Ir ao conteúdo
  • Comunicados

    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.

John_Bravow

Membros Juniores
  • Total de itens

    16
  • Registro em

  • Última visita

  • Qualificações

    0%

Reputação

0

Sobre John_Bravow

  • Data de Nascimento 17-08-1957

Informações gerais

  • Cidade e Estado
    Salvador

Outros

  • Ocupação
    comercio
  • Interesses
    informática
  1. PC com suspeita de vírus

    Caro Diego, Já efetuei todos os procedimentos solicitados. O CCleaner já utilizo ele desde 2009 seguindo orientação de JoseMelo Analista aqui do Clube do Hardware. Esqueci desligado o Update do Windows mas já o ativei. Como não preciso postar o Log gerado creio que meu PC já está limpo e posso usa-lo com segurança. Muito obrigado por sua atenção e presteza. Que Deus continue iluminando você e sua família. Abraços.
  2. PC com suspeita de vírus

    Boa noite Diego, Desinstalei o programa uTorrent e executei o SecurityCheck como solicitado. Segue o log solicitado. Obrigado e bom final de semana. SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17] WebSite: www.safezone.cc DateLog: 06.01.2018 00:09:57 Path starting: C:\Users\Wenceslau\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: Wenceslau VersionXML: 4.82is-05.01.2018 ___________________________________________________________________________ Windows 7(6.1.7601) Service Pack 1 (x64) Ultimate Lang: Portuguese(0416) Installation date OS: 26.03.2017 20:39:20 LicenseStatus: Windows(R) 7, Ultimate edition The machine is permanently activated. Boot Mode: Normal Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe SystemDrive: C: FS: [NTFS] Capacity: [507.8 Gb] Used: [138.8 Gb] Free: [369 Gb] ------------------------------- [ Windows ] ------------------------------- Internet Explorer 8.0.7601.17514 Warning! Download Update Online installation. Last version available when Windows update is enabled throught the Internet. User Account Control enabled (Level 3) Never check for updates (-1) Windows Update (wuauserv) - The service is running Central de Segurança (wscsvc) - The service is running Registro remoto (RemoteRegistry) - The service has stopped Descoberta SSDP (SSDPSRV) - The service is running Serviços de Área de Trabalho Remota (TermService) - The service has stopped Windows Remote Management (WS-Management) (WinRM) - The service has stopped ------------------------------- [ HotFix ] -------------------------------- HotFix KB3115858 Warning! Download Update HotFix KB3140735 Warning! Download Update HotFix KB3138910 Warning! Download Update HotFix KB3138962 Warning! Download Update HotFix KB3145739 Warning! Download Update HotFix KB3146963 Warning! Download Update HotFix KB3156013 Warning! Download Update HotFix KB3156016 Warning! Download Update HotFix KB3156019 Warning! Download Update HotFix KB3155178 Warning! Download Update HotFix KB3153171 Warning! Download Update HotFix KB3170455 Warning! Download Update HotFix KB3178034 Warning! Download Update HotFix KB3185911 Warning! Download Update HotFix KB3184122 Warning! Download Update HotFix KB3192391 Warning! Download Update HotFix KB3197867 Warning! Download Update HotFix KB3205394 Warning! Download Update HotFix KB4012212 Warning! Download Update HotFix KB4019263 Warning! Download Update HotFix KB4022722 Warning! Download Update HotFix KB4015546 Warning! Download Update HotFix KB4025337 Warning! Download Update HotFix KB4034679 Warning! Download Update HotFix KB4041678 Warning! Download Update ------------------------------ [ MS Office ] ------------------------------ Microsoft Office 2010 x64 v.14.0.4763.1000 ---------------------------- [ Antivirus_WMI ] ---------------------------- Avira Antivirus (enabled and up to date) --------------------------- [ FirewallWindows ] --------------------------- Firewall do Windows (MpsSvc) - The service is running --------------------------- [ AntiSpyware_WMI ] --------------------------- Avira Antivirus (enabled and up to date) Windows Defender (disabled and up to date) ---------------------- [ AntiVirusFirewallInstall ] ----------------------- Avira Antivirus v.15.0.34.17 --------------------------- [ OtherUtilities ] ---------------------------- 7-Zip 9.20 (x64 edition) v.9.20.00.0 Warning! Download Update Uninstall old version and install new one. TeamViewer 13 v.13.0.5640 Warning! Download Update TeamViewer 13 (TeamViewer) - The service is running -------------------------------- [ Java ] --------------------------------- Java 8 Update 151 v.8.0.1510.12 Warning! Download Update Uninstall old version and install new one (jre-8u152-windows-i586.exe). --------------------------- [ AdobeProduction ] --------------------------- Adobe Reader XI - Português v.11.0.00 Warning! Download Update ^Please run Adobe Reader XI and go Help - Check for updates...^ ------------------------------- [ Browser ] ------------------------------- Google Chrome v.63.0.3239.132 ------------------ [ AntivirusFirewallProcessServices ] ------------------- Avira Agendamento (AntiVirSchedulerService) - The service is running C:\Program Files (x86)\Avira\Antivirus\sched.exe v.15.0.34.17 Avira Real-Time Protection (AntiVirService) - The service is running C:\Program Files (x86)\Avira\Antivirus\avguard.exe v.15.0.34.17 Avira Mail Protection (AntiVirMailService) - The service has stopped Avira Web Protection (AntiVirWebService) - The service has stopped Avira Service Host (Avira.ServiceHost) - The service is running C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe v.1.2.103.26908 C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe v.1.2.103.26908 Avira System Speedup (SpeedupService) - The service is running C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe v.4.4.0.6828 C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe v.4.4.0.6828 C:\Program Files (x86)\Avira\Antivirus\avshadow.exe v.15.0.34.17 C:\Program Files (x86)\Avira\Antivirus\avgnt.exe v.15.0.34.12 McAfee Validation Trust Protection Service (mfevtp) - The service is running C:\Windows\System32\mfevtps.exe Windows Defender (WinDefend) - The service has stopped ----------------------------- [ End of Log ] ------------------------------
  3. PC com suspeita de vírus

    Caro Diego, Feliz 2018 pra você também. O utorrent era o programa que ficava lento no meu PC. Após os primeiros procedimentos ficou bom mas depois voltou a ficar lento. Já desinstalei e instalei novamente e continua. Devo refazer os passos anteriores ou será preciso formatar o PC? E o utorrent, se substituir pelo Transmission ou pelo Deluge será que resolvo o problema? Agradeço sua ajuda. Abraços.
  4. PC com suspeita de vírus

    Bom dia Diego, Segue abaixo o log solicitado. Obrigado pela presteza e fico no aguardo de suas instruções. McAfee® Labs Stinger™ Version 12.1.0.2621 built on Dec 25 2017 at 23:47:22 Copyright© 2015, McAfee, Inc. All Rights Reserved. AV Engine version v5900.7806 for Windows. Virus data file v1000.0 created on Dec 26, 2017 Ready to scan for 10281 viruses, trojans and variants. Custom scan initiated on quarta-feira, dezembro 27, 2017 01:18:55 Rootkit scan result : Clean. C:\Documents and Settings\Wenceslau\Downloads\NF472334034532.zip\NF472334034532.exe is infected with Artemis!AFFE42E9354E C:\Documents and Settings\Wenceslau\Downloads\NF472334034532.zip\NF472334034532.exe has been Deleted D:\Downloads\Windows\Office 2010\CRACK\Activator_Office.2010.exe [MD5:b18903f14c92f3b9d3d08ca13a39efdd] is infected with Artemis!B18903F14C92 D:\Downloads\Windows\Office 2010\CRACK\Activator_Office.2010.exe has been Deleted D:\Downloads\ZA-Scan.exe [MD5:4a55e77de18babec3ba4022f44afe3d6] is infected with Artemis!4A55E77DE18B D:\Downloads\ZA-Scan.exe has been Deleted D:\Games\Sniper.Ghost.Warrior-SKIDROW\Crack\SKIDROW.exe [MD5:c233152ef99559f0dfb1343cc47b0658] is infected with Artemis!C233152EF995 D:\Games\Sniper.Ghost.Warrior-SKIDROW\Crack\SKIDROW.exe has been Deleted G:\Games\Sniper.Ghost.Warrior-SKIDROW\Crack\SKIDROW.exe [MD5:c233152ef99559f0dfb1343cc47b0658] is infected with Artemis!C233152EF995 G:\Games\Sniper.Ghost.Warrior-SKIDROW\Crack\SKIDROW.exe has been Deleted Summary Report on C: D: E: F: G: File(s) TotalFiles:............ 1233481 Clean:................. 381910 Not Scanned:........... 851566 Possibly Infected:..... 5 Time: 02:56:03 Scan completed on quarta-feira, dezembro 27, 2017 04:14:58
  5. PC com suspeita de vírus

    Boa noite, Já ativei o Firewall e desinstalei um 1 AV e 1 AS. Segue o log solicitado: Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 23-12-2017 01 Executado por Wenceslau (23-12-2017 17:19:38) Run:1 Executando a partir de C:\Users\Wenceslau\Desktop Perfis Carregados: Wenceslau (Perfis Disponíveis: Wenceslau & Bravow) Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-2997367494-393603422-507260798-1000\...\MountPoints2: {cae7e954-6e29-11e7-8d62-fcaa14fae6fe} - K:\stp-se4ds.exe CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2997367494-393603422-507260798-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = S3 VGPU; System32\drivers\rdvgkmd.sys [X] 2017-09-10 01:19 - 2017-09-10 01:19 - 000000000 _____ () C:\Users\Bravow\AppData\Local\Temp\ny0kz9vz.dll CMD: ipconfig /flushdns EmptyTemp: ***************** Ponto de Restauração criado com sucesso. Processos fechados com sucesso. "HKU\S-1-5-21-2997367494-393603422-507260798-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cae7e954-6e29-11e7-8d62-fcaa14fae6fe}" => removido (a) com sucesso. HKLM\Software\Classes\CLSID\{cae7e954-6e29-11e7-8d62-fcaa14fae6fe} => chave não encontrado (a) "HKLM\SOFTWARE\Policies\Google" => removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso HKU\S-1-5-21-2997367494-393603422-507260798-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso. "HKLM\System\CurrentControlSet\Services\VGPU" => removido (a) com sucesso. VGPU => serviço removido (a) com sucesso. C:\Users\Bravow\AppData\Local\Temp\ny0kz9vz.dll => movido com sucesso ========= ipconfig /flushdns ========= Configura‡Æo de IP do Windows Libera‡Æo do Cache do DNS Resolver bem-sucedida. ========= Fim de CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40237707 B Java, Flash, Steam htmlcache => 42915111 B Windows/system/drivers => 2435046 B Edge => 0 B Chrome => 832147456 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 66228 B Public => 0 B ProgramData => 0 B systemprofile => 239872 B systemprofile32 => 148004 B LocalService => 132244 B NetworkService => 66228 B Wenceslau => 153769466 B Bravow => 58676965 B RecycleBin => 868766 B EmptyTemp: => 1.1 GB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 17:21:10 ==== Obrigado e tenha uma ótima ceia de natal com seus familiares.
  6. PC com suspeita de vírus

    Boa noite. Desculpe a demora em responder mas tive de viajar a trabalho. Seguem os logs solicitados. Obrigado e Feliz Natal. FRST.txt Addition.txt
  7. PC com suspeita de vírus

    Bom dia, Mais uma vez obrigado por sua atenção e fico no aguardo de novas instruções. Seguem abaixo os logs solicitados. Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 17-12-2017 Executado por Wenceslau (administrador) em WENCESLAU-PC (18-12-2017 09:48:15) Executando a partir de C:\Users\Wenceslau\Desktop Perfis Carregados: Wenceslau (Perfis Disponíveis: Wenceslau & Bravow) Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil) Internet Explorer Versão 8 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe () C:\Program Files (x86)\AppBrad\NetExpressUpdater.exe (Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradserv.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradguard.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Avira Operations Gmbh & Co. KG) C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe (BitTorrent Inc.) C:\Users\Wenceslau\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) C:\Users\Wenceslau\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe (BitTorrent Inc.) C:\Users\Wenceslau\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation) HKLM-x32\...\Run: [Avira Safe Shopping] => C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe [546960 2017-10-30] (Avira Operations Gmbh & Co. KG) HKU\S-1-5-21-2997367494-393603422-507260798-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd) HKU\S-1-5-21-2997367494-393603422-507260798-1000\...\MountPoints2: {cae7e954-6e29-11e7-8d62-fcaa14fae6fe} - K:\stp-se4ds.exe CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{79F35CB2-6570-43A4-8958-A8D1309B831E}: [DhcpNameServer] 192.168.0.1 8.8.8.8 8.8.4.4 Internet Explorer: ================== HKU\S-1-5-21-2997367494-393603422-507260798-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2997367494-393603422-507260798-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2997367494-393603422-507260798-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-06] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-06] (Oracle Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Wenceslau\AppData\Roaming\Mozilla\Firefox\Profiles\UxjfiS69.default [2017-03-31] FF Extension: (Avira Browser Safety) - C:\Users\Wenceslau\AppData\Roaming\Mozilla\Firefox\Profiles\UxjfiS69.default\Extensions\abs@avira.com [2017-12-15] FF Extension: (Avira Password Manager) - C:\Users\Wenceslau\AppData\Roaming\Mozilla\Firefox\Profiles\UxjfiS69.default\Extensions\passwordmanager@avira.com [2017-12-15] FF Extension: (Avira SafeSearch Plus) - C:\Users\Wenceslau\AppData\Roaming\Mozilla\Firefox\Profiles\UxjfiS69.default\Extensions\safesearchplus2@avira.com [2017-03-26] [Legacy] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-06] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-06] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-03-16] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-03-16] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.) Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Wenceslau\AppData\Local\Google\Chrome\User Data\Default [2017-12-18] CHR Extension: (Apresentações) - C:\Users\Wenceslau\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Documentos) - C:\Users\Wenceslau\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\Wenceslau\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-26] CHR Extension: (YouTube) - C:\Users\Wenceslau\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-26] CHR Extension: (Planilhas) - C:\Users\Wenceslau\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (Segurança do navegador Avira) - C:\Users\Wenceslau\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-12-12] CHR Extension: (Documentos Google off-line) - C:\Users\Wenceslau\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-26] CHR Extension: (UltraSurf Security, Privacy & Unblock VPN) - C:\Users\Wenceslau\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjnbclmflcpookeapghfhapeffmpodij [2017-10-27] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Wenceslau\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21] CHR Extension: (Gmail) - C:\Users\Wenceslau\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-26] CHR Extension: (Chrome Media Router) - C:\Users\Wenceslau\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-12] CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128944 2017-12-07] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-12-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-12-07] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1526832 2017-12-07] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [434248 2017-11-06] (Avira Operations GmbH & Co. KG) R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [332016 2017-10-25] (Avira Operations GmbH & Co. KG) R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [102304 2017-12-14] (Avira Operations GmbH & Co. KG) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530888 2017-08-23] () S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395536 2017-03-08] (EasyAntiCheat Ltd) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-04-05] (Logitech Inc.) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) R2 NetExpress Updater; C:\Program Files (x86)\AppBrad\NetExpressUpdater.exe [20424 2017-07-31] () R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-03-16] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-03-16] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-03-16] (NVIDIA Corporation) R2 scpbradserv; C:\Program Files (x86)\scpbrad\scpbradserv.exe [1995208 2017-03-29] (Scopus Soluções em TI Ltda) R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74256 2017-12-04] (Avira Operations GmbH & Co. KG) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945264 2017-12-05] (TeamViewer GmbH) R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [1068376 2017-10-26] (GAS Tecnologia LTDA) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-12-07] (Avira Operations GmbH & Co. KG) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [196344 2017-12-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153072 2017-12-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-12-07] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-12-07] (Avira Operations GmbH & Co. KG) R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2017-12-07] (Avira Operations GmbH & Co. KG) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2017-07-22] (Disc Soft Ltd) S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2017-04-05] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2017-04-05] (Logitech Inc.) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-03-16] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2017-03-16] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [59448 2017-03-16] (NVIDIA Corporation) R3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [35664 2017-10-25] (The OpenVPN Project) S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc) S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [28376 2017-12-06] (GAS Tecnologia) R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia) S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [25184 2017-10-26] (GAS Tecnologia) S3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [25184 2016-11-07] (GAS Tecnologia) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Três Meses Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-12-18 09:48 - 2017-12-18 09:48 - 000017302 _____ C:\Users\Wenceslau\Desktop\FRST.txt 2017-12-18 09:47 - 2017-12-18 09:48 - 000000000 ____D C:\FRST 2017-12-18 09:46 - 2017-12-18 09:46 - 002392064 _____ (Farbar) C:\Users\Wenceslau\Desktop\FRST64.exe 2017-12-18 09:21 - 2017-12-18 09:21 - 000070964 _____ C:\Users\Wenceslau\Documents\IPTU-2017_RS_240676-4 cota 09_Quitação_20-10-2017.pdf 2017-12-18 09:16 - 2017-12-18 09:16 - 000000000 ____D C:\Users\Wenceslau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú 2017-12-18 00:21 - 2017-12-18 00:21 - 000045684 _____ C:\Users\Wenceslau\Downloads\Crooked House 2017 WEB-DL XviD AC3-FGT.rar 2017-12-18 00:13 - 2017-12-18 00:13 - 000084429 _____ C:\Users\Wenceslau\Downloads\Most.Beautiful.Island.2017.1080p.WEB-DL.DD5.1.H264.rar 2017-12-18 00:11 - 2017-12-18 00:11 - 000022857 _____ C:\Users\Wenceslau\Downloads\Radius.2017.720p.HDRip.x264.AAC.-.Hon3y.rar 2017-12-18 00:08 - 2017-12-18 00:08 - 000031473 _____ C:\Users\Wenceslau\Downloads\My.Pet.Dinosaur.2017.BRRip.x264.AC3-Manning.rar 2017-12-17 23:52 - 2017-12-17 23:52 - 000000000 ____D C:\Users\Wenceslau\AppData\LocalLow\uTorrent 2017-12-17 19:43 - 2017-12-17 19:46 - 000002200 _____ C:\Users\Wenceslau\Desktop\ZHPCleaner.txt 2017-12-17 19:38 - 2017-12-17 19:46 - 000000000 ____D C:\Users\Wenceslau\AppData\Roaming\ZHP 2017-12-17 19:38 - 2017-12-17 19:38 - 000000838 _____ C:\Users\Wenceslau\Desktop\ZHPCleaner.lnk 2017-12-17 19:38 - 2017-12-17 19:38 - 000000000 ____D C:\Users\Wenceslau\AppData\Local\ZHP 2017-12-17 19:35 - 2017-12-17 19:35 - 000005445 _____ C:\Users\Wenceslau\Desktop\JRT.txt 2017-12-17 19:32 - 2017-12-17 19:32 - 002993024 _____ C:\Users\Wenceslau\Desktop\ZHPCleaner.exe 2017-12-17 19:30 - 2017-12-17 19:30 - 001790024 _____ (Malwarebytes) C:\Users\Wenceslau\Desktop\JRT.exe 2017-12-17 19:20 - 2017-12-17 19:25 - 000000000 ____D C:\AdwCleaner 2017-12-17 19:16 - 2017-12-17 19:16 - 008187336 _____ (Malwarebytes) C:\Users\Wenceslau\Desktop\adwcleaner_7.0.5.0.exe 2017-12-16 16:17 - 2017-12-16 16:17 - 000042466 _____ C:\Users\Wenceslau\Downloads\15622_1_A-319_80.pdf 2017-12-16 16:17 - 2017-12-16 16:17 - 000040794 _____ C:\Users\Wenceslau\Downloads\DITAL AGE.pdf 2017-12-16 16:16 - 2017-12-16 16:16 - 000620069 _____ C:\Users\Wenceslau\Downloads\CCT 2017-2018 - SINPOSBA.pdf 2017-12-16 16:16 - 2017-12-16 16:16 - 000042517 _____ C:\Users\Wenceslau\Downloads\15947_1_B-513_138.pdf 2017-12-16 03:04 - 2017-12-16 03:05 - 022149708 _____ (The qBittorrent project) C:\Users\Wenceslau\Downloads\qbittorrent_4.0.2_x64_setup.exe 2017-12-15 18:37 - 2017-12-15 18:37 - 000060154 _____ C:\Users\Wenceslau\Downloads\72719.pdf 2017-12-15 02:37 - 2017-12-15 02:37 - 000023471 _____ C:\ZA-Scan.txt 2017-12-15 02:25 - 2017-12-15 02:25 - 001368576 _____ C:\Users\Wenceslau\Desktop\ZA-Scan.exe 2017-12-13 21:21 - 2017-11-03 09:43 - 003637272 _____ C:\Users\Wenceslau\Desktop\iwe3000n_0.7.1.bin 2017-12-13 21:19 - 2017-11-03 09:50 - 000666315 _____ C:\Users\Wenceslau\Desktop\CHANGELOG IWE 3000N - versão 0.7.1.pdf 2017-12-13 12:21 - 2017-12-13 12:21 - 002263797 _____ C:\Users\Wenceslau\Downloads\Processo IPTU WSC_8003408-83.2016.8.05.0001.pdf 2017-12-13 10:27 - 2017-12-13 10:27 - 000026016 _____ C:\Users\Wenceslau\Documents\07248032549-IRPF-A-2017-2016-RETIF.DBK 2017-12-13 10:14 - 2017-12-13 10:13 - 000156100 _____ C:\Users\Wenceslau\Documents\07248032549-IRPF-2017-2016-retif2-imagem-darf.pdf 2017-12-13 10:08 - 2017-12-13 10:08 - 000116006 _____ C:\Users\Wenceslau\Downloads\07248032549-IRPF-2017-2016-retif2-imagem-recibo.pdf 2017-12-13 10:03 - 2017-12-13 10:05 - 000083419 _____ C:\Users\Wenceslau\Downloads\eCAC_Retificadora Declaração IRPF-2017 de RCPS.pdf 2017-12-13 09:54 - 2017-12-13 09:54 - 000122023 _____ C:\Users\Wenceslau\Downloads\eCAC_Pendências Declarações IRPF-2017 de RCPS.pdf 2017-12-13 00:36 - 2017-12-13 00:36 - 000070203 _____ C:\Users\Wenceslau\Downloads\A.Date.For.Mad.Mary.2016.DVDRip.rar 2017-12-12 23:22 - 2017-12-12 23:22 - 000002661 _____ C:\Users\Wenceslau\Desktop\µTorrent.lnk 2017-12-12 23:22 - 2017-12-12 23:22 - 000002661 _____ C:\Users\Wenceslau\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2017-12-12 23:21 - 2017-12-18 09:47 - 000000000 ____D C:\Users\Wenceslau\AppData\Roaming\uTorrent 2017-12-12 23:20 - 2017-12-12 23:20 - 002233192 _____ ( ) C:\Users\Wenceslau\Downloads\Baixaki_utorrent_V23Lyp.exe 2017-12-12 22:54 - 2017-12-12 22:54 - 000002253 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-12-12 22:51 - 2017-12-12 22:51 - 000003548 _____ C:\Windows\System32\Tasks\Avira Safe Shopping Updater 2017-12-12 22:50 - 2017-12-07 17:16 - 000196344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2017-12-12 22:50 - 2017-12-07 17:16 - 000153072 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2017-12-12 22:50 - 2017-12-07 17:16 - 000078600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2017-12-12 22:50 - 2017-12-07 17:16 - 000064504 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avdevprot.sys 2017-12-12 22:50 - 2017-12-07 17:16 - 000035328 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2017-12-12 22:50 - 2017-12-07 17:16 - 000034128 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys 2017-12-12 22:48 - 2017-12-17 19:28 - 000000000 ____D C:\Users\Public\Speedup Sessions 2017-12-12 22:47 - 2017-12-15 11:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2017-12-12 22:47 - 2017-12-12 22:51 - 000000000 ____D C:\Program Files (x86)\Avira 2017-12-12 22:47 - 2017-12-12 22:47 - 000003122 _____ C:\Windows\System32\Tasks\Avira SystrayStartTrigger 2017-12-12 22:47 - 2017-12-12 22:47 - 000001192 _____ C:\Users\Public\Desktop\Avira.lnk 2017-12-12 01:50 - 2017-12-12 01:50 - 000000934 _____ C:\Users\Public\Desktop\Navegador Bradesco.lnk 2017-12-12 01:50 - 2017-12-12 01:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegador Exclusivo Bradesco 2017-12-10 17:06 - 2017-12-10 17:06 - 002234218 _____ C:\Users\Wenceslau\Downloads\Private em Foco__ - Dezembro FINAL.pdf 2017-12-09 10:49 - 2017-12-09 11:56 - 000050789 _____ C:\Users\Wenceslau\Documents\Wind River.XtoDVD 2017-12-06 12:33 - 2017-12-06 12:33 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-12-06 12:33 - 2017-12-06 12:33 - 000000000 ____D C:\Users\Todos os Usuários\MB2Migration 2017-12-06 12:33 - 2017-12-06 12:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-12-06 12:33 - 2017-12-06 12:33 - 000000000 ____D C:\ProgramData\MB2Migration 2017-12-06 12:33 - 2017-12-06 12:33 - 000000000 ____D C:\Program Files\Malwarebytes 2017-12-06 12:33 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-12-06 12:32 - 2017-12-06 12:33 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes 2017-12-06 12:32 - 2017-12-06 12:33 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-12-06 12:32 - 2017-12-06 12:33 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2017-12-05 18:07 - 2017-12-05 18:07 - 000065691 _____ C:\Users\Wenceslau\Documents\natal_aspect_grid.php 2017-12-04 00:44 - 2017-12-04 00:46 - 000023175 _____ C:\Users\Wenceslau\Documents\SE_Movimentação_2017-11.pdf 2017-12-04 00:43 - 2017-12-04 00:50 - 000018525 _____ C:\Users\Wenceslau\Documents\SE_Balancete_2017-11.pdf 2017-12-04 00:28 - 2017-12-04 00:28 - 000020256 _____ C:\Users\Wenceslau\Documents\NE_Movimentação_2017-10.pdf 2017-12-04 00:24 - 2017-12-04 00:24 - 000020560 _____ C:\Users\Wenceslau\Documents\NE_Movimentação_2017-11.pdf 2017-12-04 00:23 - 2017-12-04 00:23 - 000017614 _____ C:\Users\Wenceslau\Documents\NE_Balancete_2017-10.pdf 2017-12-04 00:22 - 2017-12-04 00:26 - 000017933 _____ C:\Users\Wenceslau\Documents\NE_Balancete_2017-11.pdf 2017-12-02 03:48 - 2017-12-02 03:48 - 000070902 _____ C:\Users\Wenceslau\Documents\Ne M'abandonne Pas .XtoDVD 2017-12-01 23:01 - 2017-12-02 00:26 - 000054270 _____ C:\Users\Wenceslau\Documents\The Zookeepers Wife.XtoDVD 2017-12-01 05:58 - 2017-12-01 05:58 - 000038727 _____ C:\Users\Wenceslau\Documents\Churchill.XtoDVD 2017-12-01 05:38 - 2017-12-01 05:38 - 000060602 _____ C:\Users\Wenceslau\Documents\The Book Of Henry.XtoDVD 2017-12-01 05:22 - 2017-12-02 03:13 - 000046153 _____ C:\Users\Wenceslau\Documents\The.Ottoman.XtoDVD 2017-12-01 04:41 - 2017-12-01 04:41 - 000062786 _____ C:\Users\Wenceslau\Documents\American Made.XtoDVD 2017-12-01 03:43 - 2017-12-01 03:43 - 000048663 _____ C:\Users\Wenceslau\Documents\HHhH.2017.XtoDVD 2017-11-30 22:07 - 2017-11-30 22:07 - 002058240 _____ C:\Users\Wenceslau\Downloads\08.11.2017 Público - VENDA DIRETA.XLS 2017-11-23 14:02 - 2017-11-23 14:02 - 000038041 _____ C:\Users\Wenceslau\Documents\Preços BR_23-11-2017.pdf 2017-11-23 05:38 - 2017-11-23 05:38 - 000110292 _____ C:\Users\Wenceslau\Documents\ESPANHA.pdf 2017-11-22 15:35 - 2017-11-22 15:34 - 000277273 _____ C:\Users\Wenceslau\Documents\Relatório 073.pdf 2017-11-18 16:20 - 2017-10-26 10:50 - 000025184 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddpp.sys 2017-11-17 08:28 - 2017-11-17 08:28 - 000030939 _____ C:\Users\Wenceslau\Downloads\Beach.Rats.2017.[Bluray + BRRip + BDRip].rar 2017-11-16 22:17 - 2017-11-16 22:17 - 000087386 _____ C:\Users\Wenceslau\Downloads\The.Young.Karl.Marx.2017.720p.BRRip.AC3.x264.HORiZON-ArtSubs.rar 2017-11-16 14:27 - 2017-11-16 14:27 - 000063644 _____ C:\Users\Wenceslau\Downloads\EPAO146.16.pdf 2017-11-13 23:43 - 2017-11-13 23:43 - 000027025 _____ C:\Users\Wenceslau\Documents\SE_Movimentação_2017-10.pdf 2017-11-12 12:49 - 2017-11-12 12:49 - 000061843 _____ C:\Users\Wenceslau\Downloads\Thumper.2017.[WEB-DL + WEBRip] - Renomeie para o seu release.rar 2017-11-09 10:17 - 2017-11-09 10:17 - 000075774 _____ C:\Users\Wenceslau\Documents\Aplicação Previdência Itaú.pdf 2017-11-08 23:19 - 2017-11-08 23:19 - 000022023 _____ C:\Users\Wenceslau\Documents\Caixa Diário_Resumo_Out-2017.pdf 2017-11-08 23:15 - 2017-11-08 23:15 - 000057343 _____ C:\Users\Wenceslau\Documents\Caixa Diário_21 a 31-10-2017.pdf 2017-11-08 23:14 - 2017-11-08 23:14 - 000053539 _____ C:\Users\Wenceslau\Documents\Caixa Diário_11 a 20-10-2017.pdf 2017-11-08 23:14 - 2017-11-08 23:13 - 000052853 _____ C:\Users\Wenceslau\Documents\Caixa Diário_01 a 10-10-2017.pdf 2017-11-08 23:12 - 2017-11-08 23:11 - 000050366 _____ C:\Users\Wenceslau\Documents\Extrato_Bradesco_10-2017.pdf 2017-11-05 03:44 - 2017-11-05 03:44 - 000781535 _____ C:\Users\Wenceslau\Downloads\SEGUNDA ALTERAÇÃO.pdf 2017-11-05 03:44 - 2017-11-05 03:44 - 000228072 _____ C:\Users\Wenceslau\Downloads\RGCARLOS.pdf 2017-11-04 02:10 - 2017-11-04 02:10 - 000269898 _____ C:\Users\Wenceslau\Downloads\The.Wire.S05.REMASTERED.rar 2017-11-04 02:08 - 2017-11-04 02:08 - 000340498 _____ C:\Users\Wenceslau\Downloads\The.Wire.S04.REMASTERED.rar 2017-11-03 22:16 - 2017-12-06 15:11 - 000000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk 2017-11-03 22:16 - 2017-12-06 15:11 - 000000959 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk 2017-11-03 22:15 - 2017-12-06 15:11 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2017-11-03 21:57 - 2017-11-03 21:57 - 000024145 _____ C:\Users\Wenceslau\Desktop\backupwenceslau.backup 2017-11-02 14:29 - 2017-11-02 14:29 - 000000000 ____D C:\Users\Wenceslau\AppData\Local\Avira_Operations_Gmbh_&_C 2017-11-02 14:29 - 2017-11-02 14:29 - 000000000 ____D C:\Users\Wenceslau\AppData\Local\Avira Operations Gmbh & Co. KG 2017-10-31 11:21 - 2017-10-31 11:21 - 000227827 _____ C:\Users\Wenceslau\Downloads\Proprosta de prestação de serviço 24444.pdf 2017-10-30 11:12 - 2017-10-30 11:12 - 000019478 _____ C:\Users\Wenceslau\Downloads\INSS 10-2017_GPS_07-11-2017.pdf 2017-10-30 11:12 - 2017-10-30 11:12 - 000017277 _____ C:\Users\Wenceslau\Downloads\LAPINHA - ALIMENTAÇÃO - 10.2017.pdf 2017-10-29 22:56 - 2017-10-29 22:56 - 000022730 _____ C:\Users\Wenceslau\Documents\SE_Movimentação_2017-09.pdf 2017-10-29 22:37 - 2017-10-29 22:48 - 000023239 _____ C:\Users\Wenceslau\Documents\SE_Movimentação_2017-08.pdf 2017-10-29 22:32 - 2017-11-13 23:42 - 000018872 _____ C:\Users\Wenceslau\Documents\SE_Balancete_2017-10.pdf 2017-10-29 22:32 - 2017-10-29 22:32 - 000016971 _____ C:\Users\Wenceslau\Documents\SE_Balancete_2017-09.pdf 2017-10-29 22:31 - 2017-10-29 22:31 - 000016511 _____ C:\Users\Wenceslau\Documents\SE_Balancete_2017-08.pdf 2017-10-26 23:51 - 2017-10-26 23:51 - 000050792 _____ C:\Users\Wenceslau\Downloads\SEFAZ_CGA WHL.pdf 2017-10-26 10:02 - 2017-10-26 10:02 - 000094285 _____ C:\Users\Wenceslau\Downloads\LAPINHA - TRANSPORTE - 10.2017.pdf 2017-10-25 11:34 - 2017-10-25 11:34 - 000035664 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\phantomtap.sys 2017-10-19 22:55 - 2017-10-19 22:55 - 001266475 _____ C:\Users\Wenceslau\Downloads\de Paris, França a Paris, França - Google Maps.pdf 2017-10-19 21:55 - 2017-10-19 21:55 - 000013701 _____ C:\Users\Wenceslau\Documents\ANP_Simulação de Cálculo Multa.xlsx 2017-10-17 20:47 - 2017-10-17 20:47 - 000056820 _____ C:\Users\Wenceslau\Downloads\Modelos MP 780-2017 - PRD.pdf 2017-10-15 20:57 - 2017-12-18 08:52 - 000003292 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray 2017-10-15 10:44 - 2017-10-15 10:44 - 000064446 _____ C:\Users\Wenceslau\Downloads\IPTU-2017_RS_240676-4 cota 08_Quitação_20-09-2017.pdf 2017-10-11 04:37 - 2017-12-18 09:16 - 000002191 _____ C:\Users\Wenceslau\Desktop\Itaú.lnk 2017-10-11 04:37 - 2017-12-18 09:16 - 000000000 ____D C:\Users\Wenceslau\AppData\Local\Aplicativo Itau 2017-10-10 23:40 - 2017-10-10 23:40 - 000146554 _____ C:\Users\Wenceslau\Downloads\IPTU-2014_NE_463828-0_Boleto_Divida Ativa.pdf 2017-10-10 15:30 - 2017-10-10 15:30 - 000017901 _____ C:\Users\Wenceslau\Documents\Benefícios INSS_ALBS.xlsx 2017-10-09 00:48 - 2017-10-09 00:48 - 000052217 _____ C:\Users\Wenceslau\Documents\Ordem de Venda Nº 0239224407.pdf 2017-10-07 19:58 - 2017-10-07 19:58 - 000051172 _____ C:\Users\Wenceslau\Documents\Unlocked.XtoDVD 2017-10-07 18:30 - 2017-10-07 19:16 - 000066359 _____ C:\Users\Wenceslau\Documents\Alien Covenant.XtoDVD 2017-10-07 18:21 - 2017-10-07 18:21 - 000067056 _____ C:\Users\Wenceslau\Documents\Paris Can Wait.XtoDVD 2017-10-05 20:53 - 2017-10-05 20:53 - 000000600 _____ C:\Users\Wenceslau\PUTTY.RND 2017-10-05 20:32 - 2017-10-05 20:32 - 000000000 ____D C:\Users\Wenceslau\AppData\Roaming\Mikrotik 2017-10-05 20:31 - 2017-10-05 20:31 - 000002114 _____ C:\Users\Wenceslau\Downloads\caio.rsc 2017-10-05 20:30 - 2017-10-05 20:30 - 001588750 _____ C:\Users\Wenceslau\Downloads\winbox.exe 2017-09-29 21:18 - 2017-09-29 21:18 - 000048976 _____ C:\Users\Wenceslau\Documents\12 Feet Deep.XtoDVD 2017-09-29 09:32 - 2017-09-29 09:32 - 000056686 _____ C:\Users\Wenceslau\Documents\47 Meters Down.XtoDVD 2017-09-28 07:44 - 2017-12-09 11:40 - 000023016 _____ C:\Users\Wenceslau\Downloads\Prefeitura Salvador_Aumentos Tributos 2017-2018.xlsx 2017-09-28 07:44 - 2017-09-28 07:44 - 000010375 _____ C:\Users\Wenceslau\Downloads\iptu candeias.xlsx 2017-09-24 20:14 - 2017-09-24 20:14 - 000170080 _____ C:\Users\Wenceslau\Downloads\MSC Seaview 2019.pdf 2017-09-24 19:59 - 2017-09-24 19:59 - 000054780 _____ C:\Users\Wenceslau\Downloads\calendario-webcid-2018.pdf 2017-09-24 19:59 - 2017-09-24 19:59 - 000024518 _____ C:\Users\Wenceslau\Downloads\calendario-webcid-2018.xls 2017-09-24 19:38 - 2017-09-24 19:40 - 113551409 _____ C:\Users\Wenceslau\Downloads\MSC Cruzeiros.pdf 2017-09-24 19:32 - 2017-09-24 19:32 - 000676859 _____ C:\Users\Wenceslau\Downloads\MSC Seaview.pdf 2017-09-22 18:52 - 2017-09-22 18:52 - 000062928 _____ C:\Users\Wenceslau\Documents\Going in Style.XtoDVD 2017-09-22 18:00 - 2017-09-22 20:25 - 000044567 _____ C:\Users\Wenceslau\Documents\A United Kingdom.XtoDVD 2017-09-22 17:51 - 2017-09-22 17:51 - 000066980 _____ C:\Users\Wenceslau\Documents\The Hitmans Bodyguard.XtoDVD 2017-09-22 16:07 - 2017-09-22 16:44 - 000062515 _____ C:\Users\Wenceslau\Documents\Rough Night.XtoDVD 2017-09-21 01:17 - 2017-09-21 01:17 - 000001328 _____ C:\Users\Wenceslau\Desktop\Taskkill.lnk 2017-09-21 00:55 - 2017-09-21 00:55 - 000000000 ____D C:\zoek_backup 2017-09-21 00:43 - 2017-09-21 00:43 - 000000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab Setup Files 2017-09-21 00:43 - 2017-09-21 00:43 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2017-09-20 21:54 - 2017-09-20 21:54 - 000266700 _____ C:\Users\Wenceslau\Downloads\Despicable.Me.3.2017.1080p.BluRay.X264-AMIABLE.rar ==================== Três Meses Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-12-18 09:17 - 2011-01-27 20:11 - 000705070 _____ C:\Windows\system32\prfh0416.dat 2017-12-18 09:17 - 2011-01-27 20:11 - 000146910 _____ C:\Windows\system32\prfc0416.dat 2017-12-18 09:17 - 2009-07-14 02:13 - 001633534 _____ C:\Windows\system32\PerfStringBackup.INI 2017-12-18 09:17 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf 2017-12-17 22:28 - 2017-08-23 12:16 - 000000000 ____D C:\Program Files (x86)\Steam 2017-12-17 19:34 - 2017-03-26 18:08 - 000000000 ____D C:\Users\Todos os Usuários\NVIDIA 2017-12-17 19:34 - 2017-03-26 18:08 - 000000000 ____D C:\ProgramData\NVIDIA 2017-12-17 19:34 - 2009-07-14 01:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-12-17 19:34 - 2009-07-14 01:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-12-17 19:26 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-12-15 18:54 - 2017-03-26 19:23 - 000000000 ____D C:\Users\Wenceslau\AppData\Roaming\NVIDIA 2017-12-15 11:15 - 2017-06-01 10:36 - 000000000 ____D C:\Users\Wenceslau\AppData\Roaming\TeamViewer 2017-12-15 11:09 - 2017-03-28 19:08 - 000000000 ____D C:\Users\Wenceslau\AppData\LocalLow\Scpad 2017-12-15 11:09 - 2017-03-28 19:07 - 000000000 ____D C:\Users\Wenceslau\AppData\Roaming\NetExpress50 2017-12-13 10:27 - 2017-04-17 00:21 - 000000000 ____D C:\Users\Wenceslau\.receitanet 2017-12-13 10:14 - 2017-03-30 22:50 - 000000000 ____D C:\Users\Wenceslau\AppData\Local\CutePDF Writer 2017-12-12 23:36 - 2017-03-26 22:24 - 000000000 ____D C:\Users\Wenceslau\AppData\Roaming\MPC-HC 2017-12-12 22:54 - 2017-03-26 18:04 - 000002265 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-12-12 22:50 - 2017-03-26 18:45 - 000000000 ____D C:\Users\Todos os Usuários\Avira 2017-12-12 22:50 - 2017-03-26 18:45 - 000000000 ____D C:\ProgramData\Avira 2017-12-12 22:48 - 2017-03-26 18:47 - 000000000 ____D C:\Users\Wenceslau\AppData\Roaming\Vso 2017-12-12 22:48 - 2017-03-26 18:47 - 000000000 ____D C:\Users\Todos os Usuários\VSO 2017-12-12 22:48 - 2017-03-26 18:47 - 000000000 ____D C:\ProgramData\VSO 2017-12-12 22:47 - 2017-04-28 16:53 - 000000000 ____D C:\Users\Wenceslau\AppData\Local\CrashDumps 2017-12-12 22:47 - 2017-03-26 18:08 - 000000000 ____D C:\Users\Todos os Usuários\Package Cache 2017-12-12 22:47 - 2017-03-26 18:08 - 000000000 ____D C:\ProgramData\Package Cache 2017-12-12 01:50 - 2017-03-28 19:07 - 000000000 ____D C:\Program Files (x86)\AppBrad 2017-12-09 12:19 - 2017-04-08 02:22 - 000000000 ____D C:\Users\Wenceslau\Documents\ConvertXtoDVD 2017-12-06 14:49 - 2017-04-15 15:58 - 000000000 ___SD C:\Users\Wenceslau\AppData\LocalLow\Temp 2017-12-06 14:46 - 2017-03-31 12:26 - 000028376 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys 2017-12-06 12:43 - 2017-05-28 03:14 - 000018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2017-12-02 02:17 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\system32\NDF 2017-12-01 12:31 - 2009-07-14 01:45 - 000420640 _____ C:\Windows\system32\FNTCACHE.DAT ==================== Arquivos na raiz de alguns diretórios ======= 2017-03-26 18:47 - 2017-03-26 18:47 - 000007859 _____ () C:\Users\Wenceslau\AppData\Roaming\pcouffin.cat 2017-03-26 18:47 - 2017-03-26 18:47 - 000001167 _____ () C:\Users\Wenceslau\AppData\Roaming\pcouffin.inf 2017-03-26 18:47 - 2017-03-26 18:47 - 000000055 _____ () C:\Users\Wenceslau\AppData\Roaming\pcouffin.log Alguns arquivos em TEMP: diego_moicano Analistas de Segurança 474 12.530 posts desde 08/09/2007 São Sebastião - SP Denunciar post #2 Postado ontem às 06:59 Caro @John_Bravow Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo. Por favor, atente para o seguinte: Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP); O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro; Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las; Sempre coloque suas respostas neste tópico... Não abra outro! Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador. Respeite a ordem das instruções passadas. Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador! # Etapa nº 1 # Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop) Execute o arquivo adwcleaner.exe Como Administrador Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome" Clique no botão Verificar e aguarde o exame finalizar. Clique no botão Limpar. Abrirá um bloco de notas com o resultado. Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta. O log também será salvo em C:\AdwCleaner NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar. # Etapa nº 2 # Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos. Baixe o Junkware Removal Tool (JRT) e salve em sua Área de trabalho (Desktop) Execute o jrt.exe Como Administrador A ferramenta começará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar. Ao final um log se abrirá. Será salvo no desktop com o nome de JRT.txt. Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta. # Etapa nº 3 # Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos. Faça o download do ZHPCleaner e salve em sua Área de trabalho(Desktop) Execute o arquivo ZHPCleaner.exe Como Administrador Clique no botão Scanner. A ferramenta começara o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar. Em seguida clique no botão Reparar. Será gerado um log chamado ZHPCleaner.txt Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta. Abraços Mencionar Citar Analista de Remoção de Malware | Especialista em Segurança de Redes TCC: Análise Descritiva dos Efeitos do Banker: a praga virtual brasileira.Download aqui Membro UNITE & ASAP & ARIS-LD John_Bravow Autor do tópico Membros Juniores 0 17 posts desde 21/02/2006 Salvador Denunciar post #3 Postado 13 horas (editado) Boa noite, Obrigado por sua atenção. Seguem os Logs solicitados: # Etapa nº 1 # - AdwCleaner (foi gerado outro Log após a reinicialização) # AdwCleaner 7.0.5.0 - Logfile created on Sun Dec 17 22:23:29 2017 # Updated on 2017/29/11 by Malwarebytes # Database: 12-15-2017.1 # Running on Windows 7 Ultimate (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** PUP.Optional.Legacy, Plugin found: Avira SafeSearch Plus - PUP.Optional.Legacy, Plugin found: Avira SafeSearch Plus - /!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 ************************* ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ########## # AdwCleaner 7.0.5.0 - Logfile created on Sun Dec 17 22:25:41 2017 # Updated on 2017/29/11 by Malwarebytes # Running on Windows 7 Ultimate (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** No malicious folders deleted. ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** No malicious registry entries deleted. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** Plugin deleted: Avira SafeSearch Plus - Plugin deleted: Avira SafeSearch Plus - ************************* ::TCP/IP settings cleared ::IE policies deleted ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [1177 B] - [2017/12/17 22:23:29] # Etapa nº 2 # - Junkware Removal Tool (JRT) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.4 (07.09.2017) Operating System: Windows 7 Ultimate x64 Ran by Wenceslau (Administrator) on 17/12/2017 at 19:34:05,21 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 30 Successfully deleted: C:\Users\Wenceslau\AppData\Roaming\Mozilla\Firefox\Profiles\UxjfiS69.default\extensions\safesearchplus2@avira.com\data\search.xml (File) Successfully deleted: C:\Windows\system32\Tasks\AviraSystemSpeedupUpdate (Task) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2B7NW04T (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8XS2RFQ (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BAT4H4F8 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSVX86CQ (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQ1T96B2 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PR3WSX7R (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYGXMM0L (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRA1RG7A (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9EBGJRY (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VVEYZG4V (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2B7NW04T (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8XS2RFQ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BAT4H4F8 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSVX86CQ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQ1T96B2 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PR3WSX7R (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYGXMM0L (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRA1RG7A (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9EBGJRY (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VVEYZG4V (Temporary Internet Files Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 17/12/2017 at 19:35:41,00 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Etapa nº 3 # - ZHPCleaner ~ ZHPCleaner v2017.12.15.215 by Nicolas Coolman (2017/12/15) ~ Run by Wenceslau (Administrator) (17/12/2017 19:46:11) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Reparo ~ Report : C:\Users\Wenceslau\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Wenceslau\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\\ Serviços (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Navegadores de Internet (1) SUPRIMIDO dados: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : 127.0.0.1;localhost;<local>;] =>Hijacker.Proxy ---\\ Arquivo hosts (1) ~ O arquivo hosts é legítimo (21) ---\\ Tarefas automáticas agendadas. (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Explorer ( Arquivos, Pastas) (1) MOVIDO arquivo: C:\Users\Wenceslau\AppData\Local\Google\Chrome\User Data\Default\File System\008 =>PUP.Optional.DomaIQ ---\\ Registro ( Chaves, Valores, Dados ) (1) SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool] =>Toolbar.Ask ---\\ Resumo dos elementos encontrados na sua estação de trabalho (3) https://nicolascoolman.eu/2017/04/03/hijacker-proxy/ =>Hijacker.Proxy https://nicolascoolman.eu/2017/10/04/adware-domaiq/ =>PUP.Optional.DomaIQ https://nicolascoolman.eu/2017/02/28/toolbar-ask/ =>Toolbar.Ask ---\\ Dodatkowe oczyszczenie. (55) ~ Chave de registro Tracing Supprimido (55) ~ Remover os relatórios antigos ZHPCleaner. (0) ---\\ Resultado de reparação Reparação efectuada com sucesso ~ Este navegador está faltando ! (Mozilla Firefox) ~ Este navegador está faltando ! (Opera Software) ---\\ Estatísticas ~ Items scan : 529 ~ Items encontrado : 0 ~ items cancelados : 0 ~ Items réparo : 3 ~ End of clean in 00h00mn06s ~==================== ZHPCleaner-[R]-17122017-19_46_17.txt ZHPCleaner--17122017-19_43_56.txt Fico no aguardo de novas instruções. Obrigado. Editado 13 horas por John_Bravow Mencionar Citar Editar diego_moicano Analistas de Segurança 474 12.530 posts desde 08/09/2007 São Sebastião - SP Denunciar post #4 Postado 13 minutos Caro @John_Bravow Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos. Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop). diego_moicano Analistas de Segurança 474 12.530 posts desde 08/09/2007 São Sebastião - SP Denunciar post #2 Postado ontem às 06:59 Caro @John_Bravow Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo. Por favor, atente para o seguinte: Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP); O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro; Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las; Sempre coloque suas respostas neste tópico... Não abra outro! Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador. Respeite a ordem das instruções passadas. Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador! # Etapa nº 1 # Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop) Execute o arquivo adwcleaner.exe Como Administrador Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome" Clique no botão Verificar e aguarde o exame finalizar. Clique no botão Limpar. Abrirá um bloco de notas com o resultado. Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta. O log também será salvo em C:\AdwCleaner NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar. # Etapa nº 2 # Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos. Baixe o Junkware Removal Tool (JRT) e salve em sua Área de trabalho (Desktop) Execute o jrt.exe Como Administrador A ferramenta começará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar. Ao final um log se abrirá. Será salvo no desktop com o nome de JRT.txt. Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta. # Etapa nº 3 # Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos. Faça o download do ZHPCleaner e salve em sua Área de trabalho(Desktop) Execute o arquivo ZHPCleaner.exe Como Administrador Clique no botão Scanner. A ferramenta começara o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar. Em seguida clique no botão Reparar. Será gerado um log chamado ZHPCleaner.txt Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta. Abraços Mencionar Citar Analista de Remoção de Malware | Especialista em Segurança de Redes TCC: Análise Descritiva dos Efeitos do Banker: a praga virtual brasileira.Download aqui Membro UNITE & ASAP & ARIS-LD John_Bravow Autor do tópico Membros Juniores 0 17 posts desde 21/02/2006 Salvador Denunciar post #3 Postado 13 horas (editado) Boa noite, Obrigado por sua atenção. Seguem os Logs solicitados: # Etapa nº 1 # - AdwCleaner (foi gerado outro Log após a reinicialização) # AdwCleaner 7.0.5.0 - Logfile created on Sun Dec 17 22:23:29 2017 # Updated on 2017/29/11 by Malwarebytes # Database: 12-15-2017.1 # Running on Windows 7 Ultimate (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** PUP.Optional.Legacy, Plugin found: Avira SafeSearch Plus - PUP.Optional.Legacy, Plugin found: Avira SafeSearch Plus - /!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 ************************* ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ########## # AdwCleaner 7.0.5.0 - Logfile created on Sun Dec 17 22:25:41 2017 # Updated on 2017/29/11 by Malwarebytes # Running on Windows 7 Ultimate (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** No malicious folders deleted. ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** No malicious registry entries deleted. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** Plugin deleted: Avira SafeSearch Plus - Plugin deleted: Avira SafeSearch Plus - ************************* ::TCP/IP settings cleared ::IE policies deleted ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [1177 B] - [2017/12/17 22:23:29] # Etapa nº 2 # - Junkware Removal Tool (JRT) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.4 (07.09.2017) Operating System: Windows 7 Ultimate x64 Ran by Wenceslau (Administrator) on 17/12/2017 at 19:34:05,21 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 30 Successfully deleted: C:\Users\Wenceslau\AppData\Roaming\Mozilla\Firefox\Profiles\UxjfiS69.default\extensions\safesearchplus2@avira.com\data\search.xml (File) Successfully deleted: C:\Windows\system32\Tasks\AviraSystemSpeedupUpdate (Task) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2B7NW04T (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8XS2RFQ (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BAT4H4F8 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSVX86CQ (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQ1T96B2 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PR3WSX7R (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYGXMM0L (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRA1RG7A (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9EBGJRY (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VVEYZG4V (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2B7NW04T (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8XS2RFQ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BAT4H4F8 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSVX86CQ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQ1T96B2 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PR3WSX7R (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYGXMM0L (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRA1RG7A (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9EBGJRY (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VVEYZG4V (Temporary Internet Files Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 17/12/2017 at 19:35:41,00 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Etapa nº 3 # - ZHPCleaner ~ ZHPCleaner v2017.12.15.215 by Nicolas Coolman (2017/12/15) ~ Run by Wenceslau (Administrator) (17/12/2017 19:46:11) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Reparo ~ Report : C:\Users\Wenceslau\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Wenceslau\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\\ Serviços (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Navegadores de Internet (1) SUPRIMIDO dados: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : 127.0.0.1;localhost;<local>;] =>Hijacker.Proxy ---\\ Arquivo hosts (1) ~ O arquivo hosts é legítimo (21) ---\\ Tarefas automáticas agendadas. (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Explorer ( Arquivos, Pastas) (1) MOVIDO arquivo: C:\Users\Wenceslau\AppData\Local\Google\Chrome\User Data\Default\File System\008 =>PUP.Optional.DomaIQ ---\\ Registro ( Chaves, Valores, Dados ) (1) SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool] =>Toolbar.Ask ---\\ Resumo dos elementos encontrados na sua estação de trabalho (3) https://nicolascoolman.eu/2017/04/03/hijacker-proxy/ =>Hijacker.Proxy https://nicolascoolman.eu/2017/10/04/adware-domaiq/ =>PUP.Optional.DomaIQ https://nicolascoolman.eu/2017/02/28/toolbar-ask/ =>Toolbar.Ask ---\\ Dodatkowe oczyszczenie. (55) ~ Chave de registro Tracing Supprimido (55) ~ Remover os relatórios antigos ZHPCleaner. (0) ---\\ Resultado de reparação Reparação efectuada com sucesso ~ Este navegador está faltando ! (Mozilla Firefox) ~ Este navegador está faltando ! (Opera Software) ---\\ Estatísticas ~ Items scan : 529 ~ Items encontrado : 0 ~ items cancelados : 0 ~ Items réparo : 3 ~ End of clean in 00h00mn06s ~==================== ZHPCleaner-[R]-17122017-19_46_17.txt ZHPCleaner--17122017-19_43_56.txt Fico no aguardo de novas instruções. Obrigado. Editado 13 horas por John_Bravow Mencionar Citar Editar diego_moicano Analistas de Segurança 474 12.530 posts desde 08/09/2007 São Sebastião - SP Denunciar post #4 Postado 13 minutos Caro @John_Bravow Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos. Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop). 32 bit (x86) ou 64 bit (x64) Clique com o botão direito e escolha Executar como Administrador; Marque a caixa Arquivos 90 dias, e clique no botão Examinar; Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop); Selecione, copie e cole o conteúdo do log FRST.txt em sua próxima resposta; Anexe o log Addition.txt. Mencionar Citar Analista de Remoção de Malware | Especialista em Segurança de Redes TCC: Análise Descritiva dos Efeitos do Banker: a praga virtual brasileira.Download aqui Membro UNITE & ASAP & ARIS-LD 32 bit (x86) ou 64 bit (x64) Clique com o botão direito e escolha Executar como Administrador; Marque a caixa Arquivos 90 dias, e clique no botão Examinar; Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop); Selecione, copie e cole o conteúdo do log FRST.txt em sua próxima resposta; Anexe o log Addition.txt. Mencionar Citar Analista de Remoção de Malware | Especialista em Segurança de Redes TCC: Análise Descritiva dos Efeitos do Banker: a praga virtual brasileira.Download aqui Membro UNITE & ASAP & ARIS-LD ==================== 2017-09-10 01:19 - 2017-09-10 01:19 - 000000000 _____ () C:\Users\Bravow\AppData\Local\Temp\ny0kz9vz.dll ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2017-12-09 00:26 ==================== Fim de FRST.txt ============================ Addition.txt
  8. PC com suspeita de vírus

    Boa noite, Obrigado por sua atenção. Seguem os Logs solicitados: # Etapa nº 1 # - AdwCleaner (foi gerado outro Log após a reinicialização) # AdwCleaner 7.0.5.0 - Logfile created on Sun Dec 17 22:23:29 2017 # Updated on 2017/29/11 by Malwarebytes # Database: 12-15-2017.1 # Running on Windows 7 Ultimate (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** PUP.Optional.Legacy, Plugin found: Avira SafeSearch Plus - PUP.Optional.Legacy, Plugin found: Avira SafeSearch Plus - /!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 ************************* ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ########## # AdwCleaner 7.0.5.0 - Logfile created on Sun Dec 17 22:25:41 2017 # Updated on 2017/29/11 by Malwarebytes # Running on Windows 7 Ultimate (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** No malicious folders deleted. ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** No malicious registry entries deleted. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** Plugin deleted: Avira SafeSearch Plus - Plugin deleted: Avira SafeSearch Plus - ************************* ::TCP/IP settings cleared ::IE policies deleted ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [1177 B] - [2017/12/17 22:23:29] # Etapa nº 2 # - Junkware Removal Tool (JRT) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.4 (07.09.2017) Operating System: Windows 7 Ultimate x64 Ran by Wenceslau (Administrator) on 17/12/2017 at 19:34:05,21 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 30 Successfully deleted: C:\Users\Wenceslau\AppData\Roaming\Mozilla\Firefox\Profiles\UxjfiS69.default\extensions\safesearchplus2@avira.com\data\search.xml (File) Successfully deleted: C:\Windows\system32\Tasks\AviraSystemSpeedupUpdate (Task) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2B7NW04T (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8XS2RFQ (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BAT4H4F8 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSVX86CQ (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQ1T96B2 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PR3WSX7R (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYGXMM0L (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRA1RG7A (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9EBGJRY (Temporary Internet Files Folder) Successfully deleted: C:\Users\Wenceslau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VVEYZG4V (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2B7NW04T (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8XS2RFQ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BAT4H4F8 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSVX86CQ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQ1T96B2 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PR3WSX7R (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYGXMM0L (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRA1RG7A (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9EBGJRY (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VVEYZG4V (Temporary Internet Files Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 17/12/2017 at 19:35:41,00 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Etapa nº 3 # - ZHPCleaner ~ ZHPCleaner v2017.12.15.215 by Nicolas Coolman (2017/12/15) ~ Run by Wenceslau (Administrator) (17/12/2017 19:46:11) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Reparo ~ Report : C:\Users\Wenceslau\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Wenceslau\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\\ Serviços (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Navegadores de Internet (1) SUPRIMIDO dados: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : 127.0.0.1;localhost;<local>;] =>Hijacker.Proxy ---\\ Arquivo hosts (1) ~ O arquivo hosts é legítimo (21) ---\\ Tarefas automáticas agendadas. (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Explorer ( Arquivos, Pastas) (1) MOVIDO arquivo: C:\Users\Wenceslau\AppData\Local\Google\Chrome\User Data\Default\File System\008 =>PUP.Optional.DomaIQ ---\\ Registro ( Chaves, Valores, Dados ) (1) SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool] =>Toolbar.Ask ---\\ Resumo dos elementos encontrados na sua estação de trabalho (3) https://nicolascoolman.eu/2017/04/03/hijacker-proxy/ =>Hijacker.Proxy https://nicolascoolman.eu/2017/10/04/adware-domaiq/ =>PUP.Optional.DomaIQ https://nicolascoolman.eu/2017/02/28/toolbar-ask/ =>Toolbar.Ask ---\\ Dodatkowe oczyszczenie. (55) ~ Chave de registro Tracing Supprimido (55) ~ Remover os relatórios antigos ZHPCleaner. (0) ---\\ Resultado de reparação Reparação efectuada com sucesso ~ Este navegador está faltando ! (Mozilla Firefox) ~ Este navegador está faltando ! (Opera Software) ---\\ Estatísticas ~ Items scan : 529 ~ Items encontrado : 0 ~ items cancelados : 0 ~ Items réparo : 3 ~ End of clean in 00h00mn06s ~==================== ZHPCleaner-[R]-17122017-19_46_17.txt ZHPCleaner--17122017-19_43_56.txt Fico no aguardo de novas instruções. Obrigado.
  9. PC com suspeita de vírus

    Meu PC fica lento ao abrir alguns programas. Estou achando que é algum vírus. ZA-Scan.txt
  10. Deixe o Subtitle Workshop 2.51 funcionando 100%

    Valeu Jandor. Ativei a opção ffdshow Video decocoder configuration marcado (legenda ativada) e Hide no DirectVobSub desmarcado (legenda ativada) e as legendas apareceram no WMP. Como tenho o Windows 64-bit instalei também o VSFilter x86 e troquei a DLL do x86 para VSFilter.dll versão 2.33. Obrigado pela ajuda.
  11. Deixe o Subtitle Workshop 2.51 funcionando 100%

    Excelente seu tutorial. Parabéns e obrigado por compartilha-lo conosco. Após sua instalação passei a visualizar as legendas dos arquivos mkv no SW mas sem imagem. Ao ler o comentário do @kaow onde ele diz que configurou o value como "Yes" da opção "Use custom media type for H.264" e que funcionou para ele ver arquivos MKV pelo SW, fiz o mesmo e deu certo. Porém após seguir seu tutorial meu WMP não apresenta mais as legendas dos arquivos AVI. Poderia me dar uma dica para resolver isto? Grato.
  12. Como gravar um DVD de audio com músicas em DTS-wav

    Valeu pela ajuda GaiusJuliusCaesar mas continuo sem saber como converter os arquivos .wav em .vob para gravar num DVD-R. Eu fiz o download do soft que é em DOS mas quando executei não aconteceu nada. Se puder dar mais explicações agradeço. beleza cara.
  13. Preciso de ajuda. Consegui alguns Cd's com arquivos de músicas em DTS-wav. Cada música tem em torno de 50MB. Gostaria de gravar as músicas num DVD para poder ouvir no HomeTheater desfrutando da qualidade do som DTS 6.1. Como faço para converter esses arquivos .wav em .vob para queimar um DVD que possa ser escutado no player? Já tentei tocar arquivos .wav no DVD player mas não funciona. Já tentei com o soft Audio DVD Creator mas ele só cria DVD de audio em AC3. Tenho um DVD de George Benson gravado em DTS e é fantástica a qualidade do som. Ouvi falar que tem um plugin para gravar DTS-wav mas não consegui achar nenhum tópico sobre o assunto. agradeço a quem puder dar uma dica.
  14. Ajuda para remover Malware

    E obrigado pela ajuda Sr. Ida. Valeu
  15. Ajuda para remover Malware

    1) Resultado do teste do arquivo C:\WINDOWS\system32\Task Win\SERVICES.exe : This is a report processed by VirusTotal on 02/25/2006 at 22:45:30 (CET) after scanning the file "SERVICES.exe" file. Antivirus Version Update Result AntiVir 6.33.1.50 02.25.2006 no virus found Avast 4.6.695.0 02.23.2006 no virus found AVG 718 02.24.2006 no virus found Avira 6.33.1.50 02.25.2006 no virus found BitDefender 7.2 02.25.2006 no virus found CAT-QuickHeal 8.00 02.25.2006 no virus found ClamAV devel-20060126 02.24.2006 no virus found DrWeb 4.33 02.25.2006 no virus found eTrust-InoculateIT 23.71.86 02.25.2006 no virus found eTrust-Vet 12.4.2095 02.24.2006 no virus found Ewido 3.5 02.25.2006 no virus found Fortinet 2.71.0.0 02.25.2006 no virus found F-Prot 3.16c 02.25.2006 no virus found Ikarus 0.2.59.0 02.24.2006 no virus found Kaspersky 4.0.2.24 02.25.2006 no virus found McAfee 4705 02.24.2006 no virus found NOD32v2 1.1418 02.24.2006 no virus found Norman 5.70.10 02.24.2006 no virus found Panda 9.0.0.4 02.25.2006 no virus found Sophos 4.02.0 02.25.2006 no virus found Symantec 8.0 02.25.2006 no virus found TheHacker 5.9.4.102 02.24.2006 no virus found UNA 1.83 02.24.2006 no virus found VBA32 3.10.5 02.24.2006 no virus found 1) Resultado do teste do arquivo C:\WINDOWS\system32\scpseg.dll Antivirus Version Actualización Resultado AntiVir 6.33.1.50 25.02.2006 no ha encontrado virus Avast 4.6.695.0 23.02.2006 no ha encontrado virus AVG 718 24.02.2006 no ha encontrado virus Avira 6.33.1.50 25.02.2006 no ha encontrado virus BitDefender 7.2 25.02.2006 no ha encontrado virus CAT-QuickHeal 8.00 25.02.2006 no ha encontrado virus ClamAV devel-20060126 24.02.2006 no ha encontrado virus DrWeb 4.33 25.02.2006 no ha encontrado virus eTrust-InoculateIT 23.71.86 25.02.2006 no ha encontrado virus eTrust-Vet 12.4.2095 24.02.2006 no ha encontrado virus Ewido 3.5 25.02.2006 no ha encontrado virus Fortinet 2.71.0.0 25.02.2006 no ha encontrado virus F-Prot 3.16c 25.02.2006 no ha encontrado virus Ikarus 0.2.59.0 24.02.2006 no ha encontrado virus Kaspersky 4.0.2.24 25.02.2006 no ha encontrado virus McAfee 4705 24.02.2006 no ha encontrado virus NOD32v2 1.1418 24.02.2006 no ha encontrado virus Norman 5.70.10 24.02.2006 no ha encontrado virus Panda 9.0.0.4 25.02.2006 no ha encontrado virus Sophos 4.02.0 25.02.2006 no ha encontrado virus Symantec 8.0 25.02.2006 no ha encontrado virus TheHacker 5.9.4.102 24.02.2006 no ha encontrado virus UNA 1.83 24.02.2006 no ha encontrado virus VBA32 3.10.5 24.02.2006 no ha encontrado virus 1) Só tem o arquivo SERVICES.exe na pasta Task Win 2) Não conheço esse programa WSN.exe e ele é da WhenU.com

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×