll
2018-02-01 10:19 - 2016-09-22 15:29 - 000270336 _____ () C:\Unimake\UniNFe\QRGenerator.dll
2018-02-01 10:19 - 2010-05-10 00:54 - 000141312 _____ () C:\Unimake\UniNFe\zlibwapi.dll
2018-12-14 07:21 - 2018-12-12 02:58 - 004430304 _____ () C:\Program Files\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
2018-12-14 07:21 - 2018-12-12 02:58 - 000097248 _____ () C:\Program Files\Google\Chrome\Application\71.0.3578.98\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2174]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\...\bancobrasil.com.br -> www.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\...\bb.com.br -> aapj.bb.com.br
IE trusted site: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br
IE trusted site: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\...\gastecnologia.com.br -> cloud.gastecnologia.com.br

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 00:04 - 2015-02-18 07:33 - 000000822 ____N C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Windows Live\Shared;C:\Program Files\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: EPSON_EB_RPCV4_04 => 2
MSCONFIG\Services: EPSON_PM_RPCV4_04 => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: KMService => 2
MSCONFIG\Services: NovaPdfServer => 2
MSCONFIG\Services: SolidWorks Licensing Service => 3
MSCONFIG\startupreg: Skype for Desktop => C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) %systemroot%\system32\tlntsvr.exe (Microsoft Corporation)
FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe (Microsoft Corporation)
FirewallRules: [{474EC1CE-8D0A-4BE0-BBC0-F4137AFCE65F}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
FirewallRules: [TCP Query User{5737DB6A-73DC-4793-90B0-24B3DF859D56}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe No File
FirewallRules: [UDP Query User{1BD732CE-60F7-49CC-B737-A652B619201E}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe No File
FirewallRules: [{F87EE6C8-8E89-412D-8B77-A76166501FBD}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
FirewallRules: [{0DE12B52-039E-47DA-A823-2DB22EE7BE4E}] => (Allow) LPort=2869
FirewallRules: [{AD06B7AB-66E6-452C-9380-1AACBF23A82A}] => (Allow) LPort=1900
FirewallRules: [{716876DE-22AC-40B3-BDE8-809CEDFB092F}] => (Allow) C:\Windows\System32\muzapp.exe (Musiccity Co.Ltd.)
FirewallRules: [{11DAB3E9-8336-44AD-8D30-EDA5D344CCFB}] => (Allow) C:\Windows\System32\muzapp.exe (Musiccity Co.Ltd.)
FirewallRules: [{8629D4EA-ECB3-4E72-9F9D-3EF5DF99F05B}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
FirewallRules: [{067ECA88-804B-4B9C-ADF2-215C721010E6}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
FirewallRules: [{16F3F185-1D9E-48AE-92CA-8742AD90EFB3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation)
FirewallRules: [{D2FCA2F5-FD65-4993-8756-8FE6F1079BE8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation)
FirewallRules: [{97141357-4B3B-41EC-98AA-1D5304037B4F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation)
FirewallRules: [{754C1B2E-8BD1-4B94-B02B-41E4EB6AC9DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation)
FirewallRules: [{C0678D76-E9D0-4037-B6D3-37471A25EF96}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation)
FirewallRules: [{AC591FB3-A1CB-431D-BC91-32C4883DE6CE}] => (Allow) C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{DEF0ED79-B55D-4BB7-AFAF-4083B1186D35}] => (Allow) C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{1E7E45F3-8385-4CAE-9CA2-709DA3F9A1C5}] => (Allow) C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{AC0F511B-5897-43EC-99E0-B89DC3C2EBAC}] => (Allow) C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{9967C476-D7B1-4700-8DF3-0E961DD284CD}] => (Allow) C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{2C92BDE1-0A99-48AF-AA11-7B7301CFD3A0}] => (Allow) C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{074908E2-B790-4035-837E-789876DB0D50}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe (GAS Tecnologia LTDA)
FirewallRules: [{5C3B8C14-425E-4F7F-A138-A5DC2DAB49C6}] => (Allow) C:\Program Files\Opera\53.0.2907.68\opera.exe (Opera Software)
FirewallRules: [{0BD00732-1665-4EE2-B1A7-49A08500248F}] => (Allow) C:\Program Files\VueScan\vuescan.exe (Hamrick Software)
FirewallRules: [{65659737-FA35-497A-AB9F-D32B3D1A520E}] => (Allow) C:\Program Files\VueScan\vuescan.exe (Hamrick Software)
FirewallRules: [{97C80074-0B56-4283-80BB-6D62E9CFA3A2}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{4DCFC6F9-AB6B-453B-8906-54268D035278}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{AB940B6B-F365-488A-9BF7-C5C1E9EC4FA3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{AAF1CCC0-15E8-484D-A182-AFB2FEB7BD6B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{9E945D9C-77B9-4286-B77C-8C115A1340A4}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{F7050D21-0013-46A9-9928-C9E2A24E0BF0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{8DC50B3C-C3C5-4493-AFC4-44ABDF298322}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{3FCB9FDE-199C-4867-8FEC-DA617EBB0CE4}] => (Allow) C:\Program Files\Opera\57.0.3098.106\opera.exe (Opera Software)

==================== Restore Points =========================

04-12-2018 09:59:13 Scheduled Checkpoint
12-12-2018 08:17:23 Scheduled Checkpoint
26-12-2018 08:04:29 Scheduled Checkpoint
03-01-2019 09:20:46 Scheduled Checkpoint
10-01-2019 12:44:47 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/07/2019 07:54:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wlmail.exe, version: 16.4.3528.331, time stamp: 0x533a3fce
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x3f780004
Faulting process id: 0x%9
Faulting application start time: 0xwlmail.exe0
Faulting application path: wlmail.exe1
Faulting module path: wlmail.exe2
Report Id: wlmail.exe3

Error: (11/28/2018 10:28:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program sldworks.exe version 15.0.0.9022 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b3c

Start Time: 01d48715ba12b368

Termination Time: 21

Application Path: C:\Program Files\SolidWorks\sldworks.exe

Report Id: 114e57a0-f309-11e8-9f3c-14dae96f0930

Error: (11/22/2018 11:19:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wlmail.exe, version: 16.4.3528.331, time stamp: 0x533a3fce
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000533a
Faulting process id: 0x%9
Faulting application start time: 0xwlmail.exe0
Faulting application path: wlmail.exe1
Faulting module path: wlmail.exe2
Report Id: wlmail.exe3

Error: (11/19/2018 01:17:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: core.exe, version: 2.8.4.40516, time stamp: 0x5b76c0e0
Faulting module name: wsftnmr.dll, version: 1.0.2.258, time stamp: 0x5b76ca45
Exception code: 0xc0000005
Fault offset: 0x0003bd6b
Faulting process id: 0x1668
Faulting application start time: 0x01d47ff97fc9b529
Faulting application path: C:\Program Files\Diebold\Warsaw\core.exe
Faulting module path: C:\Program Files\Diebold\Warsaw\wsftnmr.dll
Report Id: 47469675-ec0e-11e8-ac64-14dae96f0930

Error: (11/19/2018 09:17:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: core.exe, version: 2.8.4.40516, time stamp: 0x5b76c0e0
Faulting module name: wsftnmr.dll, version: 1.0.2.258, time stamp: 0x5b76ca45
Exception code: 0xc0000005
Fault offset: 0x0003bd6b
Faulting process id: 0x858
Faulting application start time: 0x01d47fe8b6e13796
Faulting application path: C:\Program Files\Diebold\Warsaw\core.exe
Faulting module path: C:\Program Files\Diebold\Warsaw\wsftnmr.dll
Report Id: bcc3c5f5-ebec-11e8-ac64-14dae96f0930

Error: (11/15/2018 08:43:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: core.exe, version: 2.8.4.40516, time stamp: 0x5b76c0e0
Faulting module name: wsftnmr.dll, version: 1.0.2.258, time stamp: 0x5b76ca45
Exception code: 0xc0000005
Fault offset: 0x0003bd6b
Faulting process id: 0xaa0
Faulting application start time: 0x01d47ccfef5cad3d
Faulting application path: C:\Program Files\Diebold\Warsaw\core.exe
Faulting module path: C:\Program Files\Diebold\Warsaw\wsftnmr.dll
Report Id: 4404cbac-e8c3-11e8-a12a-14dae96f0930

Error: (11/15/2018 08:42:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: core.exe, version: 2.8.4.40516, time stamp: 0x5b76c0e0
Faulting module name: wsftnmr.dll, version: 1.0.2.258, time stamp: 0x5b76ca45
Exception code: 0xc0000005
Fault offset: 0x0003bd6b
Faulting process id: 0x1760
Faulting application start time: 0x01d47ccc3d991538
Faulting application path: C:\Program Files\Diebold\Warsaw\core.exe
Faulting module path: C:\Program Files\Diebold\Warsaw\wsftnmr.dll
Report Id: 2b20354d-e8c3-11e8-a12a-14dae96f0930

Error: (11/15/2018 08:16:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: core.exe, version: 2.8.4.40516, time stamp: 0x5b76c0e0
Faulting module name: wsftnmr.dll, version: 1.0.2.258, time stamp: 0x5b76ca45
Exception code: 0xc0000005
Fault offset: 0x0003bd6b
Faulting process id: 0x10c0
Faulting application start time: 0x01d47ccc218e53db
Faulting application path: C:\Program Files\Diebold\Warsaw\core.exe
Faulting module path: C:\Program Files\Diebold\Warsaw\wsftnmr.dll
Report Id: 7aec43d2-e8bf-11e8-a12a-14dae96f0930


System errors:
=============
Error: (01/11/2019 07:20:31 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (01/11/2019 07:20:31 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (01/11/2019 07:20:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147014847 = The requested address is not valid in its context.

Error: (01/11/2019 07:20:06 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.

Error: (01/11/2019 07:20:06 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

Error: (01/11/2019 07:20:05 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147014847 = The requested address is not valid in its context.

Error: (01/10/2019 05:22:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (01/10/2019 11:14:24 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.


Windows Defender:
===================================
Date: 2012-05-25 06:57:39.494
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/WinShow&threatid=14522
Name:BrowserModifier:Win32/WinShow
ID:14522
Severity:High
Category:Browser Modifier
Path Found:containerfile:C:\Program Files\SolidWorks\sw2007cr.exe;file:C:\Program Files\SolidWorks\sw2007cr.exe->(VFS:netid.exe);file:C:\Windows\system32\wintrust32.exe;process:pid:776;service:WinTrust32
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2012-05-24 07:50:41.913
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/WinShow&threatid=14522
Name:BrowserModifier:Win32/WinShow
ID:14522
Severity:High
Category:Browser Modifier
Path Found:containerfile:C:\Program Files\SolidWorks\sw2007cr.exe;file:C:\Program Files\SolidWorks\sw2007cr.exe->(VFS:netid.exe);file:C:\Windows\system32\wintrust32.exe;process:pid:312;service:WinTrust32
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2012-05-23 07:42:10.516
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/WinShow&threatid=14522
Name:BrowserModifier:Win32/WinShow
ID:14522
Severity:High
Category:Browser Modifier
Path Found:containerfile:C:\Program Files\SolidWorks\sw2007cr.exe;file:C:\Program Files\SolidWorks\sw2007cr.exe->(VFS:netid.exe);file:C:\Windows\system32\wintrust32.exe;process:pid:300;service:WinTrust32
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2012-05-22 13:40:13.540
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/WinShow&threatid=14522
Name:BrowserModifier:Win32/WinShow
ID:14522
Severity:High
Category:Browser Modifier
Path Found:containerfile:C:\Program Files\SolidWorks\sw2007cr.exe;file:C:\Program Files\SolidWorks\sw2007cr.exe->(VFS:netid.exe);file:C:\Windows\system32\wintrust32.exe;process:pid:296;service:WinTrust32
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe

Date: 2012-05-22 13:40:06.333
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/WinShow&threatid=14522
Name:BrowserModifier:Win32/WinShow
ID:14522
Severity:High
Category:Browser Modifier
Path Found:file:C:\Windows\system32\wintrust32.exe;process:pid:296
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe

Date: 2018-07-05 08:37:11.526
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version:1.271.442.0
Previous Signature Version:1.269.1075.0
Update Source:User
Signature Type:AntiSpyware
Update Type:Delta
Current Engine Version:1.1.15000.2
Previous Engine Version:1.1.14901.4
Error code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

Date: 2018-07-05 08:37:11.525
Description: 
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.15000.2
Previous Engine Version:1.1.14901.4
Update Source:User
Error Code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

Date: 2015-09-19 23:09:30.179
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified. 
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2014-04-23 11:30:18.840
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified. 
Signature version:0.0.0.0
Engine version:0.0.0.0

CodeIntegrity:
===================================

Date: 2015-03-11 15:15:28.001
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-11 15:15:27.657
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-11 15:15:27.299
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-11 15:15:26.940
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-11 15:07:01.025
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-11 15:07:00.604
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-11 15:07:00.199
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-11 15:06:59.793
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Percentage of memory in use: 49%
Total physical RAM: 3453.05 MB
Available physical RAM: 1744.55 MB
Total Virtual: 6904.46 MB
Available Virtual: 5121.67 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:465.66 GB) (Free:387.8 GB) NTFS
Drive z: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0008C1BC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Compartilhar este post


Link para o post
Compartilhar em outros sites

@0k4m1

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Faça download do arquivo fixlist em anexo e salve este arquivo na na sua área de trabalho.
 

OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:
Clique com o direito sobre o arquivo FRST.EXE, depois clique em VRIfczU.png.

Clique no botão 0h0YlDEzRbKP9R7xLrUlzA.png

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Abra o arquivo Fixlog.txt, copie e cole seu conteudo na sua proxima resposta.

fixlist.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia, segue abaixo conforme solicitado:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 13-01-2019
Ran by Ricardo (14-01-2019 07:34:16) Run:1
Running from C:\Users\Ricardo\Desktop
Loaded Profiles: Ricardo (Available Profiles: Ricardo)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
reg: reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run"
reg: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
reg: reg query "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig /s"
reg: reg query "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\...\MountPoints2: {9b8996c9-6090-11e1-a91a-d027886071db} - F:\SETUP.EXE
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2972672 2016-08-29] (Microsoft Corporation) <==== ATTENTION
CHR HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
S3 FXDrv32; \??\D:\FXDrv32.sys [X]
S3 NdisrdMP; system32\DRIVERS\gbpndisrd.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.33.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2174]
FirewallRules: [{AC591FB3-A1CB-431D-BC91-32C4883DE6CE}] => (Allow) C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{DEF0ED79-B55D-4BB7-AFAF-4083B1186D35}] => (Allow) C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{1E7E45F3-8385-4CAE-9CA2-709DA3F9A1C5}] => (Allow) C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{AC0F511B-5897-43EC-99E0-B89DC3C2EBAC}] => (Allow) C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{9967C476-D7B1-4700-8DF3-0E961DD284CD}] => (Allow) C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{2C92BDE1-0A99-48AF-AA11-7B7301CFD3A0}] => (Allow) C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
CMD: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
CreateRestorePoint:
*****************

Restore point was successfully created.
Processes closed successfully.

========= reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" =========


========= End of Reg: =========


========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" =========


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    CertificateRegistration    REG_SZ    aetcrss1.exe
    NvBackend    REG_SZ    "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
    ShadowPlay    REG_SZ    C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
    (Default)    REG_SZ    
    HPUsageTrackingLEDM    REG_SZ    "C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files\HP\HP UT LEDM\"
    IgfxTray    REG_SZ    C:\Windows\system32\igfxtray.exe
    HotKeysCmds    REG_SZ    C:\Windows\system32\hkcmd.exe
    Persistence    REG_SZ    C:\Windows\system32\igfxpers.exe
    SunJavaUpdateSched    REG_SZ    "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents


========= End of Reg: =========


========= reg query "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig /s" =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg query "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s =========

========= End of Reg: =========

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully.
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar" => removed successfully.
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar" => removed successfully.
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b8996c9-6090-11e1-a91a-d027886071db} => removed successfully.
HKLM\Software\Classes\CLSID\{9b8996c9-6090-11e1-a91a-d027886071db} => not found
"HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully.
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\SOFTWARE\Policies\Google => removed successfully.
HKLM\System\CurrentControlSet\Services\FXDrv32 => removed successfully.
FXDrv32 => service removed successfully.
HKLM\System\CurrentControlSet\Services\NdisrdMP => removed successfully.
NdisrdMP => service removed successfully.
HKLM\System\CurrentControlSet\Services\Synth3dVsc => removed successfully.
Synth3dVsc => service removed successfully.
HKLM\System\CurrentControlSet\Services\tsusbhub => removed successfully.
tsusbhub => service removed successfully.
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully.
VGPU => service removed successfully.
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046} => removed successfully.
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046} => removed successfully.
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046} => removed successfully.
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046} => removed successfully.
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046} => removed successfully.
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046} => removed successfully.
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046} => removed successfully.
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046} => removed successfully.
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851} => removed successfully.
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851} => removed successfully.
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851} => removed successfully.
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851} => removed successfully.
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851} => removed successfully.
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4} => removed successfully.
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4} => removed successfully.
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => removed successfully.
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => removed successfully.
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => removed successfully.
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8} => removed successfully.
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07} => removed successfully.
HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => removed successfully.
C:\Windows\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC591FB3-A1CB-431D-BC91-32C4883DE6CE}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DEF0ED79-B55D-4BB7-AFAF-4083B1186D35}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E7E45F3-8385-4CAE-9CA2-709DA3F9A1C5}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC0F511B-5897-43EC-99E0-B89DC3C2EBAC}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9967C476-D7B1-4700-8DF3-0E961DD284CD}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C92BDE1-0A99-48AF-AA11-7B7301CFD3A0}" => removed successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully.
"HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.


========= End of RemoveProxy: =========

Restore point was successfully created.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3859261 B
Java, Flash, Steam htmlcache => 529 B
Windows/system/drivers => 770050 B
Edge => 0 B
Chrome => 477043384 B
Firefox => 0 B
Opera => 29188434 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 22916232 B
LocalService => 66228 B
NetworkService => 0 B
Ricardo => 241518046 B

RecycleBin => 0 B
EmptyTemp: => 747.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 07:35:39 ====

Compartilhar este post


Link para o post
Compartilhar em outros sites

@0k4m1

 

Siga os passos abaixo:

ETAPA 1

Baixe o Malwarebytes Anti-Malware (MBAM) do link abaixo e salve no seu desktop.
https://downloads.malwarebytes.org/file/mbam_current/
 
Clique duas vezes no mbam-setup.exe e siga o solicitado para instalar o programa.

  • Na aba Análise > Analise Personalizada marque a opção Procurar rootkits e as entradas referente a instalação do sistema operacional. Normalmente é o drive C:;
  • Clique em Analisar Agora. Aguarde, pois o scan pode demorar;
  • Ao acabar o scan, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas ou Colocar em Quarentena;
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo);
  • Caso o mbam não seja executado automaticamente após a reinicialização, execute manualmente;
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Relatórios na janela principal do programa;
  • Clique duas vezes no log (Registro de verificação). Clique no botão Exportar e utilize o formato .txt para exportar o log. Salve na Área de Trabalho.


ATENÇÃO: Abra o arquivo, selecione tudo, copie e cole o conteúdo deste log em sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

ETAPA 2

Faça o download do AdwCleaner de um dos links abaixo e salve no desktop.
https://toolslib.net/downloads/viewdownload/1-adwcleaner/
http://www.bleepingcomputer.com/download/adwcleaner/

Clique em DOWNLOAD NOW para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em VRIfczU.png

Clique em VERIFICAR. Após o termino clique em LIMPAR e aguarde.

Será aberto o bloco de notas com o resultado.

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.
 

ETAPA 3


Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.


Faça o download do ZHPCleaner no link abaixo e salve em sua Área de trabalho (Desktop)

https://www.nicolascoolman.com/download/zhpcleaner/


Execute o arquivo ZHPCleaner.exe Como Administrador

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde, segue abaixo conforme solicitado:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/14/19
Scan Time: 11:57 AM
Log File: 5d940d68-1804-11e9-8afb-14dae96f0930.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.519
Update Package Version: 1.0.8772
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: PC2-USIPROL\Ricardo

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 321872
Threats Detected: 21
Threats Quarantined: 21
Time Elapsed: 3 hr, 56 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 9
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{2DCDF007-A793-4745-85C5-948AA3025720}, Quarantined, [0], [392686],1.0.8772
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{46178C1D-AAEB-4405-9012-DAB514469DE5}, Quarantined, [0], [392686],1.0.8772
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{46178C1D-AAEB-4405-9012-DAB514469DE5}, Quarantined, [0], [392686],1.0.8772
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{4CC22693-26A0-4A23-8727-EAF035EEA6B2}, Quarantined, [0], [392686],1.0.8772
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7C48C5AE-C33C-4B24-95BD-E492FCC33827}, Quarantined, [0], [392686],1.0.8772
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{7C48C5AE-C33C-4B24-95BD-E492FCC33827}, Quarantined, [0], [392686],1.0.8772
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{83466C99-356B-4496-B10A-57FD99E34A45}, Quarantined, [0], [392686],1.0.8772
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F70545D6-3FF8-4D24-A22F-0DBCCEC5EA9C}, Quarantined, [0], [392686],1.0.8772
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{F70545D6-3FF8-4D24-A22F-0DBCCEC5EA9C}, Quarantined, [0], [392686],1.0.8772

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 12
Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\TASKS\{2DCDF007-A793-4745-85C5-948AA3025720}, Quarantined, [0], [392686],1.0.8772
Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\TASKS\{4CC22693-26A0-4A23-8727-EAF035EEA6B2}, Quarantined, [0], [392686],1.0.8772
Generic.Malware/Suspicious, C:\USERS\RICARDO\DOWNLOADS\ZOEK.EXE, Quarantined, [0], [392686],1.0.8772
Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\TASKS\{83466C99-356B-4496-B10A-57FD99E34A45}, Quarantined, [0], [392686],1.0.8772
Generic.Malware/Suspicious, C:\USERS\RICARDO\DESKTOP\ZA-SCAN.EXE, Quarantined, [0], [392686],1.0.8772
Generic.Malware/Suspicious, C:\USERS\RICARDO\DOWNLOADS\ZOEK\ZOEK.EXE, Quarantined, [0], [392686],1.0.8772
RiskWare.Tool.CK, C:\USERS\RICARDO\DOWNLOADS\MINI\MINI-KMS_ACTIVATOR_V1.31_OFFICE2010_VL_ENG.EXE, Quarantined, [5745], [299001],1.0.8772
RiskWare.Tool.CK, C:\USERS\RICARDO\DOWNLOADS\MINI-KMS_ACTIVATOR_V1.31_OFFICE2010_VL\MINI-KMS_ACTIVATOR_V1.31_OFFICE2010_VL_ENG-FREESOFT-WZT\MINI-KMS_ACTIVATOR_V1.31_OFFICE2010_VL_ENG.EXE, Quarantined, [5745], [299001],1.0.8772
RiskWare.Tool.CK, C:\WINDOWS\KMSEM\KMSERVICE.EXE, Quarantined, [5745], [133383],1.0.8772
Generic.Malware/Suspicious, C:\USERS\RICARDO\DOWNLOADS\ZOEK\ZA-SCAN.EXE, Quarantined, [0], [392686],1.0.8772
Generic.Malware/Suspicious, C:\USERS\RICARDO\DOWNLOADS\ZA-SCAN.EXE, Quarantined, [0], [392686],1.0.8772
Generic.Malware/Suspicious, C:\USERS\RICARDO\DOWNLOADS\ZOEK.ZIP, Quarantined, [0], [392686],1.0.8772

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2019-01-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-14-2019
# Duration: 00:00:01
# OS:       Windows 7 Ultimate
# Cleaned:  4
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted       C:\Windows\System32\Tasks\iorrt

***** [ Registry ] *****

Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C7CC9D3-39B6-4D62-9513-6F02A3EDEDB1}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C7CC9D3-39B6-4D62-9513-6F02A3EDEDB1}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iorrt

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2866 octets] - [10/01/2019 10:02:42]
AdwCleaner[C00].txt - [2704 octets] - [10/01/2019 10:06:34]
AdwCleaner[S01].txt - [1782 octets] - [14/01/2019 16:10:14]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 

~ ZHPCleaner v2019.1.11.7 by Nicolas Coolman (2019/01/11)
~ Run by Ricardo (Administrator)  (14/01/2019 16:16:15)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Scan
~ Report : C:\Users\Ricardo\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Ricardo\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (20)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.


---\\  Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.


---\\ Result of repair
~ Any repair made
~ Browser not found (Mozilla Firefox)


---\\ Statistics
~ Items scanned : 72295
~ Items found : 0
~ Items cancelled : 0
~ Items options : 12/12
~ Space saving (bytes) : 0


~ End of search in 00h20mn56s
ZHPCleaner--14012019-16_37_11.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

@0k4m1

 

Faça o download do RogueKiller by Tigzy, e salve na sua área de trabalho (Desktop).
roguekiller.exe (x86) << link

  • Feche todos os programas
  • Execute o RogueKiller.exe.
    ** Usuários do Windows Vista, Windows 7, 8, 8.1 e Windows 10:
    Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em VRIfczU.png.
  • Clique em SCAN
  • Clique no primeiro START "Standard Scan (recommended)" e aguarde o scan...
  • Clique no botão RESULTS
  • Clique na opção REPORT e em EXPORT e selecione a opção Text file...
  • Salve o arquivo na area de trabalho com o nome roguekiller_report


Atente para abrir o arquivo, copiar e colar todo o conteúdo na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde, segue abaixo conforme solicitado:

 

RogueKiller Anti-Malware V13.0.22.0 [Jan 14 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits
Started in : Normal mode
User : Ricardo [Administrator]
Started from : C:\Users\Ricardo\Desktop\RogueKiller_portable32.exe
Mode : Standard Scan, Scan -- Date : 2019/01/15 11:59:25 (Duration : 00:47:44)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> O101 - Clsid
  [PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} -- C:\Program Files\MyFree Codec\1.0b beta\XVID-CORE\xvid.ax (missing) -> Found
  [PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{64697678-0000-0010-8000-00AA00389B71} -- C:\Program Files\MyFree Codec\1.0b beta\XVID-CORE\xvid.ax (missing) -> Found
  [PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2} -- C:\Program Files\MyFree Codec\1.0b beta\MyFree.ax (missing) -> Found
>>>>>> XX - System Policies
  [PUM.Policies (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- 0 -> Found
>>>>>> XX - Explorer Advanced
  [PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-1300964193-1459114441-3536200422-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- 0 -> Found
  [PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-1300964193-1459114441-3536200422-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyMusic -- 0 -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Tr.Gen0 (Malicious)] (file) CheckUpdate.exe -- (Baidu Online Network Technology (Beijing) Co.,Ltd.) C:\Users\Ricardo\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe -> Found
[PUP.AutoIt.Gen (Potentially Malicious)] (file) gs-auto-clicker-3-1-4.exe -- C:\Users\Ricardo\Downloads\gs-auto-clicker-3-1-4.exe -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia, acabei removendo ontem após o scan, segue abaixo o relatório gerado:

 

RogueKiller Anti-Malware V13.0.22.0 [Jan 14 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits
Started in : Normal mode
User : Ricardo [Administrator]
Started from : C:\Users\Ricardo\Desktop\RogueKiller_portable32.exe
Mode : Standard Scan, Delete -- Date : 2019/01/15 13:12:02 (Duration : 00:47:44)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} -- [%ProgramFiles%\MyFree Codec\1.0b beta\XVID-CORE\xvid.ax] -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{64697678-0000-0010-8000-00AA00389B71} -- [%ProgramFiles%\MyFree Codec\1.0b beta\XVID-CORE\xvid.ax] -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2} -- [%ProgramFiles%\MyFree Codec\1.0b beta\MyFree.ax] -> Deleted
[PUM.Policies (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin --  -> Replaced (2)
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-1300964193-1459114441-3536200422-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames --  -> Replaced (1)
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-1300964193-1459114441-3536200422-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyMusic --  -> Replaced (1)
[Tr.Gen0 (Malicious)] CheckUpdate.exe [Baidu Online Network Technology (Beijing) Co.,Ltd.] -- %_Ricardo_appdata%\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe -> Deleted
[PUP.AutoIt.Gen (Potentially Malicious)] gs-auto-clicker-3-1-4.exe -- %USERPROFILE%\Downloads\gs-auto-clicker-3-1-4.exe -> Deleted

 

Em todo caso refiz o scan hoje, segue abaixo o relatório:

 

RogueKiller Anti-Malware V13.0.22.0 [Jan 14 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits
Started in : Normal mode
User : Ricardo [Administrator]
Started from : C:\Users\Ricardo\Desktop\RogueKiller_portable32.exe
Mode : Standard Scan, Scan -- Date : 2019/01/16 07:31:24 (Duration : 00:44:15)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Compartilhar este post


Link para o post
Compartilhar em outros sites

@0k4m1

 

  1. Clique no menu Iniciar, e após isso clique com o botão direito do mouse sob Meu computador e selecione a opção Propriedades. .

  2. Em Propriedades, selecione a opção Configurações avançadas do sistema.

  3. Vá na aba Proteção do Sistema, e em Restauração do Sistema, vá na opção Criar.

    fce2f587-5556-456b-93d4-00966ae7f59d

  4. Depois basta seguir as instruções em tela, para criar seu ponto de restauração.

    OBS: Lembre-se de colocar um nome de fácil entendimento para uma posterior restauração a partir deste ponto.

Pressione as teclas Windows tecla-windows.gif + R e digite: msconfig
 
- Clique na guia Serviços, marque a opção Ocultar todos os serviços Microsoft e depois clique em Desativar tudo
- Clique na guia Inicialização de Programas e clique em Desativar tudo
 
Siga as mensagens ate que seja solicitado a reiniciar.

Após isso me informe se os problemas em relação a malwares ainda persistem.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Criar uma conta

Crie uma nova conta em nossa comunidade. É fácil!

Crie uma nova conta

Entrar

Já tem uma conta? Faça o login.

Entrar agora





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×