Ir ao conteúdo
  • Cadastre-se

Isaque Lima12

Membros Juniores
  • Total de itens

    8
  • Registro em

  • Última visita

  • Qualificações

    N/D
  1. Desculpe a demora. Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 07-08-2019 02 Executado por eden (09-08-2019 15:22:22) Run:1 Executando a partir de C:\Users\eden\Desktop Perfis Carregados: eden (Perfis Disponíveis: eden) Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CreateRestorePoint: CloseProcesses: CustomCLSID: HKU\S-1-5-21-1401129884-1496255558-2442996880-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe /Automation => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1401129884-1496255558-2442996880-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1401129884-1496255558-2442996880-1000_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe /Automation => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1401129884-1496255558-2442996880-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll => Nenhum Arquivo WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ShortcutWithArgument: C:\Users\eden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /c explorer hxxp://www2.savemax.store/ HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" HKU\S-1-5-21-1401129884-1496255558-2442996880-1000\...\Run: [EPSON TX550W Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIP.EXE [223232 2008-11-20] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) HKU\S-1-5-21-1401129884-1496255558-2442996880-1000\...\Policies\Explorer: [] Startup: C:\Users\eden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\asodakaossd.lnk [2019-07-18] ShortcutAndArgument: asodakaossd.lnk -> C:\Windows\system32\cmd.exe => /c start C:\Users\eden\AppData\Roaming\aiasfacoiaksf.vbs exit Startup: C:\Users\eden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.lnk [2019-04-03] ShortcutAndArgument: user.lnk -> C:\Windows\System32\cmd.exe => /c explorer hxxp://www2.savemax.store/ Task: {C636E710-CDC6-4666-8497-B0FFA1BFF9DD} - System32\Tasks\Siferckqersik Reports => C:\Program Files (x86)\Griwoward\SiferckqersikreportsCkuwity.exe HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131219624618833568&GUID=00000000-0000-0000-0000-000000000000 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131219624619301569&GUID=00000000-0000-0000-0000-000000000000 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-1401129884-1496255558-2442996880-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www2.savemax.store/ HKU\S-1-5-21-1401129884-1496255558-2442996880-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp S3 VGPU; System32\drivers\rdvgkmd.sys [X] C:\Users\eden\AppData\Roaming\meauyot C:\Users\eden\AppData\Local\ljljya C:\Users\eden\AppData\Local\eiqlkgm CMD: ipconfig /flushdns RemoveProxy: EmptyTemp: CreateRestorePoint: ***************** Ponto de Restauração criado com sucesso. Processos fechados com sucesso. HKU\S-1-5-21-1401129884-1496255558-2442996880-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6} => removido (a) com sucesso. HKU\S-1-5-21-1401129884-1496255558-2442996880-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98} => removido (a) com sucesso. HKU\S-1-5-21-1401129884-1496255558-2442996880-1000_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D} => removido (a) com sucesso. HKU\S-1-5-21-1401129884-1496255558-2442996880-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005} => removido (a) com sucesso. "CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"" => removido (a) com sucesso. "BVTFilter" => removido (a) com sucesso. "BVTConsumer" => removido (a) com sucesso. C:\Users\eden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.lnk => Atalho argumento removido (a) com sucesso. "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removido (a) com sucesso. "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HPUsageTrackingLEDM" => removido (a) com sucesso. "HKU\S-1-5-21-1401129884-1496255558-2442996880-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON TX550W Series" => removido (a) com sucesso. "HKU\S-1-5-21-1401129884-1496255558-2442996880-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removido (a) com sucesso. C:\Users\eden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\asodakaossd.lnk => movido com sucesso ShortcutAndArgument: asodakaossd.lnk -> C:\Windows\system32\cmd.exe => /c start C:\Users\eden\AppData\Roaming\aiasfacoiaksf.vbs exit => Erro: Nenhuma correção automática foi encontrada para esta entrada. C:\Users\eden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.lnk => movido com sucesso ShortcutAndArgument: user.lnk -> C:\Windows\System32\cmd.exe => /c explorer hxxp://www2.savemax.store/ => Erro: Nenhuma correção automática foi encontrada para esta entrada. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C636E710-CDC6-4666-8497-B0FFA1BFF9DD}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C636E710-CDC6-4666-8497-B0FFA1BFF9DD}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Siferckqersik Reports => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Siferckqersik Reports" => removido (a) com sucesso. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => valor restaurado com sucesso HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => valor restaurado com sucesso HKU\S-1-5-21-1401129884-1496255558-2442996880-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso "HKU\S-1-5-21-1401129884-1496255558-2442996880-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache" => removido (a) com sucesso. HKLM\System\CurrentControlSet\Services\VGPU => removido (a) com sucesso. VGPU => serviço removido (a) com sucesso. C:\Users\eden\AppData\Roaming\meauyot => movido com sucesso C:\Users\eden\AppData\Local\ljljya => movido com sucesso C:\Users\eden\AppData\Local\eiqlkgm => movido com sucesso ========= ipconfig /flushdns ========= Configura‡Æo de IP do Windows Libera‡Æo do Cache do DNS Resolver bem-sucedida. ========= Fim de CMD: ========= ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso. "HKU\S-1-5-21-1401129884-1496255558-2442996880-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\S-1-5-21-1401129884-1496255558-2442996880-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso. ========= Fim de RemoveProxy: ========= Ponto de Restauração criado com sucesso. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 61535226 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 117809961 B Edge => 0 B Chrome => 29890243 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 16674 B systemprofile32 => 646750 B LocalService => 0 B NetworkService => 2494 B eden => 169993269 B RecycleBin => 11790144 B EmptyTemp: => 381.5 MB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 15:24:38 ====
  2. Addition: Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 29-07-2019 Executado por eden (29-07-2019 16:09:25) Executando a partir de C:\Users\eden\Downloads Windows 7 Ultimate Service Pack 1 (X64) (2016-05-09 22:17:44) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-1401129884-1496255558-2442996880-500 - Administrator - Disabled) Convidado (S-1-5-21-1401129884-1496255558-2442996880-501 - Limited - Disabled) eden (S-1-5-21-1401129884-1496255558-2442996880-1000 - Administrator - Enabled) => C:\Users\eden HomeGroupUser$ (S-1-5-21-1401129884-1496255558-2442996880-1002 - Limited - Enabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) A360 Desktop (HKLM\...\{B209E611-5511-4AD6-B4B3-9D36F93DBCD4}) (Version: 6.0.3.1100 - Autodesk) Desinstalar Impressora EPSON TX550W Series (HKLM\...\EPSON TX550W Series) (Version: - SEIKO EPSON Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - ) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) hppLaserJetService (HKLM-x32\...\{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden hppP1100P1560P1600SeriesLaserJetService (HKLM-x32\...\{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden hppusgP1100P1560P1600Series (HKLM-x32\...\{853F464A-B2B8-404E-BA3E-B98FF6862C41}) (Version: 1.0.0.1 - Hewlett-Packard) Hidden HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.) Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation) IRPF2016 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2016) (Version: 1.2 - Receita Federal do Brasil) IRPF2017 (HKLM-x32\...\IRPF2017) (Version: 1.1 - Receita Federal do Brasil) Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Malwarebytes versão 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4.5.2 Hotfix Rollup (KB3035805) (HKLM\...\{EBDC09D6-C831-3CF9-80D6-8870C304FF88}) (Version: 4.5.52290 - Microsoft Corporation) Microsoft Office Professional 2016 - pt-br (HKLM\...\ProfessionalRetail - pt-br) (Version: 16.0.11727.20244 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1401129884-1496255558-2442996880-1000\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7167.2060 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security) Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.07 - Serpro - Serviço Federal de Processamento de Dados) Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.) Sentinel Runtime (HKLM-x32\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 6.4.1.32979 - SafeNet Inc.) WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-1401129884-1496255558-2442996880-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe /Automation => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1401129884-1496255558-2442996880-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1401129884-1496255558-2442996880-1000_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe /Automation => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1401129884-1496255558-2442996880-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll => Nenhum Arquivo ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [1999-12-31] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ==================== Atalhos & WMI ======================== (As entradas podem ser listadas para serem restauradas ou removidas.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ShortcutWithArgument: C:\Users\eden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /c explorer hxxp://www2.savemax.store/ ==================== Módulos Carregados (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) HKU\S-1-5-21-1401129884-1496255558-2442996880-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1" ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:34 - 2016-08-18 13:04 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\ HKU\S-1-5-21-1401129884-1496255558-2442996880-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\eden\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 181.213.132.2 - 181.213.132.3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == Se uma entrada for incluída na fixlist, será removida. MSCONFIG\Services: EPSON_EB_RPCV4_01 => 2 MSCONFIG\Services: EPSON_PM_RPCV4_01 => 2 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: hasplms => 2 MSCONFIG\Services: HP LaserJet Service => 2 MSCONFIG\Services: HPSIService => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [TCP Query User{AC214A62-50D8-4C3C-B5EC-C8045DF373B8}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_101\bin\javaw.exe FirewallRules: [UDP Query User{31A84D95-7098-4BB3-A912-63A859AC9A85}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_101\bin\javaw.exe FirewallRules: [{A5B994F6-E9E8-41D0-8161-6E4C33128703}] => (Allow) C:\Program Files (x86)\Stanper\Application\chrome.exe Nenhum Arquivo FirewallRules: [{29269C7E-8207-4C78-8288-A7F5FA0FA2C2}] => (Allow) C:\Windows\system32\hasplms.exe (SafeNet, Inc. -> SafeNet Inc.) FirewallRules: [{B1B1167E-592E-4CB4-99A4-880356B5245B}] => (Allow) LPort=1688 FirewallRules: [{F87A997D-4D4F-4B20-80C7-C97D04DA0A19}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{101D06F3-ECFF-49DF-890F-9E75408B0E74}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Pontos de Restauração ========================= 03-04-2019 11:23:21 Ponto de Verificação Agendado 16-07-2019 11:14:29 Ponto de Verificação Agendado 18-07-2019 09:58:02 Revo Uninstaller's restore point - CCleaner 18-07-2019 09:59:06 Revo Uninstaller's restore point - KMSpico 29-07-2019 14:22:36 RESTAURO ==================== Dispositivos Apresentando Falhas No Gerenciador ============= ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (07/29/2019 03:53:29 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Falha na geração de contexto de ativação para "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Erro no arquivo de manifesto ou de diretiva "", na linha. Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa. Os componentes conflitantes são:. Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest. Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest. Error: (07/29/2019 02:32:40 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (07/29/2019 02:21:37 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoImpersonateClient. hr = 0x800706e5, Não há contextos de segurança disponíveis para permitir a representação. . Error: (07/29/2019 02:13:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (07/29/2019 11:38:24 AM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: ) Description: Failed to schedule Software Protection service for re-start at 2019-08-17T12:50:24Z. Error Code: 0x80041321. Error: (07/29/2019 11:28:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (07/25/2019 11:48:04 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (07/24/2019 07:41:20 PM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: ) Description: Failed to schedule Software Protection service for re-start at 2019-08-17T12:50:20Z. Error Code: 0x80041321. Erros de Sistema: ============= Error: (07/29/2019 02:12:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço HP LaserJet Service devido ao seguinte erro: O serviço não respondeu à requisição de início ou controle em tempo hábil. Error: (07/29/2019 02:12:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço HP LaserJet Service. Error: (07/29/2019 01:24:24 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: O serviço Malwarebytes Service não foi desligado corretamente após receber um controle de pré-desligamento. Error: (07/29/2019 12:03:32 PM) (Source: Disk) (EventID: 7) (User: ) Description: O dispositivo, \Device\Harddisk0\DR0, possui um bloco defeituoso. Error: (07/29/2019 12:03:30 PM) (Source: Disk) (EventID: 7) (User: ) Description: O dispositivo, \Device\Harddisk0\DR0, possui um bloco defeituoso. Error: (07/29/2019 12:03:27 PM) (Source: Disk) (EventID: 7) (User: ) Description: O dispositivo, \Device\Harddisk0\DR0, possui um bloco defeituoso. Error: (07/29/2019 12:03:24 PM) (Source: Disk) (EventID: 7) (User: ) Description: O dispositivo, \Device\Harddisk0\DR0, possui um bloco defeituoso. Error: (07/29/2019 12:03:21 PM) (Source: Disk) (EventID: 7) (User: ) Description: O dispositivo, \Device\Harddisk0\DR0, possui um bloco defeituoso. Windows Defender: =================================== Date: 2016-10-26 09:45:35.016 Description: Windows Defender detectou spyware ou outro software possivelmente indesejado. Para obter mais informações, consulte: http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/SupTab&threatid=214126 Nome:BrowserModifier:Win32/SupTab ID:214126 Severidade:Alto Categoria:Modificador de Navegador Caminho Encontrado:file:C:\Program Files (x86)\SFK\SFK.ini;file:C:\Program Files (x86)\TData\DuiLib.dll;file:C:\Program Files (x86)\TData\MCfig.ini;file:C:\Program Files (x86)\TData\msvcp110.dll;file:C:\Program Files (x86)\TData\msvcp120.dll;file:C:\Program Files (x86)\TData\msvcr110.dll;file:C:\Program Files (x86)\TData\msvcr120.dll;file:C:\Program Files (x86)\TData\skin\About.xml;file:C:\Program Files (x86)\TData\skin\about_banner.png;file:C:\Program Files (x86)\TData\skin\animate_history.png;file:C:\Program Files (x86)\TData\skin\animate_portal.png;file:C:\Program Files (x86)\TData\skin\animate_recent.png;file:C:\Program Files (x86)\TData\skin\big_button_down.png;file:C:\Program Files (x86)\TData\skin\bk_shadow.png;file:C:\Program Files (x86)\TData\skin\bottom_toolbar_bk.png;file:C:\Program Files (x86)\TData\skin\brower_back.png;file:C:\Program Files (x86)\TData\skin\brower_refresh.png;file:C:\Program Files (x86)\TData\skin\btn.png;file:C:\Program Files (x86)\TData\skin\btn_browser_dir.png;file:C:\Program Files (x86)\TData\ Tipo de Detecção:Concreto Origem da Detecção:Sistema Status:Desconhecido Usuário:AUTORIDADE NT\SISTEMA Nome do Processo: Date: 2016-10-26 09:45:35.014 Description: Windows Defender detectou spyware ou outro software possivelmente indesejado. Para obter mais informações, consulte: http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/SupTab!blnk&threatid=233713 Nome:BrowserModifier:Win32/SupTab!blnk ID:233713 Severidade:Alto Categoria:Modificador de Navegador Caminho Encontrado:containerfile:C:\Users\eden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ae0adfa56a38c33e\Fishlamp.lnk;file:C:\Users\eden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ae0adfa56a38c33e\Fishlamp.lnk->[CMDEmbedded] Tipo de Detecção:Concreto Origem da Detecção:Sistema Status:Desconhecido Usuário:AUTORIDADE NT\SISTEMA Nome do Processo: Date: 2016-10-26 09:45:35.013 Description: Windows Defender detectou spyware ou outro software possivelmente indesejado. Para obter mais informações, consulte: http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/SupTab!blnk&threatid=233713 Nome:BrowserModifier:Win32/SupTab!blnk ID:233713 Severidade:Alto Categoria:Modificador de Navegador Caminho Encontrado:file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk Tipo de Detecção:Concreto Origem da Detecção:Sistema Status:Desconhecido Usuário:AUTORIDADE NT\SISTEMA Nome do Processo: Date: 2016-10-26 09:45:35.011 Description: Windows Defender detectou spyware ou outro software possivelmente indesejado. Para obter mais informações, consulte: http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/SupTab!blnk&threatid=233713 Nome:BrowserModifier:Win32/SupTab!blnk ID:233713 Severidade:Alto Categoria:Modificador de Navegador Caminho Encontrado:file:C:\Users\eden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Tipo de Detecção:Concreto Origem da Detecção:Sistema Status:Desconhecido Usuário:AUTORIDADE NT\SISTEMA Nome do Processo: Date: 2016-10-25 21:10:17.982 Description: Windows Defender detectou spyware ou outro software possivelmente indesejado. Para obter mais informações, consulte: http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/SupTab&threatid=214126 Nome:BrowserModifier:Win32/SupTab ID:214126 Severidade:Alto Categoria:Modificador de Navegador Caminho Encontrado:file:C:\Program Files (x86)\SFK\SFK.ini;file:C:\Program Files (x86)\TData\DuiLib.dll;file:C:\Program Files (x86)\TData\MCfig.ini;file:C:\Program Files (x86)\TData\msvcp110.dll;file:C:\Program Files (x86)\TData\msvcp120.dll;file:C:\Program Files (x86)\TData\msvcr110.dll;file:C:\Program Files (x86)\TData\msvcr120.dll;file:C:\Program Files (x86)\TData\skin\About.xml;file:C:\Program Files (x86)\TData\skin\about_banner.png;file:C:\Program Files (x86)\TData\skin\animate_history.png;file:C:\Program Files (x86)\TData\skin\animate_portal.png;file:C:\Program Files (x86)\TData\skin\animate_recent.png;file:C:\Program Files (x86)\TData\skin\big_button_down.png;file:C:\Program Files (x86)\TData\skin\bk_shadow.png;file:C:\Program Files (x86)\TData\skin\bottom_toolbar_bk.png;file:C:\Program Files (x86)\TData\skin\brower_back.png;file:C:\Program Files (x86)\TData\skin\brower_refresh.png;file:C:\Program Files (x86)\TData\skin\btn.png;file:C:\Program Files (x86)\TData\skin\btn_browser_dir.png;file:C:\Program Files (x86)\TData\ Tipo de Detecção:Concreto Origem da Detecção:Sistema Status:Desconhecido Usuário:AUTORIDADE NT\SISTEMA Nome do Processo: ==================== Informações da Memória =========================== BIOS: Phoenix Technologies LTD MTVNCRB01.86C.0000.X.0000000000 10/14/2009 Motherboard: Semp Toshiba IS 1412 Processador: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz Percentagem de memória em uso: 92% RAM física total: 3032.88 MB RAM física disponível: 222.44 MB Virtual Total: 6063.94 MB Virtual disponível: 2360.27 MB ==================== Drives ================================ Drive () (Fixed) (Total:297.75 GB) (Free:239.33 GB) NTFS \\?\Volume{7bd19847-1632-11e6-8b6f-806e6f6e6963}\ (Reservado pelo Sistema) (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 9D14E58F) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=297.7 GB) - (Type=07 NTFS) ==================== Fim de Addition.txt ============================ FRST: Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 29-07-2019 Executado por eden (administrador) em EDEN-PC (Semp Toshiba IS 1412) (29-07-2019 16:03:17) Executando a partir de C:\Users\eden\Downloads Perfis Carregados: eden (Perfis Disponíveis: eden) Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (Panda Security S.L -> Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" HKU\S-1-5-21-1401129884-1496255558-2442996880-1000\...\Run: [EPSON TX550W Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIP.EXE [223232 2008-11-20] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) HKU\S-1-5-21-1401129884-1496255558-2442996880-1000\...\Policies\Explorer: [] HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1310088 2015-01-27] (Autodesk, Inc -> Autodesk, Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-18] (Google LLC -> Google LLC) Startup: C:\Users\eden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\asodakaossd.lnk [2019-07-18] ShortcutAndArgument: asodakaossd.lnk -> C:\Windows\system32\cmd.exe => /c start C:\Users\eden\AppData\Roaming\aiasfacoiaksf.vbs exit Startup: C:\Users\eden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.lnk [2019-04-03] ShortcutAndArgument: user.lnk -> C:\Windows\System32\cmd.exe => /c explorer hxxp://www2.savemax.store/ ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {065CE4EE-E707-4F0C-B4E6-C1A908AFAA34} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2208400 2019-07-19] (Microsoft Corporation -> Microsoft Corporation) Task: {125055C9-4A3A-40D5-87EC-594E9AADD2EF} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [116480 2009-09-23] (Panda Security S.L -> ) Task: {18D11A79-78D9-415B-B2CC-76B65957A772} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26804232 2019-06-25] (Microsoft Corporation -> Microsoft Corporation) Task: {2BDA8732-8AAF-40C8-8B4F-9E77C142EFD7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-26] (Google Inc -> Google Inc.) Task: {543958C0-139B-494A-ABE8-57736BE714A8} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26804232 2019-06-25] (Microsoft Corporation -> Microsoft Corporation) Task: {5B0B8718-FB82-4A4A-B8A9-EE9550B51400} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2208400 2019-07-19] (Microsoft Corporation -> Microsoft Corporation) Task: {8625A0CA-686B-4B61-8BC8-F64BDEA26786} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [152112 2019-07-19] (Microsoft Corporation -> Microsoft Corporation) Task: {B77DC15D-8B39-4DD9-B2C0-32EFCD940F3F} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [152112 2019-07-19] (Microsoft Corporation -> Microsoft Corporation) Task: {C636E710-CDC6-4666-8497-B0FFA1BFF9DD} - System32\Tasks\Siferckqersik Reports => C:\Program Files (x86)\Griwoward\SiferckqersikreportsCkuwity.exe Task: {D5FB1FC5-4740-4E26-8493-A56324387631} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-26] (Google Inc -> Google Inc.) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 181.213.132.2 181.213.132.3 Tcpip\..\Interfaces\{CAC97FF6-EF3E-40EC-84F4-5FEA50B46BC6}: [DhcpNameServer] 181.213.132.2 181.213.132.3 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131219624618833568&GUID=00000000-0000-0000-0000-000000000000 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131219624619301569&GUID=00000000-0000-0000-0000-000000000000 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-1401129884-1496255558-2442996880-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www2.savemax.store/ HKU\S-1-5-21-1401129884-1496255558-2442996880-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-09-05] (Oracle America, Inc. -> Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2019-07-19] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-05] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-07-19] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2019-07-19] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-19] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-07-19] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-19] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-07-19] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-19] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-07-19] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-19] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-07-19] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Legacy] [não assinado] FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-05] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-05] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-07-19] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-07-19] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-07-16] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-07-16] (Google Inc -> Google LLC) Chrome: ======= CHR Profile: C:\Users\eden\AppData\Local\Google\Chrome\User Data\Default [2019-07-29] CHR Extension: (Apresentações) - C:\Users\eden\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (StreamFrenzy) - C:\Users\eden\AppData\Local\Google\Chrome\User Data\Default\Extensions\adbpmnlfgchpjemgchfjndoohoegegoh [2019-03-29] CHR Extension: (Documentos) - C:\Users\eden\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Drive) - C:\Users\eden\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-22] CHR Extension: (YouTube) - C:\Users\eden\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-22] CHR Extension: (Planilhas) - C:\Users\eden\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Documentos Google off-line) - C:\Users\eden\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-14] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\eden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05] CHR Extension: (Gmail) - C:\Users\eden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-16] CHR Extension: (Chrome Media Router) - C:\Users\eden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-18] ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11413600 2019-06-25] (Microsoft Corporation -> Microsoft Corporation) S4 hasplms; C:\Windows\system32\hasplms.exe [4665168 2015-09-24] (SafeNet, Inc. -> SafeNet Inc.) S4 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [Arquivo não assinado] S4 HPSIService; C:\Windows\system32\HPSIsvc.exe [126880 2012-09-26] (Hewlett-Packard Company -> HP) S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-05-15] (Microsoft Windows -> Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [77912 2015-09-24] (SafeNet, Inc. -> SafeNet Inc.) S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [81368 2015-09-24] (SafeNet, Inc. -> SafeNet Inc.) S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [322560 2015-09-24] (SafeNet, Inc. -> SafeNet Inc.) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [350552 2015-09-24] (SafeNet, Inc. -> SafeNet Inc.) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-07-19] (Malwarebytes Corporation -> Malwarebytes) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.) R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [187392 2009-06-10] (Microsoft Windows -> Realtek Corporation ) R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Microsoft Windows -> Realtek Semiconductor Corporation ) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um mês (criados) ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2019-07-29 16:03 - 2019-07-29 16:07 - 000017469 _____ C:\Users\eden\Downloads\FRST.txt 2019-07-29 16:02 - 2019-07-29 16:03 - 000000000 ____D C:\FRST 2019-07-29 16:00 - 2019-07-29 16:01 - 002096128 _____ (Farbar) C:\Users\eden\Downloads\FRST64.exe 2019-07-29 13:19 - 2019-07-29 13:19 - 000002580 _____ C:\Users\eden\Desktop\roguekiller_report2.txt 2019-07-25 12:03 - 2019-07-25 12:03 - 000003708 _____ C:\Users\eden\Desktop\roguekiller_report.txt 2019-07-24 19:19 - 2019-07-25 01:02 - 000000000 ____D C:\Users\Todos os Usuários\RogueKiller 2019-07-24 19:19 - 2019-07-25 01:02 - 000000000 ____D C:\ProgramData\RogueKiller 2019-07-24 19:18 - 2019-07-24 19:19 - 034898488 _____ C:\Users\eden\Downloads\RogueKiller_portable64.exe 2019-07-23 15:22 - 2019-07-23 15:22 - 000015723 _____ C:\Users\eden\Desktop\ZHPCleaner (R).txt 2019-07-23 14:57 - 2019-07-23 15:19 - 000016121 _____ C:\Users\eden\Desktop\ZHPCleaner (S).txt 2019-07-23 14:35 - 2019-07-23 15:22 - 000000000 ____D C:\Users\eden\AppData\Roaming\ZHP 2019-07-23 14:35 - 2019-07-23 14:35 - 000000828 _____ C:\Users\eden\Desktop\ZHPCleaner.lnk 2019-07-23 14:35 - 2019-07-23 14:35 - 000000000 ____D C:\Users\eden\AppData\Local\ZHP 2019-07-23 14:33 - 2019-07-23 14:33 - 000006229 _____ C:\Users\eden\Desktop\AdwCleaner[C00].txt 2019-07-23 14:22 - 2019-07-23 14:24 - 000000000 ____D C:\AdwCleaner 2019-07-19 14:17 - 2019-07-19 14:17 - 000000000 ____D C:\Users\eden\AppData\Local\mbam 2019-07-19 14:14 - 2019-07-19 14:14 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2019-07-19 14:13 - 2019-07-19 14:13 - 000000000 ____D C:\Users\eden\AppData\Local\mbamtray 2019-07-19 14:11 - 2019-07-19 14:11 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-07-19 14:11 - 2019-07-19 14:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-07-19 14:11 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2019-07-19 14:10 - 2019-07-19 14:10 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes 2019-07-19 14:10 - 2019-07-19 14:10 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-07-19 14:10 - 2019-07-19 14:10 - 000000000 ____D C:\Program Files\Malwarebytes 2019-07-19 14:00 - 2019-07-19 14:00 - 003069312 _____ (Nicolas Coolman) C:\Users\eden\Downloads\ZHPCleaner.exe 2019-07-19 13:59 - 2019-07-19 13:59 - 007025360 _____ (Malwarebytes) C:\Users\eden\Downloads\adwcleaner_7.3.exe 2019-07-19 13:58 - 2019-07-19 13:59 - 064649064 _____ (Malwarebytes ) C:\Users\eden\Downloads\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11612.exe 2019-07-18 10:11 - 2019-07-18 10:11 - 000000000 ____D C:\Program Files (x86)\ESET 2019-07-18 10:08 - 2019-07-18 16:22 - 000003042 _____ C:\Windows\System32\Tasks\PandaUSBVaccine 2019-07-18 10:08 - 2019-07-18 16:22 - 000000000 ____D C:\Program Files (x86)\Panda USB Vaccine 2019-07-18 10:08 - 2019-07-18 10:08 - 000000000 ____D C:\Users\Todos os Usuários\Panda Security 2019-07-18 10:08 - 2019-07-18 10:08 - 000000000 ____D C:\ProgramData\Panda Security 2019-07-18 10:08 - 2019-07-18 10:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security 2019-07-18 09:56 - 2019-07-18 09:56 - 000001034 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk 2019-07-18 09:56 - 2019-07-18 09:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2019-07-18 09:56 - 2019-07-18 09:56 - 000000000 ____D C:\Program Files\VS Revo Group 2019-07-18 09:55 - 2019-07-18 09:56 - 007411912 _____ (VS Revo Group ) C:\Users\eden\Downloads\revosetup.exe 2019-07-18 09:30 - 2019-07-18 09:31 - 002870984 _____ (ESET) C:\Users\eden\Downloads\esetsmartinstaller_enu.exe 2019-07-18 09:27 - 2019-07-18 09:27 - 000848856 _____ (Panda Security ) C:\Users\eden\Downloads\USBVaccineSetup.exe 2019-07-18 07:29 - 2019-07-18 07:29 - 000043509 _____ C:\Users\eden\Downloads\MURO DE SALINAS.pdf 2019-07-16 13:28 - 2019-07-16 13:28 - 000022380 _____ C:\ZA-Scan.txt 2019-07-16 13:21 - 2018-04-19 22:18 - 002041445 _____ C:\Users\eden\Desktop\Z-Analyse.exe 2019-07-16 13:16 - 2019-07-16 13:16 - 000000000 ____D C:\zoek_backup ==================== Um mês (modificados) ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2019-07-29 14:39 - 2009-07-14 01:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-07-29 14:39 - 2009-07-14 01:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-07-29 14:31 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-07-29 13:18 - 2016-08-19 13:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2019-07-23 14:24 - 2016-07-12 09:20 - 000000000 ____D C:\Windows\system32\log 2019-07-22 23:06 - 2019-03-06 19:01 - 000000000 ____D C:\Users\eden\AppData\Roaming\xmbtdrveu 2019-07-22 11:45 - 2009-07-14 02:08 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2019-07-19 14:33 - 2016-10-29 12:00 - 000000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft 2019-07-19 14:33 - 2016-10-29 12:00 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-07-19 14:31 - 2009-07-14 00:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared 2019-07-19 14:25 - 2016-10-29 11:56 - 000000000 ____D C:\Program Files\Microsoft Office 2019-07-18 16:24 - 2016-10-22 11:09 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-07-18 12:52 - 2018-03-23 10:52 - 000000000 ___HD C:\Users\eden\AppData\Roaming\meauyot 2019-07-18 12:50 - 2018-12-22 19:18 - 000000000 ___HD C:\Users\eden\AppData\Local\ljljya 2019-07-18 12:50 - 2018-12-12 11:51 - 000000000 ___HD C:\Users\eden\AppData\Local\eiqlkgm 2019-07-16 13:33 - 2016-10-26 16:44 - 000003502 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2019-07-16 13:33 - 2016-10-26 16:44 - 000003374 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2019-07-05 07:15 - 2016-05-10 09:26 - 000000000 ____D C:\Users\eden\Desktop\Papai 2019-07-05 07:14 - 2019-02-06 15:20 - 000018572 _____ C:\Users\eden\Desktop\Planilha financeira da familia 2019.xlsx 2019-07-05 06:54 - 2018-06-13 21:57 - 000012489 _____ C:\Users\eden\Desktop\Cópia de Cópia de DÍVIDAS.xlsx ==================== Arquivos na raiz de alguns diretórios ================ 2019-03-29 15:59 - 2019-03-29 15:59 - 007505920 _____ () C:\Program Files (x86)\GUT7281.tmp ==================== FLock ================ 2016-05-09 19:09 C:\Windows\CSC ==================== SigCheck =============================== (Não há correção automática para arquivos que não passaram na verificação.) LastRegBack: 2019-07-22 19:32 ==================== Fim de FRST.txt ============================
  3. Amigo, nesses dias de reparo, eu notei que sempre a ligar o notebook, ele abria uma página na internet e abria algum erro no prompt de comando, como mostra a foto a seguir. Pensei que ao final de todas essas etapas, isso não iria mais acontecer, mas esse problema continua. Porém, o computador está muito mais rápido.
  4. RogueKiller Anti-Malware V13.3.2.0 (x64) [Jul 15 2019] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits Started in : Normal mode User : eden [Administrator] Started from : C:\Users\eden\Downloads\RogueKiller_portable64.exe Signatures : 20190729_141301, Driver : Loaded Mode : Standard Scan, Delete -- Date : 2019/07/29 13:18:16 (Duration : 01:09:25) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUP.HackTool (Potentially Malicious)] \AutoKMS -- C:\Windows\AutoKMS\AutoKMS.exe -> Deleted [PUP.Slimware (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon -- [%SystemRoot%\System32\DRIVERS\SWDUMon.sys] -> Deleted [PUP.Slimware (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SWDUMon -- [%SystemRoot%\System32\DRIVERS\SWDUMon.sys] -> Deleted [VT.Detected (Malicious)] Microsoft.js -- %_eden_appdata%\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.js -> Deleted [PUP.WinZipper|PUP.Gen1 (Potentially Malicious)] Uninstall.lnk -- %programdata%\Microsoft\Windows\Start Menu\Programs\WinZip\Uninstall.lnk (lnk => C:\Program Files (x86)\WinZipper\wzUninstall.exe []) -> Deleted
  5. Estava sim . RogueKiller Anti-Malware V13.3.2.0 (x64) [Jul 15 2019] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits Started in : Normal mode User : eden [Administrator] Started from : C:\Users\eden\Downloads\RogueKiller_portable64.exe Signatures : 20190723_195507, Driver : Loaded Mode : Standard Scan, Scan -- Date : 2019/07/24 19:21:11 (Duration : 01:03:43) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUP.HackTool (Potentially Malicious)] \AutoKMS -- C:\Windows\AutoKMS\AutoKMS.exe -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> O23 - Services [PUP.Slimware (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon -- C:\Windows\System32\DRIVERS\SWDUMon.sys (missing) -> Found [PUP.Slimware (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SWDUMon -- C:\Windows\System32\DRIVERS\SWDUMon.sys (missing) -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [VT.Detected (Malicious)] (file) Microsoft.js -- C:\Users\eden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.js -> Found [PUP.WinZipper|PUP.Gen1 (Potentially Malicious)] (shortcut) Uninstall.lnk -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\Uninstall.lnk => C:\Program Files (x86)\WinZipper\wzUninstall.exe -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
  6. Tive que anexar os logs, pelo fato do número de caracteres travar o computador. ZHPCleaner (R).txt logmbam.txt AdwCleaner[C00].txt ZHPCleaner (S).txt
  7. C:\$Recycle.Bin\S-1-5-21-1401129884-1496255558-2442996880-1000\$R8TFHAS\Service_KMS.exe a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application cleaned by deleting C:\extensions\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.xpi JS/Mindspark.D potentially unwanted application deleted C:\Users\eden\AppData\Local\eiqlkgm\cqrgi.js JS/Bondat.BL worm cleaned by deleting C:\Users\eden\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000854 JS/CoinMiner.D potentially unwanted application cleaned by deleting C:\Users\eden\AppData\Local\Google\Chrome\User Data\Default\Extensions\adbpmnlfgchpjemgchfjndoohoegegoh\13.855.14.56707_0\js\PartnerId.js JS/Mindspark.G potentially unwanted application cleaned by deleting C:\Users\eden\AppData\Local\ljljya\jwkdpvbng.js JS/Bondat.BL worm cleaned by deleting C:\Users\eden\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XI59T3M2\hf[1].exe multiple threats cleaned by deleting C:\Users\eden\AppData\Local\Stanper\User Data\Default\Cache\f_00587d JS/Adware.Revizer.A application deleted C:\Users\eden\AppData\Local\Stanper\User Data\Default\Cache\f_008c78 JS/Adware.Revizer.B application deleted C:\Users\eden\AppData\Local\Stanper\User Data\Default\Cache\f_00b66c JS/Adware.Revizer.B application deleted C:\Users\eden\AppData\Local\Stanper\User Data\Default\Cache\f_00b6ac JS/Adware.Revizer.B application deleted C:\Users\eden\AppData\Local\Stanper\User Data\Default\Cache\f_00ba5b JS/Adware.Revizer.B application deleted C:\Users\eden\AppData\Local\Stanper\User Data\Default\Cache\f_00bc84 JS/Adware.Revizer.B application deleted C:\Users\eden\AppData\Local\Temp\ddd.js JS/Bondat.BL worm cleaned by deleting C:\Users\eden\AppData\Local\Temp\fuwmwaqq.js JS/Bondat.BL worm cleaned by deleting C:\Users\eden\AppData\Local\Temp\HYD7A6D.tmp.1563452497\HTA\install.1563452497.zip Win32/OpenCandy.J potentially unsafe application deleted C:\Users\eden\AppData\Local\Temp\HYD7A6D.tmp.1563452497\HTA\scripts\install.js Win32/OpenCandy.J potentially unsafe application cleaned by deleting C:\Users\eden\AppData\Local\Temp\HYD7A6D.tmp.1563452497\HTA\scripts\uninstall.js Win32/OpenCandy.J potentially unsafe application cleaned by deleting C:\Users\eden\AppData\Local\Temp\HYD7A6D.tmp.1563452497\HTA\shell_scripts\shell_install_offer.js Win32/OpenCandy.J potentially unsafe application cleaned by deleting C:\Users\eden\AppData\Local\Temp\HYD7A6D.tmp.1563452497_permissionsCopy\updates\3.5.0_43804.exe Win32/OpenCandy.J potentially unsafe application deleted C:\Users\eden\AppData\Roaming\aiasfacoiaksf.vbs VBS/Agent.NDP worm cleaned by deleting (after the next restart) C:\Users\eden\AppData\Roaming\grhhzwsf.exe multiple threats cleaned by deleting C:\Users\eden\AppData\Roaming\meauyot\kvwvdllue.js JS/Bondat.AN worm cleaned by deleting C:\Users\eden\AppData\Roaming\xmbtdrveu\calcX.exe a variant of Win64/CoinMiner.DN potentially unwanted application cleaned by deleting (after the next restart) C:\Users\eden\AppData\Roaming\xmbtdrveu\uac.exe a variant of Win64/HackTool.UACMe.E trojan cleaned by deleting (after the next restart) C:\Users\eden\Downloads\CPROVNT DT HJ.zip PowerShell/TrojanDownloader.Agent.GI trojan deleted C:\Users\eden\Downloads\Detalhes-Processo-23-11-2016.zip VBS/TrojanDownloader.Banload.BN trojan deleted C:\Users\eden\Downloads\NFE-Compra-Realizada-com-sucesso.zip JS/TrojanDownloader.Agent.PKZ trojan deleted C:\Users\eden\Downloads\ReimageRepair.exe a variant of Win32/ReImageRepair.K potentially unwanted application cleaned by deleting C:\Users\eden\Downloads\Autodesk AutoCAD 2016 SP1 (x64 & X86) Incl.Keygen\32 Bit {X86}\Keygen\xf-adsk2016_x86.exe a variant of Win32/Keygen.OJ potentially unsafe application cleaned by deleting C:\Users\eden\Downloads\Autodesk AutoCAD 2016 SP1 (x64 & X86) Incl.Keygen\64 Bit {X64}\Keygen\xf-adsk2016_x64.exe a variant of Win32/Keygen.OX potentially unsafe application cleaned by deleting C:\Users\Public\Documents\Downloaded Installers\{746AB259-6474-4111-8966-1C62F9A6E063}\setup.msi a variant of Win32/UwS.SlimDrivers.A application deleted C:\Windows\Installer\afb7e1.msi a variant of Win32/UwS.SlimDrivers.A application deleted E:\Files.bat BAT/Starter.NGE trojan cleaned by deleting E:\Files.lnk LNK/Agent.BA trojan cleaned by deleting E:\System Volume Information.lnk LNK/Agent.BA trojan cleaned by deleting E:\cfsdaacdfawd\aiasfacoiaksf.vbss VBS/Agent.NDP worm cleaned by deleting E:\Files\649\fadlunqk.js JS/Bondat.BL worm cleaned by deleting E:\Files\24CB88EA\leycd.js JS/Bondat.BL worm cleaned by deleting
  8. Bom dia, meu pai possui um notebook da Semp Toshiba de 2010 com alguns documentos importantes. Nesses tempos, ele ligou o notebook para pegar esses documentos, mas no mesmo momento que ele inseriu o pendrive, todos os programas que estavam nele viraram atalhos. Além disso, o notebook demora muito pra responder qualquer tarefa. Outra coisa, quando eu ligo o Wifi dele, ele desliga sozinho. ZA-Scan.txt

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

GRÁTIS: minicurso “Como ganhar dinheiro montando computadores”

Gabriel TorresGabriel Torres, fundador e editor executivo do Clube do Hardware, acaba de lançar um minicurso totalmente gratuito: "Como ganhar dinheiro montando computadores".

Você aprenderá sobre o quanto pode ganhar, como cobrar, como lidar com a concorrência, como se tornar um profissional altamente qualificado e muito mais!

Inscreva-se agora!