Ir ao conteúdo
  • Cadastre-se
Adauto2

Acesso indesejado no meu e-mail, possível malware

Posts recomendados

Bom dia, tive um acesso de uma outra pessoa  em um email meu, gostaria de verificar se não há nenhum malware em meu computador para isso ter ocorrido. Agradeço muito a ajuda.

 

ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá @Adauto2 ,

 

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • IMPORTANTE: Caso tenha programas de ativação do Windows ou de compartilhamento de torrent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do fórum;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas;
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

Favor seguir as etapas abaixo:

 

1)

 

Faça o download do AdwCleaner e salve no desktop (Área de Trabalho).

https://downloads.malwarebytes.com/file/adwcleaner

Clique em DOWNLOAD NOW para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em VRIfczU.png

Clique em VERIFICAR. Após o termino clique em LIMPAR e aguarde.

Será aberto o bloco de notas com o resultado.

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.

 

2)

 

Baixe o Malwarebytes Anti-Malware (MBAM) do link abaixo e salve no seu desktop.

https://downloads.malwarebytes.org/file/mbam_current/
 
Clique duas vezes no mbam-setup.exe e siga o solicitado para instalar o programa.

 

  • Na aba Análise > Analise Personalizada marque a opção Procurar rootkits e as entradas referente a instalação do sistema operacional. Normalmente é o drive (C:)
  • Clique em Analisar Agora. Aguarde, pois o scan pode demorar;
  • Ao acabar o scan, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas ou Colocar em Quarentena;
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo);
  • Caso o Mbam não seja executado automaticamente após a reinicialização, execute manualmente;
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Relatórios na janela principal do programa;
  • Clique duas vezes no log (Registro de verificação). Clique no botão Exportar e utilize o formato .txt para exportar o log. Salve na Área de Trabalho.


ATENÇÃO: Abra o arquivo, selecione tudo, copie e cole o conteúdo deste log em sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde @Turco, obrigado desde já. Segue abaixo os logs:

 

- ADWCleaner:

 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.1.0
# -------------------------------
# Build:    12-17-2019
# Database: 2020-01-06.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-10-2020
# Duration: 00:00:01
# OS:       Windows 7 Professional
# Cleaned:  14
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\IOBIT\Driver Booster
Deleted       C:\ProgramData\IOBIT\Driver Booster
Deleted       C:\ProgramData\IObit\Advanced SystemCare
Deleted       C:\Users\Usuario\AppData\Roaming\IOBIT\Driver Booster
Deleted       C:\Users\Usuario\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted       C:\Windows\System32\Tasks\DRIVER BOOSTER SCHEDULER
Deleted       C:\Windows\System32\Tasks\DRIVER BOOSTER SKIPUAC (USUARIO)

***** [ Registry ] *****

Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E59B58DE-3283-4A37-8762-FF838C26FEEC}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1650264-E8A1-4794-A897-1D3BDE57736A}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E59B58DE-3283-4A37-8762-FF838C26FEEC}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DRIVER BOOSTER SKIPUAC (USUARIO)
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
Deleted       HKLM\Software\Wow6432Node\IObit\Driver Booster
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3092 octets] - [10/01/2020 09:45:06]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

 

- MalwareBytes:

 

Malwarebytes
www.malwarebytes.com

-Detalhes do Relatório-
Data da análise: 10/01/2020
Hora da análise: 10:01
Arquivo de relatório: de00e472-33a0-11ea-ae02-fcaa14fc2e26.json

-Informações do Software-
Versão: 4.0.4.49
Versão de componentes: 1.0.793
Versão do pacote de definições: 1.0.17529
Licença: Gratuita

-Informações do Sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x64
Sistema de arquivos: NTFS
Usuário: Usuario-PC\Usuario

-Resumo da Análise-
Tipo de análise: Análise Customizada
Análise Iniciada Por: Manual
Resultado: Concluída
Objetos verificados: 513684
Ameaças detectadas: 4
Ameaças em quarentena: 4
Tempo decorrido: 2 hr, 30 min, 11 seg

-Opções da Análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
Programa Potencialmente Indesejado: Detetar
PUM: Detetar

-Detalhes da Análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 0
(Nenhum item malicioso detectado)

Valor de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 0
(Nenhum item malicioso detectado)

Arquivo: 4
Generic.Malware/Suspicious, C:\USERS\USUARIO\APPDATA\ROAMING\Microsoft\Windows\Recent\zoek.lnk, Quarentena, 0, 392686, , , ,
Generic.Malware/Suspicious, C:\USERS\USUARIO\DESKTOP\ZOEK.ZIP, Quarentena, 0, 392686, 1.0.17529, , shuriken,
Generic.Malware/Suspicious, C:\USERS\USUARIO\DESKTOP\ZOEK\ZA-SCAN.EXE, Quarentena, 0, 392686, 1.0.17529, , shuriken,
HackTool.Agent.KMS, C:\WINDOWS\KMS-QADHOOK.DLL, Quarentena, 7634, 151261, 1.0.17529, , ame,

Setor físico: 0
(Nenhum item malicioso detectado)

Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)


(end)

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Adauto2

 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.


Faça o download do ZHPCleaner no link abaixo e salve em sua Área de trabalho (Desktop)


Execute o arquivo ZHPCleaner.exe Como Administrador

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Turco

 

~ ZHPCleaner v2020.1.12.169 by Nicolas Coolman (2020/01/12)
~ Run by Usuario (Administrator)  (13/01/2020 10:34:06)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Type : Scan
~ Report : C:\Users\Usuario\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\Usuario\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point :
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (1)
FOUND data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : 127.0.0.1;localhost;<local>;;*.local]  =>Hijacker.Proxy


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.


---\\  Registry ( Key, Value, Data) (2)
FOUND value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_CF0D12F859BF15DAB73FDD0B7E1E013D ["C:\Program Files (x86)\Google\Chrome\Application\]  =>PUP.Optional.MyBrowser
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool]  =>Toolbar.Ask


---\\  Summary of the elements found (3)
https://nicolascoolman.eu/2017/04/03/hijacker-proxy/ =>Hijacker.Proxy
https://nicolascoolman.eu/2017/11/01/adware-mybrowser/ =>PUP.Optional.MyBrowser
https://nicolascoolman.eu/2017/02/28/toolbar-ask/ =>Toolbar.Ask


---\\ Result of repair
~ Any repair made
~ Mozilla Firefox OK
~ Internet Explorer OK


---\\ Statistics
~ Items scanned : 88659
~ Items found : 3
~ Items cancelled : 0
~ Items options : 8/15
~ Space saving (bytes) : 0


~ End of search in 00h10mn01s

---\\  Reports (0)
ZHPCleaner--13012020-10_44_07.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Adauto2

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop).


32 bit (x86) ou 64 bit (x64)

  • Clique com o botão direito e escolha Executar como Administrador;
  • Clique no botão Examinar;
  • Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop);
  • Selecione, copie e cole o conteúdo do log  FRST.txt em sua próxima resposta;
  • Anexe o log Addition.txt.

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Turco, segue abaixo FRST.txt e o Addition.txt anexo.

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 12-01-2020
Executado por Usuario (administrador) em USUARIO-PC (Gigabyte Technology Co., Ltd. GA-78LMT-S2) (14-01-2020 07:27:05)
Executando a partir de C:\Users\Usuario\Desktop
Perfis Carregados: Usuario (Perfis Disponíveis: Usuario)
Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Banco Bradesco S.A. -> Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradguard.exe
(Banco Bradesco S.A. -> Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradserv.exe
(Brother Industries, Ltd.) [Arquivo não assinado] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [Arquivo não assinado] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\88.4.172\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\88.4.172\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\88.4.172\QtWebEngineProcess.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIMTE.EXE
(TeamViewer GmbH -> TeamViewer GmbH) D:\TeamViewer\TeamViewer_Service.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-10-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) [Arquivo não assinado]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653352 2017-07-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862248 2017-07-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6261760 2020-01-07] (Dropbox, Inc -> Dropbox, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
HKU\S-1-5-21-3210410832-52721733-420004279-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIMTE.EXE [298560 2014-03-19] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3210410832-52721733-420004279-1000\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIMTE.EXE [298560 2014-03-19] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3210410832-52721733-420004279-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [47773264 2019-12-22] (Google LLC -> )
HKU\S-1-5-21-3210410832-52721733-420004279-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-06] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-3210410832-52721733-420004279-1000\...\Run: [GoogleChromeAutoLaunch_CF0D12F859BF15DAB73FDD0B7E1E013D] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.117\Installer\chrmstp.exe [2020-01-09] (Google LLC -> Google LLC)
Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Backup Flext Cash - Atalho.lnk [2018-01-17]
ShortcutTarget: Backup Flext Cash - Atalho.lnk -> C:\Bkp_Flext\Backup Flext Cash.bat () [Arquivo não assinado]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restrição <==== ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO

==================== Tarefas Agendadas (Whitelisted) ============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {0366A6D1-4C4D-4B9F-B8DC-F2B5D1C707EE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-11] (Adobe Inc. -> Adobe Systems)
Task: {427D46B9-E191-4DF2-8E71-0B555AD25BE1} - \Backup Flext Cash -> Nenhum Arquivo <==== ATENÇÃO
Task: {43E3FD7F-3A61-4BD2-93EE-58BD221B198F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {47927B21-D44B-4F7E-8EBA-A340357BE950} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-07-20] (Google Inc -> Google Inc.)
Task: {4A8AAADF-6C78-448B-AB75-810B217686DB} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_Plugin.exe [1457720 2020-01-13] (Adobe Inc. -> Adobe)
Task: {4F9AE161-E033-4731-B364-39C06202287E} - System32\Tasks\bkpFlextCanadense => C:\Bkp_Flext\Backup Flext Cash.bat [362 2018-01-17] () [Arquivo não assinado]
Task: {503D5683-63E3-4899-8224-88270B510607} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-17] (Dropbox, Inc -> Dropbox, Inc.)
Task: {58B4DD9E-BFBD-43BD-A862-61FFCFDFE401} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-17] (Dropbox, Inc -> Dropbox, Inc.)
Task: {853279D5-99D6-4B8A-A686-F5C3A5000C84} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-07-20] (Google Inc -> Google Inc.)
Task: {85C260CE-C70A-4E42-97E4-B11F4A156CB2} - System32\Tasks\R@1n-KMS\Office14ProPlus => wmic path OfficeSoftwareProtectionProduct where (ID="6f327760-8c5c-417c-9b61-836a98287e0c") call Activate
Task: {968E26EC-BEDD-467E-BDE0-CA66D9E1785E} - \Backup Flext -> Nenhum Arquivo <==== ATENÇÃO
Task: {99FA0528-70ED-4C94-859C-938016719D51} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-06] (Piriform Ltd -> Piriform Ltd)
Task: {A8815D3E-2AC4-4425-A779-2CBA6FBF1497} - System32\Tasks\{E63EEC93-DC24-4FBC-A7D8-2D505CCB8750} => C:\Windows\system32\pcalua.exe -a C:\Users\Usuario\Downloads\Instalador_BULL_Tecfinance.exe -d C:\Users\Usuario\Downloads
Task: {BFCC5694-665F-46B2-9C4D-86EDD7D25F12} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {DD1A9351-A316-4A2F-BB89-886C2D5F32C2} - System32\Tasks\EPSON L575 Series Update {715D002F-8365-463A-A8B5-5316E8534B2E} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMTE.EXE [690536 2013-11-21] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {EBD95865-C8F3-4D13-AA4C-65F99042F06A} - System32\Tasks\canadenseflext => C:\Bkp_Flext\Backup Flext Cash.bat [362 2018-01-17] () [Arquivo não assinado]
Task: {F2E3685B-BCB5-47E0-A979-119876311AD3} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {F52C23E1-6D31-4014-B6E0-649C11AF3F88} - System32\Tasks\EPSON L575 Series Update {B772D739-1987-4B99-87DF-624BCA37323C} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMTE.EXE [690536 2013-11-21] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\EPSON L575 Series Update {715D002F-8365-463A-A8B5-5316E8534B2E}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMTE.EXE:/EXE:{715D002F-8365-463A-A8B5-5316E8534B2E} /F:UpdateSISTEMAĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON L575 Series Update {B772D739-1987-4B99-87DF-624BCA37323C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMTE.EXE:/EXE:{B772D739-1987-4B99-87DF-624BCA37323C} /F:UpdateSISTEMAĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{AC0059A4-1252-4D7A-835B-F2444471C92A}: [DhcpNameServer] 200.204.0.138 192.168.0.1
Tcpip\..\Interfaces\{C0831335-F326-4356-91B0-10B7E7E0DB26}: [DhcpNameServer] 192.168.0.1 0.0.0.0

Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-06-12] (Oracle America, Inc. -> Oracle Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-06-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-26] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-03-20] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-26] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

FireFox:
========
FF DefaultProfile: w1s1vdw5.default
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\w1s1vdw5.default [2020-01-14]
FF Homepage: Mozilla\Firefox\Profiles\w1s1vdw5.default -> hxxps://www.bbc.com/portuguese
FF Notifications: Mozilla\Firefox\Profiles\w1s1vdw5.default -> hxxps://www.dafiti.com.br; hxxps://support.cloud.google.com
FF Extension: (Avast SafePrice | Comparação, ofertas, cupons) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\w1s1vdw5.default\Extensions\sp@avast.com.xpi [2020-01-06]
FF Extension: (Avast Online Security) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\w1s1vdw5.default\Extensions\wrc@avast.com.xpi [2020-01-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_303.dll [2020-01-13] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-06-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-06-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-04] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_303.dll [2020-01-13] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Notifications: Default -> hxxps://123milhas.com; hxxps://kmdevantagens-com-br-5afc9025e1efe.pushnews.eu; hxxps://www.facebook.com
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default [2020-01-14]
CHR Extension: (Apresentações) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-20]
CHR Extension: (Jaxx Blockchain Wallet) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ancbofgphhmhcchnaognahmjfajaecmo [2018-07-18]
CHR Extension: (Documentos) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-20]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-26]
CHR Extension: (Postman) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhpolonmjbamaehfecdmhbdphcmgckdn [2019-04-01]
CHR Extension: (Avast SafePrice | Comparação, ofertas, cupons) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-01-06]
CHR Extension: (Planilhas) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-20]
CHR Extension: (Postman) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2019-04-01]
CHR Extension: (Documentos Google off-line) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-11]
CHR Extension: (Avast Online Security) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-12-20]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-07-29]
CHR Extension: (Allow-Control-Allow-Origin: *) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfbmbojpeacfghkpbjhddihlkkiljbi [2019-07-17]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-11]
CHR HKU\S-1-5-21-3210410832-52721733-420004279-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Serviços (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc. -> Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2019-12-19] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8395968 2019-10-22] (BattlEye Innovations e.K. -> )
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [Arquivo não assinado]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-17] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-17] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [44552 2020-01-07] (Dropbox, Inc -> Dropbox, Inc.)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [681400 2018-12-17] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2016-11-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2020-01-10] (Malwarebytes Inc -> Malwarebytes)
S4 NetExpress Updater; C:\Program Files (x86)\AppBrad\NetExpressUpdater.exe [20424 2017-07-31] (Banco Bradesco S.A. -> )
R2 scpbradserv; C:\Program Files (x86)\scpbrad\scpbradserv.exe [2269568 2019-11-29] (Banco Bradesco S.A. -> Scopus Soluções em TI Ltda)
R2 TeamViewer; D:\TeamViewer\TeamViewer_Service.exe [11446104 2019-04-24] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [X]

===================== Drivers (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2017-10-19] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37616 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [204824 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [274456 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [209552 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [65120 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [276952 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42736 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [171520 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110320 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [83792 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [848432 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460448 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [236024 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [316528 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [5020672 2009-07-13] (Microsoft Windows -> ATI Technologies Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-10-19] (Martin Malik - REALiX -> REALiX(tm))
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2018-05-04] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um mês (criados) ===================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2020-01-14 07:27 - 2020-01-14 07:27 - 000027580 _____ C:\Users\Usuario\Desktop\FRST.txt
2020-01-14 07:26 - 2020-01-14 07:27 - 000000000 ____D C:\FRST
2020-01-14 07:26 - 2020-01-14 07:26 - 002573312 _____ (Farbar) C:\Users\Usuario\Desktop\FRST64.exe
2020-01-13 10:45 - 2020-01-13 10:45 - 000002358 _____ C:\Users\Usuario\Desktop\ZHPCleaner (R).txt
2020-01-13 10:44 - 2020-01-13 10:44 - 000002101 _____ C:\Users\Usuario\Desktop\ZHPCleaner (S).txt
2020-01-13 10:31 - 2020-01-13 10:45 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\ZHP
2020-01-13 10:31 - 2020-01-13 10:31 - 003329408 _____ (Nicolas Coolman) C:\Users\Usuario\Desktop\ZHPCleaner.exe
2020-01-13 10:31 - 2020-01-13 10:31 - 000000834 _____ C:\Users\Usuario\Desktop\ZHPCleaner.lnk
2020-01-13 10:31 - 2020-01-13 10:31 - 000000000 ____D C:\Users\Usuario\AppData\Local\ZHP
2020-01-13 10:21 - 2020-01-13 10:21 - 000011664 _____ C:\Users\Usuario\.bash_history
2020-01-10 12:51 - 2020-01-10 12:51 - 000001972 _____ C:\Users\Usuario\Desktop\malwareb.txt
2020-01-10 09:59 - 2020-01-10 09:59 - 000000000 ____D C:\Users\Usuario\AppData\Local\mbam
2020-01-10 09:58 - 2020-01-10 09:58 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-01-10 09:58 - 2020-01-10 09:58 - 000001948 _____ C:\Users\Todos os Usuários\Desktop\Malwarebytes.lnk
2020-01-10 09:58 - 2020-01-10 09:58 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-01-10 09:58 - 2020-01-10 09:58 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-01-10 09:58 - 2020-01-10 09:58 - 000000000 ____D C:\Users\Usuario\AppData\Local\mbamtray
2020-01-10 09:58 - 2020-01-10 09:58 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2020-01-10 09:58 - 2020-01-10 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-01-10 09:58 - 2020-01-10 09:58 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-01-10 09:58 - 2020-01-10 09:58 - 000000000 ____D C:\Program Files\Malwarebytes
2020-01-10 09:55 - 2020-01-10 09:55 - 000002660 _____ C:\Users\Usuario\Desktop\AdwCleaner[C00].txt
2020-01-10 09:44 - 2020-01-10 09:46 - 000000000 ____D C:\AdwCleaner
2020-01-10 09:43 - 2020-01-10 09:43 - 001883976 _____ (Malwarebytes) C:\Users\Usuario\Desktop\MBSetup.exe
2020-01-10 09:41 - 2020-01-10 09:42 - 008237744 _____ (Malwarebytes) C:\Users\Usuario\Desktop\adwcleaner_8.0.1.exe
2020-01-09 07:29 - 2020-01-09 07:29 - 000026232 _____ C:\ZA-Scan.txt
2020-01-09 07:20 - 2020-01-10 12:46 - 000000000 ____D C:\Users\Usuario\Desktop\zoek
2020-01-09 07:20 - 2020-01-09 07:20 - 000000000 ____D C:\zoek_backup
2020-01-08 06:36 - 2020-01-08 06:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-01-07 11:21 - 2020-01-07 11:21 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2020-01-07 11:21 - 2020-01-07 11:21 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2020-01-07 11:21 - 2020-01-07 11:21 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2020-01-07 11:21 - 2020-01-07 11:21 - 000044552 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-12-19 15:28 - 2019-12-19 15:30 - 000174314 _____ C:\Users\Usuario\Desktop\161219-50  Rest.  Estampo de Furar e Recortar Nº 100414-08-01-00-1.pdf
2019-12-19 15:28 - 2019-12-19 15:28 - 000162678 _____ C:\Users\Usuario\Desktop\161219-10 - Proposta Técnica da Rest.  Estampo  de  Furar e Flangear  Nº 100414-08-01-00-1.pdf
2019-12-19 15:06 - 2019-12-19 15:29 - 000312832 _____ C:\Users\Usuario\Desktop\161219-50  Rest.  Estampo de Furar e Recortar Nº 100414-08-01-00-1.xls
2019-12-19 14:39 - 2019-12-19 14:39 - 000315392 _____ C:\Users\Usuario\Desktop\161219-50  Rest.  Estampo de Furar e Recortar Nº 100414-08-01-00.xls
2019-12-19 14:31 - 2019-12-19 14:31 - 000467456 _____ C:\Users\Usuario\Downloads\161219-50  Rest.  Estampo de Furar e Recortar Nº 100414-08-01-00.xls
2019-12-19 14:04 - 2019-12-19 14:04 - 000022854 _____ C:\Users\Usuario\Desktop\correios.pdf

==================== Um mês (modificados) ==================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2020-01-14 07:27 - 2017-07-21 10:59 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\Mozilla
2020-01-14 07:01 - 2018-01-17 11:28 - 000001022 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2020-01-14 06:50 - 2009-07-14 02:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-01-14 06:50 - 2009-07-14 02:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-01-14 06:39 - 2011-01-27 21:29 - 000707970 _____ C:\Windows\system32\prfh0416.dat
2020-01-14 06:39 - 2011-01-27 21:29 - 000147754 _____ C:\Windows\system32\prfc0416.dat
2020-01-14 06:39 - 2009-07-14 03:13 - 001641422 _____ C:\Windows\system32\PerfStringBackup.INI
2020-01-14 06:39 - 2009-07-14 01:20 - 000000000 ____D C:\Windows\inf
2020-01-14 06:35 - 2019-07-29 11:53 - 000000000 ___RD C:\Users\Usuario\Google Drive
2020-01-14 06:34 - 2017-12-11 15:23 - 000000000 ____D C:\Bkp_Flext
2020-01-14 06:34 - 2009-07-14 03:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-01-13 11:00 - 2017-07-26 17:04 - 000000000 ____D C:\Users\Usuario\.ionic
2020-01-13 10:51 - 2017-07-21 11:28 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-01-13 10:51 - 2017-07-21 11:28 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-01-13 10:51 - 2017-07-21 11:28 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-01-13 10:51 - 2017-07-21 11:28 - 000000000 ____D C:\Windows\system32\Macromed
2020-01-13 10:51 - 2017-07-21 11:23 - 000000000 ____D C:\Users\Usuario\AppData\Local\Adobe
2020-01-13 10:28 - 2019-10-08 14:33 - 000003176 _____ C:\Windows\system32\Tasks\{E63EEC93-DC24-4FBC-A7D8-2D505CCB8750}
2020-01-13 10:28 - 2019-03-27 10:59 - 000004542 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-01-13 10:28 - 2018-09-06 11:36 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-01-13 10:28 - 2018-02-14 08:39 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-01-13 10:28 - 2018-01-17 13:27 - 000003560 _____ C:\Windows\system32\Tasks\canadenseflext
2020-01-13 10:28 - 2018-01-17 13:22 - 000003712 _____ C:\Windows\system32\Tasks\bkpFlextCanadense
2020-01-13 10:28 - 2018-01-17 11:28 - 000004028 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskMachineUA
2020-01-13 10:28 - 2017-12-06 11:11 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2020-01-13 10:28 - 2017-07-26 17:25 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Code
2020-01-13 10:28 - 2017-07-21 10:46 - 000002798 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2020-01-13 10:28 - 2017-07-20 18:59 - 000003504 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-01-13 10:28 - 2017-07-20 18:59 - 000003376 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-01-13 10:21 - 2017-07-20 18:56 - 000000000 ____D C:\Users\Usuario
2020-01-10 12:11 - 2019-07-29 11:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2020-01-10 09:59 - 2019-10-09 14:53 - 000000000 ____D C:\Users\Usuario\AppData\Local\cache
2020-01-10 09:46 - 2017-10-19 13:59 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\IObit
2020-01-10 09:46 - 2017-10-19 13:59 - 000000000 ____D C:\Users\Todos os Usuários\IObit
2020-01-10 09:46 - 2017-10-19 13:59 - 000000000 ____D C:\ProgramData\IObit
2020-01-10 09:46 - 2017-10-19 13:59 - 000000000 ____D C:\Program Files (x86)\IObit
2020-01-10 06:38 - 2019-12-06 08:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-01-10 06:38 - 2017-07-20 18:59 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-01-09 07:51 - 2017-07-31 11:40 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\TeamViewer
2020-01-09 07:51 - 2017-07-26 15:09 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\MPC-HC
2020-01-09 07:51 - 2017-07-21 12:09 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\PhotoScape
2020-01-09 07:50 - 2017-09-26 14:50 - 000000000 ____D C:\Windows\Minidump
2020-01-09 07:05 - 2018-07-18 10:25 - 000000000 ____D C:\Users\Usuario\AppData\Local\AVAST Software
2020-01-09 06:46 - 2017-07-20 18:59 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-09 06:46 - 2017-07-20 18:59 - 000002181 _____ C:\Users\Todos os Usuários\Desktop\Google Chrome.lnk
2020-01-09 06:46 - 2017-07-20 18:59 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-01-09 06:46 - 2017-07-20 18:59 - 000002181 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-01-08 06:36 - 2018-01-17 11:28 - 000000000 ____D C:\Program Files (x86)\Dropbox
2020-01-07 08:56 - 2019-02-19 17:30 - 000001554 _____ C:\Users\Usuario\Desktop\jan-fev-19.txt
2019-12-19 10:55 - 2017-07-21 11:25 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-12-18 06:43 - 2018-01-17 11:28 - 000001018 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-12-17 10:15 - 2018-01-17 11:28 - 000003778 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskMachineCore

==================== SigCheck ============================

(Não há correção automática para arquivos que não passaram na verificação.)


LastRegBack: 2020-01-08 07:27
==================== Fim de FRST.txt ========================

Addition.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok,

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está abaixo:

 

CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restrição <==== ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO 
VirusTotal: C:\Bkp_Flext\Backup Flext Cash.bat
CMD: type C:\Bkp_Flext\Backup Flext Cash.bat
HOSTS:
RemoveProxy:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
EmptyTemp:
  • Salve este arquivo na Área de Trabalho (Desktop) como fixlist.txt
  • Execute novamente o FRST e clique no botão Corrigir;
  • Aguarde... ao final será gerado o log Fixlog.txt em sua Área de Trabalho (Desktop).
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Turco

 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 12-01-2020
Executado por Usuario (15-01-2020 10:35:00) Run:1
Executando a partir de C:\Users\Usuario\Desktop
Perfis Carregados: Usuario (Perfis Disponíveis: Usuario)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restri��o <==== ATEN��O
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restri��o <==== ATEN��O
CHR HKLM\SOFTWARE\Policies\Google: Restri��o <==== ATEN��O
VirusTotal: C:\Bkp_Flext\Backup Flext Cash.bat
CMD: type C:\Bkp_Flext\Backup Flext Cash.bat
HOSTS:
RemoveProxy:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
EmptyTemp:
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removido (a) com sucesso.
HKLM\SOFTWARE\Policies\Mozilla => removido (a) com sucesso.
HKLM\SOFTWARE\Policies\Google => removido (a) com sucesso.
VirusTotal: C:\Bkp_Flext\Backup Flext Cash.bat => https://www.virustotal.com/file/9ebd96342fee5a8e843a63ede2351d907ff01b10d8a7f8159cf810c6ea1b5eea/analysis/1579095309/

========= type C:\Bkp_Flext\Backup Flext Cash.bat =========

O sistema nÆo pode encontrar o arquivo especificado.
Erro ao processar: C:\Bkp_Flext\Backup.
O sistema nÆo pode encontrar o arquivo especificado.
Erro ao processar: Flext.
O sistema nÆo pode encontrar o arquivo especificado.
Erro ao processar: Cash.bat.

========= Fim de CMD: =========

C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.
"HKU\S-1-5-21-3210410832-52721733-420004279-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\S-1-5-21-3210410832-52721733-420004279-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.


========= Fim de RemoveProxy: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {223F1500-4EB0-4E82-8419-4E7D82DB3781}.
Unable to cancel {0B5AF6B9-AC1F-4735-9C6A-B25E5A470B97}.
0 out of 2 jobs canceled.

========= Fim de CMD: =========


========= ipconfig /flushdns =========


Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17485256 B
Java, Flash, Steam htmlcache => 1154 B
Windows/system/drivers => 2292686 B
Edge => 0 B
Chrome => 419611922 B
Firefox => 74357938 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
systemprofile32 => 132584 B
LocalService => 132584 B
NetworkService => 198812 B
Usuario => 151259978 B

RecycleBin => 495 B
EmptyTemp: => 642.7 MB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 10:35:52 ====

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Adauto2

 

Desative temporariamente seu Antivirus e Firewall

  • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop. 
  • Execute o esetsmartinstaller_enu.exe.
    ** Usuários do Windows Vista, Windows 7 e Windows 8/8.1:
    Clique com o direito sobre o esetsmartinstaller_enu.exe, depois clique em VRIfczU.png .
  • Clique em Escanear o computador, verificação completa
  • Se for detectado algo, certifique que todas as caixas estejam marcadas e clique em Remover.
  • Ao final salve o log em sua área de trabalho e poste o conteúdo na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Turco , acabei indo no impulso e não vi a parte para salvar o log. Foi encontrado 9 ameaças e colocadas em quarentena conforme o print anexo que tirei.

eset.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Adauto2

 

Para finalizar:

 

Baixe o Delfix by Xplode e salve na sua área de trabalho.

 

Clique duas vezes no delfix.exe para executá-lo. Marque as caixas conforme imagem.

 

** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo delfix.exe, depois clique em execadmin.png.

 

2mez6ld.png

 

Clique no botão Executar.

 

Ao final será gerado um log, mas não é necessário postar.

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Turco, feito! Agradeço pela atenção e pela ajuda.

  • Obrigado 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Problema resolvido!

 

Caso o autor necessite, o mesmo será reaberto, para isso deverá entrar em contato com um Analista de Segurança ou Coordenador solicitando o desbloqueio.

 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Aprenda_a_Ler_Resistores_e_Capacitores-capa-3d-newsletter.jpg

EBOOK GRÁTIS!

CLIQUE AQUI E BAIXE AGORA MESMO!