Ir ao conteúdo
  • Cadastre-se
microldo

Malwares e Virus Varios itens detectados

Posts recomendados

Olá

Estou ajudando minha irmã com esta maquina e quando fiz o scan com malware bytes foram detectados mais de 700 itens.

 

Rodei o antivírus Kaspersky que encontrou alguns vírus que foram para quarentena.

 

O spyboot não detectou nada e adware cleaner detectou outros itens.

 

Preciso de orientação como proceder pois o computador é utilizado para acesso a bancos e pagamentos.

 

Grato!

 

Não consegui anexar o arquivo do za scan então colei.

 

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by Ana Cl udia on 24/06/2020 at 13:14:32,49.
Microsoft Windows 8.1 Single Language 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\ANACLU~1\Desktop\zoek\ZA-Scan.exe [Z-Analyse Scan]

==== Running Processes ======================

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\SysWOW64\svchost.exe
C:\Windows\SysWOW64\irstrtsv.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Users\Ana Cláudia\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
C:\Users\Ana Cláudia\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE
C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Users\ANACLU~1\AppData\Local\Temp\ZAScan.exe

==== Services(whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
R2 - [AtherosSvc] - AtherosSvc - c:\program files (x86)\dell wireless\bluetooth suite\adminservice.exe
R2 - [IAStorDataMgrSvc] - Tecnologia de armazenamento Intel(R) Rapid - c:\program files (x86)\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe
R2 - [IconMan_R] - IconMan_R - c:\program files (x86)\realtek\realtek usb 2.0 card reader\riconman.exe
R2 - [igfxCUIService1.0.0.0] - Intel(R) HD Graphics Control Panel Service - c:\windows\system32\igfxcuiservice.exe
R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
R2 - [irstrtsv] - Intel(R) Rapid Start Technology Service - c:\windows\syswow64\irstrtsv.exe
R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe
R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
R2 - [PandaAgent] - Panda Devices Agent - c:\program files (x86)\panda security\panda devices agent\agentsvc.exe
R2 - [PSI_SVC_2_x64] - Protexis Licensing V2 x64 - c:\program files\common files\protexis\license service\psiservice_2.exe
R2 - [RapportMgmtService] - Rapport Management Service - c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe
R2 - [SDScannerService] - Spybot-S&D 2 Scanner Service - c:\program files (x86)\spybot - search & destroy 2\sdfssvc.exe
R2 - [SDUpdateService] - Spybot-S&D 2 Updating Service - c:\program files (x86)\spybot - search & destroy 2\sdupdsvc.exe
R2 - [SDWSCService] - Spybot-S&D 2 Security Center Service - c:\program files (x86)\spybot - search & destroy 2\sdwscsvc.exe
R2 - [SftService] - SoftThinks Agent Service - c:\program files (x86)\dell backup and recovery\sftservice.exe
R2 - [STacSV] - Audio Service - c:\program files\idt\wdm\stacsv64.exe
R2 - [UNS] - Intel(R) Management and Security Application User Notification Service - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe
R2 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R2 - [ZAtheros Wlan Agent] - ZAtheros Wlan Agent - c:\program files (x86)\dell wireless\ath_wlanagent.exe
R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S2 - [AVP20.0] - Serviço do Kaspersky Anti-Virus 20.0 - c:\program files (x86)\kaspersky lab\kaspersky internet security 20.0\avp.exe
S2 - [gupdate] - Serviço do Google Update (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [KSDE4.0] - Serviço do Kaspersky Secure Connection 4.0 - c:\program files (x86)\kaspersky lab\kaspersky secure connection 4.0\ksde.exe
S2 - [rkrtservice] - RogueKiller RTP - c:\program files\roguekiller\roguekillersvc.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe
S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [GoogleChromeElevationService] - Google Chrome Elevation Service - c:\program files (x86)\google\chrome\application\83.0.4103.106\elevation_service.exe
S3 - [gupdatem] - Serviço do Google Update (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [IEEtwCollectorService] - Serviço Coletor ETW do Internet Explorer - c:\windows\system32\ieetwcollector.exe
S3 - [klvssbridge64_20.0] - Kaspersky Volume Shadow Copy Service Bridge 20.0 - c:\program files (x86)\kaspersky lab\kaspersky internet security 20.0\x64\vssbridge64.exe
S3 - [kpm_launch_service] - Kaspersky Password Manager Service - c:\program files (x86)\kaspersky lab\kaspersky password manager 9.0.2\kpm_service.exe
S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [PerfHost] - Host de DLL de Contador de Desempenho - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe
S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe
S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe
S3 - [WdNisSvc] - Serviço de Inspeção de Rede do Windows Defender - c:\program files\windows defender\nissrv.exe
S3 - [WinDefend] - Serviço Windows Defender - c:\program files\windows defender\msmpeng.exe
S3 - [wmiApSrv] - Adaptador de Desempenho WMI - c:\windows\system32\wbem\wmiapsrv.exe

==== Drivers(whitelist) ======================
Powered by E Dev

R0 - [FileInfo] - File Information FS MiniFilter - C:\WINDOWS\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\WINDOWS\system32\Drivers\FltMgr.sys
R0 - [Mup] - Mup - C:\WINDOWS\system32\Drivers\Mup.sys
R0 - [Wof] - Windows Overlay File System Filter Driver - C:\WINDOWS\system32\Drivers\Wof.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\WINDOWS\system32\Drivers\NetBIOS.sys
R2 - [srv] - Driver SMB 1.xxx do Servidor - C:\WINDOWS\system32\Drivers\srv.sys
R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\WINDOWS\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\WINDOWS\system32\Drivers\ACPI.sys
R0 - [acpiex] - Microsoft ACPIEx Driver - C:\WINDOWS\system32\Drivers\acpiex.sys
R0 - [amdkmpfd] - AMD PCI Root Bus Lower Filter - C:\WINDOWS\system32\Drivers\amdkmpfd.sys
R0 - [CLFS] - Common Log (CLFS) - C:\WINDOWS\system32\Drivers\CLFS.sys
R0 - [cm_km] - AO Kaspersky Lab Cryptographic Module x64 (56 bit) - C:\WINDOWS\system32\Drivers\cm_km.sys
R0 - [CNG] - CNG - C:\WINDOWS\system32\Drivers\CNG.sys
R0 - [disk] - Driver de disco - C:\WINDOWS\system32\Drivers\disk.sys
R0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\WINDOWS\system32\Drivers\EhStorClass.sys
R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\WINDOWS\system32\Drivers\fvevol.sys
R0 - [iaStorA] - iaStorA - C:\WINDOWS\system32\Drivers\iaStorA.sys
R0 - [intelpep] - Driver Intel(R) Power Engine Plug-in - C:\WINDOWS\system32\Drivers\intelpep.sys
R0 - [kl1] - kl1 - C:\WINDOWS\system32\Drivers\kl1.sys
R0 - [klbackupdisk] - Kaspersky Lab klbackupdisk - C:\WINDOWS\system32\Drivers\klbackupdisk.sys
R0 - [KSecDD] - KSecDD - C:\WINDOWS\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\WINDOWS\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\WINDOWS\system32\Drivers\mountmgr.sys
R0 - [msisadrv] - msisadrv - C:\WINDOWS\system32\Drivers\msisadrv.sys
R0 - [NDIS] - Driver do Sistema NDIS - C:\WINDOWS\system32\Drivers\NDIS.sys
R0 - [partmgr] - Gerenciador de Partições - C:\WINDOWS\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\WINDOWS\system32\Drivers\pci.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\WINDOWS\system32\Drivers\pcw.sys
R0 - [pdc] - pdc - C:\WINDOWS\system32\Drivers\pdc.sys
R0 - [RapportHades64] - RapportHades64 - C:\WINDOWS\system32\Drivers\RapportHades64.sys
R0 - [RapportKE64] - RapportKE64 - C:\WINDOWS\system32\Drivers\RapportKE64.sys
R0 - [rdyboost] - ReadyBoost - C:\WINDOWS\system32\Drivers\rdyboost.sys
R0 - [rtcrfilt64] - Realtek Turbo Mode Filter Driver - C:\WINDOWS\system32\Drivers\rtcrfilt64.sys
R0 - [spaceport] - Driver de Espaços de Armazenamento - C:\WINDOWS\system32\Drivers\spaceport.sys
R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\WINDOWS\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Enumerador de Unidade Virtual Microsoft - C:\WINDOWS\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Driver de Gerenciador de Volumes - C:\WINDOWS\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\WINDOWS\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Volumes de armazenamento - C:\WINDOWS\system32\Drivers\volsnap.sys
R0 - [Wdf01000] - Serviço de Estruturas de Driver em Modo Kernel - C:\WINDOWS\system32\Drivers\Wdf01000.sys
R0 - [WFPLWFS] - Plataforma para Filtros do Microsoft Windows - C:\WINDOWS\system32\Drivers\WFPLWFS.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\WINDOWS\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\WINDOWS\system32\Drivers\Beep.sys
R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\WINDOWS\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\WINDOWS\system32\Drivers\tcpipreg.sys
S0 - [hwpolicy] - Hardware Policy Driver - C:\WINDOWS\system32\Drivers\hwpolicy.sys
S0 - [klelam] - klelam - C:\WINDOWS\system32\Drivers\klelam.sys
S3 - [atapi] - Canal de IDE - C:\WINDOWS\system32\Drivers\atapi.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"

[HKEY_USERS\S-1-5-21-2821257140-1764726525-4282850621-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Smart Cleaning"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"Opera Browser Assistant"="C:\Users\Ana Cl udia\AppData\Local\Programs\Opera\assistant\browser_assistant.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"  ISSetupPrerequisistes"="C:\ProgramData\Dell\drivers\9167b9f4-d0ab-4825-a209-4c93d22964b2\DellUpdate_Setup_3_0_1.exe /s /v/qn /l*vx C:\ProgramData\dell\drivers\9167b9f4-d0ab-4825-a209-4c93d22964b2\DUPLogDir\DUPCC85.tmp"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"  ISSetupPrerequisistes"="C:\ProgramData\Dell\drivers\9167b9f4-d0ab-4825-a209-4c93d22964b2\DellUpdate_Setup_3_0_1.exe /s /v/qn /l*vx C:\ProgramData\dell\drivers\9167b9f4-d0ab-4825-a209-4c93d22964b2\DUPLogDir\DUPCC85.tmp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60"
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Smart Cleaning"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"Opera Browser Assistant"="C:\Users\Ana Cl udia\AppData\Local\Programs\Opera\assistant\browser_assistant.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"BtTray"="C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe"
"BtvStack"="C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Folders ======================

2015-10-06 00:53:58    2121    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\SysNative\tasks\CCleaner Update" [C:\Program Files\CCleaner\CCUpdate.exe]
"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Opera scheduled assistant Autoupdate 1547496650" [C:\Users\Ana Cl udia\AppData\Local\Programs\Opera\launcher.exe]
"C:\WINDOWS\SysNative\tasks\Opera scheduled Autoupdate 1536230901" [C:\Users\Ana Cl udia\AppData\Local\Programs\Opera\launcher.exe]
"C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"]
"C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe"]
"C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe"]
"C:\WINDOWS\SysNative\tasks\UpdTask\{6C6A8415-B5BF-2779-54D7-65628603304D}" [C:\Users\ANACLU~1\AppData\Roaming\6C6A84~3\UpdTask.exe]

==== Firefox XPI-files found: ======================

- IBM Security Rapport - C:\Program Files (x86)\Trusteer\Rapport\js\RapportWebExt\rapportext@trusteer.com.xpi
- Office Launcher - C:\ProgramData\Microsoft\OEMOffice15\Office15\x86\15.0.4420.1017\office\data\officefirefox_pt-br.xpi
- Office Launcher - C:\Users\All Users\Microsoft\OEMOffice15\Office15\x86\15.0.4420.1017\office\data\officefirefox_pt-br.xpi
- Undetermined - C:\Users\Ana Cláudia\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi
- IBM Security Rapport - C:\Users\Default\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi
- Undetermined - C:\Users\Todos os Usuários\Microsoft\OEMOffice15\Office15\x86\15.0.4420.1017\office\data\officefirefox_pt-br.xpi

==== Chromium Look ======================

Google Chrome Version: 83.0.4103.106
Chromium Browser Version: 58.0.3025.0

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
elhpdacimkjpccooodognopfhbdgnpbk - https://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bbjllphbppobebmjpjcijfbakobcheof - No path found[]
decldcimcihaomcidlpnlfgebmjafkcg - No path found[]
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
egenicdiafgbhogabodhpfcbcgnpocip - No path found[]
fcfenmboojpjinhpgggodefccipikbpd - No path found[]
iicdcmjmlnliniifciehlchmdepfndfn - No path found[]

IBM Security Rapport - ANACLU~1\AppData\Local\chromium\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof
Search Selector B - ANACLU~1\AppData\Local\chromium\User Data\Default\Extensions\decldcimcihaomcidlpnlfgebmjafkcg
Kaspersky Protection - ANACLU~1\AppData\Local\chromium\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka
Adobe Acrobat - ANACLU~1\AppData\Local\chromium\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj
Search Selector - ANACLU~1\AppData\Local\chromium\User Data\Default\Extensions\egenicdiafgbhogabodhpfcbcgnpocip
MSN Homepage Bing Search Engine - ANACLU~1\AppData\Local\chromium\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Search Selector Beta - ANACLU~1\AppData\Local\chromium\User Data\Default\Extensions\gboaiodgdajeapekadgejlbmabjganof
Search Selector Y - ANACLU~1\AppData\Local\chromium\User Data\Default\Extensions\iicdcmjmlnliniifciehlchmdepfndfn
Management - ANACLU~1\AppData\Local\chromium\User Data\Default\Extensions\inhdgbalcopmbpjfincjponejamhaeop
Internal Chromium Extension - ANACLU~1\AppData\Local\chromium\User Data\Default\Extensions\jondgnkjamcbdehblkmiefpnmgkcmgik
Skype - ANACLU~1\AppData\Local\chromium\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Chrome Web Store Payments - ANACLU~1\AppData\Local\chromium\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Search Manager - ANACLU~1\AppData\Local\chromium\User Data\Default\Extensions\olojcnagmcbplpdddabmpfehhlleobpb
tTab - ANACLU~1\AppData\Local\chromium\User Data\Default\Extensions\oonbcpdabjcggcklopgbdagbfnkhbgbe
Slides - ANACLU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Docs - ANACLU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - ANACLU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
IBM Security Rapport - ANACLU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof
YouTube - ANACLU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - ANACLU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Adobe Acrobat - ANACLU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj
Kaspersky Protection - ANACLU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\elhpdacimkjpccooodognopfhbdgnpbk
Sheets - ANACLU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - ANACLU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
IE Tab - ANACLU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd
Skype - ANACLU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Chrome Web Store Payments - ANACLU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - ANACLU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Chrome Media Router - ANACLU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-a8277f1ae1d9ae3d"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{CC4C17CF-686E-4D29-A153-61B75F0AFE19}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{CC4C17CF-686E-4D29-A153-61B75F0AFE19}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{CC4C17CF-686E-4D29-A153-61B75F0AFE19} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{CC4C17CF-686E-4D29-A153-61B75F0AFE19}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{CC4C17CF-686E-4D29-A153-61B75F0AFE19} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
HKCU\SearchScopes "DefaultScope"="{CC4C17CF-686E-4D29-A153-61B75F0AFE19}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value
HKCU\SearchScopes\{26080cad-4adc-49ac-8c63-eda16e595cbd} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{CC4C17CF-686E-4D29-A153-61B75F0AFE19} - http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a8277f1ae1d9ae3d&q={searchTerms}

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {9F904093-6E18-4536-BF5F-B03689CF00F0} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\IEExt\ie_plugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O3 - Toolbar: Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\IEExt\ie_plugin.dll
O16 - DPF: {5A418331-514E-4C54-B526-6AC3C135FFD2} (RealPlayActiveX23 Control) - http://187.104.10.117:8001/codebase/NetVideoActiveX_V23.cab
O16 - DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} (WebClient Control) - http://wallstreetcftv.dyndns.org:8001/WebClient.cab

==== EOF on 24/06/2020 at 13:32:31,37 ======================
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @microldo

 

Recomendo que salve esse tópico em seus Favoritos para facilitar na hora de encontrá-lo.

 

Antes de continuarmos é recomendável que leia as regras dessa área em Leia Antes de Postar!

 

Também temos Leiam nosso FAQs! para facilitar.

 

Note que, a partir do momento que dê continuidade com o tópico, assume-se que está de acordo com as regras.

 

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Sempre antes de executar qualquer ferramenta passada aqui, tenha certeza que todos os programas estejam fechados.
  • Respeite a ordem das instruções passadas.

 

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

# Etapa nº 1 #

 

Desative temporariamente seu antivírus, antispywares para não causar conflitos.

 

Faça o download da Farbar Recovery Scan Tool e salve-a em seu Desktop (Área de Trabalho).

 

Nota1 : Você precisa executar a versão compatível com o seu sistema (32-Bit ou 64-Bit). Se você não tiver certeza de qual versão se aplica ao seu sistema, faça o download dos dois e tente executá-los. Apenas um deles será executado, que será a versão correta.

 

Nota2 : Lembre-se, a ferramenta deve ser executada diretamente do Desktop (Área de Trabalho).

 

  1. Clique com o botão direito em FRST.exe ou FRST64.exe e escolha Executar como Administrador.
  2. Quando a ferramenta abrir click em Yes para o termo de responsabilidade.
  3. Pressione o botão Scan (Examinar).
  4. Dois logs (relatórios) serão gerados: FRST.txt e Addition.txt no Desktop.
  5. Abra o FRST.txt e copie todo seu conteúdo e cole em sua próxima resposta.
  6. Anexe o log Addition.txt.

 

Ative novamente seu antivírus, antispywares 👍

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá diego_moicano

Segue os logs:

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 30-06-2020
Executado por Ana Cláudia (administrador) em PC (Dell Inc. Inspiron 5423) (02-07-2020 12:22:25)
Executando a partir de C:\Users\Ana Cláudia\Desktop
Perfis Carregados: Ana Cláudia
Platform: Windows 8.1 Single Language (Update) (X64) Idioma: Português (Brasil)
Navegador padrão: Chrome
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices Inc.) [Arquivo não assinado] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Atheros) [Arquivo não assinado] C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(ATI Technologies Inc.) [Arquivo não assinado] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Dell Inc. -> ) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Dell Inc. -> SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(Dell Inc. -> SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Dell Inc. -> SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe <2>
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe <2>
(IDT, Inc.) [Arquivo não assinado] C:\Program Files\IDT\WDM\stacsv64.exe
(IDT, Inc.) [Arquivo não assinado] C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) [Arquivo não assinado] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel(R) Software -> Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe <2>
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Opera Software AS -> Opera Software) C:\Users\Ana Cláudia\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Qualcomm Atheros -> Atheros Communications) [Arquivo não assinado] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Qualcomm Atheros -> Qualcomm Atheros Commnucations) [Arquivo não assinado] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Qualcomm Atheros -> Qualcomm Atheros) [Arquivo não assinado] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Realtek Semiconductor Corp -> Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-08-08] (Qualcomm Atheros -> Qualcomm Atheros) [Arquivo não assinado]
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-08-08] (Qualcomm Atheros -> Atheros Communications) [Arquivo não assinado]
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.) [Arquivo não assinado]
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-01] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation) [Arquivo não assinado]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2821257140-1764726525-4282850621-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [28990136 2020-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2821257140-1764726525-4282850621-1003\...\Run: [Opera Browser Assistant] => C:\Users\Ana Cláudia\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3105304 2020-07-02] (Opera Software AS -> Opera Software)
HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [Arquivo não assinado]
HKU\S-1-5-18\...\RunOnce: [  ISSetupPrerequisistes] => "C:\ProgramData\Dell\drivers\9167b9f4-d0ab-4825-a209-4c93d22964b2\DellUpdate_Setup_3_0_1.exe" /s /v"/qn /l*vx "C:\ProgramData\dell\drivers\9167b9f4-d0ab-4825-a209-4c93d22964b2\DUPLogDir\DUPCC85.tmp""
HKLM\...\Windows x64\Print Processors\hpfpp083: C:\Windows\System32\spool\prtprocs\x64\hpfpp083.dll [254464 2008-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\hpf3l083.dll: C:\WINDOWS\system32\hpf3l083.dll [134144 2008-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-25] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2020-05-19] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2012-08-08] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [Arquivo não assinado]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2012-08-08] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [Arquivo não assinado]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-10-05]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Tarefas Agendadas (Whitelisted) ============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {037315BC-74A3-4641-9563-E1F450EDCF78} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {037315BC-74A3-4641-9563-E1F450EDCF78} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {037315BC-74A3-4641-9563-E1F450EDCF78} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\WINDOWS\system32\GWX\GWXDetector.exe [343040  [343040 2015-07-02]] (Microsoft Windows -> Microsoft Corporation)
Task: {40726896-1780-42E7-8CB5-FA6A6A1F6129} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {441F36B9-52FC-486E-8C6D-6807A1D89308} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {452C5931-EB16-476D-9A72-DD0FFB994085} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {452C5931-EB16-476D-9A72-DD0FFB994085} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [343040  [343040 2015-07-02]] (Microsoft Windows -> Microsoft Corporation)
Task: {4A5BB0D7-1C0E-423B-8A43-9978B549765C} - System32\Tasks\UpdTask\{6C6A8415-B5BF-2779-54D7-65628603304D} => C:\Users\Ana Cláudia\AppData\Roaming\6c6a8415b5bf277954d765\UpdTask.exe [937984 2013-04-27] () [Arquivo não assinado] <==== ATENÇÃO
Task: {4EC4F964-4613-45A9-9C2D-C91E79629524} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [4747720 2014-06-27] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {53CE7D90-A8B4-418E-B873-0813C88ED5A0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {53CE7D90-A8B4-418E-B873-0813C88ED5A0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [343040  [343040 2015-07-02]] (Microsoft Windows -> Microsoft Corporation)
Task: {61FE6E62-2C6F-40F7-943C-7E9EC19321BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-10-14] (Google Inc -> Google Inc.)
Task: {64D6B3D1-9E0E-4A98-B37A-B107A9FB149F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-10-14] (Google Inc -> Google Inc.)
Task: {69A5B460-3C66-420D-96EB-55E52B11627E} - \{41F73F02-B4DB-B2C6-0C8F-07C55BD92A05}\Sync -> Nenhum Arquivo <==== ATENÇÃO
Task: {6DE9892E-726A-41EF-9841-FB388850DC32} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6193080 2016-03-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [Arquivo não assinado]
Task: {75847F8B-6E5A-4C6B-B80E-2E2009445C2B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5753752 2016-03-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [Arquivo não assinado]
Task: {77E57733-A380-4C54-A139-9F3FA859926F} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {84DA3EDF-3085-435B-9A83-263229578250} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {A2FD8FF9-6427-4A3E-9272-6C2FEB6B7638} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {A5A32FB6-6425-4154-A9EC-90E43810BD56} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [708648 2012-07-20] (Intel(R) Software -> Intel)
Task: {A6F8DD61-F583-4159-97D6-190C51009744} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {ACFD6EF2-A10A-46C1-89C0-413B21CD6739} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {CD03CDB7-C359-4C9A-8EC2-81102554F647} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [24584376 2020-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D2331422-C669-4B39-A505-C98C6E5483CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {D8FACE95-9547-4A9E-8D97-BD2FF8B428B1} - System32\Tasks\Opera scheduled Autoupdate 1536230901 => C:\Users\Ana Cláudia\AppData\Local\Programs\Opera\launcher.exe [1517592 2020-06-18] (Opera Software AS -> Opera Software)
Task: {EE0866E4-427E-4A54-BC99-F91C2A3A9234} - System32\Tasks\Opera scheduled assistant Autoupdate 1547496650 => C:\Users\Ana Cláudia\AppData\Local\Programs\Opera\launcher.exe [1517592 2020-06-18] (Opera Software AS -> Opera Software)
Task: {F5898098-1884-4DA4-910B-FBBAE6EFD0BB} - System32\Tasks\{EE2B4766-94A8-4687-9E1A-2D55BBD1ADA4} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\mcafee.com\agent\mcagent.exe" -d C:\Windows\System32 -c /desktopicon

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)


==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{08FE55F2-A448-4665-8687-E88648301E6C}: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{9F97A495-7234-4576-9DB4-8F1EE91AB2CC}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D1E67E42-FC13-45A7-9969-45A2AC49F7BF}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2821257140-1764726525-4282850621-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-a8277f1ae1d9ae3d
HKU\S-1-5-21-2821257140-1764726525-4282850621-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKU\S-1-5-21-2821257140-1764726525-4282850621-1003 -> DefaultScope {CC4C17CF-686E-4D29-A153-61B75F0AFE19} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a8277f1ae1d9ae3d&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2821257140-1764726525-4282850621-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2821257140-1764726525-4282850621-1003 -> {CC4C17CF-686E-4D29-A153-61B75F0AFE19} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a8277f1ae1d9ae3d&q={searchTerms}
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-08-08] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [Arquivo não assinado]
BHO: Kaspersky Protection -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\x64\IEExt\ie_plugin.dll [2020-06-24] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Kaspersky Protection -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\IEExt\ie_plugin.dll [2020-06-24] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-21] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\x64\IEExt\ie_plugin.dll [2020-06-24] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\IEExt\ie_plugin.dll [2020-06-24] (Kaspersky Lab -> AO Kaspersky Lab)
DPF: HKLM-x32 {5A418331-514E-4C54-B526-6AC3C135FFD2} hxxp://187.104.10.117:8001/codebase/NetVideoActiveX_V23.cab
DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} hxxp://wallstreetcftv.dyndns.org:8001/WebClient.cab

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-19] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: HCWP Web Components -> C:\Program Files (x86)\HCWP Web Components\npHCWPWebVideoPlugin.dll [2014-04-14] (Tecvoz Eletronicos Ltda. -> )

Chrome: 
=======
CHR Profile: C:\Users\Ana Cláudia\AppData\Local\Google\Chrome\User Data\Default [2020-07-02]
CHR Notifications: Default -> hxxps://mail.google.com
CHR Extension: (Apresentações) - C:\Users\Ana Cláudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Documentos) - C:\Users\Ana Cláudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\Ana Cláudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02]
CHR Extension: (IBM Security Rapport) - C:\Users\Ana Cláudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2019-12-14]
CHR Extension: (YouTube) - C:\Users\Ana Cláudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-14]
CHR Extension: (Google Search) - C:\Users\Ana Cláudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Ana Cláudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-06-23]
CHR Extension: (Kaspersky Protection) - C:\Users\Ana Cláudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\elhpdacimkjpccooodognopfhbdgnpbk [2020-06-30]
CHR Extension: (Planilhas) - C:\Users\Ana Cláudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Documentos Google off-line) - C:\Users\Ana Cláudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-03]
CHR Extension: (IE Tab) - C:\Users\Ana Cláudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2020-01-28]
CHR Extension: (Skype) - C:\Users\Ana Cláudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-30]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Ana Cláudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\Ana Cláudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-05]
CHR Extension: (Chrome Media Router) - C:\Users\Ana Cláudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-03]
CHR HKLM\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
CHR HKU\S-1-5-21-2821257140-1764726525-4282850621-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
CHR HKU\S-1-5-21-2821257140-1764726525-4282850621-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [decldcimcihaomcidlpnlfgebmjafkcg]
CHR HKU\S-1-5-21-2821257140-1764726525-4282850621-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-2821257140-1764726525-4282850621-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [egenicdiafgbhogabodhpfcbcgnpocip]
CHR HKU\S-1-5-21-2821257140-1764726525-4282850621-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd]
CHR HKU\S-1-5-21-2821257140-1764726525-4282850621-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iicdcmjmlnliniifciehlchmdepfndfn]
CHR HKLM-x32\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]

==================== Serviços (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [239616 2014-07-21] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [211072 2012-08-08] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [Arquivo não assinado]
S2 AVP20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\avp.exe [357416 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-08] (Realtek Semiconductor Corp -> Realsil Microelectronics Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation - pGFX -> Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [635104 2012-04-20] (Intel® Upgrade Service -> Intel(R) Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel(R) Software -> Intel Corporation)
S3 klvssbridge64_20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\x64\vssbridge64.exe [438928 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
S3 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [354152 2020-04-01] (Kaspersky Lab -> AO Kaspersky Lab)
S2 KSDE4.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe [619752 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Arquivo não assinado]
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [84176 2019-02-19] (Panda Security S.L. -> Panda Security, S.L.)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Arquivo não assinado]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [3002752 2020-02-25] (IBM -> IBM Corp.)
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13570104 2020-06-17] (Adlice -> )
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [Arquivo não assinado]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [Arquivo não assinado]
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (Dell Inc. -> SoftThinks SAS)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-24] (IDT, Inc.) [Arquivo não assinado]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-12-24] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-12-24] (Microsoft Corporation -> Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-08-07] (Atheros) [Arquivo não assinado]

===================== Drivers (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [13209088 2014-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [626688 2014-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 BthMtpEnum; C:\WINDOWS\system32\DRIVERS\BthMtpEnum.sys [62976 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [246912 2019-02-16] (Kaspersky Lab -> AO Kaspersky Lab)
S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2018-05-08] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
S3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider)
S3 dot4usb; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [49056 2012-10-19] (Hewlett-Packard Company -> Microsoft Corporation)
S3 incdcacm8; C:\WINDOWS\system32\DRIVERS\incdcacm8_x64.sys [53392 2014-12-17] (emsys Embedded Systems GmbH -> Intel Mobile Communications GmbH)
S3 inusbmi8; C:\WINDOWS\System32\drivers\inusbmi8_x64.sys [59024 2014-12-17] (emsys Embedded Systems GmbH -> Intel Mobile Communications GmbH)
R3 irstrtdv; C:\WINDOWS\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel(R) Software -> Intel Corporation)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [531584 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [79768 2020-05-20] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [145504 2020-05-20] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [93312 2019-03-12] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [37816 2020-05-20] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [251800 2020-05-20] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [633600 2020-04-28] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1217792 2020-04-28] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [998296 2020-05-20] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [58192 2019-03-19] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [79760 2020-05-20] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [59512 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [51328 2019-03-13] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [45904 2019-03-10] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\system32\DRIVERS\kltap.sys [48592 2018-03-16] (AnchorFree Inc -> The OpenVPN Project)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [105600 2019-03-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [211048 2020-05-20] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [232344 2020-05-20] (Kaspersky Lab -> AO Kaspersky Lab)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [431376 2020-02-25] (IBM -> IBM Corp.)
R1 RapportCerberus_1955065; c:\programdata\trusteer\rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1955065.sys [1469776 2020-06-23] (IBM -> IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544592 2020-02-25] (IBM -> IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [397248 2020-02-25] (IBM -> IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [447232 2020-02-25] (IBM -> IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [562560 2020-02-25] (IBM -> IBM Corp.)
R0 rtcrfilt64; C:\WINDOWS\System32\DRIVERS\rtcrfilt64.sys [19600 2012-09-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-08] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-01] (Synaptics Incorporated -> Synaptics Incorporated)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [540160 2012-07-24] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [35320 2014-12-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [258368 2014-12-24] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114496 2014-12-24] (Microsoft Windows -> Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um mês (criados) ===================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2020-07-02 12:22 - 2020-07-02 12:24 - 000034006 _____ C:\Users\Ana Cláudia\Desktop\FRST.txt
2020-07-02 12:20 - 2020-07-02 12:23 - 000000000 ____D C:\FRST
2020-07-02 11:42 - 2020-07-02 11:42 - 002291712 _____ (Farbar) C:\Users\Ana Cláudia\Desktop\FRST64.exe
2020-07-02 11:40 - 2020-07-02 11:40 - 000000000 ___RD C:\Users\Ana Cláudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2020-06-27 14:07 - 2020-06-26 15:55 - 000455006 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20200627-140752.backup
2020-06-26 15:55 - 2020-06-23 13:55 - 000455006 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20200626-155507.backup
2020-06-26 14:39 - 2020-06-26 14:39 - 001539011 _____ C:\Users\Ana Cláudia\Downloads\W1943C.pdf
2020-06-24 14:05 - 2020-06-24 14:05 - 000024470 _____ C:\Users\Ana Cláudia\Desktop\ZA-Scan.txt
2020-06-24 13:32 - 2020-06-24 13:32 - 000024470 _____ C:\ZA-Scan.txt
2020-06-24 13:13 - 2020-06-24 13:13 - 000000000 ____D C:\zoek_backup
2020-06-24 13:03 - 2020-06-24 13:03 - 000000000 ____D C:\Users\Ana Cláudia\Desktop\zoek
2020-06-24 12:22 - 2020-06-24 12:22 - 000003496 _____ C:\Users\Ana Cláudia\Desktop\scanrouge.txt
2020-06-24 11:36 - 2020-06-24 11:36 - 000000872 _____ C:\Users\Todos os Usuários\Desktop\RogueKiller.lnk
2020-06-24 11:36 - 2020-06-24 11:36 - 000000872 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2020-06-24 11:36 - 2020-06-24 11:36 - 000000872 _____ C:\ProgramData\Desktop\RogueKiller.lnk
2020-06-24 11:36 - 2020-06-24 11:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2020-06-24 11:35 - 2020-06-24 11:36 - 000000000 ____D C:\Program Files\RogueKiller
2020-06-24 11:34 - 2020-06-24 11:41 - 000000000 ____D C:\Users\Todos os Usuários\RogueKiller
2020-06-24 11:34 - 2020-06-24 11:41 - 000000000 ____D C:\ProgramData\RogueKiller
2020-06-24 11:15 - 2020-06-24 11:20 - 000000000 ____D C:\AdwCleaner
2020-06-24 09:17 - 2020-06-24 09:17 - 000001172 _____ C:\Users\Todos os Usuários\Desktop\Kaspersky Password Manager.lnk
2020-06-24 09:17 - 2020-06-24 09:17 - 000001172 _____ C:\Users\Public\Desktop\Kaspersky Password Manager.lnk
2020-06-24 09:17 - 2020-06-24 09:17 - 000001172 _____ C:\ProgramData\Desktop\Kaspersky Password Manager.lnk
2020-06-24 09:17 - 2020-06-24 09:17 - 000000000 ____D C:\Users\Usuário Padrão\AppData\Local\Kaspersky Lab
2020-06-24 09:17 - 2020-06-24 09:17 - 000000000 ____D C:\Users\Default\AppData\Local\Kaspersky Lab
2020-06-24 09:17 - 2020-06-24 09:17 - 000000000 ____D C:\Users\Default User\AppData\Local\Kaspersky Lab
2020-06-24 09:17 - 2020-06-24 09:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Password Manager
2020-06-24 09:14 - 2020-06-24 09:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2020-06-24 09:14 - 2020-06-24 09:13 - 000001212 _____ C:\Users\Todos os Usuários\Desktop\Kaspersky Secure Connection.lnk
2020-06-24 09:14 - 2020-06-24 09:13 - 000001212 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2020-06-24 09:14 - 2020-06-24 09:13 - 000001212 _____ C:\ProgramData\Desktop\Kaspersky Secure Connection.lnk
2020-06-24 09:13 - 2020-06-24 09:13 - 000002180 _____ C:\Users\Todos os Usuários\Desktop\Safe Money.lnk
2020-06-24 09:13 - 2020-06-24 09:13 - 000002180 _____ C:\Users\Public\Desktop\Safe Money.lnk
2020-06-24 09:13 - 2020-06-24 09:13 - 000002180 _____ C:\ProgramData\Desktop\Safe Money.lnk
2020-06-24 09:13 - 2020-06-24 09:13 - 000002148 _____ C:\Users\Todos os Usuários\Desktop\Kaspersky Internet Security.lnk
2020-06-24 09:13 - 2020-06-24 09:13 - 000002148 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2020-06-24 09:13 - 2020-06-24 09:13 - 000002148 _____ C:\ProgramData\Desktop\Kaspersky Internet Security.lnk
2020-06-24 09:13 - 2020-06-24 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2020-06-24 09:12 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2020-06-24 09:11 - 2020-07-02 12:14 - 000000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab
2020-06-24 09:11 - 2020-07-02 12:14 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2020-06-24 09:11 - 2020-06-24 09:17 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2020-06-24 09:11 - 2020-05-20 21:30 - 000998296 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2020-06-24 09:11 - 2020-05-20 21:30 - 000251800 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2020-06-24 08:16 - 2020-06-24 08:16 - 008402608 _____ (Malwarebytes) C:\Users\Ana Cláudia\Desktop\adwcleaner_8.0.5.exe
2020-06-23 15:31 - 2020-06-23 15:31 - 000000138 _____ C:\WINDOWS\wininit.ini
2020-06-23 13:55 - 2020-06-23 13:49 - 000455006 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20200623-135548.backup
2020-06-23 13:49 - 2020-06-03 14:58 - 000455006 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20200623-134916.backup
2020-06-23 13:39 - 2020-06-23 13:39 - 000000000 ____D C:\Users\Ana Cláudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-06-23 13:39 - 2020-06-23 13:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-06-23 13:18 - 2020-06-26 10:08 - 000004128 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-06-23 13:18 - 2020-06-23 13:34 - 000000000 ____D C:\Program Files\CCleaner
2020-06-23 13:18 - 2020-06-23 13:22 - 000000836 _____ C:\Users\Todos os Usuários\Desktop\CCleaner.lnk
2020-06-23 13:18 - 2020-06-23 13:22 - 000000836 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-06-23 13:18 - 2020-06-23 13:22 - 000000836 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-06-23 13:18 - 2020-06-23 13:18 - 000002808 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2020-06-23 13:18 - 2020-06-23 13:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-06-03 14:58 - 2020-06-03 14:52 - 000455006 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20200603-145841.backup
2020-06-03 14:52 - 2016-05-01 12:43 - 000452288 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20200603-145238.backup
2020-06-03 10:43 - 2020-06-03 10:43 - 000202465 _____ C:\Users\Ana Cláudia\AppData\Roaming\Befuh
2020-06-03 10:37 - 2020-06-03 10:37 - 000126992 _____ C:\Users\Ana Cláudia\Downloads\ANA CLAÚDIA FERREIRA OLIVEIRA .pdf

==================== Um mês (modificados) ==================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2020-07-02 12:15 - 2016-05-01 14:21 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2020-07-02 11:56 - 2015-08-14 21:06 - 000000000 ____D C:\Users\Todos os Usuários\Spybot - Search & Destroy
2020-07-02 11:56 - 2015-08-14 21:06 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2020-07-02 11:53 - 2013-03-28 15:23 - 000317440 ___SH C:\Users\Ana Cláudia\Downloads\Thumbs.db
2020-07-02 11:49 - 2018-09-14 07:43 - 000000513 _____ C:\Users\Ana Cláudia\AppData\Roaming\WB.CFG
2020-07-02 11:45 - 2013-03-18 13:58 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2020-07-02 11:44 - 2013-03-28 17:39 - 000003598 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2821257140-1764726525-4282850621-1003
2020-07-02 11:43 - 2019-12-14 18:45 - 000004312 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1547496650
2020-07-01 13:19 - 2019-01-14 19:51 - 000000000 ____D C:\Users\Ana Cláudia\Downloads\opera autoupdate
2020-06-30 16:33 - 2013-04-06 10:52 - 001772032 ___SH C:\Users\Ana Cláudia\Desktop\Thumbs.db
2020-06-29 16:49 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\Inf
2020-06-27 19:10 - 2013-08-22 12:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-06-26 15:31 - 2013-03-28 14:16 - 000000000 ____D C:\Users\Ana Cláudia\AppData\Local\CrashDumps
2020-06-26 15:28 - 2013-07-30 17:59 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-06-26 15:20 - 2013-03-29 10:31 - 120636720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-06-26 10:31 - 2016-02-21 17:42 - 000000000 ____D C:\Users\Ana Cláudia\AppData\Local\ElevatedDiagnostics
2020-06-25 08:52 - 2015-10-14 18:24 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-25 08:52 - 2015-10-14 18:24 - 000002203 _____ C:\Users\Todos os Usuários\Desktop\Google Chrome.lnk
2020-06-25 08:52 - 2015-10-14 18:24 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-06-25 08:52 - 2015-10-14 18:24 - 000002203 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-06-24 12:45 - 2014-09-24 11:04 - 001800588 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-06-24 12:45 - 2014-09-24 10:19 - 000775938 _____ C:\WINDOWS\system32\prfh0416.dat
2020-06-24 12:45 - 2014-09-24 10:19 - 000159030 _____ C:\WINDOWS\system32\prfc0416.dat
2020-06-24 12:25 - 2013-08-22 11:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-06-24 11:25 - 2013-03-29 15:47 - 000000000 ____D C:\Users\Ana Cláudia\Documents\Visual Studio 2008
2020-06-24 11:20 - 2015-06-04 18:06 - 000000000 ____D C:\Program Files (x86)\Dell
2020-06-24 11:20 - 2013-03-28 17:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2020-06-24 11:20 - 2013-03-18 13:47 - 000000000 ____D C:\Program Files\Dell
2020-06-24 10:41 - 2018-11-06 17:54 - 000000000 ____D C:\Users\Ana Cláudia\AppData\Local\Dokol
2020-06-24 10:41 - 2018-10-14 18:51 - 000000000 ____D C:\Users\Ana Cláudia\AppData\Roaming\6c6a8415b5bf2779
2020-06-24 09:31 - 2013-08-22 12:36 - 000000000 ____D C:\WINDOWS\tracing
2020-06-24 09:14 - 2015-08-14 21:22 - 000000000 ____D C:\Program Files\Common Files\AV
2020-06-24 09:13 - 2013-08-22 10:25 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM
2020-06-24 09:11 - 2012-07-26 05:12 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-06-24 09:04 - 2016-06-13 17:59 - 000000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab Setup Files
2020-06-24 09:04 - 2016-06-13 17:59 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2020-06-23 17:21 - 2013-08-22 10:25 - 001572864 ___SH C:\WINDOWS\system32\config\BBI
2020-06-23 15:40 - 2018-04-21 20:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer
2020-06-23 15:37 - 2013-08-22 11:44 - 000466312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-06-23 15:37 - 2013-03-29 11:56 - 000000000 ____D C:\Program Files\WinRAR
2020-06-23 13:28 - 2012-07-26 05:12 - 000000000 ____D C:\WINDOWS\ModemLogs
2020-06-23 13:23 - 2013-03-18 13:59 - 000000000 ____D C:\Temp
2020-06-23 13:13 - 2018-09-06 07:48 - 000004072 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1536230901
2020-06-23 13:13 - 2018-09-06 07:48 - 000001462 _____ C:\Users\Ana Cláudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2020-06-04 14:31 - 2018-09-20 21:54 - 000000000 ____D C:\Users\Ana Cláudia\Desktop\Curriculo atual
2020-06-03 14:31 - 2015-08-14 21:05 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2020-06-03 10:31 - 2018-09-21 10:37 - 000002081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Arquivos na raiz de alguns diretórios ========

2019-03-11 19:43 - 2019-03-11 19:43 - 000184026 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Baserice
2020-04-22 21:43 - 2020-04-22 21:43 - 000182916 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Becapecesal
2020-06-03 10:43 - 2020-06-03 10:43 - 000202465 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Befuh
2019-06-29 08:51 - 2019-06-29 08:51 - 000206198 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Beluso
2020-02-13 23:43 - 2020-02-13 23:43 - 000344916 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Bosoted
2019-05-17 23:45 - 2019-05-17 23:45 - 000312718 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Bunos
2020-02-03 14:43 - 2020-02-03 14:43 - 000348842 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Dapohagirece
2019-08-20 20:51 - 2019-08-20 20:51 - 000281333 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Dedobicupi
2019-06-20 14:43 - 2019-06-20 14:43 - 000345427 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Degoted
2020-05-23 15:43 - 2020-05-23 15:43 - 000113611 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Gabono
2019-03-24 16:43 - 2019-03-24 16:43 - 000275975 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Habunuta
2019-04-02 18:43 - 2019-04-02 18:43 - 000312682 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Hakifadefagi
2020-04-11 12:45 - 2020-04-11 12:45 - 000321254 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Hasok
2020-03-28 21:43 - 2020-03-28 21:43 - 000339476 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Kakatapic
2019-09-11 19:52 - 2019-09-11 19:52 - 000289455 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Latomilenu
2019-10-05 11:43 - 2019-10-05 11:43 - 000358986 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Maduca
2019-12-14 18:43 - 2019-12-14 18:43 - 000255026 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Nesikecot
2019-05-05 16:43 - 2019-05-05 16:43 - 000320174 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Peraca
2019-02-22 20:43 - 2019-02-22 20:43 - 000172770 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Pihegolor
2019-04-13 07:51 - 2019-04-13 07:51 - 000315509 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Posakugocum
2020-01-05 19:43 - 2020-01-05 19:43 - 000180938 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Pugali
2019-09-26 21:43 - 2019-09-26 21:43 - 000225587 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Ricuki
2019-03-03 17:43 - 2019-03-03 17:43 - 000334611 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Sedak
2019-11-24 15:43 - 2019-11-24 15:43 - 000226657 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Sepohuher
2019-12-24 08:43 - 2019-12-24 08:43 - 000347184 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Tegogotorugo
2020-01-14 19:43 - 2020-01-14 19:43 - 000257953 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Tinohinoteru
2019-10-26 15:52 - 2019-10-26 15:52 - 000252707 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Tohepen
2019-04-23 20:43 - 2019-04-23 20:43 - 000141407 _____ () C:\Users\Ana Cláudia\AppData\Roaming\Tupag
2018-09-14 07:43 - 2020-07-02 11:49 - 000000513 _____ () C:\Users\Ana Cláudia\AppData\Roaming\WB.CFG
2020-01-14 19:43 - 2020-01-14 19:43 - 000363498 _____ () C:\Users\Ana Cláudia\AppData\Local\ClaPyn
2013-05-16 22:53 - 2013-05-16 22:53 - 000007597 _____ () C:\Users\Ana Cláudia\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(Não há correção automática para arquivos que não passaram na verificação.)


LastRegBack: 2020-06-23 13:50
==================== Fim de FRST.txt ========================

Addition.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @microldo

 

Citação

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Disabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Disabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Spybot - Search and Destroy (Disabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

 

✋Não é recomendado mais de um AV e AS, escolha um deles e desinstale os outros, me informe qual manteve.

 

✋ Ative o firewall do Windows.

 

✋ Ao executar a etapa abaixo o histórico do seu navegador será zerado, assim como cookies.

 

Desative temporariamente seu antivírus, antispywares para não causar conflitos.

 

Salve o arquivo (fixlist.txt) no anexo dessa mensagem em seu Desktop (Área de Trabalho).

  1. Clique com o botão direito em FRST.exe ou FRST64.exe e escolha Executar como Administrador.
  2. Clique no botão Fix (Corrigir) e aguarde.
  3. O sistema pode ser reiniciado.
  4. Será criado um arquivo de texto Fixlog.txt em seu Desktop.
  5. Anexe-o em sua próxima resposta.

Novamente:

  1. Execute novamente o FRST.exe ou FRST64.exe e escolha Executar como Administrador.
  2. Marque a opção Addition.txt.
  3. Pressione o botão Scan (Examinar).
  4. Anexe os dois logs.

Note: espero três logs em sua próxima resposta.

 

Ative novamente seu antivírus, antispywares 👍

 

Abraços :D

fixlist.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá diego_moicano

 

Desinstalei o spybot e desativei o win defender no recurso do windows pois não sei como desinstalar, ficarei apenas com o antivírus Kaspersky.

 

 

Fixlog.txt Addition.txt FRST.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @microldo

 

# Etapa nº 1 #

 

Desative temporariamente seu antivírus, antispywares para não causar conflitos.

 

Salve o arquivo (fixlist.txt) no anexo dessa mensagem em seu Desktop (Área de Trabalho).

  1. Clique com o botão direito em FRST.exe ou FRST64.exe e escolha Executar como Administrador.
  2. Clique no botão Fix (Corrigir) e aguarde.
  3. O sistema pode ser reiniciado.
  4. Será criado um arquivo de texto Fixlog.txt em seu Desktop.
  5. Anexe-o em sua próxima resposta.

 

# Etapa nº 2 #

 

Desative temporariamente seu antivírus, antispywares para não causar conflitos.

 

Faça o download da AdwCleaner e salve-a em seu Desktop (Área de Trabalho).

 

  1. Feche todos os programas abertos.
  2. Clique com o botão direito em adwcleaner_nºVersion.exe e escolha Executar como Administrador
  3. Clique em I agree para aceitar o termo de responsabilidade.
  4. Clique no botão Scan Now e aguarde.
  5. Clique no botão Run Basic Repair.
  6. Clique no botão LogFile, depois clique no relatório que será aberto pelo Bloco de Notas.
  7. Selecione todo seu conteúdo, copie e cole em sua próxima resposta.

 

O log também será salvo em C:\AdwCleaner\Logs


NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado.

 

# Etapa nº 3 #

 

Desative temporariamente seu antivírus, antispywares para não causar conflitos.

 

Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

 

  1. Clique com o botão direito em ZHPCleaner.exe e escolha Executar como Administrador.
  2. Clique em I agree para aceitar o termo de responsabilidade.
  3. Clique no botão Scanner e aguarde.
  4. Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  5. Obs: o navegador pode abrir a qualquer momento, pode fechá-lo.
  6. Em seguida clique no botão Repair.
  7. Na janela que abrir, clique novamente no botão Repair.
  8. Obs: o navegador pode abrir a qualquer momento, pode fechá-lo.
  9. No Desktop irá aparecer dois logs: ZHPCleaner(S).txt e ZHPCleaner(R).txt.
  10. Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Ative novamente seu antivírus, antispywares 👍

 

Abraços :D

fixlist.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá 

resultado s01

# -------------------------------
# Malwarebytes AdwCleaner 8.0.6.0
# -------------------------------
# Build:    06-24-2020
# Database: 2020-06-15.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-08-2020
# Duration: 00:02:34
# OS:       Windows 8.1 Single Language
# Scanned:  31836
# Detected: 6


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.Legacy             HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy             HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.Legacy             HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy             HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [5530 octets] - [24/06/2020 11:18:46]
AdwCleaner[C00].txt - [5751 octets] - [24/06/2020 11:20:56]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
 

resultado c01

 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.6.0
# -------------------------------
# Build:    06-24-2020
# Database: 2020-06-15.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-08-2020
# Duration: 00:00:03
# OS:       Windows 8.1 Single Language
# Cleaned:  6
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5530 octets] - [24/06/2020 11:18:46]
AdwCleaner[C00].txt - [5751 octets] - [24/06/2020 11:20:56]
AdwCleaner[S01].txt - [2296 octets] - [08/07/2020 13:11:18]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 

 

 

Fixlog.txt ZHPCleaner (R).txt ZHPCleaner (S).txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @microldo

 

Desative temporariamente seu antivírus, antispywares para não causar conflitos.

 

Faça o download da RogueKiller Free e salve-a em seu Desktop (Área de Trabalho).

 

  1. Desconecte qualquer mídia externa (USB, HD, etc)
  2. Clique com o botão direito rogueKiller.exe e escolha Executar como Administrador
  3. Clique no botão Accept do termo de responsabilidade.
  4. Clique em Scan no painel esquerdo.
  5. Clique no botão Start em Standard Scan (recommended).
  6. Aguarde o término do scan e clique no botão Results.
  7. Veja abaixo como proceder (interpretação das cores) com os resultados.
  8. Depois da sua decisão clique no botão Finish.

 

As cores do resultado são interpretadas da seguinte forma:

 

Vermelho - Software malicioso ou infecções por malware.
Laranja - Programas potencialmente indesejados (PUPs), geralmente malicioso.
Cinza - Suspeito. Excluir ou mantê-lo, depende de você.
Verde - Seguro.

 

Nota 1: Caso você fique em dúvida sobre o resultado clique no botão Report, me envie e me aguarde.

Nota 2: Caso contrário clique no botão Removal, depois clique no botão Report, salve o relatório no Desktop, reinicie seu computador e anexo o log em sua próxima resposta.

 

Observação: você pode marcar e desmarcar cada entrada através do checkbox esquerdo de cada um no resultado.

 

Ative novamente seu antivírus, antispywares 👍

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá 

 

O resultado é este:

 

 

RogueKiller Anti-Malware V14.6.1.0 (x64) [Jun 17 2020] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 8.1 (6.3.9600) 64 bits
Started in : Normal mode
User : Ana Cláudia [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20200706_123048, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2020/07/10 12:20:03 (Duration : 00:26:50)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Hosts file is too big

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

 

 

 

 

Grato!
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @microldo

 

Atualize seu antivírus, faça um scan completo e poste o resultado.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá o resultado foi este:

 

13.07.2020 09.48.33    Verificação Completa    Tarefa concluída    Hora de conclusão: Hoje, 13/07/2020 09:48
13.07.2020 09.06.25    O objeto detectado (arquivo) foi excluído    C:\Users\Ana Cláudia\AppData\Roaming\Salakot\Sync.exe    Arquivo: C:\Users\Ana Cláudia\AppData\Roaming\Salakot\Sync.exe    Nome do objeto: not-a-virus:VHO:AdWare.Win32.DealPly.eowzo
13.07.2020 09.06.25    O objeto detectado (arquivo) foi movido para a Quarentena    C:\Users\Ana Cláudia\AppData\Roaming\Salakot\Sync.exe    Arquivo: C:\Users\Ana Cláudia\AppData\Roaming\Salakot\Sync.exe    Nome do objeto: not-a-virus:VHO:AdWare.Win32.DealPly.eowzo
13.07.2020 09.06.24    Objeto detectado (arquivo)    C:\Users\Ana Cláudia\AppData\Roaming\Salakot\Sync.exe    Arquivo: C:\Users\Ana Cláudia\AppData\Roaming\Salakot\Sync.exe    Nome do objeto: not-a-virus:VHO:AdWare.Win32.DealPly.eowzo
13.07.2020 09.06.22    O objeto detectado (arquivo) foi excluído    C:\Users\Ana Cláudia\AppData\Roaming\Koharelela\Sync.exe    Arquivo: C:\Users\Ana Cláudia\AppData\Roaming\Koharelela\Sync.exe    Nome do objeto: not-a-virus:VHO:AdWare.Win32.DealPly.gen
13.07.2020 09.06.22    O objeto detectado (arquivo) foi movido para a Quarentena    C:\Users\Ana Cláudia\AppData\Roaming\Koharelela\Sync.exe    Arquivo: C:\Users\Ana Cláudia\AppData\Roaming\Koharelela\Sync.exe    Nome do objeto: not-a-virus:VHO:AdWare.Win32.DealPly.gen
13.07.2020 09.06.20    Objeto detectado (arquivo)    C:\Users\Ana Cláudia\AppData\Roaming\Koharelela\Sync.exe    Arquivo: C:\Users\Ana Cláudia\AppData\Roaming\Koharelela\Sync.exe    Nome do objeto: not-a-virus:VHO:AdWare.Win32.DealPly.gen
13.07.2020 09.06.17    O objeto detectado (arquivo) foi excluído    C:\Users\Ana Cláudia\AppData\Roaming\Fotikah\Sync.exe    Arquivo: C:\Users\Ana Cláudia\AppData\Roaming\Fotikah\Sync.exe    Nome do objeto: not-a-virus:VHO:AdWare.Win32.DealPly.evhvi
13.07.2020 09.06.17    O objeto detectado (arquivo) foi movido para a Quarentena    C:\Users\Ana Cláudia\AppData\Roaming\Fotikah\Sync.exe    Arquivo: C:\Users\Ana Cláudia\AppData\Roaming\Fotikah\Sync.exe    Nome do objeto: not-a-virus:VHO:AdWare.Win32.DealPly.evhvi
13.07.2020 09.06.16    Objeto detectado (arquivo)    C:\Users\Ana Cláudia\AppData\Roaming\Fotikah\Sync.exe    Arquivo: C:\Users\Ana Cláudia\AppData\Roaming\Fotikah\Sync.exe    Nome do objeto: not-a-virus:VHO:AdWare.Win32.DealPly.evhvi
13.07.2020 09.06.13    O objeto detectado (arquivo) foi excluído    C:\Users\Ana Cláudia\AppData\Roaming\6c6a8415b5bf277954\UpdTask.exe    Arquivo: C:\Users\Ana Cláudia\AppData\Roaming\6c6a8415b5bf277954\UpdTask.exe    Nome do objeto: not-a-virus:UDS:AdWare.Win32.DealPly
13.07.2020 09.06.13    O objeto detectado (arquivo) foi movido para a Quarentena    C:\Users\Ana Cláudia\AppData\Roaming\6c6a8415b5bf277954\UpdTask.exe    Arquivo: C:\Users\Ana Cláudia\AppData\Roaming\6c6a8415b5bf277954\UpdTask.exe    Nome do objeto: not-a-virus:UDS:AdWare.Win32.DealPly
13.07.2020 09.06.12    Objeto detectado (arquivo)    C:\Users\Ana Cláudia\AppData\Roaming\6c6a8415b5bf277954\UpdTask.exe    Arquivo: C:\Users\Ana Cláudia\AppData\Roaming\6c6a8415b5bf277954\UpdTask.exe    Nome do objeto: not-a-virus:UDS:AdWare.Win32.DealPly
13.07.2020 09.06.06    O objeto detectado (arquivo) foi excluído    C:\Users\Ana Cláudia\AppData\Roaming\6c6a8415b5bf277954d765\UpdTask.exe    Arquivo: C:\Users\Ana Cláudia\AppData\Roaming\6c6a8415b5bf277954d765\UpdTask.exe    Nome do objeto: not-a-virus:VHO:AdWare.Win32.DealPly.eukvl
13.07.2020 09.06.05    O objeto detectado (arquivo) foi movido para a Quarentena    C:\Users\Ana Cláudia\AppData\Roaming\6c6a8415b5bf277954d765\UpdTask.exe    Arquivo: C:\Users\Ana Cláudia\AppData\Roaming\6c6a8415b5bf277954d765\UpdTask.exe    Nome do objeto: not-a-virus:VHO:AdWare.Win32.DealPly.eukvl
13.07.2020 09.04.53    Objeto detectado (arquivo)    C:\Users\Ana Cláudia\AppData\Roaming\6c6a8415b5bf277954d765\UpdTask.exe    Arquivo: C:\Users\Ana Cláudia\AppData\Roaming\6c6a8415b5bf277954d765\UpdTask.exe    Nome do objeto: not-a-virus:VHO:AdWare.Win32.DealPly.eukvl
13.07.2020 08.33.11    Verificação Completa    Tarefa iniciada    Hora: Hoje, 13/07/2020 08:33
 

 

Grato!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Amigo, faça um novo scan completo com o antivírus e poste o resultado. ;)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Este é o resultado:

 

 

15.07.2020 10.44.18    Desinfecção Avançada    Tarefa concluída    Hora de conclusão: Hoje, 15/07/2020 10:44
15.07.2020 10.35.45    O objeto detectado (memória do sistema) foi desinfectado    System Memory    Memória do sistema: System Memory    Nome do objeto: Trojan.Multi.GenAutorunReg.a
15.07.2020 10.35.45    O objeto detectado (memória do sistema) foi desinfectado    System Memory    Memória do sistema: System Memory    Nome do objeto: Trojan.Multi.BroSubsc.gen
15.07.2020 10.34.58    Objeto detectado (memória do sistema)    System Memory    Memória do sistema: System Memory    Nome do objeto: Trojan.Multi.BroSubsc.gen
15.07.2020 10.34.49    Desinfecção Avançada    Tarefa iniciada    Hora: Hoje, 15/07/2020 10:34
 

 

Grato!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @microldo

 

Desative temporariamente seu antivírus, antispywares para não causar conflitos.

 

Salve o arquivo (fixlist.txt) no anexo dessa mensagem em seu Desktop (Área de Trabalho).

  1. Clique com o botão direito em FRST.exe ou FRST64.exe e escolha Executar como Administrador.
  2. Clique no botão Fix (Corrigir) e aguarde.
  3. O sistema pode ser reiniciado.
  4. Será criado um arquivo de texto Fixlog.txt em seu Desktop.
  5. Anexe-o em sua próxima resposta.

Novamente:

  1. Execute novamente o FRST.exe ou FRST64.exe e escolha Executar como Administrador.
  2. Marque a opção Addition.txt.
  3. Pressione o botão Scan (Examinar).
  4. Anexe os dois logs.

Note: espero três logs em sua próxima resposta.

 

Ative novamente seu antivírus, antispywares 👍

 

Abraços :D

fixlist.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

@microldo

 

Atualize seu AV e faça um novo scan... post o resultado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

 

Após verificar temos este resultado:

 

20.07.2020 09.07.40    Verificação Completa    Nenhuma ameaça detectada    Detectado: 0    Neutralizado: 0    Não desinfectado: 0    Data de liberação de bancos de dados usados para verificação: 20/07/2020 07:38    Duração total: 1 hora 18 minutos    Hora de conclusão: 20/07/2020 10:25
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @microldo

 

Como está seu Windows?

 

Desative temporariamente seu antivírus, antispywares para não causar conflitos.

 

# Etapa nº 1 #

 

Renomeie o FRST.exe ou FRST64.exe para uninstall.exe
Clique com o botão direito em uninstall.exe e escolha Executar como Administrador.
Aguarde.

 

# Etapa nº 2 #

 

Clique com o botão direito em adwcleaner_nºVersion.exe e escolha Executar como Administrador

Clique em Settings e depois em Applications.

Em Remove AdwCleaner clique no botão Remove.


# Etapa nº 3 #

O programa RogueKiller é pago (total funcionalidade), no caso nós usamos somente para remoção, porém vai da sua decisão mantê-lo instalado (e atualizado) ou não. 

 

# Etapa nº 4 #

 

Faça o download da KpRm by Kernel-panik e salve-a em seu Desktop (Área de Trabalho).

Clique com o botão direito e escolha Executar como Administrador.

Marque os itens em Actions:

- Delete tools
- Delete Restore Points
- Create Restore Point
- Registry Backup
- UAC Restore
- Restore System Settings

Marque os itens em Delete Quarentines:

- Delete now

Clique no botão Run.
Uma vez terminado clique em Ok.

O log irá abrir com o título kprm-(data).txt.

Selecione todo o conteúdo, copie e cole em sua próxima resposta (caso ache necessário).

 

# Etapa nº 5 #

 

Faça o download da Security Check by glax24.25 e salve-a em seu Desktop (Área de Trabalho).

 

Clique com o botão direito em SecurityCheckH.exe e escolha Executar como Administrador.
Aguarde... irá abrir o navegador.
Confira cada aviso (Warning!) e faça as devidas atualizações (Download Update).


<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

 

Nota: Caso queira pode deletar o(s) arquivo(s) depois do fechamento desse tópico.

 

Ative novamente seu antivírus, antispywares 👍

 

# Etapa nº 6 #

 

O Ccleaner é um excelente utilitário de limpeza para o computador.

 

Faça o download dele aqui Ccleaner

 

  • Após a instalação vá até o local onde o programa foi instalado, geralmente em C:\Arquivos de programas\CCleaner.
  • Clique duas vezes nesta pasta;
  • Numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta;
  • Coloque o nome de backups.
  • Abra o programa e clique em Executar Limpeza;
  • Clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
  • Observação: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Problema resolvido!

 

Caso o autor necessite, o mesmo será reaberto, para isso deverá entrar em contato com um Analista de Segurança ou Coordenador solicitando o desbloqueio.

 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Aprenda a ler resistores e capacitores

EBOOK GRÁTIS!

CLIQUE AQUI E BAIXE AGORA MESMO!