Ir ao conteúdo
  • Cadastre-se

karlo

Membros Plenos
  • Total de itens

    1.020
  • Registro em

  • Última visita

  • Qualificações

    0%

Reputação

310

Sobre karlo

  • Data de Nascimento 13/08/1960 (59 anos)

Informações gerais

  • Cidade e Estado
    silveira martins, rs
  1. Tenho uma TV LG 43uj6525, comprei há um més, estava assisitindo normal e de repente sumiu a imagem, desliguei e tornei a ligar e só aparece a imagem da LG escrito na tela life's good, e não aceita nenhum comando do CR. Alguem saberia o problema?
  2. karlo

    Salvar download no IE

    Obgdo pela resposta, mas vamos nos atentar para a pergunta, repito, se alguém sabe como ativar no IE11 a opção de abrir ou salvar o download?
  3. karlo

    Salvar download no IE

    Como faço para q o IE11 pergunte se eu quero abrir ou salvar o Download? pois ele baixa sem perguntar. utilizo o SO 7ultimate.
  4. karlo

    malware

    Feito amigo Turco, de minha parte pode encerrar o tópico e muito obrigado.
  5. karlo

    malware

    Tarefa executada mas o mcfee continua firme e forte, ele aparece Em configuração do sistema - serviços - O mcafee ficou marcado e não desmarca e fica aparecendo na barra de tarefas, no painel de controle ele não aparece. Eu o exclui da partição "C" mas continua do mesmo jeito. Veja o q fiz num outro tópico aberto seguindo a sua orientação, post 22 https://www.clubedohardware.com.br/forums/topic/1177497-infecção/ "Ok, vamos remover a sobra da ferramenta. Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos. Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está abaixo: CreateRestorePoint: CloseProcesses: HKLM\...\RunOnce: [RealProtect] => C:\Program Files\McAfee\Real Protect\RealProtect.exe [6597488 2016-08-02] (McAfee Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2016-08-02] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2016-08-02] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106120 2016-08-02] (McAfee, Inc.) 2016-08-02 22:20 - 2016-08-02 22:20 - 00000070 ___RH C:\Stinger.opt 2016-08-02 22:12 - 2016-08-02 22:12 - 00000000 ____D C:\Quarantine 2016-08-02 19:52 - 2016-08-02 22:14 - 00001490 _____ C:\Stinger_02082016_195211.html 2016-08-02 19:52 - 2016-08-02 19:52 - 00864072 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys 2016-08-02 19:52 - 2016-08-02 19:52 - 00250672 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe 2016-08-02 19:52 - 2016-08-02 19:52 - 00106120 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys 2016-08-02 19:49 - 2016-08-02 22:19 - 00000000 ____D C:\Program Files\stinger 2016-08-02 19:49 - 2016-08-02 19:49 - 00000000 ____D C:\Program Files\McAfee 2016-08-02 19:46 - 2016-08-02 19:48 - 15908208 _____ (McAfee Inc) C:\stinger64.exe HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" EmptyTemp: Salve este arquivo na Área de Trabalho (Desktop) como fixlist.txt Execute novamente o FRST e clique no botão Corrigir; Aguarde... ao final será gerado o log Fixlog.txt em sua Área de Trabalho (Desktop). Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta." Fico no aguardo de instruções.
  6. karlo

    malware

    O que eu faço com o arquivo "desktop.ini" criado na área de trabalho e com o mcfee na barra de tarefas? segue o log: SecurityCheck by glax24 & Severnyj v.1.4.0.49 [15.04.17] WebSite: www.safezone.cc DateLog: 06.06.2017 07:47:23 Path starting: C:\Users\Carlos\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: Carlos VersionXML: 4.32is-04.06.2017 ___________________________________________________________________________ Windows 7(6.1.7601) Service Pack 1 (x64) Ultimate Lang: Portuguese(0416) Installation date OS: 13.11.2010 16:22:11 LicenseStatus: Windows(R) 7, Ultimate edition The machine is permanently activated. Boot Mode: Normal Default Browser: C:\Program Files\Internet Explorer\iexplore.exe SystemDrive: C: FS: [NTFS] Capacity: [102.7 Gb] Used: [50.7 Gb] Free: [52 Gb] ------------------------------- [ Windows ] ------------------------------- Internet Explorer 11.0.9600.18665 User Account Control disabled The elevation prompt for administrators disabled ^It is recommended to enable: Win+R typing UserAccountControlSettings and Enter^ Notify before download Date install updates: 2017-05-23 12:45:06 Windows Update (wuauserv) - The service is running Central de Segurança (wscsvc) - The service is running Registro remoto (RemoteRegistry) - The service has stopped Descoberta SSDP (SSDPSRV) - The service is running Serviços de Área de Trabalho Remota (TermService) - The service has stopped Windows Remote Management (WS-Management) (WinRM) - The service has stopped ------------------------------ [ MS Office ] ------------------------------ Microsoft Office 2010 x86 v.14.0.7015.1000 ---------------------------- [ Antivirus_WMI ] ---------------------------- Microsoft Security Essentials (enabled and up to date) --------------------------- [ FirewallWindows ] --------------------------- Firewall do Windows (MpsSvc) - The service is running --------------------------- [ AntiSpyware_WMI ] --------------------------- Microsoft Security Essentials (enabled and up to date) Windows Defender (disabled and out of date) ---------------------- [ AntiVirusFirewallInstall ] ----------------------- Microsoft Security Essentials v.4.10.209.0 -------------------------- [ SecurityUtilities ] -------------------------- Malwarebytes versão 3.1.2.1733 v.3.1.2.1733 --------------------------- [ OtherUtilities ] ---------------------------- WinRAR 5.50 beta 1 (64-bit) v.5.50.1 [+] Microsoft Silverlight v.5.1.50906.0 -------------------------------- [ Java ] --------------------------------- Java 8 Update 131 v.8.0.1310.11 --------------------------- [ AdobeProduction ] --------------------------- Adobe Flash Player 25 ActiveX v.25.0.0.171 Adobe Reader XI (11.0.20) - Português v.11.0.20 ------------------------------- [ Browser ] ------------------------------- Google Chrome v.59.0.3071.86 [+] ------------------ [ AntivirusFirewallProcessServices ] ------------------- Malwarebytes Service (MBAMService) - The service has stopped McAfee Validation Trust Protection Service (mfevtp) - The service is running C:\Windows\System32\mfevtps.exe Microsoft Antimalware Service (MsMpSvc) - The service is running C:\Program Files\Microsoft Security Client\MsMpEng.exe v.4.10.209.0 C:\Program Files\Microsoft Security Client\msseces.exe v.4.10.209.0 Inspeção de Rede da Microsoft (NisSrv) - The service is running C:\Program Files\Microsoft Security Client\NisSrv.exe v.4.10.209.0 Windows Defender (WinDefend) - The service has stopped ----------------------------- [ End of Log ] ------------------------------
  7. karlo

    malware

    Em configuração do sistema - serviços - O mcafee ficou marcado e não desmarca e fica aparecendo na barra de tarefas. também apareceu um arquivo na área de trabalho (desktop) com o nome "desktop.ini" Segue o log: McAfee Stinger Scan Results McAfee® Labs Stinger™ Version 12.1.0.2389 built on Jun 1 2017 at 00:14:14 Copyright© 2015, McAfee, Inc. All Rights Reserved. AV Engine version v5900.7806 for Windows. Virus data file v1000.0 created on Jun 1, 2017 Ready to scan for 10132 viruses, trojans and variants. Custom scan initiated on segunda-feira, junho 05, 2017 08:44:58 Rootkit scan result : Clean. E:\Desktop\DECOS\AzAmerica S806\Ferramentas Avançadas\EJTAG_TT_1.0.6.17\EJTAG_TT_1.0.6.17.rar\EJTAG_TT_1.0.6.17.exe is infected with Artemis!10E5A1BD2520 E:\Desktop\DECOS\AzAmerica S806\Ferramentas Avançadas\EJTAG_TT_1.0.6.17\EJTAG_TT_1.0.6.17.rar\EJTAG_TT_1.0.6.17.exe couldn't be repaired E:\Desktop\DECOS\AzAmerica S806\Ferramentas Avançadas\EJTAG_TT_1.0.6.17\EJTAG_TT_1.0.6.17.rar is infected Summary Report on C: E: File(s) TotalFiles:............ 807432 Clean:................. 142946 Not Scanned:........... 664484 Possibly Infected:..... 2 Time: 02:37:06 Scan completed on segunda-feira, junho 05, 2017 11:22:04
  8. karlo

    malware

    Segue o log: Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 02-06-2017 Executado por Carlos (04-06-2017 21:19:02) Run:1 Executando a partir de C:\ Perfis Carregados: Carlos (Perfis Disponíveis: Carlos) Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CreateRestorePoint: CMD: ipconfig /flushdns EmptyTemp: ***************** Ponto de Restauração criado com sucesso. ========= ipconfig /flushdns ========= Configura‡Æo de IP do Windows Libera‡Æo do Cache do DNS Resolver bem-sucedida. ========= Fim de CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 12582912 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22497704 B Java, Flash, Steam htmlcache => 523 B Windows/system/drivers => 5693329 B Edge => 0 B Chrome => 221662717 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 128 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 3152198 B Carlos => 54941303 B RecycleBin => 56735143 B EmptyTemp: => 359.8 MB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 21:19:45 ====
  9. karlo

    malware

    Ok amigo seguem os logs: Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 02-06-2017 Executado por Carlos (administrador) em CARLOS-PC (04-06-2017 11:38:01) Executando a partir de C:\ Perfis Carregados: Carlos (Perfis Disponíveis: Carlos) Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: IE) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 192.168.25.1 Tcpip\..\Interfaces\{38D0BF5A-82F3-4364-B8A5-01C71FD5B906}: [DhcpNameServer] 192.168.16.254 8.8.8.8 Tcpip\..\Interfaces\{6478B44B-9E9A-43F7-B071-C77FE139D9E9}: [DhcpNameServer] 192.168.25.1 Tcpip\..\Interfaces\{80198BD1-27A4-4CFD-B33A-F0E297C7E839}: [DhcpNameServer] 192.168.25.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3432816679-3945175316-583782178-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs SearchScopes: HKU\S-1-5-21-3432816679-3945175316-583782178-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3432816679-3945175316-583782178-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3432816679-3945175316-583782178-1000 -> {802DAEFB-75FB-4AA4-B47E-50A535FA2549} URL = hxxp://www.google.com/search?hl=pt-BR&q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO-x32: Auxiliar de Conexão do Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3432816679-3945175316-583782178-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Carlos\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll [2013-10-09] (Google Inc.) FF Plugin HKU\S-1-5-21-3432816679-3945175316-583782178-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Carlos\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll [2013-10-09] (Google Inc.) FF Plugin HKU\S-1-5-21-3432816679-3945175316-583782178-1000: gastecnologia.com.br/sf/cef -> C:\Users\Carlos\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2015-03-21] (GAS Tecnologia) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default [2017-06-04] CHR Extension: (Google Apresentações) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-01] CHR Extension: (Google Docs) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-01] CHR Extension: (Google Drive) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-01] CHR Extension: (YouTube) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-01] CHR Extension: (Planilhas do Google) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-01] CHR Extension: (Documentos Google off-line) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-03] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-20] CHR Extension: (Gmail) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-01] CHR Extension: (Chrome Media Router) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-14] CHR HKU\S-1-5-21-3432816679-3945175316-583782178-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\Carlos\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx [2014-08-14] StartMenuInternet: Google Chrome.UHJUMCGEV5BJNPUO6RAK6TZTO4 - C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AcfXAudioService; C:\Windows\SysWOW64\ACFXAU64.dll [436736 2009-04-29] (Conexant Systems, Inc.) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Arquivo não assinado] R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 acfva; C:\Windows\System32\DRIVERS\ACFVA64.sys [123008 2009-09-02] (Conexant Systems Inc.) S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-05] (www.winchiphead.com) S3 dgcfltr; C:\Windows\System32\DRIVERS\ACFDCP64.sys [34944 2009-04-29] (Conexant Systems, Inc.) R2 mdmxsdk; C:\Windows\System32\DRIVERS\ACFSDK64.sys [17024 2007-03-15] (Conexant) S3 MODEMCSA; C:\Windows\system32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation) R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [549080 2014-12-10] (Realtek Semiconductor Corporation ) R0 tpsacpi; C:\Windows\System32\DRIVERS\tpsacpi.SYS [12224 2010-07-05] () R2 XAudio; C:\Windows\System32\DRIVERS\ACFXAU64.sys [10240 2009-04-29] (Conexant Systems, Inc.) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Três Meses Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-06-04 11:38 - 2017-06-04 11:38 - 00010246 _____ C:\FRST.txt 2017-06-04 11:37 - 2017-06-04 11:38 - 00000000 ____D C:\FRST 2017-06-04 11:35 - 2017-06-04 11:35 - 02433536 _____ (Farbar) C:\FRST64.exe 2017-06-03 22:17 - 2017-06-03 22:17 - 00000000 ____D C:\Users\Carlos\AppData\Local\ZHP 2017-06-03 21:50 - 2017-06-03 21:56 - 00000000 ____D C:\AdwCleaner 2017-06-03 21:49 - 2017-06-03 21:49 - 02778112 _____ C:\ZHPCleaner.exe 2017-06-03 21:47 - 2017-06-03 21:47 - 01663672 _____ (Malwarebytes) C:\JRT.exe 2017-06-03 21:46 - 2017-06-03 21:46 - 04110280 _____ C:\adwcleaner_6.047.exe 2017-06-03 08:27 - 2017-06-03 08:27 - 00016483 _____ C:\ZA-Scan.txt 2017-05-31 21:24 - 2017-05-31 21:24 - 00000000 ____D C:\zoek_backup 2017-05-31 21:22 - 2017-05-31 21:22 - 01370112 _____ C:\ZA-Scan.exe 2017-05-31 20:38 - 2017-06-02 11:39 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-05-31 20:38 - 2017-05-31 20:41 - 00084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-05-31 20:38 - 2017-05-31 20:38 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-05-31 20:38 - 2017-05-31 20:38 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-05-31 20:38 - 2017-05-31 20:38 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-05-31 20:37 - 2017-05-31 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-05-31 20:37 - 2017-05-31 20:37 - 00000000 ____D C:\Program Files\Malwarebytes 2017-05-31 20:37 - 2017-05-31 11:09 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-05-18 18:16 - 2017-05-18 18:16 - 00033728 _____ C:\Users\Carlos\energy-report.html 2017-05-10 07:38 - 2017-04-27 22:14 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-05-10 07:38 - 2017-04-27 22:14 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2017-05-10 07:38 - 2017-04-27 22:14 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2017-05-10 07:38 - 2017-04-27 22:14 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2017-05-10 07:38 - 2017-04-27 22:14 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2017-05-10 07:38 - 2017-04-27 22:11 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2017-05-10 07:38 - 2017-04-27 22:10 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-05-10 07:38 - 2017-04-27 22:10 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2017-05-10 07:38 - 2017-04-27 22:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2017-05-10 07:38 - 2017-04-27 22:10 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2017-05-10 07:38 - 2017-04-27 22:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2017-05-10 07:38 - 2017-04-27 22:10 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2017-05-10 07:38 - 2017-04-27 22:10 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2017-05-10 07:38 - 2017-04-27 22:10 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2017-05-10 07:38 - 2017-04-27 22:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2017-05-10 07:38 - 2017-04-27 22:10 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2017-05-10 07:38 - 2017-04-27 22:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2017-05-10 07:38 - 2017-04-27 22:10 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2017-05-10 07:38 - 2017-04-27 22:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2017-05-10 07:38 - 2017-04-27 22:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2017-05-10 07:38 - 2017-04-27 22:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2017-05-10 07:38 - 2017-04-27 22:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2017-05-10 07:38 - 2017-04-27 22:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2017-05-10 07:38 - 2017-04-27 22:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2017-05-10 07:38 - 2017-04-27 22:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2017-05-10 07:38 - 2017-04-27 22:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2017-05-10 07:38 - 2017-04-27 22:10 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2017-05-10 07:38 - 2017-04-27 22:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2017-05-10 07:38 - 2017-04-27 22:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2017-05-10 07:38 - 2017-04-27 22:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2017-05-10 07:38 - 2017-04-27 21:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2017-05-10 07:38 - 2017-04-27 21:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:19 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2017-05-10 07:38 - 2017-04-27 21:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2017-05-10 07:38 - 2017-04-27 21:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2017-05-10 07:38 - 2017-04-27 21:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2017-05-10 07:38 - 2017-04-27 21:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2017-05-10 07:38 - 2017-04-27 21:14 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2017-05-10 07:38 - 2017-04-27 21:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2017-05-10 07:38 - 2017-04-27 21:11 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2017-05-10 07:38 - 2017-04-27 21:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2017-05-10 07:38 - 2017-04-27 21:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2017-05-10 07:38 - 2017-04-27 21:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2017-05-10 07:38 - 2017-04-27 21:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2017-05-10 07:38 - 2017-04-27 21:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2017-05-10 07:38 - 2017-04-27 21:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2017-05-10 07:38 - 2017-04-27 21:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2017-05-10 07:38 - 2017-04-27 21:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2017-05-10 07:38 - 2017-04-27 21:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2017-05-10 07:38 - 2017-04-27 21:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2017-05-10 07:38 - 2017-04-27 21:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2017-05-10 07:38 - 2017-04-26 11:59 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2017-05-10 07:38 - 2017-04-21 12:34 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll 2017-05-10 07:38 - 2017-04-21 12:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2017-05-10 07:38 - 2017-04-19 21:00 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2017-05-10 07:38 - 2017-04-19 20:16 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2017-05-10 07:38 - 2017-04-17 12:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2017-05-10 07:38 - 2017-04-17 12:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2017-05-10 07:38 - 2017-04-17 12:37 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll 2017-05-10 07:38 - 2017-04-17 12:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll 2017-05-10 07:38 - 2017-04-17 12:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll 2017-05-10 07:38 - 2017-04-17 12:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2017-05-10 07:38 - 2017-04-17 12:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2017-05-10 07:38 - 2017-04-17 12:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll 2017-05-10 07:38 - 2017-04-17 11:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll 2017-05-10 07:38 - 2017-04-16 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2017-05-10 07:38 - 2017-04-16 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2017-05-10 07:38 - 2017-04-16 05:57 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2017-05-10 07:38 - 2017-04-16 05:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2017-05-10 07:38 - 2017-04-16 05:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2017-05-10 07:38 - 2017-04-16 05:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2017-05-10 07:38 - 2017-04-16 05:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2017-05-10 07:38 - 2017-04-16 05:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2017-05-10 07:38 - 2017-04-16 05:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2017-05-10 07:38 - 2017-04-16 05:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2017-05-10 07:38 - 2017-04-16 05:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2017-05-10 07:38 - 2017-04-16 05:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2017-05-10 07:38 - 2017-04-16 05:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2017-05-10 07:38 - 2017-04-16 05:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2017-05-10 07:38 - 2017-04-16 05:36 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2017-05-10 07:38 - 2017-04-16 05:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-05-10 07:38 - 2017-04-16 05:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2017-05-10 07:38 - 2017-04-16 05:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2017-05-10 07:38 - 2017-04-16 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2017-05-10 07:38 - 2017-04-16 05:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-05-10 07:38 - 2017-04-16 05:11 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2017-05-10 07:38 - 2017-04-16 05:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2017-05-10 07:38 - 2017-04-16 05:09 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2017-05-10 07:38 - 2017-04-16 05:04 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2017-05-10 07:38 - 2017-04-16 05:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2017-05-10 07:38 - 2017-04-16 05:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2017-05-10 07:38 - 2017-04-16 05:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2017-05-10 07:38 - 2017-04-16 05:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2017-05-10 07:38 - 2017-04-16 05:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2017-05-10 07:38 - 2017-04-16 05:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2017-05-10 07:38 - 2017-04-16 05:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2017-05-10 07:38 - 2017-04-16 04:57 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2017-05-10 07:38 - 2017-04-16 04:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2017-05-10 07:38 - 2017-04-16 04:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2017-05-10 07:38 - 2017-04-16 04:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2017-05-10 07:38 - 2017-04-16 04:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-05-10 07:38 - 2017-04-16 04:48 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2017-05-10 07:38 - 2017-04-16 04:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2017-05-10 07:38 - 2017-04-16 04:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2017-05-10 07:38 - 2017-04-16 04:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2017-05-10 07:38 - 2017-04-16 04:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2017-05-10 07:38 - 2017-04-16 04:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2017-05-10 07:38 - 2017-04-16 04:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2017-05-10 07:38 - 2017-04-16 04:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2017-05-10 07:38 - 2017-04-16 04:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2017-05-10 07:38 - 2017-04-16 04:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2017-05-10 07:38 - 2017-04-16 04:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2017-05-10 07:38 - 2017-04-16 04:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2017-05-10 07:38 - 2017-04-16 04:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2017-05-10 07:38 - 2017-04-16 04:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2017-05-10 07:38 - 2017-04-16 04:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2017-05-10 07:38 - 2017-04-16 04:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2017-05-10 07:38 - 2017-04-16 04:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2017-05-10 07:38 - 2017-04-16 04:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2017-05-10 07:38 - 2017-04-16 04:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-05-10 07:38 - 2017-04-16 04:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2017-05-10 07:38 - 2017-04-16 04:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2017-05-10 07:38 - 2017-04-16 04:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2017-05-10 07:38 - 2017-04-16 04:08 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2017-05-10 07:38 - 2017-04-16 04:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2017-05-10 07:38 - 2017-04-16 03:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2017-05-10 07:38 - 2017-04-16 03:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2017-05-10 07:38 - 2017-04-16 03:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2017-05-10 07:38 - 2017-04-16 03:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2017-05-10 07:38 - 2017-04-16 03:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2017-05-10 07:38 - 2017-04-16 03:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2017-05-10 07:38 - 2017-04-12 12:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2017-05-10 07:38 - 2017-04-12 12:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2017-05-10 07:38 - 2017-04-12 12:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2017-05-10 07:38 - 2017-04-12 12:32 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2017-05-10 07:38 - 2017-04-12 12:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2017-05-10 07:38 - 2017-04-12 12:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2017-05-10 07:38 - 2017-04-12 12:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2017-05-10 07:38 - 2017-04-12 12:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2017-05-10 07:38 - 2017-04-07 12:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2017-05-10 07:38 - 2017-04-07 12:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2017-05-10 07:38 - 2017-04-07 12:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2017-05-10 07:38 - 2017-04-07 12:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2017-05-10 07:38 - 2017-04-07 12:22 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2017-05-10 07:38 - 2017-04-05 11:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2017-05-10 07:38 - 2017-04-05 11:55 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2017-05-10 07:38 - 2017-04-05 11:55 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2017-05-10 07:38 - 2017-04-04 12:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2017-05-10 07:38 - 2017-04-04 12:34 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2017-05-10 07:38 - 2017-04-04 12:34 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2017-05-10 07:38 - 2017-04-04 11:53 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2017-05-10 07:38 - 2017-04-04 11:53 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2017-05-10 07:38 - 2017-03-10 13:32 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll 2017-05-10 07:38 - 2017-03-10 13:32 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll 2017-05-10 07:38 - 2017-03-10 13:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll 2017-05-10 07:38 - 2017-03-10 13:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll 2017-05-10 07:38 - 2017-03-10 12:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe 2017-05-10 07:38 - 2017-03-10 12:55 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys 2017-05-10 07:38 - 2017-03-10 12:55 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys 2017-05-10 07:38 - 2017-03-09 13:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2017-05-10 07:38 - 2017-03-09 13:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2017-04-11 20:47 - 2017-03-22 12:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2017-04-11 20:47 - 2017-03-22 12:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2017-04-11 20:47 - 2017-03-22 12:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2017-04-11 20:47 - 2017-03-22 12:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2017-04-11 20:47 - 2017-03-22 12:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2017-04-11 20:47 - 2017-03-22 12:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2017-04-11 20:47 - 2017-03-10 13:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2017-04-11 20:47 - 2017-03-10 13:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2017-04-11 20:47 - 2017-03-07 13:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2017-04-11 20:47 - 2017-03-07 13:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2017-04-11 20:47 - 2017-03-07 11:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2017-04-11 20:47 - 2017-03-03 22:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2017-04-11 20:47 - 2017-03-03 22:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll 2017-04-11 20:47 - 2017-03-03 22:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2017-04-11 20:47 - 2017-03-03 22:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll 2017-04-11 20:47 - 2016-03-23 19:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2017-04-11 20:47 - 2016-03-23 19:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2017-04-11 20:46 - 2017-03-22 12:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2017-04-11 20:46 - 2017-03-22 12:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2017-04-11 20:46 - 2017-03-22 12:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2017-04-11 20:46 - 2017-03-22 12:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2017-04-11 20:46 - 2017-03-22 12:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2017-04-11 20:46 - 2017-03-22 12:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2017-04-11 20:46 - 2017-03-22 12:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2017-04-11 20:46 - 2017-03-22 12:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2017-04-11 20:46 - 2017-03-22 12:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2017-04-11 20:46 - 2017-03-22 12:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2017-04-11 20:46 - 2017-03-10 13:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2017-04-11 20:46 - 2017-03-10 13:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2017-04-11 20:46 - 2017-03-10 13:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2017-04-11 20:46 - 2017-03-10 13:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2017-04-11 20:46 - 2017-03-10 13:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2017-04-11 20:46 - 2017-03-10 13:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2017-04-11 20:46 - 2017-03-10 13:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2017-04-11 20:46 - 2017-03-10 12:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2017-04-09 10:15 - 2017-04-09 10:15 - 00000000 ____D C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2017 2017-04-09 10:15 - 2017-04-09 10:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2017 2017-03-26 20:33 - 2017-03-26 20:33 - 00028344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll 2017-03-26 20:33 - 2017-03-26 20:33 - 00019104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110_clr0400.dll 2017-03-26 20:33 - 2017-03-26 20:33 - 00019104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll 2017-03-26 20:33 - 2017-03-26 20:33 - 00019104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110_clr0400.dll 2017-03-26 20:29 - 2017-03-26 20:29 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll 2017-03-26 20:29 - 2017-03-26 20:29 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110_clr0400.dll 2017-03-26 20:29 - 2017-03-26 20:29 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll 2017-03-26 20:29 - 2017-03-26 20:29 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_clr0400.dll 2017-03-22 06:43 - 2017-02-14 13:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2017-03-22 06:43 - 2017-02-14 13:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2017-03-22 06:43 - 2017-02-09 13:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll 2017-03-22 06:43 - 2017-02-09 13:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll 2017-03-22 06:43 - 2017-02-09 13:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll 2017-03-22 06:43 - 2017-01-18 12:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2017-03-22 06:43 - 2017-01-18 12:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2017-03-22 06:43 - 2017-01-18 12:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2017-03-22 06:43 - 2017-01-18 12:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2017-03-22 06:43 - 2017-01-18 12:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2017-03-22 06:43 - 2017-01-18 12:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2017-03-22 06:43 - 2017-01-18 12:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll 2017-03-22 06:43 - 2017-01-18 12:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll 2017-03-22 06:43 - 2017-01-18 12:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll 2017-03-22 06:43 - 2017-01-18 12:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll 2017-03-22 06:43 - 2017-01-18 12:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll 2017-03-14 19:18 - 2017-02-10 13:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2017-03-14 19:18 - 2017-02-10 11:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2017-03-14 19:18 - 2017-02-09 11:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2017-03-14 19:18 - 2017-02-09 11:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2017-03-14 19:18 - 2017-02-06 13:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe 2017-03-14 19:18 - 2017-01-11 15:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2017-03-14 19:18 - 2017-01-11 14:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2017-03-14 19:17 - 2017-02-10 13:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2017-03-14 19:17 - 2017-02-09 13:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll 2017-03-14 19:17 - 2017-02-09 13:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll 2017-03-14 19:17 - 2017-02-09 13:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll 2017-03-14 19:17 - 2017-02-09 13:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll 2017-03-14 19:17 - 2017-02-09 13:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll 2017-03-14 19:17 - 2017-02-09 12:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll 2017-03-14 19:17 - 2017-01-13 15:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2017-03-14 19:17 - 2017-01-13 15:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll 2017-03-14 19:17 - 2017-01-13 14:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2017-03-14 19:17 - 2017-01-13 14:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll 2017-03-14 19:17 - 2017-01-11 15:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2017-03-14 19:17 - 2017-01-11 14:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2017-03-08 08:40 - 2017-02-22 20:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2017-03-08 08:40 - 2017-02-22 20:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2017-03-08 08:40 - 2017-02-18 11:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2017-03-08 08:40 - 2017-02-18 11:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2017-03-08 08:40 - 2016-12-31 12:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2017-03-08 08:40 - 2016-12-31 12:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2017-03-08 08:40 - 2016-12-31 12:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2017-03-08 08:40 - 2016-12-31 12:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2017-03-08 08:40 - 2016-12-31 12:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll ==================== Três Meses Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-06-04 09:31 - 2009-07-14 01:45 - 00064464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-06-04 09:31 - 2009-07-14 01:45 - 00064464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-06-04 09:25 - 2009-07-14 14:55 - 00708966 _____ C:\Windows\system32\prfh0416.dat 2017-06-04 09:25 - 2009-07-14 14:55 - 00148746 _____ C:\Windows\system32\prfc0416.dat 2017-06-04 09:25 - 2009-07-14 02:13 - 01643950 _____ C:\Windows\system32\PerfStringBackup.INI 2017-06-04 09:25 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf 2017-06-04 09:18 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-06-03 22:23 - 2016-08-01 20:21 - 00000000 ____D C:\Users\Carlos\AppData\Roaming\ZHP 2017-05-31 20:37 - 2011-12-07 12:16 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes 2017-05-31 20:37 - 2011-12-07 12:16 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-05-30 17:45 - 2010-11-13 23:59 - 00565416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2017-05-23 09:45 - 2013-07-10 14:41 - 00000000 ____D C:\Windows\system32\MRT 2017-05-23 09:42 - 2010-11-14 00:01 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-05-19 08:05 - 2009-07-14 02:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2017-05-18 18:16 - 2010-11-13 13:22 - 00000000 ____D C:\Users\Carlos 2017-05-18 15:20 - 2009-07-14 01:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2017-05-11 09:18 - 2014-08-14 16:44 - 00000000 ____D C:\Users\Carlos\AppData\Local\Adobe 2017-05-11 09:18 - 2012-08-25 08:42 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-05-11 09:18 - 2012-08-25 08:42 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-05-11 09:18 - 2011-10-04 20:28 - 00000000 ____D C:\Windows\system32\Macromed 2017-05-11 09:18 - 2010-11-14 15:40 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-05-10 18:24 - 2011-01-02 18:29 - 00002376 _____ C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-05-10 09:48 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\rescache 2017-05-10 07:54 - 2009-07-14 01:45 - 00410448 _____ C:\Windows\system32\FNTCACHE.DAT 2017-05-10 07:52 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2017-05-10 07:49 - 2011-01-11 09:02 - 01609224 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2017-05-10 07:43 - 2010-11-20 19:56 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help 2017-05-05 08:22 - 2009-07-14 02:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== Arquivos na raiz de alguns diretórios ======= 2015-01-30 13:07 - 2015-01-30 13:07 - 0016031 _____ () C:\Users\Carlos\AppData\Roaming\unins000.dat 2010-11-14 20:39 - 2017-01-19 19:05 - 0007598 _____ () C:\Users\Carlos\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2017-06-02 09:20 ==================== Fim de FRST.txt ============================ Addition.txt
  10. karlo

    malware

    Seguem os logs: # AdwCleaner v6.047 - Relatório criado 03/06/2017 às 21:56:11 # Atualizado em 19/05/2017 por Malwarebytes # Banco de dados : 2017-06-02.2 [Servidor] # Sistema operacional : Windows 7 Ultimate Service Pack 1 (X64) # Usuário : Carlos - CARLOS-PC # Executando de : C:\adwcleaner_6.047.exe # Modo: Digitalizar # Apoio : https://www.malwarebytes.com/support ***** [ Serviços ] ***** Não foram encontrados serviços maliciosos. ***** [ Pastas ] ***** Nenhuma pasta maliciosa encontrada. ***** [ Arquivos ] ***** Arquivo encontrado: C:\Users\Carlos\AppData\Local\Microsoft\Internet Explorer\DOMStore\MJ7A3MFW\translationbuddy.dl.tb.ask[1].xml Arquivo encontrado: C:\Users\Carlos\AppData\Local\Microsoft\Internet Explorer\DOMStore\6FEP8TAC\translationbuddy.dl.myway[1].xml ***** [ DLL ] ***** Não foram encontradas DLLs mal-intencionadas. ***** [ WMI ] ***** Nenhuma chave mal-intencionada encontrada. ***** [ Atalhos ] ***** Nenhum atalho infectado encontrado. ***** [ Atividades agendadas ] ***** Nenhuma tarefa maliciosa encontrada. ***** [ Registro ] ***** Chave encontrada: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com Chave encontrada: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\translationbuddy.dl.myway.com Chave encontrada: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com Chave encontrada: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com Chave encontrada: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com Chave encontrada: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com Chave encontrada: HKCU\SOFTWARE\Classes\ChromeHTML ***** [ Navegadores ] ***** Nenhum item de navegador baseado em Firefox malicioso encontrado. Nenhum item de navegador baseado em Chromo malicioso encontrado. ************************* C:\AdwCleaner\AdwCleaner[S0].txt - [1950 Bytes] - [03/06/2017 21:56:11] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2023 Bytes] ########## # AdwCleaner v6.047 - Relatório criado 03/06/2017 às 21:56:49 # Atualizado em 19/05/2017 por Malwarebytes # Banco de dados : 2017-06-02.2 [Servidor] # Sistema operacional : Windows 7 Ultimate Service Pack 1 (X64) # Usuário : Carlos - CARLOS-PC # Executando de : C:\adwcleaner_6.047.exe # Modo: Limpo # Apoio : https://www.malwarebytes.com/support ***** [ Serviços ] ***** ***** [ Pastas ] ***** ***** [ Arquivos ] ***** [-] Arquivo excluído:C:\Users\Carlos\AppData\Local\Microsoft\Internet Explorer\DOMStore\MJ7A3MFW\translationbuddy.dl.tb.ask[1].xml [-] Arquivo excluído:C:\Users\Carlos\AppData\Local\Microsoft\Internet Explorer\DOMStore\6FEP8TAC\translationbuddy.dl.myway[1].xml ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Atalhos ] ***** ***** [ Atividades agendadas ] ***** ***** [ Registro ] ***** [-] Chave excluída:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com [-] Chave excluída:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\translationbuddy.dl.myway.com [-] Chave excluída:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com [-] Chave excluída:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com [#] Chave excluída na reinicialização:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com [#] Chave excluída na reinicialização:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com [-] Chave excluída:HKCU\SOFTWARE\Classes\ChromeHTML ***** [ Verificando navegadores ... ] ***** ************************* :: Políticas do IE excluídas :: Políticas do Chrome excluídas ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [1738 Bytes] - [03/06/2017 21:56:49] C:\AdwCleaner\AdwCleaner[S0].txt - [2110 Bytes] - [03/06/2017 21:56:11] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1884 Bytes] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.3 (04.10.2017) Operating System: Windows 7 Ultimate x64 Ran by Carlos (Administrator) on 04/06/2017 at 9:35:15,84 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 32 Successfully deleted: C:\Users\Carlos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YIQAH47 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Carlos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1E02HDHA (Temporary Internet Files Folder) Successfully deleted: C:\Users\Carlos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1X8NSYND (Temporary Internet Files Folder) Successfully deleted: C:\Users\Carlos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35FIJAEB (Temporary Internet Files Folder) Successfully deleted: C:\Users\Carlos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CGNBCH3N (Temporary Internet Files Folder) Successfully deleted: C:\Users\Carlos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F912QB4I (Temporary Internet Files Folder) Successfully deleted: C:\Users\Carlos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LOBLBC5X (Temporary Internet Files Folder) Successfully deleted: C:\Users\Carlos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRC15T0F (Temporary Internet Files Folder) Successfully deleted: C:\Users\Carlos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBZWXV68 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Carlos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZX9CFKY (Temporary Internet Files Folder) Successfully deleted: C:\Users\Carlos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W8FPD7QG (Temporary Internet Files Folder) Successfully deleted: C:\Users\Carlos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W8Y56PT8 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Carlos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1GRAUVK (Temporary Internet Files Folder) Successfully deleted: C:\Users\Carlos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3IPU490 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Carlos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEKTKUFN (Temporary Internet Files Folder) Successfully deleted: C:\Users\Carlos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4KVTJ95 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YIQAH47 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1E02HDHA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1X8NSYND (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35FIJAEB (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CGNBCH3N (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F912QB4I (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LOBLBC5X (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRC15T0F (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBZWXV68 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZX9CFKY (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W8FPD7QG (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W8Y56PT8 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1GRAUVK (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3IPU490 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEKTKUFN (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4KVTJ95 (Temporary Internet Files Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 04/06/2017 at 9:37:55,57 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~ ZHPCleaner v2017.6.3.88 by Nicolas Coolman (2017/06/03) ~ Run by Carlos (Administrator) (03/06/2017 22:23:38) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Reparo ~ Report : E:\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Carlos\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\\ Serviços (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Navegadores de Internet (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Arquivo hosts (1) ~ O arquivo hosts é legítimo (1) ---\\ Tarefas automáticas agendadas. (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Explorer ( Arquivos, Pastas) (7) MOVIDO pasta: C:\Windows\Installer\wix{05BFB060-4F22-4710-B0A2-2801A1B606C5}.SchedServiceConfig.rmi =>.Superfluous.Empty MOVIDO pasta: C:\Windows\Installer\wix{774088D4-0777-4D78-904D-E435B318F5D2}.SchedServiceConfig.rmi =>.Superfluous.Empty MOVIDO pasta: C:\Users\Carlos\AppData\Local\Temp\CVR16DA.tmp.cvr =>.Superfluous.Temporary.Empty MOVIDO pasta: C:\Users\Carlos\AppData\Local\Temp\CVRA8CE.tmp.cvr =>.Superfluous.Temporary.Empty MOVIDO pasta: C:\Users\Carlos\AppData\Local\Temp\CVRE437.tmp.cvr =>.Superfluous.Temporary.Empty MOVIDO pasta: C:\Users\Carlos\AppData\Local\Temp\DeleteOnReboot.bat =>.Superfluous.Temporary.Empty MOVIDO pasta: C:\Users\Carlos\AppData\Local\Temp\~DF4C20E0BF7102A44D.TMP =>.Superfluous.Temporary.Empty ---\\ Registro ( Chaves, Valores, Dados ) (3) SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\atwola.com [] =>.Superfluous.Atwola SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ol.at.atwola.com [315] =>.Superfluous.Atwola SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.olark.com [20043] =>PUP.Optional.Generic ---\\ Resumo dos elementos encontrados na sua estação de trabalho (4) https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Temporary.Empty https://nicolascoolman.eu/2017/02/04/superfluous-atwola/ =>.Superfluous.Atwola https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.Generic ---\\ Dodatkowe oczyszczenie. (17) ~ Chave de registro Tracing Supprimido (17) ~ Remover os relatórios antigos ZHPCleaner. (0) ---\\ Resultado de reparação Reparação efectuada com sucesso ~ Este navegador está faltando ! (Mozilla Firefox) ~ Este navegador está faltando ! (Opera Software) ---\\ Estatísticas ~ Items scan : 495 ~ Items encontrado : 0 ~ items cancelados : 0 ~ Items réparo : 10 ~ End of clean in 00h00mn07s ~==================== ZHPCleaner-[R]-01082016-20_31_13.txt ZHPCleaner-[R]-03062017-22_23_45.txt ZHPCleaner--01082016-20_27_00.txt ZHPCleaner--03062017-22_22_34.txt
  11. karlo

    malware

    Bom dia amigo TURCO, obgdo pelo retorno. Tenho a dizer que não tenho desktop em "C", o meu desktop está em "E", cfe segue novo relatório do ZAScan. Porém, existe uma pasta em "C" "default" e dentro desta pasta entre outras, existe uma pasta "desktop" só q vazia, bem como todas as demais(documentos downloads, favoritos, etc...)todas vazias, mandei o técnico fazer isto por segurança, pois se atacassem alguma destas pastas, penso q salvaria o "C" q é onde tem o SO. pra você ter uma ideia, tenho este note há 07 anos e nunca foi formatado, portanto gostaria de saber, das próximas etapas se executo da raiz do "C" ou do "E" desktop? ZA-Scan V1.0.0.5 Updated 30-09-2015 Tool run by Carlos on 03/06/2017 at 8:26:36,52. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode No Internet Access Detected Launched: E:\Desktop\ZA-Scan.exe [Z-Analyse Scan] ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe E:\Desktop\ZA-Scan.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Users\Carlos\AppData\Local\Temp\ZAScan.exe ==== Services(whitelist) ====================== Powered by E Dev R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe R2 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe R3 - [NisSrv] - Inspeção de Rede da Microsoft - c:\program files\microsoft security client\nissrv.exe R3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [ehRecvr] - Serviço Receptor do Windows Media Center - c:\windows\ehome\ehrecvr.exe S3 - [ehSched] - Serviço Agendador do Windows Media Center - c:\windows\ehome\ehsched.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe S3 - [MBAMService] - Malwarebytes Service - c:\program files\malwarebytes\anti-malware\mbamservice.exe S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - c:\program files (x86)\microsoft office\office14\groove.exe S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe S3 - [PerfHost] - Host de DLL de Contador de Desempenho - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe S3 - [WatAdminSvc] - Serviço de Tecnologias de Ativação do Windows - c:\windows\system32\wat\watadminsvc.exe S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe S4 - [aspnet_state] - Serviço de estado do ASP.NET - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe ==== Drivers(whitelist) ====================== Powered by E Dev R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys R0 - [MpFilter] - Microsoft Malware Protection Driver - C:\Windows\system32\Drivers\MpFilter.sys R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys R3 - [srv] - Driver SMB 1.xxx do Servidor - C:\Windows\system32\Drivers\srv.sys R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\Windows\system32\Drivers\srv2.sys R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys R0 - [atapi] - Canal de IDE - C:\Windows\system32\Drivers\atapi.sys R0 - [CLFS] - Log Comum (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x] R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys R0 - [Compbatt] - Microsoft Composite Battery Driver - C:\Windows\system32\Drivers\Compbatt.sys R0 - [Disk] - Driver de disco - C:\Windows\system32\Drivers\Disk.sys R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\Windows\system32\Drivers\fvevol.sys R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\Windows\system32\Drivers\mountmgr.sys R0 - [msahci] - msahci - C:\Windows\system32\Drivers\msahci.sys R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys R0 - [NDIS] - Driver do Sistema NDIS - C:\Windows\system32\Drivers\NDIS.sys R0 - [partmgr] - Gerenciador de Partições - C:\Windows\system32\Drivers\partmgr.sys R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys R0 - [storflt] - Driver de Filtro de Aceleração do Barramento da Máquina Virtual do Disco - C:\Windows\system32\Drivers\storflt.sys [x] R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\Windows\system32\Drivers\Tcpip.sys R0 - [tpsacpi] - TPS Firmware Extension Device Driver - C:\Windows\system32\Drivers\tpsacpi.sys R0 - [vdrvroot] - Driver de enumerador da unidade virtual Microsoft - C:\Windows\system32\Drivers\vdrvroot.sys R0 - [vmbus] - Barramento da Máquina Virtual - C:\Windows\system32\Drivers\vmbus.sys R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\Windows\system32\Drivers\volmgrx.sys R0 - [volsnap] - Volumes de armazenamento - C:\Windows\system32\Drivers\volsnap.sys R0 - [Wdf01000] - Serviço de Estruturas de Driver em Modo Kernel - C:\Windows\system32\Drivers\Wdf01000.sys R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\Windows\system32\Drivers\tdx.sys R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BCSSync" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CCleaner Monitoring" "hkey"="HKCU" "command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Control Center] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Control Center" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Control Center\\CCenter.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\Carlos\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes TrayApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Malwarebytes TrayApp" "hkey"="HKLM" "command"="C:\\PROGRAM FILES\\MALWAREBYTES\\ANTI-MALWARE\\mbamtray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OfficeSyncProcess] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="OfficeSyncProcess" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSOSYNC.EXE\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MBAMScheduler] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MBAMService] ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3432816679-3945175316-583782178-1000Core.job --a------ C:\Users\Carlos\AppData\Local\Google\Update\GoogleUpdate.exe [02/01/2011 16:38] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3432816679-3945175316-583782178-1000UA.job --a------ C:\Users\Carlos\AppData\Local\Google\Update\GoogleUpdate.exe [02/01/2011 16:38] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3432816679-3945175316-583782178-1000Core" [C:\Users\Carlos\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3432816679-3945175316-583782178-1000UA" [C:\Users\Carlos\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{B3AA01DE-71D0-4879-9C5F-F0500FF17AD9}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{2F83E935-464A-4F89-B6B1-45F2EB76E05B}" [E:\Desktop\Nova pasta\TOCOM DUOMINI\01-Loader Tocomsat mini.exe] "C:\Windows\SysNative\tasks\{32346A64-F662-44C4-9336-F960E7D5FB47}" [E:\Desktop\Nova pasta\TOCOM DUOMINI\01-Loader Tocomsat mini.exe] "C:\Windows\SysNative\tasks\{7E252D4E-0D2C-4C78-B45F-4116395B1E5B}" [E:\Desktop\Nova pasta\TOCOM DUOMINI\01-Loader Tocomsat mini.exe] "C:\Windows\SysNative\tasks\{7E8ED106-1115-4E63-B9A6-017DDD035570}" [E:\Desktop\Nova pasta\TOCOM DUOMINI\01-Loader Tocomsat mini.exe] "C:\Windows\SysNative\tasks\{A406559D-4BF1-40C4-929E-28B2CF527548}" [E:\Downloads\IRPF2012win32v1.0.exe] "C:\Windows\SysNative\tasks\{B34F277E-6074-4E8D-8561-7E15B7F2348F}" [E:\Desktop\Nova pasta\TOCOM DUOMINI\01-Loader Tocomsat mini.exe] "C:\Windows\SysNative\tasks\{CE7B2BE2-FEA7-48BE-B28D-8DE6F00900B5}" [E:\Desktop\Nova pasta\TOCOM DUOMINI\01-Loader Tocomsat mini.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Chromium Look ====================== HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions nnjbodopomfddehlalfilheomcahbpei - C:\Users\Carlos\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[14/08/2014 12:41] Google Slides - Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Sheets - Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Chrome Media Router - Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {802DAEFB-75FB-4AA4-B47E-50A535FA2549} Google Url="http://www.google.com/search?hl=pt-BR&q={searchTerms}" ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab ==== EOF on 03/06/2017 at 8:27:53,56 ======================
  12. karlo

    malware

    Passo regularmente o MBAM e o mesmo detectou os malwares em anexo, segue o log zascan. No mais nada notei de anormal. ZA-Scan V1.0.0.5 Updated 30-09-2015 Tool run by Carlos on 31/05/2017 at 21:25:06,68. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode No Internet Access Detected Launched: C:\ZA-Scan.exe [Z-Analyse Scan] ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\ZA-Scan.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Users\Carlos\AppData\Local\Temp\ZAScan.exe ==== Services(whitelist) ====================== Powered by E Dev R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe R2 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe R3 - [MBAMService] - Malwarebytes Service - c:\program files\malwarebytes\anti-malware\mbamservice.exe R3 - [NisSrv] - Inspeção de Rede da Microsoft - c:\program files\microsoft security client\nissrv.exe R3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [ehRecvr] - Serviço Receptor do Windows Media Center - c:\windows\ehome\ehrecvr.exe S3 - [ehSched] - Serviço Agendador do Windows Media Center - c:\windows\ehome\ehsched.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - c:\program files (x86)\microsoft office\office14\groove.exe S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe S3 - [PerfHost] - Host de DLL de Contador de Desempenho - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe S3 - [WatAdminSvc] - Serviço de Tecnologias de Ativação do Windows - c:\windows\system32\wat\watadminsvc.exe S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe S4 - [aspnet_state] - Serviço de estado do ASP.NET - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe ==== Drivers(whitelist) ====================== Powered by E Dev R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys R0 - [MBAMSwissArmy] - MBAMSwissArmy - C:\Windows\system32\Drivers\MBAMSwissArmy.sys R0 - [MpFilter] - Microsoft Malware Protection Driver - C:\Windows\system32\Drivers\MpFilter.sys R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys R3 - [srv] - Driver SMB 1.xxx do Servidor - C:\Windows\system32\Drivers\srv.sys R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\Windows\system32\Drivers\srv2.sys R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys R0 - [atapi] - Canal de IDE - C:\Windows\system32\Drivers\atapi.sys R0 - [CLFS] - Log Comum (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x] R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys R0 - [Compbatt] - Microsoft Composite Battery Driver - C:\Windows\system32\Drivers\Compbatt.sys R0 - [Disk] - Driver de disco - C:\Windows\system32\Drivers\Disk.sys R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\Windows\system32\Drivers\fvevol.sys R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\Windows\system32\Drivers\mountmgr.sys R0 - [msahci] - msahci - C:\Windows\system32\Drivers\msahci.sys R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys R0 - [NDIS] - Driver do Sistema NDIS - C:\Windows\system32\Drivers\NDIS.sys R0 - [partmgr] - Gerenciador de Partições - C:\Windows\system32\Drivers\partmgr.sys R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys R0 - [storflt] - Driver de Filtro de Aceleração do Barramento da Máquina Virtual do Disco - C:\Windows\system32\Drivers\storflt.sys [x] R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\Windows\system32\Drivers\Tcpip.sys R0 - [tpsacpi] - TPS Firmware Extension Device Driver - C:\Windows\system32\Drivers\tpsacpi.sys R0 - [vdrvroot] - Driver de enumerador da unidade virtual Microsoft - C:\Windows\system32\Drivers\vdrvroot.sys R0 - [vmbus] - Barramento da Máquina Virtual - C:\Windows\system32\Drivers\vmbus.sys R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\Windows\system32\Drivers\volmgrx.sys R0 - [volsnap] - Volumes de armazenamento - C:\Windows\system32\Drivers\volsnap.sys R0 - [Wdf01000] - Serviço de Estruturas de Driver em Modo Kernel - C:\Windows\system32\Drivers\Wdf01000.sys R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\Windows\system32\Drivers\tdx.sys R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BCSSync" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CCleaner Monitoring" "hkey"="HKCU" "command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Control Center] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Control Center" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Control Center\\CCenter.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\Carlos\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes TrayApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Malwarebytes TrayApp" "hkey"="HKLM" "command"="C:\\PROGRAM FILES\\MALWAREBYTES\\ANTI-MALWARE\\mbamtray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OfficeSyncProcess] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="OfficeSyncProcess" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSOSYNC.EXE\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MBAMScheduler] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MBAMService] ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3432816679-3945175316-583782178-1000Core.job --a------ C:\Users\Carlos\AppData\Local\Google\Update\GoogleUpdate.exe [02/01/2011 16:38] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3432816679-3945175316-583782178-1000UA.job --a------ C:\Users\Carlos\AppData\Local\Google\Update\GoogleUpdate.exe [02/01/2011 16:38] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3432816679-3945175316-583782178-1000Core" [C:\Users\Carlos\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3432816679-3945175316-583782178-1000UA" [C:\Users\Carlos\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{B3AA01DE-71D0-4879-9C5F-F0500FF17AD9}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{2F83E935-464A-4F89-B6B1-45F2EB76E05B}" [E:\Desktop\Nova pasta\TOCOM DUOMINI\01-Loader Tocomsat mini.exe] "C:\Windows\SysNative\tasks\{32346A64-F662-44C4-9336-F960E7D5FB47}" [E:\Desktop\Nova pasta\TOCOM DUOMINI\01-Loader Tocomsat mini.exe] "C:\Windows\SysNative\tasks\{7E252D4E-0D2C-4C78-B45F-4116395B1E5B}" [E:\Desktop\Nova pasta\TOCOM DUOMINI\01-Loader Tocomsat mini.exe] "C:\Windows\SysNative\tasks\{7E8ED106-1115-4E63-B9A6-017DDD035570}" [E:\Desktop\Nova pasta\TOCOM DUOMINI\01-Loader Tocomsat mini.exe] "C:\Windows\SysNative\tasks\{A406559D-4BF1-40C4-929E-28B2CF527548}" [E:\Downloads\IRPF2012win32v1.0.exe] "C:\Windows\SysNative\tasks\{B34F277E-6074-4E8D-8561-7E15B7F2348F}" [E:\Desktop\Nova pasta\TOCOM DUOMINI\01-Loader Tocomsat mini.exe] "C:\Windows\SysNative\tasks\{CE7B2BE2-FEA7-48BE-B28D-8DE6F00900B5}" [E:\Desktop\Nova pasta\TOCOM DUOMINI\01-Loader Tocomsat mini.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Chromium Look ====================== HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions nnjbodopomfddehlalfilheomcahbpei - C:\Users\Carlos\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[14/08/2014 12:41] Google Slides - Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Sheets - Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Chrome Media Router - Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {802DAEFB-75FB-4AA4-B47E-50A535FA2549} Google Url="http://www.google.com/search?hl=pt-BR&q={searchTerms}" ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab ==== EOF on 31/05/2017 at 21:26:21,10 ====================== log do MBAM: Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 31/05/17 Hora da análise: 20:49 Arquivo de registro: MBAM.txt Administrador: Sim -Informação do software- Versão: 3.1.2.1733 Versão de componentes: 1.0.139 Versão do pacote de definições: 1.0.2062 Licença: Grátis -Informação do sistema- Sistema operacional: Windows 7 Service Pack 1 CPU: x64 Sistema de arquivos: NTFS Usuário: Carlos-PC\Carlos -Resumo da análise- Tipo de análise: Análise de Ameaças Resultado: Concluído Objetos verificados: 335418 Ameaças detectadas: 2 Ameaças em quarentena: 2 Tempo decorrido: 10 min, 44 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Habilitado PUM: Habilitado -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 2 PUP.Optional.ASK, HKU\S-1-5-21-3432816679-3945175316-583782178-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\ask.com, Quarentena, [523], [391322],1.0.2062 PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-3432816679-3945175316-583782178-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\translationbuddy.dl.tb.ask.com, Quarentena, [834], [391321],1.0.2062 Valor de registro: 0 (Nenhum item malicioso detectado) Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 0 (Nenhum item malicioso detectado) Arquivo: 0 (Nenhum item malicioso detectado) Setor físico: 0 (Nenhum item malicioso detectado) (end)
  13. Amigo, primeiro teste o carregador para ver se carrega, caso não, experimente com outro carregador.
  14. karlo

    tablet na tv

    Alguém?.................
  15. karlo

    tablet na tv

    Bem amigos, quero assistir yuotube na tv com o tablet, a minha dúvida é se posso desligar a tela do tablet e como faço? o tablet é um CCE TR72.

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Redes de Computadores - Gabriel Torres

PROMOÇÃO DE QUARENTENA

De R$ 39,90 por apenas R$ 9,90 só até as 23h59min desta sexta-feira 03/04/2020

CLIQUE AQUI E COMPRE AGORA MESMO!