Ir ao conteúdo
  • Cadastre-se
skuark

App potencialmente indesejado encontrado

Posts recomendados

Olá, tudo bem?

 

Estou com problema para remover arquivos indesejados.

 

ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @skuark

 

Recomendo que salve esse tópico em seus Favoritos para facilitar na hora de encontrá-lo.

 

Antes de continuarmos é recomendável que leia as regras dessa área em Leia Antes de Postar!

 

Também temos Leiam nosso FAQs! para facilitar.

 

Note que, a partir do momento que dê continuidade com o tópico, assume-se que está de acordo com as regras.

 

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Sempre antes de executar qualquer ferramenta passada aqui, tenha certeza que todos os programas estejam fechados.
  • Respeite a ordem das instruções passadas.

 

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

# Etapa nº 1 #

 

Desative temporariamente seu antivírus, antispywares para não causar conflitos.

 

Faça o download da Farbar Recovery Scan Tool e salve-a em seu Desktop (Área de Trabalho).

 

Nota1 : Você precisa executar a versão compatível com o seu sistema (32-Bit ou 64-Bit). Se você não tiver certeza de qual versão se aplica ao seu sistema, faça o download dos dois e tente executá-los. Apenas um deles será executado, que será a versão correta.

 

Nota2 : Lembre-se, a ferramenta deve ser executada diretamente do Desktop (Área de Trabalho).

 

  1. Clique com o botão direito em FRST.exe ou FRST64.exe e escolha Executar como Administrador.
  2. Quando a ferramenta abrir click em Yes para o termo de responsabilidade.
  3. Pressione o botão Scan (Examinar).
  4. Dois logs (relatórios) serão gerados: FRST.txt e Addition.txt no Desktop.
  5. Abra o FRST.txt e copie todo seu conteúdo e cole em sua próxima resposta.
  6. Anexe o log Addition.txt.

 

Ative novamente seu antivírus, antispywares 👍

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego!

 

Como você explicou aqui tá o conteúdo do FRST.txt e o log do Addition.txt.

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 08-07-2020 01
Executado por HUGO (administrador) em DESKTOP-22KRD7U (ASUSTeK COMPUTER INC. K46CA) (11-07-2020 13:21:34)
Executando a partir de C:\Users\HUGO\Desktop
Perfis Carregados: HUGO
Platform: Windows 10 Home Single Language Versão 2004 19041.329 (X64) Idioma: Português (Brasil)
Navegador padrão: Chrome
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <16>
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> ) C:\Windows\System32\EoAExperiences.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.329_none_e77145332606deb0\TiWorker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2006.10-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2006.10-0\NisSrv.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(pdfforge GmbH -> pdfforge GmbH) C:\Program Files\PDF Architect 7\updater-ws.exe
(pdfforge GmbH -> pdfforge GmbH) C:\Program Files\PDF Architect 7\ws.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [236392 2020-06-24] (IDSA Production signing key -> Intel)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2182762748-188769176-3565680662-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1591160 2020-06-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2182762748-188769176-3565680662-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-2182762748-188769176-3565680662-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKLM\...\Print\Monitors\PDF Architect 7 Monitor: C:\Windows\system32\spool\DRIVERS\x64\pdf architect_pdfpmon_v.4.12.26.3.dll [932984 2020-05-04] (PDF Tools AG -> PDF Tools AG (hxxp://www.pdf-tools.com))
HKLM\...\Print\Monitors\pdfcmon: C:\WINDOWS\system32\pdfcmon.dll [116736 2020-05-04] (pdfforge GmbH) [Arquivo não assinado]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-24] (Google LLC -> Google LLC)
GroupPolicy: Restrição ? <==== ATENÇÃO

==================== Tarefas Agendadas (Whitelisted) ============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {24616896-9C0E-4696-B958-5748953380D3} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)
Task: {29674546-83D4-44A5-8FE9-145D2AA07156} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2C4ABA3D-BAEE-4AE3-A90F-384599C0A4CB} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1706496 2020-04-05] () [Arquivo não assinado]
Task: {3678D80D-063A-4699-81B3-78A77732C6C9} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)
Task: {43BBE34E-B86C-4861-ADB7-D32AFFB6CE05} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123744 2020-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {4AB9F638-697D-4957-AFC6-CAE93D5C3169} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {4AE83EB4-BFD6-4DAA-867E-9D1C69FDA44D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23810952 2020-06-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {674ABAC0-08B9-44FD-960F-9F2F932802F9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {81E5B552-2D68-4A97-B13A-925B4B0C1BB3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {861E9968-557A-4668-B244-1598EBEAE3AA} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18392 2017-12-12] (ASUSTeK Computer Inc. -> AsusTek)
Task: {8CE49DA0-DA70-4B2F-B04C-08C7E65AC350} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123744 2020-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {8FC4123C-F54D-4F95-A78E-D68FE1F18EE8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-17] (Google LLC -> Google LLC)
Task: {94B252FB-4909-4865-AB9F-49B0BCDDD087} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23810952 2020-06-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {BE1155F8-8E1F-41F4-B7E8-9E50752CBD92} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506168 2020-04-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {C02386C9-5926-4D7F-A648-0C81E7445A30} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C134FDE7-DD70-47E6-AB16-299568236305} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2742136 2020-06-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {EED91ACF-931E-451C-A8D1-6C6AC5492218} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506168 2020-04-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {F39B2587-10BC-4DAB-A8F4-473BC3E06047} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-17] (Google LLC -> Google LLC)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)


==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Hosts: 127.0.0.1 platform.wondershare.com
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{3d425058-d3c9-4a05-bd0e-ca1782fc2a98}: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{6cc43d3b-d755-4085-95eb-4b19eaa4fc6b}: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{e1723672-2f75-449e-a482-239981265aba}: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{f968f9c1-6f39-41b4-8780-408ea785785f}: [DhcpNameServer] 192.168.43.202

Internet Explorer:
==================
BHO: PDF Architect 7 Helper -> {2B035CAB-1F3D-4DE6-A32D-39B9E5F456D0} -> C:\Program Files\PDF Architect 7\creator\plugins\IEAddin\creator-ie-helper.dll [2019-10-07] (pdfforge GmbH -> pdfforge GmbH)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-05-11] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_251\bin\ssv.dll [2020-04-17] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_251\bin\jp2ssv.dll [2020-04-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: PDF Architect 7 Helper -> {2B035CAB-1F3D-4DE6-A32D-39B9E5F456D0} -> C:\Program Files (x86)\PDF Architect 7\creator\plugins\IEAddin\creator-ie-helper.dll [2019-10-07] (pdfforge GmbH -> pdfforge GmbH)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\PROGRA~2\IObit\ADVANC~1\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll => Nenhum Arquivo
Toolbar: HKLM - PDF Architect 7 Toolbar - {61E612A7-2382-4570-8D3F-42BC136DDAD7} - C:\Program Files\PDF Architect 7\creator\plugins\IEAddin\creator-ie-plugin.dll [2019-10-07] (pdfforge GmbH -> pdfforge GmbH)
Toolbar: HKLM-x32 - PDF Architect 7 Toolbar - {61E612A7-2382-4570-8D3F-42BC136DDAD7} - C:\Program Files (x86)\PDF Architect 7\creator\plugins\IEAddin\creator-ie-plugin.dll [2019-10-07] (pdfforge GmbH -> pdfforge GmbH)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-10] (Microsoft Corporation -> Microsoft Corporation)

Edge: 
======
DownloadDir: C:\Users\HUGO\Downloads

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-04-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-04-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-05-11] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR Profile: C:\Users\HUGO\AppData\Local\Google\Chrome\User Data\Default [2020-07-11]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp:www.tudonav.com"
CHR Extension: (Apresentações) - C:\Users\HUGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-17]
CHR Extension: (Documentos) - C:\Users\HUGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-17]
CHR Extension: (Google Drive) - C:\Users\HUGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-04-17]
CHR Extension: (YouTube) - C:\Users\HUGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-17]
CHR Extension: (Adblock Plus - bloqueador de anúncios grátis) - C:\Users\HUGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-07-02]
CHR Extension: (Planilhas) - C:\Users\HUGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-17]
CHR Extension: (Documentos Google off-line) - C:\Users\HUGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-28]
CHR Extension: (Morpheon Dark) - C:\Users\HUGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2020-04-17]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\HUGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-17]
CHR Extension: (Comparador EscolhaSegura) - C:\Users\HUGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbichgopagjidnkeaablhiediibgbmec [2020-06-21]
CHR Extension: (Gmail) - C:\Users\HUGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-04-17]
CHR Extension: (Chrome Media Router) - C:\Users\HUGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-20]

==================== Serviços (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10574728 2020-06-23] (Microsoft Corporation -> Microsoft Corporation)
S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\FileSyncHelper.exe [2157944 2020-06-27] (Microsoft Corporation -> Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [319520 2020-02-27] (Intel(R) pGFX -> Intel Corporation)
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\OneDriveUpdaterService.exe [2511216 2020-06-27] (Microsoft Corporation -> Microsoft Corporation)
R3 PDF Architect 7; C:\Program Files\PDF Architect 7\ws.exe [2579752 2019-10-07] (pdfforge GmbH -> pdfforge GmbH)
S3 PDF Architect 7 Creator; C:\Program Files\PDF Architect 7\creator\common\creator-ws.exe [692008 2019-10-07] (pdfforge GmbH -> pdfforge GmbH)
R2 PDF Architect 7 Update Service; C:\Program Files\PDF Architect 7\updater-ws.exe [1832232 2019-10-07] (pdfforge GmbH -> pdfforge GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\NisSrv.exe [2496144 2020-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MsMpEng.exe [104192 2020-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [110544 2017-12-12] (ASUSTeK Computer Inc. -> ASUS Corporation)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4321160 2020-04-16] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
S3 cpuz145; C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [49968 2020-07-05] (CPUID -> CPUID)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32680 2019-08-07] (ASUSTek Computer Inc. -> ASUS)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2020-04-16] (Martin Malik - REALiX -> REALiX(tm))
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [41816 2020-03-10] (Intel Corporation -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45976 2020-06-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [408816 2020-06-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64224 2020-06-30] (Microsoft Windows -> Microsoft Corporation)
S0 MBAMSwissArmy; System32\Drivers\mbamswissarmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um mês (criados) ===================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2020-07-11 13:21 - 2020-07-11 13:23 - 000018818 _____ C:\Users\HUGO\Desktop\FRST.txt
2020-07-11 13:21 - 2020-07-11 13:22 - 000000000 ____D C:\FRST
2020-07-11 13:18 - 2020-07-11 13:18 - 002292736 _____ (Farbar) C:\Users\HUGO\Desktop\FRST64.exe
2020-07-11 02:05 - 2020-07-11 02:05 - 000000126 _____ C:\Users\HUGO\Desktop\ghgjkljk.txt
2020-07-10 14:20 - 2020-07-10 14:20 - 000285611 _____ C:\Users\HUGO\Downloads\vivoinv_965111074661.pdf
2020-07-07 22:03 - 2020-07-07 22:03 - 071653766 _____ C:\Users\HUGO\Downloads\CULTO DE QUEBRA DE MALDIÇÕES 30-06[via torchbrowser.com].aac
2020-07-07 22:01 - 2020-07-07 22:03 - 345563443 _____ C:\Users\HUGO\Downloads\CULTO DE QUEBRA DE MALDIÇÕES 30-06[via torchbrowser.com].mp4
2020-07-07 14:00 - 2020-07-07 14:00 - 000015680 _____ C:\Users\HUGO\Desktop\ZA-Scan.txt
2020-07-07 13:18 - 2020-07-07 13:18 - 000015680 _____ C:\ZA-Scan.txt
2020-07-07 13:00 - 2020-07-07 13:00 - 000000000 ____D C:\zoek_backup
2020-07-07 12:59 - 2018-04-19 22:18 - 002041445 _____ C:\Users\HUGO\Desktop\Z-Analyse.exe
2020-07-07 12:59 - 2018-04-18 00:39 - 002038755 _____ C:\Users\HUGO\Desktop\zoek.exe
2020-07-07 12:59 - 2018-04-18 00:39 - 002038755 _____ C:\Users\HUGO\Desktop\ZA-Scan.exe
2020-07-07 05:10 - 2020-07-07 05:34 - 000000000 ____D C:\Program Files\GridinSoft Anti-Malware
2020-07-07 02:12 - 2020-07-07 05:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2020-07-07 02:12 - 2020-07-07 02:12 - 000000000 ____D C:\Users\Todos os Usuários\GridinSoft
2020-07-07 02:12 - 2020-07-07 02:12 - 000000000 ____D C:\ProgramData\GridinSoft
2020-07-06 22:06 - 2020-07-06 22:07 - 000000000 ____D C:\Users\HUGO\Documents\EDIÇAO DE VÍDEO
2020-07-06 03:43 - 2020-07-06 03:43 - 000142380 _____ C:\Users\HUGO\Downloads\boleto-claro.pdf
2020-07-05 22:51 - 2020-07-05 22:51 - 000000286 __RSH C:\Users\Todos os Usuários\ntuser.pol
2020-07-05 22:51 - 2020-07-05 22:51 - 000000286 __RSH C:\ProgramData\ntuser.pol
2020-07-05 03:26 - 2020-07-05 03:26 - 022813673 _____ C:\Users\HUGO\Downloads\Corrigindo uma redação do Lab - Enem[via torchbrowser.com].aac
2020-07-05 03:25 - 2020-07-05 03:26 - 178502562 _____ C:\Users\HUGO\Downloads\Corrigindo uma redação do Lab - Enem[via torchbrowser.com].mp4
2020-07-05 00:20 - 2020-07-05 00:20 - 000033340 _____ C:\Users\HUGO\Downloads\78ac61d6fa1c477770a0_1593101872.landingpage
2020-07-04 17:55 - 2020-07-04 17:55 - 000001434 _____ C:\WINDOWS\system32\default_error_stack-000001-000000.txt
2020-07-01 22:50 - 2020-07-01 22:50 - 063838242 _____ C:\Users\HUGO\Downloads\COMO FAZER GRANA NA INTERNET COMEÇANDO HOJE[via torchbrowser.com].mp4
2020-07-01 22:50 - 2020-07-01 22:50 - 016163161 _____ C:\Users\HUGO\Downloads\COMO FAZER GRANA NA INTERNET COMEÇANDO HOJE[via torchbrowser.com].aac
2020-06-30 12:47 - 2020-06-30 12:47 - 000000000 ____D C:\Users\HUGO\AppData\Roaming\Adobe
2020-06-29 21:15 - 2020-06-29 22:05 - 000046277 _____ C:\Users\HUGO\Documents\MAYANDERSON.xlsx
2020-06-29 20:21 - 2020-06-29 20:21 - 004409546 _____ C:\Users\HUGO\Downloads\Efeito Fumaça.mp4
2020-06-27 11:14 - 2020-06-27 11:14 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000000-000000.txt
2020-06-27 05:44 - 2020-06-27 05:44 - 000003206 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2020-06-27 05:44 - 2020-06-27 05:44 - 000002190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-06-26 06:32 - 2020-06-26 06:32 - 029478622 _____ C:\Users\HUGO\Downloads\wetransfer-8df493.zip
2020-06-25 21:49 - 2020-06-25 21:49 - 000088193 _____ C:\Users\HUGO\Downloads\Animated GIF-original.mp4
2020-06-25 18:58 - 2020-06-25 18:59 - 383860828 _____ C:\Users\HUGO\Downloads\Igreja em CHAMAS - 2020[via torchbrowser.com].aac
2020-06-25 18:32 - 2020-06-25 18:58 - 4251467250 _____ C:\Users\HUGO\Downloads\Igreja em CHAMAS - 2020[via torchbrowser.com].mp4
2020-06-25 17:57 - 2020-06-25 17:57 - 000001538 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
2020-06-25 16:38 - 2020-06-25 16:39 - 060273895 _____ C:\Users\HUGO\Downloads\As Máscaras Não São Mordaças, As Luvas Nao Sao Algemas - ARENA JOVEM CEILÂNDIA[via torchbrowser.com].aac
2020-06-25 16:32 - 2020-06-25 16:38 - 784620710 _____ C:\Users\HUGO\Downloads\As Máscaras Não São Mordaças, As Luvas Nao Sao Algemas - ARENA JOVEM CEILÂNDIA[via torchbrowser.com].mp4
2020-06-25 16:29 - 2020-06-25 16:30 - 069687669 _____ C:\Users\HUGO\Downloads\ARENÃO CEILÂNDIA 28-03[via torchbrowser.com].aac
2020-06-25 16:23 - 2020-06-25 16:29 - 655092907 _____ C:\Users\HUGO\Downloads\ARENÃO CEILÂNDIA 28-03[via torchbrowser.com].mp4
2020-06-25 15:37 - 2020-06-25 15:37 - 087416832 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2020-06-25 15:37 - 2020-06-25 15:37 - 000634880 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2020-06-25 15:37 - 2020-06-25 15:37 - 000065536 _____ C:\WINDOWS\system32\config\SAM.iobit
2020-06-25 15:37 - 2020-06-25 15:37 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2020-06-25 13:48 - 2020-06-25 17:56 - 000005235 _____ C:\Users\HUGO\Documents\LISTA COMPLETA WORKSHOP.ods
2020-06-25 02:25 - 2019-12-06 16:36 - 005739008 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
2020-06-25 02:25 - 2019-12-06 16:36 - 002629120 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2020-06-25 02:25 - 2019-12-06 16:26 - 006361600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
2020-06-25 02:25 - 2019-12-06 16:20 - 005496320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll
2020-06-24 15:35 - 2020-06-24 15:35 - 000000066 _____ C:\Users\Todos os Usuários\devcol.ini
2020-06-24 15:35 - 2020-06-24 15:35 - 000000066 _____ C:\ProgramData\devcol.ini
2020-06-24 15:34 - 2020-06-24 15:34 - 000017892 _____ C:\WINDOWS\system32\results.xml
2020-06-24 15:32 - 2020-06-24 15:32 - 000000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2020-06-24 15:25 - 2020-06-24 15:25 - 000000000 ____D C:\Users\HUGO\AppData\Local\Intel
2020-06-24 15:24 - 2020-06-24 15:24 - 000003762 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2020-06-24 15:24 - 2020-06-24 15:24 - 000003528 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2020-06-24 15:24 - 2020-06-24 15:24 - 000002678 _____ C:\WINDOWS\system32\Tasks\USER_ESRV_SVC_QUEENCREEK
2020-06-24 15:24 - 2020-06-24 15:24 - 000000000 ____D C:\Users\Todos os Usuários\Intel
2020-06-24 15:24 - 2020-06-24 15:24 - 000000000 ____D C:\ProgramData\Intel
2020-06-24 15:24 - 2020-03-10 10:31 - 000041816 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys
2020-06-24 15:23 - 2020-06-24 15:23 - 002643712 _____ (Intel) C:\Users\HUGO\Downloads\Intel-Driver-and-Support-Assistant-Installer.exe
2020-06-24 01:48 - 2020-06-24 01:48 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2020-06-24 01:48 - 2020-06-24 01:48 - 000000000 ____D C:\Program Files\Reference Assemblies
2020-06-24 01:48 - 2020-06-24 01:48 - 000000000 ____D C:\Program Files\MSBuild
2020-06-24 01:48 - 2020-06-24 01:48 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2020-06-24 01:48 - 2020-06-24 01:48 - 000000000 ____D C:\Program Files (x86)\MSBuild
2020-06-24 01:44 - 2019-12-03 14:04 - 000781384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2020-06-24 01:44 - 2019-12-03 14:04 - 000105544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2020-06-24 01:44 - 2019-12-03 14:04 - 000037864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2020-06-24 01:44 - 2019-11-08 14:44 - 001168968 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2020-06-24 01:44 - 2019-11-08 14:44 - 000127056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2020-06-24 01:44 - 2019-11-08 14:44 - 000038072 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2020-06-24 01:16 - 2020-06-24 01:17 - 000000000 ____D C:\Users\HUGO\Documents\Adobe
2020-06-24 01:05 - 2020-06-24 01:05 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2020-06-24 00:56 - 2020-06-24 00:56 - 000001154 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro 2020.lnk
2020-06-24 00:56 - 2020-06-24 00:56 - 000000000 ____D C:\Users\Todos os Usuários\Documents\Adobe
2020-06-24 00:56 - 2020-06-24 00:56 - 000000000 ____D C:\Users\Public\Documents\Adobe
2020-06-24 00:56 - 2020-06-24 00:56 - 000000000 ____D C:\ProgramData\Documents\Adobe
2020-06-24 00:48 - 2020-06-24 00:56 - 000000000 ____D C:\Program Files\Common Files\Adobe
2020-06-24 00:48 - 2020-06-24 00:56 - 000000000 ____D C:\Program Files\Adobe
2020-06-24 00:46 - 2020-06-24 01:16 - 000000000 ____D C:\Users\HUGO\AppData\Local\Adobe
2020-06-24 00:46 - 2020-06-24 00:46 - 000000000 ____D C:\Users\Todos os Usuários\Adobe
2020-06-24 00:46 - 2020-06-24 00:46 - 000000000 ____D C:\ProgramData\Adobe
2020-06-23 20:31 - 2020-06-23 21:11 - 1897230336 _____ C:\Users\HUGO\Downloads\Adobe.Premiere.Pro.2020.Multilingual.iso
2020-06-21 12:59 - 2020-06-21 12:59 - 033241537 _____ C:\Users\HUGO\Downloads\Corrigindo uma redação ZERO do Lab - Enem[via torchbrowser.com].aac
2020-06-21 12:58 - 2020-06-21 12:59 - 096723667 _____ C:\Users\HUGO\Downloads\Corrigindo uma redação ZERO do Lab - Enem[via torchbrowser.com].mp4
2020-06-18 17:01 - 2020-06-18 17:01 - 000000000 ____D C:\Users\HUGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-06-17 22:45 - 2020-06-17 22:45 - 048751345 _____ C:\Users\HUGO\Downloads\Lair Ribeiro - 29-11-1993[via torchbrowser.com].aac
2020-06-17 22:43 - 2020-06-17 22:44 - 296021648 _____ C:\Users\HUGO\Downloads\Lair Ribeiro - 29-11-1993[via torchbrowser.com].mp4
2020-06-14 00:19 - 2020-06-14 00:19 - 000000000 ____D C:\Users\HUGO\AppData\Local\Anki
2020-06-13 23:39 - 2020-06-14 00:32 - 000000000 ____D C:\Users\HUGO\AppData\Roaming\Anki2
2020-06-13 23:38 - 2020-06-13 23:39 - 000000000 ____D C:\Program Files\Anki
2020-06-13 23:38 - 2020-06-13 23:38 - 000000531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2020-06-13 23:36 - 2020-06-13 23:37 - 099777760 _____ C:\Users\HUGO\Downloads\anki-2.1.26-windows.exe
2020-06-12 20:14 - 2020-06-12 20:14 - 005836800 _____ C:\WINDOWS\system32\config\DRIVERS.iobit
2020-06-12 20:10 - 2020-06-12 20:10 - 000466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2020-06-12 20:10 - 2020-06-12 20:10 - 000444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2020-06-12 20:10 - 2020-06-12 20:10 - 000122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2020-06-12 20:10 - 2020-06-12 20:10 - 000109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2020-06-12 20:10 - 2020-06-12 20:10 - 000000000 ____D C:\Program Files (x86)\OpenAL

==================== Um mês (modificados) ==================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2020-07-11 12:56 - 2020-05-29 02:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-07-11 12:46 - 2019-12-07 06:14 - 000000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft
2020-07-11 12:46 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-07-11 10:59 - 2020-04-17 15:27 - 000000000 ____D C:\Users\HUGO\AppData\Roaming\WhatsApp
2020-07-11 02:45 - 2020-04-17 01:46 - 000000000 __SHD C:\Users\HUGO\IntelGraphicsProfiles
2020-07-10 23:46 - 2020-04-19 13:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-07-10 23:40 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-07-10 23:40 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-07-09 14:06 - 2020-04-17 15:26 - 000000000 ____D C:\Users\HUGO\AppData\Roaming\Telegram Desktop
2020-07-08 15:44 - 2020-04-17 15:26 - 000000000 ____D C:\Users\HUGO\AppData\Local\WhatsApp
2020-07-07 03:53 - 2020-05-29 03:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-07-07 03:53 - 2020-05-29 02:53 - 000008192 ___SH C:\DumpStack.log.tmp
2020-07-07 03:53 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\ServiceState
2020-07-07 03:53 - 2019-12-07 06:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-07-07 03:45 - 2020-04-19 21:59 - 000000000 ____D C:\Users\HUGO\AppData\Local\Torch
2020-07-07 03:42 - 2020-04-16 20:50 - 000000000 ____D C:\Program Files (x86)\IObit
2020-07-07 03:41 - 2020-04-16 20:50 - 000000000 ____D C:\Users\HUGO\AppData\Roaming\IObit
2020-07-07 03:40 - 2020-04-16 20:51 - 000000000 ____D C:\Users\Todos os Usuários\ProductData
2020-07-07 03:40 - 2020-04-16 20:51 - 000000000 ____D C:\ProgramData\ProductData
2020-07-07 03:36 - 2019-12-07 06:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-07-06 22:08 - 2020-06-05 00:37 - 000000000 ____D C:\Users\HUGO\Documents\MÚSICAS
2020-07-06 02:30 - 2020-04-20 00:41 - 000000000 ____D C:\Users\HUGO\Documents\PLANILHAS H4
2020-07-06 01:41 - 2020-05-29 02:39 - 000000000 ____D C:\Users\HUGO
2020-07-05 15:10 - 2020-05-16 06:45 - 000000000 ____D C:\Users\HUGO\Documents\TEMA PARA CÉLULAS
2020-07-04 17:01 - 2020-04-17 15:23 - 000000000 ____D C:\Users\HUGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-07-04 17:01 - 2020-04-17 15:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-07-04 17:01 - 2020-04-17 15:23 - 000000000 ____D C:\Program Files\WinRAR
2020-07-02 17:02 - 2020-05-29 03:10 - 000003190 _____ C:\WINDOWS\system32\Tasks\klcp_update
2020-07-02 17:02 - 2020-04-17 15:22 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2020-07-02 17:01 - 2020-04-17 15:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2020-06-30 12:56 - 2020-04-25 12:26 - 000000000 ____D C:\Users\Todos os Usuários\Wondershare Filmora
2020-06-30 12:56 - 2020-04-25 12:26 - 000000000 ____D C:\Users\HUGO\Documents\Wondershare Filmora 9
2020-06-30 12:56 - 2020-04-25 12:26 - 000000000 ____D C:\ProgramData\Wondershare Filmora
2020-06-30 00:55 - 2020-04-02 23:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-06-29 22:05 - 2020-04-02 23:19 - 000000000 ____D C:\Users\HUGO\AppData\Local\Packages
2020-06-29 03:43 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-06-27 07:45 - 2020-05-07 04:49 - 000000000 ____D C:\Users\HUGO\AppData\Local\ElevatedDiagnostics
2020-06-27 06:55 - 2020-05-29 03:27 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2020-06-27 06:52 - 2020-05-09 00:03 - 000010033 _____ C:\Users\HUGO\Documents\SEMENTES HUNTERS.xlsx
2020-06-27 06:35 - 2020-05-13 19:29 - 000000297 _____ C:\Users\HUGO\Documents\PROBLEMAS COM A INTERNET DA VIVO.txt
2020-06-27 05:44 - 2020-04-02 23:23 - 000000000 ___RD C:\Users\HUGO\OneDrive
2020-06-25 20:35 - 2019-12-07 06:13 - 000000000 ____D C:\WINDOWS\INF
2020-06-25 17:57 - 2020-04-17 15:09 - 000000000 ____D C:\Users\Todos os Usuários\Package Cache
2020-06-25 17:57 - 2020-04-17 15:09 - 000000000 ____D C:\ProgramData\Package Cache
2020-06-25 17:57 - 2020-04-17 01:34 - 000000000 ____D C:\Program Files (x86)\Intel
2020-06-25 17:39 - 2020-04-18 23:39 - 000000000 ____D C:\Users\HUGO\AppData\Local\D3DSCache
2020-06-25 02:26 - 2019-12-07 11:56 - 000000000 ____D C:\WINDOWS\OCR
2020-06-25 02:26 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-06-24 15:24 - 2020-04-17 01:34 - 000000000 ____D C:\Program Files\Intel
2020-06-24 15:07 - 2020-04-17 13:53 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-24 01:49 - 2019-12-07 11:54 - 000753924 _____ C:\WINDOWS\system32\prfh0416.dat
2020-06-24 01:49 - 2019-12-07 11:54 - 000149022 _____ C:\WINDOWS\system32\prfc0416.dat
2020-06-24 01:48 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2020-06-24 01:48 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2020-06-24 01:45 - 2020-04-17 15:26 - 000000000 ____D C:\Users\HUGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2020-06-24 00:48 - 2020-04-19 01:23 - 000000000 ____D C:\Program Files (x86)\Adobe
2020-06-21 12:21 - 2020-04-16 20:50 - 000000000 ____D C:\Users\Todos os Usuários\IObit
2020-06-21 12:21 - 2020-04-16 20:50 - 000000000 ____D C:\ProgramData\IObit
2020-06-18 17:01 - 2020-04-17 15:28 - 000000000 ____D C:\Users\HUGO\AppData\Roaming\Zoom
2020-06-17 22:55 - 2020-06-05 21:23 - 000002155 _____ C:\Users\HUGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2020-06-17 20:47 - 2020-04-20 00:42 - 000000000 ____D C:\Users\HUGO\Documents\HUGO ESTUDOS
2020-06-14 19:36 - 2020-05-10 11:56 - 000000000 ____D C:\Users\HUGO\Downloads\Telegram Desktop
2020-06-13 23:35 - 2020-05-04 21:53 - 000000000 ____D C:\Users\HUGO\AppData\Roaming\PDF Architect 7
2020-06-12 23:08 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-06-12 19:58 - 2020-04-16 19:37 - 000000000 ____D C:\Users\Todos os Usuários\Packages
2020-06-12 19:58 - 2020-04-16 19:37 - 000000000 ____D C:\ProgramData\Packages
2020-06-12 19:58 - 2020-04-02 23:28 - 000000000 ____D C:\Users\HUGO\AppData\Local\PlaceholderTileLogoFolder
2020-06-11 09:36 - 2020-05-29 03:02 - 001651882 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-06-11 00:08 - 2020-05-29 02:53 - 000346296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-06-11 00:06 - 2019-12-07 11:57 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2020-06-11 00:06 - 2019-12-07 11:57 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2020-06-11 00:06 - 2019-12-07 06:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2020-06-11 00:06 - 2019-12-07 06:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2020-06-11 00:06 - 2019-12-07 06:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2020-06-11 00:06 - 2019-12-07 06:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-06-11 00:06 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-06-11 00:06 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2020-06-11 00:06 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2020-06-11 00:06 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SystemResources
2020-06-11 00:06 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2020-06-11 00:06 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-06-11 00:06 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-06-11 00:06 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-06-11 00:06 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\Com
2020-06-11 00:06 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2020-06-11 00:06 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2020-06-11 00:06 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2020-06-11 00:06 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-06-11 00:06 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\servicing

==================== SigCheck ============================

(Não há correção automática para arquivos que não passaram na verificação.)

==================== Fim de FRST.txt ========================

 

 

Addition.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @skuark

 

✋ Ao executar a etapa abaixo o histórico do seu navegador será zerado, assim como cookies.

 

Desative temporariamente seu antivírus, antispywares para não causar conflitos.

 

Salve o arquivo (fixlist.txt) no anexo dessa mensagem em seu Desktop (Área de Trabalho).

  1. Clique com o botão direito em FRST.exe ou FRST64.exe e escolha Executar como Administrador.
  2. Clique no botão Fix (Corrigir) e aguarde.
  3. O sistema pode ser reiniciado.
  4. Será criado um arquivo de texto Fixlog.txt em seu Desktop.
  5. Anexe-o em sua próxima resposta.

Novamente:

  1. Execute novamente o FRST.exe ou FRST64.exe e escolha Executar como Administrador.
  2. Marque a opção Addition.txt.
  3. Pressione o botão Scan (Examinar).
  4. Anexe os dois logs.

Note: espero três logs em sua próxima resposta.

 

Ative novamente seu antivírus, antispywares 👍

 

Abraços :D

fixlist.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego!

 

Quero deixar anexado 2 prints do problema..

 

Segue os 3 anexos baixo!

 

 

SEGURANÇA DO WINDOWS.png

HISTÓRICO DE PROTEÇÃO.png

Fixlog.txt FRST.txt Addition.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @skuark

 

É apenas um arquivo exe em Downloads... delete-o:

 

C:\Users\HUGO\Downloads\smart-defrag-setup.exe

 

# Etapa nº 1 #

 

Desative temporariamente seu antivírus, antispywares para não causar conflitos.

 

Faça o download da AdwCleaner e salve-a em seu Desktop (Área de Trabalho).

 

  1. Feche todos os programas abertos.
  2. Clique com o botão direito em adwcleaner_nºVersion.exe e escolha Executar como Administrador
  3. Clique em I agree para aceitar o termo de responsabilidade.
  4. Clique no botão Scan Now e aguarde.
  5. Clique no botão Run Basic Repair.
  6. Clique no botão LogFile, depois clique no relatório que será aberto pelo Bloco de Notas.
  7. Selecione todo seu conteúdo, copie e cole em sua próxima resposta.

 

O log também será salvo em C:\AdwCleaner\Logs


NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado.

 

# Etapa nº 2 #

 

Desative temporariamente seu antivírus, antispywares para não causar conflitos.

 

Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

 

  1. Clique com o botão direito em ZHPCleaner.exe e escolha Executar como Administrador.
  2. Clique em I agree para aceitar o termo de responsabilidade.
  3. Clique no botão Scanner e aguarde.
  4. Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  5. Obs: o navegador pode abrir a qualquer momento, pode fechá-lo.
  6. Em seguida clique no botão Repair.
  7. Na janela que abrir, clique novamente no botão Repair.
  8. Obs: o navegador pode abrir a qualquer momento, pode fechá-lo.
  9. No Desktop irá aparecer dois logs: ZHPCleaner(S).txt e ZHPCleaner(R).txt.
  10. Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Ative novamente seu antivírus, antispywares 👍

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego!

 

Bom, eu já tinha deletado o intalador smart-defrag-setup.exe. Que no erro acima na print que eu mandei indicava que esse item tinha sido afetado. No entanto o problema ainda persiste.

E queria saber sobre esse arquivo detectado: PUA:Win32/IObit?

 

Respondendo ao post acima..

 

Este é o primeiro log do AdwCleaner. Obs: 'Eu rodei 10 vezes e só no primeiro log que limpou 25 arquivos'

 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.6.0
# -------------------------------
# Build:    06-24-2020
# Database: 2020-06-15.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-15-2020
# Duration: 00:00:27
# OS:       Windows 10 Home Single Language
# Cleaned:  25
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted       C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted       C:\ProgramData\IObit\Advanced SystemCare
Deleted       C:\Users\HUGO\AppData\LocalLow\IObit\Advanced SystemCare
Deleted       C:\Users\HUGO\AppData\Local\torch
Deleted       C:\Users\HUGO\AppData\Roaming\IObit\Advanced SystemCare
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\IObit\Advanced SystemCare
Deleted       HKCU\Software\torch
Deleted       HKLM\SOFTWARE\Classes\Applications\TorchSetupstub.exe
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{ECB47CB8-1A71-482D-A1F7-BC7EA79FFE51}C:\users\hugo\appdata\local\torch\application\torch.exe
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{A305A98D-4391-469E-910C-ADB4CAEFF244}C:\users\hugo\appdata\local\torch\application\torch.exe
Deleted       HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted       HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted       HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted       HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted       HKLM\Software\Wow6432Node\torch

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.ASUSSmartGesture   Folder   C:\Program Files (x86)\ASUS\ASUS SMART GESTURE
Deleted       Preinstalled.ASUSSmartGesture   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{861E9968-557A-4668-B244-1598EBEAE3AA} 
Deleted       Preinstalled.ASUSSmartGesture   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Smart Gesture Launcher
Deleted       Preinstalled.ASUSSmartGesture   Registry   HKLM\Software\Classes\CLSID\{F31B5912-07D6-4895-B4BA-5486CF3B18B1}
Deleted       Preinstalled.ASUSSmartGesture   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}
Deleted       Preinstalled.ASUSSmartGesture   Task   C:\Windows\System32\Tasks\ASUS SMART GESTURE LAUNCHER


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4069 octets] - [15/07/2020 02:15:41]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Segue abaixo os logs do ZHPCleaner.

 

 

 

ZHPCleaner (S).txt ZHPCleaner (R).txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @skuark

 

Desative temporariamente seu antivírus, antispywares para não causar conflitos.

 

Faça o download da RogueKiller Free e salve-a em seu Desktop (Área de Trabalho).

 

  1. Desconecte qualquer mídia externa (USB, HD, etc)
  2. Clique com o botão direito rogueKiller.exe e escolha Executar como Administrador
  3. Clique no botão Accept do termo de responsabilidade.
  4. Clique em Scan no painel esquerdo.
  5. Clique no botão Start em Standard Scan (recommended).
  6. Aguarde o término do scan e clique no botão Results.
  7. Veja abaixo como proceder (interpretação das cores) com os resultados.
  8. Depois da sua decisão clique no botão Finish.

 

As cores do resultado são interpretadas da seguinte forma:

 

Vermelho - Software malicioso ou infecções por malware.
Laranja - Programas potencialmente indesejados (PUPs), geralmente malicioso.
Cinza - Suspeito. Excluir ou mantê-lo, depende de você.
Verde - Seguro.

 

Nota 1: Caso você fique em dúvida sobre o resultado clique no botão Report, me envie e me aguarde.

Nota 2: Caso contrário clique no botão Removal, depois clique no botão Report, salve o relatório no Desktop, reinicie seu computador e anexo o log em sua próxima resposta.

 

Observação: você pode marcar e desmarcar cada entrada através do checkbox esquerdo de cada um no resultado.

 

Ative novamente seu antivírus, antispywares 👍

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego!

 

Segue o log abaixo, mas não apareceu nenhum erro!

 

 

 

 

RougueKillerlog.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @skuark

 

Atualize seu antivírus, faça um scan completo e poste o resultado.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego!

 

Bom, eu só uso o Windows Defender. Me recomenda algum grátis e de qualidade?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @skuark

 

O WD é suficiente e gratuito ;)

 

Atualize-o, faça um scan completo e poste o resultado.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego!

 

Segue abaixo as prints do resultado.

 

Ameaças atuaias.png

Todos itens.png

Todos itens2.png

Todos itens3.png

Todos itens4.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @skuark

 

Preciso de um resultado mais detalhado, veja se encontra em uma destas pastas:

 

C:\ProgramData\Microsoft\Windows Defender\Support

 

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @skuark

 

Delete todos os executáveis (exe) da pasta Download e limpe o cache do Chrome.

 

De resto como está seu Windows?

 

Desative temporariamente seu antivírus, antispywares para não causar conflitos.

 

# Etapa nº 1 #

 

Renomeie o FRST.exe ou FRST64.exe para uninstall.exe
Clique com o botão direito em uninstall.exe e escolha Executar como Administrador.
Aguarde.

 

# Etapa nº 2 #

 

Clique com o botão direito em adwcleaner_nºVersion.exe e escolha Executar como Administrador

Clique em Settings e depois em Applications.

Em Remove AdwCleaner clique no botão Remove.


# Etapa nº 3 #

O programa RogueKiller é pago (total funcionalidade), no caso nós usamos somente para remoção, porém vai da sua decisão mantê-lo instalado (e atualizado) ou não. 

 

# Etapa nº 4 #

 

Faça o download da KpRm by Kernel-panik e salve-a em seu Desktop (Área de Trabalho).

Clique com o botão direito e escolha Executar como Administrador.

Marque os itens em Actions:

- Delete tools
- Delete Restore Points
- Create Restore Point
- Registry Backup
- UAC Restore
- Restore System Settings

Marque os itens em Delete Quarentines:

- Delete now

Clique no botão Run.
Uma vez terminado clique em Ok.

O log irá abrir com o título kprm-(data).txt.

Selecione todo o conteúdo, copie e cole em sua próxima resposta (caso ache necessário).

 

# Etapa nº 5 #

 

Faça o download da Security Check by glax24.25 e salve-a em seu Desktop (Área de Trabalho).

 

Clique com o botão direito em SecurityCheckH.exe e escolha Executar como Administrador.
Aguarde... irá abrir o navegador.
Confira cada aviso (Warning!) e faça as devidas atualizações (Download Update).


<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

 

Nota: Caso queira pode deletar o(s) arquivo(s) depois do fechamento desse tópico.

 

Ative novamente seu antivírus, antispywares 👍

 

# Etapa nº 6 #

 

O Ccleaner é um excelente utilitário de limpeza para o computador.

 

Faça o download dele aqui Ccleaner

 

  • Após a instalação vá até o local onde o programa foi instalado, geralmente em C:\Arquivos de programas\CCleaner.
  • Clique duas vezes nesta pasta;
  • Numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta;
  • Coloque o nome de backups.
  • Abra o programa e clique em Executar Limpeza;
  • Clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
  • Observação: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego!

 

Bom, fiz todos os procedimentos acima. E o WD ainda continua com as mensagens de App potencialmente indesejado encontrado.

Vou postar aqui novamente o log de uma nova verificação do WD que eu fiz. 

Estou precisando usar o meu computador para fazer movimentação bancária estou com medo de abrir pelo computador por causa desses arquivos detectados

Ah, outra coisa, quando eu fui baixar o aplicativo Security Check by glax24.25 o WD bloqueou e detectou com app potencialmente indesejado. vou postar também a print.

Tem alguma sugestão se eu preciso mesmo formatar o computador?

Desde já agradeço todo o acompanhamento e fico no aguardo!

 

E aqui vou colar as detecção do WD.

2020-07-07T08:17:49.719Z DETECTION Trojan:Win32/Occamy.C file:C:\Users\HUGO\AppData\Local\Temp\RarSFX0\keygen-pr.exe
2020-07-07T08:17:58.484Z DETECTION Trojan:Win32/IStartSurf file:C:\Users\HUGO\AppData\Local\Temp\RarSFX0\keygen-step-4.exe
2020-07-07T08:18:08.303Z DETECTION Trojan:Win32/Occamy.C file:C:\Users\HUGO\AppData\Local\Temp\RarSFX0\keygen-pr.exe
2020-07-07T08:18:08.434Z DETECTION Trojan:Win32/Wacatac.D7!ml file:C:\Users\HUGO\AppData\Local\Temp\RarSFX0\keygen-step-1.exe
2020-07-07T08:18:09.531Z DETECTION HackTool:Win32/Mikatz!dha file:C:\Users\HUGO\AppData\Local\Temp\RarSFX0\keygen-step-3.exe
2020-07-07T08:19:37.610Z DETECTION Trojan:Win32/Occamy.C file:C:\Users\HUGO\AppData\Local\Temp\RarSFX0\keygen-pr.exe
2020-07-07T08:19:38.398Z DETECTION HackTool:Win32/Mikatz!dha file:C:\Users\HUGO\AppData\Local\Temp\RarSFX0\keygen-step-3.exe
2020-07-07T08:19:39.223Z DETECTION Trojan:Win32/IStartSurf file:C:\Users\HUGO\AppData\Local\Temp\RarSFX0\keygen-step-4.exe
2020-07-07T08:19:40.270Z DETECTION Trojan:Win32/Wacatac.D7!ml file:C:\Users\HUGO\AppData\Local\Temp\RarSFX0\keygen-step-1.exe
2020-07-07T08:56:57.348Z DETECTION PUA:Win32/Presenoker containerfile:C:\Users\HUGO\Downloads\zoek.zip
2020-07-07T08:56:57.349Z DETECTION PUA:Win32/Presenoker file:C:\Users\HUGO\Downloads\zoek.zip->Z-Analyse.exe

2020-07-22T16:22:07.415Z DETECTION PUA:Win32/RelevantKnowledge file:C:\Users\HUGO\Downloads\SecurityCheckH.exe
2020-07-22T16:22:07.415Z DETECTION PUA:Win32/RelevantKnowledge webfile:C:\Users\HUGO\Downloads\SecurityCheckH.exe|http://tools.safezone.cc/glax24/SecurityCheck/SecurityCheckH.exe|pid:6176,ProcessStart:132399085185409379

 

 

Aqui está o log do  KpRm by Kernel-panik.

 

# Run at 22/07/2020 13:18:32
# KpRm (Kernel-panik) version 2.8
# Website https://kernel-panik.me/tool/kprm/
# Run by HUGO from C:\Users\HUGO\Desktop
# Computer Name: DESKTOP-22KRD7U
# OS: Windows 10 X64 (19041) 
# Number of passes: 1

- Checked options -

    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines

- Create Registry Backup -

   ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\HUGO\NTUSER.dat backed up

     [OK] Registry Backup: C:\KPRM\backup\2020-07-22-13-18-31

- Delete Tools -


  ## RogueKiller
     [OK] C:\Users\HUGO\Desktop\RogueKiller_setup.exe deleted

  ## ZHP Tools
     [OK] C:\Users\HUGO\AppData\Local\ZHP deleted
     [OK] HKCU\SOFTWARE\ZHP deleted

  ## ZHPCleaner
     [OK] C:\Users\HUGO\Desktop\ZHPCleaner.exe deleted

  ## Zoek
     [OK] C:\Users\HUGO\Desktop\zoek.exe deleted
     [OK] C:\zoek-results2020-07-07-161023.log deleted
     [OK] C:\zoek_backup deleted

- Other Lines -


  ## Quarantines never deleted
    ~ C:\Users\HUGO\AppData\Roaming\ZHP (ZHP)

- Restore System Settings -

     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files

- Restore UAC -

     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

   ~ [OK] RP named ZHPcleaner created at 07/15/2020 17:17:11 deleted
   ~ [OK] RP named Instalador de Módulos do Windows created at 07/15/2020 20:26:07 deleted
   ~ [OK] RP named Instalador de Módulos do Windows created at 07/15/2020 20:27:27 deleted
   ~ [OK] RP named Instalador de Módulos do Windows created at 07/15/2020 20:32:34 deleted
     [OK] All system restore points have been successfully deleted

- Create Restore Point -

     [OK] System Restore Point created

- Display System Restore Point -

   ~ RP named KpRm created at 07/22/2020 16:19:04

-- KPRM finished in 88.35s --

app potencialmente indesejado encontrado.png

MPDetection-20200625-174333.log

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @skuark

 

Com relação ao WD:

 

Citação

2020-07-07T08:17:49.719Z DETECTION Trojan:Win32/Occamy.C file:C:\Users\HUGO\AppData\Local\Temp\RarSFX0\keygen-pr.exe
2020-07-07T08:17:58.484Z DETECTION Trojan:Win32/IStartSurf file:C:\Users\HUGO\AppData\Local\Temp\RarSFX0\keygen-step-4.exe
2020-07-07T08:18:08.303Z DETECTION Trojan:Win32/Occamy.C file:C:\Users\HUGO\AppData\Local\Temp\RarSFX0\keygen-pr.exe
2020-07-07T08:18:08.434Z DETECTION Trojan:Win32/Wacatac.D7!ml file:C:\Users\HUGO\AppData\Local\Temp\RarSFX0\keygen-step-1.exe
2020-07-07T08:18:09.531Z DETECTION HackTool:Win32/Mikatz!dha file:C:\Users\HUGO\AppData\Local\Temp\RarSFX0\keygen-step-3.exe
2020-07-07T08:19:37.610Z DETECTION Trojan:Win32/Occamy.C file:C:\Users\HUGO\AppData\Local\Temp\RarSFX0\keygen-pr.exe
2020-07-07T08:19:38.398Z DETECTION HackTool:Win32/Mikatz!dha file:C:\Users\HUGO\AppData\Local\Temp\RarSFX0\keygen-step-3.exe
2020-07-07T08:19:39.223Z DETECTION Trojan:Win32/IStartSurf file:C:\Users\HUGO\AppData\Local\Temp\RarSFX0\keygen-step-4.exe
2020-07-07T08:19:40.270Z DETECTION Trojan:Win32/Wacatac.D7!ml file:C:\Users\HUGO\AppData\Local\Temp\RarSFX0\keygen-step-1.exe

 

Algum crack que você baixou... está pasta Temp, pode deletar tudo.
 

Citação

 

2020-07-07T08:56:57.348Z DETECTION PUA:Win32/Presenoker containerfile:C:\Users\HUGO\Downloads\zoek.zip
2020-07-07T08:56:57.349Z DETECTION PUA:Win32/Presenoker file:C:\Users\HUGO\Downloads\zoek.zip->Z-Analyse.exe

2020-07-22T16:22:07.415Z DETECTION PUA:Win32/RelevantKnowledge file:C:\Users\HUGO\Downloads\SecurityCheckH.exe
2020-07-22T16:22:07.415Z DETECTION PUA:Win32/RelevantKnowledge webfile:C:\Users\HUGO\Downloads\SecurityCheckH.exe|http://tools.safezone.cc/glax24/SecurityCheck/SecurityCheckH.exe|pid:6176,ProcessStart:132399085185409379

 

 

Falso positivo.

 

Podemos finalizar?

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego!

 

Podemos finalizar sim!

 

Obrigado por todo suporte!

 

Abraço!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Problema resolvido!

 

Caso o autor necessite, o mesmo será reaberto, para isso deverá entrar em contato com um Analista de Segurança ou Coordenador solicitando o desbloqueio.

 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Aprenda a ler resistores e capacitores

EBOOK GRÁTIS!

CLIQUE AQUI E BAIXE AGORA MESMO!