Ir ao conteúdo
  • Cadastre-se

MTRAV93

Membros Plenos
  • Total de itens

    20
  • Registro em

  • Última visita

  • Qualificações

    0%

Reputação

0

Informações gerais

  • Cidade e Estado
    MANAUS
  1. @Ricardov CONFIGURAÇÃO ASRock H61M-VS Memória DDR3 - 4GB CPU Intel Core (TM) i3-2100 3.10GHz Vídeo 1x PCI Express 3.0 x 16 slot (blue @ x16 mode) Fonte ATX 500W Seguem os resulta dos com o HD Tune.
  2. Infelizmente este pc ainda demora muito a responder até mesmo a comandos simples, como o de um mero clicar nas janelas do Win. Explorer, às vezes eu preciso clicar pelo menos umas 4x em uma janela desse Windows até que ela se abra totalmente, tem também, como já mencionei no título, o boot e encerramento que permanecem muito lerdos. E ainda teme uma outra questão, que é a de um travamento bem chatinho, que desde o princípio ele volta e meia acontece, que é quando eu assisto algum vídeo, o computador, DO NADA, absolutamente do nada trava, emitindo um barulho, um chiado estranho e quando isso acontece, eu tenho que esperar pelo menos uns 3 ou 4 minutos até que ele se destrave totalmente. Alguém poderia me auxiliar com essa questão?
  3. @Elias Pereira Seguem os relatórios: Obs.: Só com esse Malwarebytes minha conta de energia desse mês vai ser um absurdo. Meu desktop ficou ligado por mais de 8h a fio. Varredura é absurdamente lenta! Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 30/04/18 Hora da análise: 12:24 Arquivo de registro: ff407ec8-4c92-11e8-9a10-00ff7034b73f.json Administrador: Sim -Informação do software- Versão: 3.4.5.2467 Versão de componentes: 1.0.342 Versão do pacote de definições: 1.0.4926 Licença: Gratuita -Informação do sistema- Sistema operacional: Windows 7 Service Pack 1 CPU: x64 Sistema de arquivos: NTFS Usuário: MTRAV93-TEC-CEL\Mtrav93 -Resumo da análise- Tipo de análise: Análise Customizada Análise Iniciada Por: Manual Resultado: Concluído Objetos verificados: 487656 Ameaças detectadas: 1 Ameaças em quarentena: 1 Tempo decorrido: 8 hr, 12 min, 34 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Detectar PUM: Detectar -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 0 (Nenhum item malicioso detectado) Valor de registro: 0 (Nenhum item malicioso detectado) Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 0 (Nenhum item malicioso detectado) Arquivo: 1 MachineLearning/Anomalous.95%, C:\PROGRAM FILES (X86)\INSTALLJAMMER REGISTRY\WINDOWS\INSTALLKIT.EXE, Quarentena, [0], [392687],1.0.4926 Setor físico: 0 (Nenhum item malicioso detectado) (end) ============= # ------------------------------- # Malwarebytes AdwCleaner 7.1.1.0 # ------------------------------- # Build: 04-27-2018 # Database: 2018-04-30.1 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 05-01-2018 # Duration: 00:00:32 # OS: Windows 7 Ultimate # Scanned: 40814 # Detected: 0 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[c01].txt ########## ======================= ~ ZHPCleaner v2018.4.29.89 by Nicolas Coolman (2018/04/29) ~ Run by Mtrav93 (Administrator) (01/05/2018 15:55:12) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Scan ~ Report : C:\Users\Mtrav93\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Mtrav93\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (1) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (0) ~ No malicious or unnecessary items found. ---\\ Registry ( Key, Value, Data) (2) FOUND key: HKLM\SOFTWARE\Wow6432Node\Winmend [] =>.SUP.SunnyDigit FOUND key: HKLM\SOFTWARE\Winmend [] =>.SUP.SunnyDigit ---\\ Summary of the elements found (1) https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.SunnyDigit ---\\ Result of repair ~ Any repair made ---\\ Statistics ~ Items scanned : 80586 ~ Items found : 4 ~ Items cancelled : 0 ~ Items options : 0/7 ~ Space saving (bytes) : 0 ~ End of search in 00h10mn11s ---\\ Reports (2) ZHPCleaner-[R]-16042018-10_06_47.txt ZHPCleaner--01052018-16_05_23.txt
  4. @Elias Pereira Agora ele tá rodando direitinho. Aparentemente tá tranquilo, mas só agora a pouco, enquanto navegava pelo Youtube, ele deu uma travada de uns 4 minutos, sendo que ele sempre dava essa travada mesmo, no entanto as janelas do explorer tão abrindo rapidinho, os programas também. Enfim, tô achando que tá joia, melhorou demais. Segue o documento: ComboFix 18-03-14.01 - Mtrav93 29/04/2018 15:22:05.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.3817.2223 [GMT -4:00] Executando de: e:\programas\Segurança\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B} FW: Kaspersky Internet Security *Disabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3} SP: Kaspersky Internet Security *Disabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725} SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\SEC1037.tmp c:\programdata\SEC121B.tmp c:\programdata\SEC16FC.tmp c:\programdata\SEC1872.tmp c:\programdata\SEC190D.tmp c:\programdata\SEC194C.tmp c:\programdata\SEC1B3E.tmp c:\programdata\SEC1C87.tmp c:\programdata\SEC1D31.tmp c:\programdata\SEC1F3.tmp c:\programdata\SEC2054.tmp c:\programdata\SEC2443.tmp c:\programdata\SEC25F8.tmp c:\programdata\SEC2637.tmp c:\programdata\SEC26D2.tmp c:\programdata\SEC27AC.tmp c:\programdata\SEC2F6A.tmp c:\programdata\SEC2FD9.tmp c:\programdata\SEC3312.tmp c:\programdata\SEC3504.tmp c:\programdata\SEC3562.tmp c:\programdata\SEC36A9.tmp c:\programdata\SEC36EB.tmp c:\programdata\SEC3775.tmp c:\programdata\SEC384F.tmp c:\programdata\SEC3B9A.tmp c:\programdata\SEC3F13.tmp c:\programdata\SEC40C7.tmp c:\programdata\SEC4134.tmp c:\programdata\SEC42FA.tmp c:\programdata\SEC43C4.tmp c:\programdata\SEC44B0.tmp c:\programdata\SEC44FC.tmp c:\programdata\SEC453C.tmp c:\programdata\SEC48A5.tmp c:\programdata\SEC4D06.tmp c:\programdata\SEC4E2F.tmp c:\programdata\SEC4F48.tmp c:\programdata\SEC4FD8.tmp c:\programdata\SEC516A.tmp c:\programdata\SEC51DB.tmp c:\programdata\SEC54C3.tmp c:\programdata\SEC56E7.tmp c:\programdata\SEC56F5.tmp c:\programdata\SEC58EB.tmp c:\programdata\SEC5A8E.tmp c:\programdata\SEC5AFD.tmp c:\programdata\SEC5D99.tmp c:\programdata\SEC5FFA.tmp c:\programdata\SEC6191.tmp c:\programdata\SEC6587.tmp c:\programdata\SEC65B6.tmp c:\programdata\SEC6604.tmp c:\programdata\SEC6891.tmp c:\programdata\SEC6B21.tmp c:\programdata\SEC71B6.tmp c:\programdata\SEC7232.tmp c:\programdata\SEC7253.tmp c:\programdata\SEC7284.tmp c:\programdata\SEC73E8.tmp c:\programdata\SEC7474.tmp c:\programdata\SEC7BD5.tmp c:\programdata\SEC7EE0.tmp c:\programdata\SEC7F5E.tmp c:\programdata\SEC8141.tmp c:\programdata\SEC81BE.tmp c:\programdata\SEC83F0.tmp c:\programdata\SEC86C.tmp c:\programdata\SEC8881.tmp c:\programdata\SEC94A2.tmp c:\programdata\SEC9770.tmp c:\programdata\SEC9AE8.tmp c:\programdata\SEC9B28.tmp c:\programdata\SEC9B48.tmp c:\programdata\SEC9B64.tmp c:\programdata\SEC9C.tmp c:\programdata\SEC9D49.tmp c:\programdata\SEC9DB6.tmp c:\programdata\SECA533.tmp c:\programdata\SECA718.tmp c:\programdata\SECA89E.tmp c:\programdata\SECA9B7.tmp c:\programdata\SECAA63.tmp c:\programdata\SECAB5B.tmp c:\programdata\SECABED.tmp c:\programdata\SECAC48.tmp c:\programdata\SECB116.tmp c:\programdata\SECB260.tmp c:\programdata\SECB837.tmp c:\programdata\SECBB43.tmp c:\programdata\SECC0B1.tmp c:\programdata\SECC562.tmp c:\programdata\SECC707.tmp c:\programdata\SECC792.tmp c:\programdata\SECC8E.tmp c:\programdata\SECC919.tmp c:\programdata\SECCA72.tmp c:\programdata\SECCBB9.tmp c:\programdata\SECCBE6.tmp c:\programdata\SECCC65.tmp c:\programdata\SECCCC.tmp c:\programdata\SECCF9D.tmp c:\programdata\SECD0F8.tmp c:\programdata\SECD135.tmp c:\programdata\SECD1F0.tmp c:\programdata\SECD39.tmp c:\programdata\SECD3E1.tmp c:\programdata\SECD69F.tmp c:\programdata\SECD8F2.tmp c:\programdata\SECDE4D.tmp c:\programdata\SECE254.tmp c:\programdata\SECE4D4.tmp c:\programdata\SECE518.tmp c:\programdata\SECE580.tmp c:\programdata\SECE60B.tmp c:\programdata\SECE917.tmp c:\programdata\SECEB5D.tmp c:\programdata\SECED4C.tmp c:\programdata\SECEFE.tmp c:\programdata\SECF326.tmp c:\programdata\SECF824.tmp c:\programdata\SECFB20.tmp c:\programdata\SECFB52.tmp c:\programdata\SECFD80.tmp c:\programdata\SECFED7.tmp c:\users\Mtrav93\Documents\~WRL1035.tmp c:\users\Mtrav93\ZHPCleaner.exe c:\windows\SysWow64\CA23042B-0876-4abc-9D76-29DCE1E858CC.dll c:\windows\SysWow64\Config.ini E:\autorun.inf E:\uninstall.exe . . (((((((((((((((( Arquivos/Ficheiros criados de 2018-03-28 to 2018-04-29 )))))))))))))))))))))))))))) . . 2018-04-29 19:39 . 2018-04-29 19:39 -------- d-----w- c:\users\LTM\AppData\Local\temp 2018-04-29 19:39 . 2018-04-29 19:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2018-04-29 19:35 . 2018-04-29 19:35 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{292840CA-5C66-4E44-A585-D37A64DAE1D2}\offreg.3032.dll 2018-04-28 18:19 . 2018-04-28 18:19 -------- d-----w- c:\users\Mtrav93\AppData\Roaming\Opera Software 2018-04-28 18:19 . 2018-04-28 18:19 -------- d-----w- c:\users\Mtrav93\AppData\Local\Opera Software 2018-04-28 14:24 . 2018-04-28 14:24 -------- d-----w- c:\users\Mtrav93\AppData\Roaming\IceDragon 2018-04-28 14:20 . 2018-04-28 14:20 -------- d-----w- c:\users\Mtrav93\AppData\Local\Comodo 2018-04-28 14:19 . 2018-04-28 14:19 -------- d-----w- c:\users\Mtrav93\AppData\Roaming\Comodo 2018-04-28 14:14 . 2018-04-28 14:14 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll 2018-04-28 10:57 . 2018-04-28 10:57 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{292840CA-5C66-4E44-A585-D37A64DAE1D2}\offreg.4092.dll 2018-04-27 10:24 . 2018-04-13 19:08 14575456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{292840CA-5C66-4E44-A585-D37A64DAE1D2}\mpengine.dll 2018-04-21 23:22 . 2018-04-22 00:32 -------- d-----w- c:\users\Mtrav93\AppData\Roaming\audacity 2018-04-21 23:22 . 2018-04-21 23:24 -------- d-----w- c:\users\Mtrav93\AppData\Local\Audacity 2018-04-19 19:21 . 2018-04-21 20:55 93816 ----a-w- c:\windows\system32\drivers\mwac.sys 2018-04-19 17:22 . 2018-04-21 20:55 253664 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2018-04-18 19:16 . 2018-04-18 19:16 -------- d-----w- c:\program files (x86)\Common Files\Oracle 2018-04-16 18:42 . 2018-04-19 17:27 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2018-04-16 18:39 . 2018-04-17 03:01 -------- d-----w- c:\programdata\RogueKiller 2018-04-16 15:40 . 2018-04-16 15:42 -------- d-----w- c:\program files (x86)\LibreOffice 5 2018-04-14 20:15 . 2018-04-14 20:21 -------- d-----w- C:\Mtl-Multisync 2018-04-14 19:30 . 2018-04-21 20:56 112864 ----a-w- c:\windows\system32\drivers\farflt.sys 2018-04-13 20:04 . 2018-04-13 20:04 -------- d-----w- c:\program files\DIFX 2018-04-13 13:46 . 2018-03-31 01:35 361984 ----a-w- c:\windows\system32\wow64win.dll 2018-04-13 12:26 . 2018-04-21 20:56 44768 ----a-w- c:\windows\system32\drivers\mbam.sys 2018-04-13 12:26 . 2018-04-19 17:22 193768 ----a-w- c:\windows\system32\drivers\MbamChameleon.sys 2018-04-12 10:33 . 2018-03-19 16:57 76192 ----a-w- c:\windows\system32\drivers\mbae64.sys 2018-04-12 10:33 . 2018-04-12 10:33 -------- d-----w- c:\programdata\Malwarebytes 2018-04-12 10:33 . 2018-04-12 10:33 -------- d-----w- c:\program files\Malwarebytes 2018-04-11 14:18 . 2018-03-14 17:14 135360 ----a-w- c:\windows\system32\CompatTelRunner.exe 2018-04-11 14:18 . 2018-03-14 17:09 656384 ----a-w- c:\windows\system32\aeinv.dll 2018-04-11 14:18 . 2018-03-14 13:05 739840 ----a-w- c:\windows\system32\generaltel.dll 2018-04-11 14:18 . 2018-03-14 13:05 599552 ----a-w- c:\windows\system32\devinv.dll 2018-04-11 14:18 . 2018-03-14 13:05 450048 ----a-w- c:\windows\system32\centel.dll 2018-04-11 14:18 . 2018-03-14 13:05 414720 ----a-w- c:\windows\system32\invagent.dll 2018-04-11 14:18 . 2018-03-14 13:05 1559552 ----a-w- c:\windows\system32\appraiser.dll 2018-04-11 14:18 . 2018-03-14 13:05 291840 ----a-w- c:\windows\system32\acmigration.dll 2018-04-11 14:18 . 2018-03-14 13:05 237056 ----a-w- c:\windows\system32\aepic.dll 2018-04-11 14:18 . 2018-03-14 13:05 1993728 ----a-w- c:\windows\system32\aitstatic.exe 2018-04-08 00:38 . 2018-04-08 00:38 -------- d-----w- C:\Symbols 2018-04-08 00:36 . 2018-04-08 00:42 -------- d-----w- C:\Depurar 2018-04-07 23:23 . 2018-04-07 23:23 -------- d-----w- c:\users\Mtrav93\AppData\Local\Mindjet 2018-04-07 23:21 . 2018-04-07 23:21 -------- d-----w- c:\programdata\Mindjet 2018-04-07 23:20 . 2018-04-07 23:20 -------- d-----w- c:\program files\Mindjet 2018-04-07 23:14 . 2018-04-07 23:14 -------- d-----w- c:\users\Mtrav93\AppData\Local\Downloaded Installations 2018-04-07 22:30 . 2018-04-07 22:30 -------- d-----w- c:\users\Mtrav93\AppData\Roaming\Edraw Max 2018-04-06 21:46 . 2018-04-06 22:28 -------- d-----w- c:\users\Mtrav93\AppData\Local\Recovery Toolbox for CD Free 2018-04-06 21:46 . 2018-04-06 21:46 -------- d-----w- c:\program files (x86)\Recovery Toolbox for CD Free 2018-04-05 01:12 . 2018-04-05 01:13 -------- d-----w- c:\program files (x86)\Ditto . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2018-04-18 19:16 . 2017-06-01 00:23 111048 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2018-04-13 14:40 . 2017-10-12 23:04 136971704 -c--a-w- c:\windows\system32\MRT-KB890830.exe 2018-04-13 14:40 . 2012-04-24 00:08 136971704 -c--a-w- c:\windows\system32\MRT.exe 2018-04-12 22:21 . 2012-04-14 18:13 804864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2018-04-12 22:21 . 2012-04-14 18:12 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2018-03-31 01:09 . 2018-04-13 13:46 44544 ----a-w- c:\windows\apppatch\acwow64.dll 2018-03-14 02:17 . 2018-03-14 03:22 5309104 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2018-03-01 19:53 . 2018-03-01 19:53 83792 ----a-w- c:\windows\SysWow64\vcruntime140.dll 2018-03-01 19:53 . 2018-03-01 19:53 440128 ----a-w- c:\windows\SysWow64\msvcp140.dll 2018-03-01 19:53 . 2018-03-01 19:53 263856 ----a-w- c:\windows\SysWow64\vccorlib140.dll 2018-03-01 19:53 . 2018-03-01 19:53 242496 ----a-w- c:\windows\SysWow64\concrt140.dll 2018-03-01 19:50 . 2018-03-01 19:50 87728 ----a-w- c:\windows\system32\vcruntime140.dll 2018-03-01 19:50 . 2018-03-01 19:50 641696 ----a-w- c:\windows\system32\msvcp140.dll 2018-03-01 19:50 . 2018-03-01 19:50 389296 ----a-w- c:\windows\system32\vccorlib140.dll 2018-03-01 19:50 . 2018-03-01 19:50 331432 ----a-w- c:\windows\system32\concrt140.dll 2018-02-22 03:28 . 2018-03-13 18:08 217600 ----a-w- c:\windows\system32\WinSCard.dll 2018-02-22 03:06 . 2018-03-13 18:08 134656 ----a-w- c:\windows\SysWow64\WinSCard.dll 2018-02-21 17:30 . 2018-02-09 22:49 1072840 ----a-w- c:\windows\system32\drivers\klif.sys 2018-02-21 17:30 . 2016-10-11 18:14 57024 ----a-w- c:\windows\system32\drivers\klim6.sys 2018-02-21 17:26 . 2017-12-24 08:58 119496 ----a-w- c:\windows\system32\drivers\klbackupflt.sys 2018-02-18 21:34 . 2018-03-13 18:08 634272 ----a-w- c:\windows\system32\winload.exe 2018-02-10 18:35 . 2018-03-13 18:08 68288 ----a-w- c:\windows\system32\drivers\volmgr.sys 2018-02-10 18:35 . 2018-03-13 18:08 64192 ----a-w- c:\windows\system32\drivers\ULIAGPKX.SYS 2018-02-10 18:35 . 2018-03-13 18:08 63168 ----a-w- c:\windows\system32\drivers\termdd.sys 2018-02-10 18:35 . 2018-03-13 18:08 12096 ----a-w- c:\windows\system32\drivers\swenum.sys 2018-02-10 18:35 . 2018-03-13 18:08 36032 ----a-w- c:\windows\system32\drivers\vdrvroot.sys 2018-02-10 18:35 . 2018-03-13 18:08 23744 ----a-w- c:\windows\system32\streamci.dll 2018-02-10 18:35 . 2018-03-13 18:08 367296 ----a-w- c:\windows\system32\drivers\msrpc.sys 2018-02-10 18:35 . 2018-03-13 18:08 185024 ----a-w- c:\windows\system32\drivers\pci.sys 2018-02-10 18:35 . 2018-03-13 18:08 31936 ----a-w- c:\windows\system32\drivers\mssmbios.sys 2018-02-10 18:35 . 2018-03-13 18:08 122560 ----a-w- c:\windows\system32\drivers\NV_AGP.SYS 2018-02-10 18:35 . 2018-03-13 18:08 15040 ----a-w- c:\windows\system32\drivers\msisadrv.sys 2018-02-10 18:35 . 2018-03-13 18:08 20160 ----a-w- c:\windows\system32\drivers\isapnp.sys 2018-02-10 18:35 . 2018-03-13 18:08 334528 ----a-w- c:\windows\system32\drivers\acpi.sys 2018-02-10 18:35 . 2018-03-13 18:08 60608 ----a-w- c:\windows\system32\drivers\AGP440.sys 2018-02-10 18:23 . 2018-03-13 18:08 330240 ----a-w- c:\windows\SysWow64\zipfldr.dll 2018-02-10 18:23 . 2018-03-13 18:08 111616 ----a-w- c:\windows\SysWow64\racpldlg.dll 2018-02-10 18:23 . 2018-03-13 18:08 2292224 ----a-w- c:\windows\SysWow64\MSVidCtl.dll 2018-02-10 18:11 . 2018-03-13 18:08 369664 ----a-w- c:\windows\system32\zipfldr.dll 2018-02-10 18:11 . 2018-03-13 18:08 119296 ----a-w- c:\windows\system32\racpldlg.dll 2018-02-10 18:11 . 2018-03-13 18:08 3665920 ----a-w- c:\windows\system32\MSVidCtl.dll 2018-02-10 18:11 . 2018-03-13 18:08 133120 ----a-w- c:\windows\system32\msrahc.dll 2018-02-10 17:36 . 2018-03-13 18:08 40960 ----a-w- c:\windows\SysWow64\sdchange.exe 2018-02-10 17:36 . 2018-03-13 18:08 108032 ----a-w- c:\windows\SysWow64\msra.exe 2018-02-10 17:36 . 2018-03-13 18:08 7168 ----a-w- c:\windows\SysWow64\MsraLegacy.tlb 2018-02-10 17:26 . 2018-03-13 18:08 653312 ----a-w- c:\windows\system32\msra.exe 2018-02-10 17:26 . 2018-03-13 18:08 51712 ----a-w- c:\windows\system32\sdchange.exe 2018-02-10 17:25 . 2018-03-13 18:08 7168 ----a-w- c:\windows\system32\MsraLegacy.tlb 2018-02-10 17:25 . 2018-03-13 18:08 14336 ----a-w- c:\windows\system32\drivers\wmiacpi.sys 2018-02-10 17:25 . 2018-03-13 18:08 9728 ----a-w- c:\windows\system32\drivers\errdev.sys 2018-02-09 22:49 . 2018-02-09 22:49 350944 ----a-w- c:\windows\system32\drivers\klhk.sys 2018-02-09 22:49 . 2018-02-09 22:49 206040 ----a-w- c:\windows\system32\drivers\klflt.sys 2018-02-09 22:49 . 2018-02-09 22:49 149304 ----a-w- c:\windows\system32\klhkum.dll 2018-02-02 18:40 . 2018-03-13 18:08 114368 ----a-w- c:\windows\system32\consent.exe 2018-02-02 18:29 . 2018-03-13 18:08 2365952 ----a-w- c:\windows\SysWow64\msi.dll 2018-02-02 18:29 . 2018-03-13 18:08 337408 ----a-w- c:\windows\SysWow64\msihnd.dll 2018-02-02 18:29 . 2018-03-13 18:08 25088 ----a-w- c:\windows\SysWow64\msimsg.dll 2018-02-02 18:28 . 2018-03-13 18:08 1806848 ----a-w- c:\windows\SysWow64\authui.dll 2018-02-02 18:16 . 2018-03-13 18:08 3246080 ----a-w- c:\windows\system32\msi.dll 2018-02-02 18:16 . 2018-03-13 18:08 504320 ----a-w- c:\windows\system32\msihnd.dll 2018-02-02 18:16 . 2018-03-13 18:08 25088 ----a-w- c:\windows\system32\msimsg.dll 2018-02-02 18:14 . 2018-03-13 18:08 1942016 ----a-w- c:\windows\system32\authui.dll 2018-02-02 18:14 . 2018-03-13 18:08 70144 ----a-w- c:\windows\system32\appinfo.dll 2018-02-02 17:46 . 2018-03-13 18:08 73216 ----a-w- c:\windows\SysWow64\msiexec.exe 2018-02-02 17:36 . 2018-03-13 18:08 128512 ----a-w- c:\windows\system32\msiexec.exe . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2018-03-21 20:54 2669728 ----a-w- c:\users\Mtrav93\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2] @="{5AB7172C-9C11-405C-8DD5-AF20F3606282}" [HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}] 2018-03-21 20:54 2669728 ----a-w- c:\users\Mtrav93\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3] @="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}" [HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}] 2018-03-21 20:54 2669728 ----a-w- c:\users\Mtrav93\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2018-03-21 20:54 2669728 ----a-w- c:\users\Mtrav93\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2018-03-21 20:54 2669728 ----a-w- c:\users\Mtrav93\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive6] @="{9AA2F32D-362A-42D9-9328-24A483E2CCC3}" [HKEY_CLASSES_ROOT\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}] 2018-03-21 20:54 2669728 ----a-w- c:\users\Mtrav93\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2018-03-14 02:54 2197680 ----a-w- c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2018-03-14 02:54 2197680 ----a-w- c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2018-03-14 02:54 2197680 ----a-w- c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2014-09-24 3858000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-02-22 3019376] "DSATray"="c:\program files (x86)\Intel Driver and Support Assistant\DsaTray.exe" [2018-01-17 131360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "TaskbarNoNotification"= 0 (0x0) "HideSCAHealth"= 0 (0x0) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{D2BF470E-ED1C-487F-AAAA-2BD8835EB6CE}"= "mscoree.dll" [2010-11-05 297808] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\Drivers\BUSB2902.sys;c:\windows\SYSNATIVE\Drivers\BUSB2902.sys [x] R3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys;c:\windows\SYSNATIVE\drivers\busbwdm.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x] R3 klvssbridge64_18.0.0;klvssbridge64_18.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\vssbridge64.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\vssbridge64.exe [x] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] R3 MBAMFarflt;MBAMFarflt;c:\windows\system32\DRIVERS\farflt.sys;c:\windows\SYSNATIVE\DRIVERS\farflt.sys [x] R3 MBAMProtection;MBAMProtection;c:\windows\system32\DRIVERS\mbam.sys;c:\windows\SYSNATIVE\DRIVERS\mbam.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x] R3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\DRIVERS\mwac.sys;c:\windows\SYSNATIVE\DRIVERS\mwac.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 semav6msr64;semav6msr64;c:\windows\system32\drivers\semav6msr64.sys;c:\windows\SYSNATIVE\drivers\semav6msr64.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x] R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys;c:\windows\SYSNATIVE\DRIVERS\usb2ser.sys [x] R4 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x] R4 DSAService;Intel(R) Driver & Support Assistant;c:\program files (x86)\Intel Driver and Support Assistant\DSAService.exe;c:\program files (x86)\Intel Driver and Support Assistant\DSAService.exe [x] R4 ESRV_SVC_QUEENCREEK;Energy Server Service queencreek;c:\program files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe;c:\program files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [x] R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] R4 Intel(R) SUR QC SAM;Intel(R) SUR QC Software Asset Manager;c:\program files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe;c:\program files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [x] R4 IUFileFilter;IUFileFilter;c:\program files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys;c:\program files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [x] R4 KSDE2.0.0;Kaspersky Secure Connection Service 2.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [x] R4 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x] R4 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x] R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe;c:\windows\SYSNATIVE\PuranDefragS.exe [x] R4 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe;c:\windows\SYSNATIVE\spool\drivers\x64\3\NetFaxServer64.exe [x] R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R4 SystemUsageReportSvc_QUEENCREEK;Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK;c:\program files\Intel\SUR\QUEENCREEK\SurSvc.exe;c:\program files\Intel\SUR\QUEENCREEK\SurSvc.exe [x] R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] R4 USER_ESRV_SVC_QUEENCREEK;User Energy Server Service queencreek;c:\program files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe;c:\program files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [x] R4 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x] S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x] S0 cm_km;AO Kaspersky Lab Cryptographic Module x64 (56 bit);c:\windows\system32\DRIVERS\cm_km.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km.sys [x] S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupdisk.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x] S1 Bfilter;Baidu Antivirus Minifilter Driver;c:\windows\System32\drivers\Bfilter.sys;c:\windows\SYSNATIVE\drivers\Bfilter.sys [x] S1 Bfmon;Baidu FS Monitor Driver;c:\windows\System32\drivers\Bfmon.sys;c:\windows\SYSNATIVE\drivers\Bfmon.sys [x] S1 Bprotect;Baidu Protect;c:\windows\System32\drivers\Bprotect.sys;c:\windows\SYSNATIVE\drivers\Bprotect.sys [x] S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae64.sys;c:\windows\SYSNATIVE\drivers\mbae64.sys [x] S1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupflt.sys [x] S1 KLHK;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x] S1 Klwtp;KLwtp - WFP callout traffic inspector;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x] S2 AVP18.0.0;Kaspersky Anti-Virus Service 18.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avp.exe [x] S2 ClickToRunSvc;?Microsoft Office Click-to-Run Service?;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x] S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x] S2 MBAMChameleon;MBAMChameleon;c:\windows\System32\Drivers\MbamChameleon.sys;c:\windows\SYSNATIVE\Drivers\MbamChameleon.sys [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x] S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 kltap;Kaspersky Security Data Escort Adapter;c:\windows\system32\DRIVERS\kltap.sys;c:\windows\SYSNATIVE\DRIVERS\kltap.sys [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9C142C0C-124C-4467-B117-EBCC62801D7B}] 2017-05-31 23:24 13072504 ----a-w- c:\program files (x86)\Vivaldi\Application\1.9.818.50\Installer\chrmstp.exe . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2018-03-21 20:55 2941600 ----a-w- c:\users\Mtrav93\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2] @="{5AB7172C-9C11-405C-8DD5-AF20F3606282}" [HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}] 2018-03-21 20:55 2941600 ----a-w- c:\users\Mtrav93\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3] @="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}" [HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}] 2018-03-21 20:55 2941600 ----a-w- c:\users\Mtrav93\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2018-03-21 20:55 2941600 ----a-w- c:\users\Mtrav93\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2018-03-21 20:55 2941600 ----a-w- c:\users\Mtrav93\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive6] @="{9AA2F32D-362A-42D9-9328-24A483E2CCC3}" [HKEY_CLASSES_ROOT\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}] 2018-03-21 20:55 2941600 ----a-w- c:\users\Mtrav93\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2015-08-14 13:52 25624 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2018-03-14 02:43 3207856 ----a-w- c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2018-03-14 02:43 3207856 ----a-w- c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2018-03-14 02:43 3207856 ----a-w- c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-02-21 456704] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2015-06-02 183216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2015-06-02 411056] "Persistence"="c:\windows\system32\igfxpers.exe" [2015-06-02 453552] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{D2BF470E-ED1C-487F-AAAA-2BD8835EB6CE}"= "mscoree.dll" [2010-11-05 444752] . ------- Scan Suplementar ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com.br/ mStart Page = https://br.yahoo.com/?fr=hp-avast&type=avastbcl mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://www.google.com mSearch Bar = https://br.yahoo.com/?fr=hp-avast&type=avastbcl uInternet Settings,ProxyOverride = *.local IE: IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\Root\Office16\EXCEL.EXE/3000 IE: Fazer o download de todos os links usando o IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm IE: Fazer o download usando o IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm IE: Send Image To MindManager - c:\program files\Mindjet\MindManager 18\Mm8InternetExplorer.dll/201 IE: Send Link To MindManager - c:\program files\Mindjet\MindManager 18\Mm8InternetExplorer.dll/203 IE: Send Page To MindManager - c:\program files\Mindjet\MindManager 18\Mm8InternetExplorer.dll/204 IE: Send Text To MindManager - c:\program files\Mindjet\MindManager 18\Mm8InternetExplorer.dll/202 Trusted Zone: ginfes.com.br\manausginfes TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{50426029-AD04-4D07-95CA-11EFF9C366A7}: NameServer = 8.8.8.8,8.8.4.4 Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL . - - - - ORFÃOS REMOVIDOS - - - - . Wow6432Node-HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe SafeBoot-mbamchameleon WebBrowser-{E0301295-AB3E-4AF3-979F-3D453C5F9F48} - (no file) ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) AddRemove-IRPF2015 - E:\uninstall.exe AddRemove-IRPF2017 - c:\users\Mtrav93\Desktop\uninstall.exe AddRemove-{10CD364B-FFCC-48BE-B469-B9622A033075} - c:\programdata\{3FEE7452-4825-40BC-8A99-94EF27F43EE8}\FencesInstaller.exe AddRemove-PDF Reader - c:\program files (x86)\PDFReader\Uninstall\Uninstall.exe . . . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1000_Classes\Wow6432Node\CLSID\{3e747178-51a9-4c8c-b536-bc82a7d03ce6}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000049 "Therad"=dword:0000001f "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) @Allowed: (Read) (S-1-5-32) @SACL= "scansk"=hex(0):22,7e,ca,21,04,54,cd,e5,e9,33,e1,1b,7a,2f,25,12,c4,01,06,32,f0, e8,2e,76,f5,ae,95,fa,10,77,21,42,ae,2e,e0,d4,e1,57,1b,29,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_29_0_0_140_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_29_0_0_140_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_29_0_0_140_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_29_0_0_140_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_140.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.29" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_140.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_140.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_140.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" "Key"="ActionsPane3" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Tempo para conclusão: 2018-04-29 15:44:08 ComboFix-quarantined-files.txt 2018-04-29 19:44 . Pré-execução: 79.509.209.088 bytes disponíveis Pós execução: 80.726.917.120 bytes disponíveis . - - End Of File - - 167C087C3C31AC75D1DE5FBFC59392CB A36C5E4F47E84449FF07ED3517B43A31
  5. @Elias Pereira Enfim, eu deletei, com muito receio, aí o cara começou a ficar lento. A janela do meu computador tá demorando pra abrir novamente. Eu notei também quando faço o login na conta, ele me apresenta uma tela totalmente azul (não é a tela azul da morte) mas sim depois que faço o login na minha conta de usuário, daí ele demora uns 20 segundos nessa tela azul, que é um azul claro, aí só depois que os ícones da área de trabalho começam aparecer aos poucos.
  6. @Elias Pereira Ok, aí eu fui até o caminho dos executáveis, em vez de eles aparecerem lá com a extensão ".exe", eu me deparei com os dois primeiros do msconfig compactados (fig.1). Daí abri os compactados e encontrei o executável deles com um sinal de asterisco (fig.2). Até aí, beleza! O problema é que quando tentei descompactar, foi pedido uma senha, como não tinha a senha, resolvi subir os compactados assim mesmo, e no final da varredura, teve apenas um único antivírus que detectou o "compulsório.zip" como "PossibleThreat" (fig.3). Já o terceiro desconhecido, o "BgMonitor", o caminho mostrado no msconfig pra ele não existe. (fig.4). E aí, o que poderia ser, seria uma ameaça?! Porque embutiram uma senha justamente pra não descompactar os executáveis. Scan do compulsorio: https://www.virustotal.com/#/file/7a1137464b5fd67287f4232ebf5fa0453dbe2d5e439162d4d6c332b993eaf2ab/detection Scan do liskidisa: https://www.virustotal.com/#/file/346fec86af1789b3c5d135fd8be85a2a919abfaca85c4c8fccd67c94258cf917/detection Não escaneou o "BgMonitor" pelo motivo citado acima.
  7. Elias , Bom, impossível negar que o computador não tenha dado uma melhorada muito boa, visto que os constantes travamentos cessaram. Agora confesso que fiquei com muito receio de realizar por completo este último procedimento, porque da última vez que eu fiz isso, o meu outro computador simplesmente não ligou mais, aí eu tive que recuperar meus documentos através de um tal de "Live-CD", porém o Windows foi pro "beleléu", daí tive que formatá-lo. Agora dá uma verificada nos processos da aba "INICIALIZAÇÃO DE PROGRAMAS" que eu não desabilitei por puro receio, segue a imagem mais abaixo. Olha, nesse exato momento o meu Windows ainda tá com um travamentozinho, principalmente quando tento acessar o "MEU COMPUTADOR" ou alguma outra janela pela primeira vez depois do S.O já carregado, ele demora muito pra abrir. Fora isso, você conseguiu recuperá-lo divinamente bem. Deixando aqui já de antemão um obrigado com louvor pra você.
  8. @Elias Pereira Teria algum problema de eu ter executado em Modo Seguro? Segue o relatório... RogueKiller V12.12.13.0 (x64) [Apr 16 2018] (Free) por Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Site : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Iniciou : Modo de segurança com rede Usuário : Mtrav93 [Administrador] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Modo : Deletar -- Data : 04/19/2018 13:27:50 (Duration : 00:37:51) ¤¤¤ Processos : 0 ¤¤¤ ¤¤¤ Registro : 26 ¤¤¤ [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04192018132442897\Software\Headlight -> Deletado [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04192018132442897\Software\Headlight -> Deletado [PUP.Funmoods|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04192018132442897\Software\Microsoft\Windows\CurrentVersion\Uninstall\funmoods -> Deletado [PUP.Funmoods|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04192018132442897\Software\Microsoft\Windows\CurrentVersion\Uninstall\funmoods -> Deletado [PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMS-R@1n (C:\Windows\KMS-R@1n.exe) -> Deletado [PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\KMS-R@1n (C:\Windows\KMS-R@1n.exe) -> Deletado [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04192018132442897\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal -> Substituído (http://go.microsoft.com/fwlink/p/?LinkId=255141) [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04192018132442897\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal -> Substituído (http://go.microsoft.com/fwlink/p/?LinkId=255141) [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Substituído (http://search.msn.com/spbasic.htm) [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Substituído (http://search.msn.com/spbasic.htm) [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04192018132436628\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Substituído (http://search.msn.com/spbasic.htm) [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04192018132436628\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Substituído (http://search.msn.com/spbasic.htm) [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{629806E0-69F0-44D6-ABE8-8023CFDD338C} | DhcpNameServer : 172.20.10.1 ([]) -> Substituído () [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{629806E0-69F0-44D6-ABE8-8023CFDD338C} | DhcpNameServer : 172.20.10.1 ([]) -> Substituído () [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{AA367EDD-EAEB-43B8-BBE5-2F8CE680A8E9}C:\windows\kmsemulator.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\windows\kmsemulator.exe|Name=KMSEmulator|Desc=KMSEmulator|Defer=User| [x] -> Não selecionado [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{C64A9C59-8304-441E-86AB-1BABFB5EFFE3}C:\windows\kmsemulator.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\windows\kmsemulator.exe|Name=KMSEmulator|Desc=KMSEmulator|Defer=User| [x] -> Não selecionado [PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2264B4CF-820D-4852-8E52-C9E5290A43D1} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| [x] -> Não selecionado [PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4DEC1F22-5DF4-4743-B70D-B20BDA4A7092} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| [x] -> Não selecionado [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{AA367EDD-EAEB-43B8-BBE5-2F8CE680A8E9}C:\windows\kmsemulator.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\windows\kmsemulator.exe|Name=KMSEmulator|Desc=KMSEmulator|Defer=User| [x] -> Deletado [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{C64A9C59-8304-441E-86AB-1BABFB5EFFE3}C:\windows\kmsemulator.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\windows\kmsemulator.exe|Name=KMSEmulator|Desc=KMSEmulator|Defer=User| [x] -> Deletado [PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2264B4CF-820D-4852-8E52-C9E5290A43D1} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| [x] -> Deletado [PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4DEC1F22-5DF4-4743-B70D-B20BDA4A7092} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| [x] -> Deletado [PUP.HackTool|VT.Detected] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OSppSvc.exe | Debugger : KMS-R@1nHook.exe [-] -> Deletado [PUP.HackTool|VT.Detected] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppSvc.exe | Debugger : KMS-R@1nHook.exe [-] -> Deletado [PUP.HackTool|VT.Detected] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OSppSvc.exe | Debugger : KMS-R@1nHook.exe [-] -> ERROR [2] [PUP.HackTool|VT.Detected] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppSvc.exe | Debugger : KMS-R@1nHook.exe [-] -> ERROR [2] ¤¤¤ Tarefas : 0 ¤¤¤ ¤¤¤ Arquivos : 1 ¤¤¤ [PUP.HackTool][Arquivo] C:\Windows\KMS-R@1nHook.exe -> Deletado ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Arquivos de hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Não carregado [0xc000035f]) ¤¤¤ ¤¤¤ Navegadores : 1 ¤¤¤ [PUM.Proxy][Firefox:Config] wmnwb9k0.default : user_pref("network.proxy.type", 2); -> Substituído (0) ¤¤¤ Verificação da MBR : ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AVCS-632DY1 ATA Device +++++ --- User --- [MBR] 181e00dfcffd6dd7a6e7b582a270a686 [BSP] 316c489727e81e4c13e71aef77efc9e1 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 220996 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 452808090 | Size: 255839 MB User = LL1 ... OK User = LL2 ... OK
  9. Segue... RogueKiller V12.12.13.0 (x64) [Apr 16 2018] (Free) por Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Site : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Iniciou : Modo normal Usuário : Mtrav93 [Administrador] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Modo : Escanear -- Data : 04/16/2018 14:42:34 (Duration : 00:51:27) ¤¤¤ Processos : 3 ¤¤¤ [PUP.HackTool|VT.Detected] KMS-R@1nHook.exe(4272) -- C:\Windows\KMS-R@1nHook.exe[-] -> Encontrado [PUP.uTorrentAds|VT.Detected] utorrentie.exe(4768) -- C:\Users\Mtrav93\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe[7] -> Encontrado [PUP.uTorrentAds|VT.Detected] utorrentie.exe(5000) -- C:\Users\Mtrav93\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe[7] -> Encontrado ¤¤¤ Registro : 18 ¤¤¤ [PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMS-R@1n (C:\Windows\KMS-R@1n.exe) -> Encontrado [PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\KMS-R@1n (C:\Windows\KMS-R@1n.exe) -> Encontrado [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Encontrado [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3915900886-2842767957-3865804-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Encontrado [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{629806E0-69F0-44D6-ABE8-8023CFDD338C} | DhcpNameServer : 172.20.10.1 ([]) -> Encontrado [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{629806E0-69F0-44D6-ABE8-8023CFDD338C} | DhcpNameServer : 172.20.10.1 ([]) -> Encontrado [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{AA367EDD-EAEB-43B8-BBE5-2F8CE680A8E9}C:\windows\kmsemulator.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\windows\kmsemulator.exe|Name=KMSEmulator|Desc=KMSEmulator|Defer=User| [x] -> Encontrado [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{C64A9C59-8304-441E-86AB-1BABFB5EFFE3}C:\windows\kmsemulator.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\windows\kmsemulator.exe|Name=KMSEmulator|Desc=KMSEmulator|Defer=User| [x] -> Encontrado [PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2264B4CF-820D-4852-8E52-C9E5290A43D1} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| [x] -> Encontrado [PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4DEC1F22-5DF4-4743-B70D-B20BDA4A7092} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| [x] -> Encontrado [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{AA367EDD-EAEB-43B8-BBE5-2F8CE680A8E9}C:\windows\kmsemulator.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\windows\kmsemulator.exe|Name=KMSEmulator|Desc=KMSEmulator|Defer=User| [x] -> Encontrado [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{C64A9C59-8304-441E-86AB-1BABFB5EFFE3}C:\windows\kmsemulator.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\windows\kmsemulator.exe|Name=KMSEmulator|Desc=KMSEmulator|Defer=User| [x] -> Encontrado [PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2264B4CF-820D-4852-8E52-C9E5290A43D1} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| [x] -> Encontrado [PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4DEC1F22-5DF4-4743-B70D-B20BDA4A7092} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| [x] -> Encontrado [PUP.HackTool|VT.Detected] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OSppSvc.exe | Debugger : KMS-R@1nHook.exe [-] -> Encontrado [PUP.HackTool|VT.Detected] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppSvc.exe | Debugger : KMS-R@1nHook.exe [-] -> Encontrado [PUP.HackTool|VT.Detected] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OSppSvc.exe | Debugger : KMS-R@1nHook.exe [-] -> Encontrado [PUP.HackTool|VT.Detected] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppSvc.exe | Debugger : KMS-R@1nHook.exe [-] -> Encontrado ¤¤¤ Tarefas : 1 ¤¤¤ [Hj.Name] \MindManagerV18 Notifications Check {S-1-5-21-3915900886-2842767957-3865804-1000} -- rundll32.exe ("C:\Program Files\Mindjet\MindManager 18\MmProductNotifications.dll",InvokeNotificationsShellable) -> Encontrado ¤¤¤ Arquivos : 5 ¤¤¤ [PUP.HackTool][Arquivo] C:\Windows\KMS-R@1nHook.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\Mtrav93\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\Mtrav93\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\Mtrav93\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\Mtrav93\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe -> Encontrado ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Arquivos de hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤ ¤¤¤ Navegadores : 1 ¤¤¤ [PUM.Proxy][Firefox:Config] wmnwb9k0.default : user_pref("network.proxy.type", 2); -> Encontrado ¤¤¤ Verificação da MBR : ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AVCS-632DY1 ATA Device +++++ --- User --- [MBR] 181e00dfcffd6dd7a6e7b582a270a686 [BSP] 316c489727e81e4c13e71aef77efc9e1 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 220996 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 452808090 | Size: 255839 MB User = LL1 ... OK User = LL2 ... OK
  10. Seguem os 3 relatórios: Malwarebytes www.malwarebytes.com -Detalhes de registro- Data do evento de proteção: 15/04/18 Hora do evento de proteção: 09:36 Arquivo de registro: 58c53fe0-3e85-11e8-af4f-00ff7034b73f.json Administrador: Sim -Informação do software- Versão: 3.4.5.2467 Versão de componentes: 1.0.342 Versão do pacote de definições: 1.0.4714 Licença: Versão de Avaliação -Informação do sistema- Sistema operacional: Windows 7 Service Pack 1 CPU: x64 Sistema de arquivos: NTFS Usuário: System -Detalhes do website bloqueado- Website malicioso: 1 , , Bloqueado, [-1], [-1],0.0.0 -Dados do website- Categoria: Malware Domínio: www.guitars.ru Endereço IP: 92.53.96.133 Porta: [54167] Tipo: Saída Arquivo: C:\Users\Mtrav93\AppData\Local\Google\Chrome\Application\chrome.exe (end) ========= # ------------------------------- # Malwarebytes AdwCleaner 7.1.0.0 # ------------------------------- # Build: 04-15-2018 # Database: 2018-04-11.1 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 04-15-2018 # Duration: 00:01:15 # OS: Windows 7 Ultimate # Cleaned: 4 # Failed: 1 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKU\S-1-5-18\SOFTWARE\d48bdcb534bd49 Deleted HKU\.DEFAULT\SOFTWARE\d48bdcb534bd49 ***** [ Chromium (and derivatives) ] ***** Deleted bbjciahceamgodcoidkjpchnokgfpphh ***** [ Chromium URLs ] ***** Deleted Ask Brasil Not Deleted Ask Brasil ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## ==================== ~ ZHPCleaner v2018.4.14.66 by Nicolas Coolman (2018/04/14) ~ Run by Mtrav93 (Administrator) (15/04/2018 23:06:26) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Repair ~ Report : C:\Users\Mtrav93\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Mtrav93\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. (ADS) ---\ Services (0) ~ No malicious or unnecessary items found. (Service) ---\ Browser internet (0) ~ No malicious or unnecessary items found. (Browser) ---\ Hosts file (1) ~ The hosts file is legitimate (27) ---\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. (Task) ---\\ Explorer ( File, Folder) (0) ~ No malicious or unnecessary items found. ---\ Registry ( Key, Value, Data) (2) DELETED key*: HKLM\SOFTWARE\Wow6432Node\Winmend [] =>.SUP.SunnyDigit DELETED key: HKLM\SOFTWARE\Winmend [] =>.SUP.SunnyDigit ---\ Summary of the elements found (1) https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.SunnyDigit ---\ Other deletions. (13) ~ Registry Keys Tracing deleted (13) ~ Remove the old reports ZHPCleaner. (0) ---\ Result of repair ~ Repair carried out successfully ~ Browser not found (Opera Software) ---\ Statistics ~ Items scanned : 1113 ~ Items found : 0 ~ Items cancelled : 0 ~ Items options : 0/7 ~ Space saving (bytes) : 0 ~ End of clean in 00h00mn21s ---\ Reports (1) ZHPCleaner-[R]-16042018-10_06_47.txt
  11. Olá, Elias Pereira! Obrigado pelo teu suporte e perdão pela demora. Bom, o PC continua travando. Seguem os arquivos pra conferência: AdwCleaner[C00].txt Malwarebytes.txt ZHPCleaner.txt adicionado 1 minuto depois @Elias Pereira Confira.
  12. Meu Windows 7 Ultimate 64x vez ou outra aparece uma telinha azul e hoje ela apareceu com o seguinte erro (detalhe abaixo). Alguém poderia me dar uma força? Ele trava às vezes, fica lento. Limpei os módulos de memória e tal, mas volta e meia a telinha azul me pega de surpresa. Meu antivírus (Kasper) não encontrou sinal de infecção. DETALHES DO PROBLEMA ADDITIONAL_DEBUG_TEXT: Use '!findthebuild' command to search for the target build information. If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols. MODULE_NAME: fastfat FAULTING_MODULE: fffff80003053000 nt DEBUG_FLR_IMAGE_TIMESTAMP: 58c2cc6e EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - A instru o no 0x%08lx fez refer ncia mem ria no 0x%08lx. A mem ria n o p de ser %s. FAULTING_IP: fastfat+d538 fffff880`04a94538 448b4944 mov r9d,dword ptr [rcx+44h] EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: 0000000000000044 READ_ADDRESS: unable to get nt!MmSpecialPoolStart unable to get nt!MmSpecialPoolEnd unable to get nt!MmPoolCodeStart unable to get nt!MmPoolCodeEnd 0000000000000044 ERROR_CODE: (NTSTATUS) 0xc0000005 - A instru o no 0x%08lx fez refer ncia mem ria no 0x%08lx. A mem ria n o p de ser %s. BUGCHECK_STR: 0x1E_c0000005 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff800031d6d98 to fffff800030f74a0 STACK_TEXT: fffff880`09abe648 fffff800`031d6d98 : 00000000`0000001e ffffffff`c0000005 fffff880`04a94538 00000000`00000000 : nt+0xa44a0 fffff880`09abe650 00000000`0000001e : ffffffff`c0000005 fffff880`04a94538 00000000`00000000 00000000`00000044 : nt+0x183d98 fffff880`09abe658 ffffffff`c0000005 : fffff880`04a94538 00000000`00000000 00000000`00000044 fffff880`0a7ab001 : 0x1e fffff880`09abe660 fffff880`04a94538 : 00000000`00000000 00000000`00000044 fffff880`0a7ab001 fffffa80`07cff873 : 0xffffffff`c0000005 fffff880`09abe668 00000000`00000000 : 00000000`00000044 fffff880`0a7ab001 fffffa80`07cff873 fffff800`030a6231 : fastfat+0xd538 STACK_COMMAND: kb FOLLOWUP_IP: fastfat+d538 fffff880`04a94538 448b4944 mov r9d,dword ptr [rcx+44h] SYMBOL_STACK_INDEX: 4 SYMBOL_NAME: fastfat+d538 FOLLOWUP_NAME: MachineOwner IMAGE_NAME: fastfat.SYS BUCKET_ID: WRONG_SYMBOLS Followup: MachineOwner
  13. Olá pessoal, boa noite! To com um problema bem *******, e gostaria que vocês especialistas me dessem uma força É o seguinte... aconteceu uma coisa muito ***** no note ( novo ) do meu pai, isso aconteceu depois deu estar fazendo uma verificação de erros no disco umas 23H e foi quando minha mae bateu à porta gritando com muita (( Fúria )) ... No mínimo pensei que fosse pegar um coro muito grande e isso me assustou e acabei interrompendo a verificacao desligando, na marra, o note no botao desligar mesmo e no dia seguinte, aconteceu do vista nao carregar mais!!!!!! Detalhes adicionais: 1) nem o console de recuperação do vista tá mais identificando o hd (ele diz que a partição (:c) está com zero gbytes ) 2) tentei ressuscitá-lo pelo console de recuperação em todas as opções sem nenhum sucesso 3) meu pai tá quase pra decapitar minha cabeça porque os arquivos do trabalho dele estão todos no notebook, portanto, formatar nem pensar, nossa nem me fale nisso!. 4) já apliquei o chkdsk ( sem sucesso ) e agora? Ops, já ia esquecendo...com o note, veio junto dvd do vista ( original ) e mais 3 dvds que nao sei pra qual finalidade servem: só sei que existe entre esses 3, um dvd com o tal de e-recovery management que nao sei pra que serve alguém muito bom pra que possa me auxiliar nesse pequeno probleminha? Rsrsrs só acrescentado mais alguns detalhes, esse notebook é novo e ainda tá na garantia, eu só nao levei pra assistência ainda, porque eu quero saber como é resolvido esse problema acredito que seja gravidade alta, coisa que o pessoal da assistência faria às escondidas e nao me diriam de jeito nenhum, o que fariam é entregar o note consertado tudo na boquinha... Isso nao quero, é por isso que to postando esse problema por aqui na esperança de encontrar pessoas que se garantem resolver esse lance no (((( talento!! ))))
  14. Realmente eu também to tendo esse problema desde ontem, dia 05/07/08 e aparece essa mesma mensagem e o pior de tudo é q eu também preciso participar de reuniões da minha empresa! putz
  15. Olá pessoal, to muito preocupado porque além de eu estar com a chave do meu anti-vírus inválida ainda tem mais essa pedra no meu sapato q os escaneadores online seja qual forem nao estão mais funcionando com os meus navegadores seja o FF e o IE?? o que poderia ser isso?? Alguma alma caridosa poderia me auxiliar nesse sentido??? Ficarei muito agradecido pela ajuda, Estarei no Aguardo...

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×