Virus que muda nome de Usuário

Question

N&atilde;o sei bem o que fizeram no meu pc, alguns dias atr&aacute;s fui abrir o gerenciador de tarefas e notei que o nome de Usu&aacute;rio estava 987TGH654 e n&atilde;o sei o que pode ter causado isto, algu&eacute;m pode me ajudar?
Vou estar deixando o print dos Processos para voc&ecirc;s darem uma olhada[ATTACH=full]56948[/ATTACH]

Answer

Bom dia e bem vindo !   Prezado  regente WladimirFaker

Bom ; logo  de inicio ; constatei que usas o  avast .  Mas isto um mero detalhe .

Finalize este processo pelo  pr&oacute;prio  gerenciador .

A seguir por enquanto  rode o eset on line :

http://www.eset.com/pt/online-scanner-popup/

Assinale  permitir  (  para a a&ccedil;&atilde;o do programa ) e em configura&ccedil;&otilde;es  avan&ccedil;adas  marque  todas as op&ccedil;&otilde;es .

Abra&ccedil;os

[QUOTE=WladimirFaker, post: 7536650, member: 1073638]N&atilde;o sei bem o que fizeram no meu pc, alguns dias atr&aacute;s fui abrir o gerenciador de tarefas e notei que o nome de Usu&aacute;rio estava 987TGH654 e n&atilde;o sei o que pode ter causado isto, algu&eacute;m pode me ajudar?
Vou estar deixando o print dos Processos para voc&ecirc;s darem uma olhada[ATTACH=full]56948[/ATTACH][/QUOTE]

Answer

O unsecapp.exe &eacute; um processo relativo ao WMI do Windows.
http://www.pcadvisor.co.uk/feature/windows/is-unsecappexe-virus-or-malware-3614218/

Tem certeza de que n&atilde;o mudaram o nome de usu&aacute;rio do seu micro na m&atilde;o mesmo?
Fa&ccedil;a a experi&ecirc;ncia: Digite 987TGH654... Parece ser coisa que um humano faria.

Em todo o caso, pode rodar as seguintes ferramentas em sequ&ecirc;ncia: ZHPCleaner, JRT, AdwCleaner e Malwarebytes Anti-Malware.
https://www.nicolascoolman.com/download/zhpcleaner/
https://br.malwarebytes.com/junkwareremovaltool/
https://toolslib.net/downloads/viewdownload/1-adwcleaner/
https://br.malwarebytes.com/mwb-download/

Poste os logs pra gente.

[]s.

Answer

[QUOTE=Komm, post: 7537410, member: 32096]O unsecapp.exe &eacute; um processo relativo ao WMI do Windows.
http://www.pcadvisor.co.uk/feature/windows/is-unsecappexe-virus-or-malware-3614218/

Tem certeza de que n&atilde;o mudaram o nome de usu&aacute;rio do seu micro na m&atilde;o mesmo?
Fa&ccedil;a a experi&ecirc;ncia: Digite 987TGH654... Parece ser coisa que um humano faria.

Em todo o caso, pode rodar as seguintes ferramentas em sequ&ecirc;ncia: ZHPCleaner, JRT, AdwCleaner e Malwarebytes Anti-Malware.
https://www.nicolascoolman.com/download/zhpcleaner/
https://br.malwarebytes.com/junkwareremovaltool/
https://toolslib.net/downloads/viewdownload/1-adwcleaner/
https://br.malwarebytes.com/mwb-download/

Poste os logs pra gente.

[]s.[/QUOTE]

Fiz como voc&ecirc; falou, e realmente, pelo que vi tirou muitas coisas do meu PC =D
Por&eacute;m o Usu&aacute;rio continua o mesmo, tentei mudar o nome de usu&aacute;rio como voc&ecirc; comentou e n&atilde;o deu certo
Estou mandando o print do gerenciador de tarefas e das Propriedades do Sistema (este Grupo de trabalho tem me chamado aten&ccedil;&atilde;o, tem como remove-lo?)
[ATTACH=full]57162[/ATTACH]

Agora vou deixar os logs aqui como voc&ecirc; pediu 
 
~ ZHPCleaner v2016.8.22.111 by Nicolas Coolman (2016/08/22)
~ Run by 987TGH654 (Administrator)  (23/08/2016 11:20:18)
~ Site : https://www.nicolascoolman.com
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Users\987TGH654\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\987TGH654\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)

---\  Servi&ccedil;os (0)
~ Nenhum &iacute;tem malicioso o desnecess&aacute;rios foi encontrado.

---\  Navegadores de Internet (2)
SUPRIMIDO: [28cm04l1.default] - user_pref(network.http.request.max-start-delay, 0);  =>.Superfluous.MaxStart
SUPRIMIDO dados: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride [Bad : 192.168.*.*]  =>Hijacker.Proxy

---\  Arquivo hosts (1)
~ O arquivo hosts &eacute; leg&iacute;timo (21)

---\  Tarefas autom&aacute;ticas agendadas. (0)
~ Nenhum &iacute;tem malicioso o desnecess&aacute;rios foi encontrado.

---\  Explorer ( Arquivos, Pastas) (10)
MOVIDO pasta: C:\Windows\System32\drivers\SWDUMon.sys [SlimWare Utilities, Inc. - Driver Update Installer Monitor]  =>.Superfluous.SlimWareUtilities
MOVIDO pasta: C:\Users\987TGH654\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ol.at.atwola.com_0.localstorage  =>.Superfluous.Atwola
MOVIDO pasta: C:\Users\987TGH654\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage  =>.Superfluous.AudienceInsights
MOVIDO pasta: C:\Users\987TGH654\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.uniblue.com_0.localstorage  =>.Superfluous.Uniblue
MOVIDO pasta^: C:\Users\987TGH654\AppData\Local\app  =>PUP.Optional.CrossRider
MOVIDO arquivo: C:\Program Files\MPC Cleaner  =>.Superfluous.MPCCleaner
MOVIDO arquivo: C:\ProgramDatavlkl  =>PUP.Optional.RelevantKnowledge
MOVIDO arquivo: C:\ProgramData\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA}  =>PUP.Optional.BundleInstaller
MOVIDO arquivo: C:\Users\987TGH654\AppData\Local\CrashRpt  =>.Superfluous.CrashReports
MOVIDO arquivo: C:\Users\987TGH654\AppData\Local	uto_monetize_120160705  =>.Superfluous.TutoMonetize

---\  Registro ( Chaves, Valores, Dados ) (10)
SUPRIMIDO chave*: HKCU\Software\DarwenDLM []  =>Heuristic.InstallCore
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\SWDUMon [C:\Windows\System32\drivers\SWDUMon.sys (Not File)]  =>.Superfluous.SlimWareUtilities
SUPRIMIDO chave: HKEY_USERS\S-1-5-21-2149204864-3069041820-1801504021-1000\SOFTWARE\DarwenDLM []  =>Adware.InstallCore
SUPRIMIDO chave: HKCU\Software\DarwenDLM []  =>Adware.InstallCore
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool]  =>Toolbar.Ask
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\CLSID\{940D6050-66DF-4126-AABE-C346DB1AACC1} [NMCFEventManager Class]  =>PUP.Optional.CrossRider
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\CLSID\{F3EE3BEE-0101-466D-8DC8-F94517A042F4} [NMBAppPluginMediaBrowserVideo Class]  =>PUP.Optional.CrossRider
SUPRIMIDO chave*: HKCU\SOFTWARE\264f6b2b5a9149f67b632854726a7aae []  =>Hijacker.Browser
SUPRIMIDO chave: HKLM\SOFTWARE\Classes\CLSID\{940D6050-66DF-4126-AABE-C346DB1AACC1}\InprocServer32 [C:\Program Files\Common Files\Ahead\Lib\NMCoFoundation.dll]  =>PUP.Optional.CrossRider
SUPRIMIDO chave: HKLM\SOFTWARE\Classes\CLSID\{F3EE3BEE-0101-466D-8DC8-F94517A042F4}\InprocServer32 [C:\Program Files\Nero\Nero 7\Nero Home\NeroMediaBrowserCorePlugins.dll]  =>PUP.Optional.CrossRider

---\  Resumo dos elementos encontrados na sua esta&ccedil;&atilde;o de trabalho (16)
https://www.anti-malware.top/2016/06/07/superfluous-maxstart/  =>.Superfluous.MaxStart
https://www.anti-malware.top/2016/06/09/pirate-de-serveur-proxy-hijacker-proxy/  =>Hijacker.Proxy
https://www.nicolascoolman.com/forum/post33195.html#p33195  =>.Superfluous.SlimWareUtilities
https://www.anti-malware.top/2016/07/21/superfluous-atwola/  =>.Superfluous.Atwola
https://www.nicolascoolman.com/fr/logiciels-superflus  =>.Superfluous.AudienceInsights
https://www.nicolascoolman.com/fr/logiciels-superflus  =>.Superfluous.Uniblue
https://www.anti-malware.top/2016/04/30/pup-optional-crossrider/  =>PUP.Optional.CrossRider
https://www.nicolascoolman.com/fr/superfluous-mpccleaner/  =>.Superfluous.MPCCleaner
https://www.nicolascoolman.com/fr/adware-relevantknowledge/  =>PUP.Optional.RelevantKnowledge
https://www.nicolascoolman.com/fr/repaquetage-et_infections/  =>PUP.Optional.BundleInstaller
https://www.nicolascoolman.com/fr/logiciels-superflus  =>.Superfluous.CrashReports
https://www.nicolascoolman.com/fr/logiciels-superflus  =>.Superfluous.TutoMonetize
https://www.nicolascoolman.com/fr/repaquetage-et_infections/  =>Heuristic.InstallCore
https://www.anti-malware.top/2016/04/22/adware-installcore/  =>Adware.InstallCore
https://www.nicolascoolman.com/fr/toolbar-ask/  =>Toolbar.Ask
https://www.nicolascoolman.com/fr/hijacker-browser/  =>Hijacker.Browser

---\  Dodatkowe oczyszczenie. (76)
~ Chave de registro Tracing Supprimido (76)
~ Remover os relat&oacute;rios antigos ZHPCleaner. (0)

---\ Resultado de repara&ccedil;&atilde;o
Repara&ccedil;&atilde;o efectuada com sucesso
~ Este navegador est&aacute; faltando ! (Opera Software)
~ O sistema foi reiniciado.

---\ Estat&iacute;sticas
~ Items scan : 724
~ Items encontrado : 0
~ items cancelados : 0
~ Items r&eacute;paro : 22

~ End of clean in 00h00mn28s
~====================
ZHPCleaner-[R]-23082016-11_20_46.txt
ZHPCleaner--23082016-06_05_19.txt

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Ultimate x86
Ran by 987TGH654 (Administrator) on 23/08/2016 at 11:23:13,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 51

Failed to delete: C:\Users\987TGH654\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NCXU70EU (Temporary Internet Files Folder)
Successfully deleted: C:\ProgramData\iobit\driver booster (Folder)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\987TGH654\AppData\Local\slimware utilities inc (Folder)
Successfully deleted: C:\Users\987TGH654\AppData\Roaming\iobit\driver booster (Folder)
Successfully deleted: C:\Users\987TGH654\AppData\Roaming\Mozilla\Firefox\Profiles\28cm04l1.default\user.js (File)
Successfully deleted: C:\Users\987TGH654\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Users\987TGH654\AppData\Roaming\solvusoft (Folder)
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)
Successfully deleted: C:\Windows\System32\Tasks\Driver Booster SkipUAC (987TGH654) (Task)
Successfully deleted: C:\Windows\System32\Tasks\Uninstaller_SkipUac_987TGH654 (Task)
Successfully deleted: C:\Users\987TGH654\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0KS63BXZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\987TGH654\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RNFDIMU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\987TGH654\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\32NCTQVH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\987TGH654\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\59KGNE1W (Temporary Internet Files Folder)
Successfully deleted: C:\Users\987TGH654\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5QPO4YA4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\987TGH654\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SXN1KL3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\987TGH654\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9AURAJI8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\987TGH654\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9KSX28JI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\987TGH654\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E9WD0HY0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\987TGH654\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRU5KQFF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\987TGH654\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2PPJE0U (Temporary Internet Files Folder)
Successfully deleted: C:\Users\987TGH654\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OONG9AVH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\987TGH654\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1N2RH8R (Temporary Internet Files Folder)
Successfully deleted: C:\Users\987TGH654\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPGE2H1S (Temporary Internet Files Folder)
Successfully deleted: C:\Users\987TGH654\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFM52IJP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\987TGH654\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W0ZUECR2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\987TGH654\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WFSQVA2U (Temporary Internet Files Folder)
Successfully deleted: C:\Users\987TGH654\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y49RLFGH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\987TGH654\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z63RBK33 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0KS63BXZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RNFDIMU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\32NCTQVH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\59KGNE1W (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5QPO4YA4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SXN1KL3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9AURAJI8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9KSX28JI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E9WD0HY0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRU5KQFF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NCXU70EU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2PPJE0U (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OONG9AVH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1N2RH8R (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPGE2H1S (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UFM52IJP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W0ZUECR2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WFSQVA2U (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y49RLFGH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z63RBK33 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32oboot.exe (File)

Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/08/2016 at 11:26:20,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

# AdwCleaner v6.000 - Relat&oacute;rio criado 23/08/2016 &agrave;s 11:29:53
# *Updated on 12/08/2016 by ToolsLib
# Banco de dados : 2016-08-22.1 [Servidor]
# Sistema operacional : Windows 7 Ultimate Service Pack 1 (X86)
# Usu&aacute;rio : 987TGH654 - 987TGH654-PC
# Executando de : C:\Users\987TGH654\Downloads\adwcleaner_6.000.exe
# *Mode: Scan
# Apoio : https://toolslib.net/forum

***** [ Servi&ccedil;os ] *****

Servi&ccedil;o swdumon

***** [ Pastas ] *****

Encontrado C:\Users\987TGH654\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
Encontrado C:\Users\987TGH654\AppData\Roaming\UPUpdata
Encontrado C:\Users\987TGH654\AppData\Roaming\MCorp
Encontrado C:\ProgramData\SecTaskMan
Encontrado C:\ProgramData\SlimWare Utilities, Inc
Encontrado C:\ProgramData\Application Data\SecTaskMan
Encontrado C:\ProgramData\Application Data\SlimWare Utilities, Inc
Encontrado C:\Program Files\badu
Encontrado C:\Users\987TGH654\AppData\Local\app
Encontrado C:\Users\987TGH654\AppData\Roaming\MCorp

***** [ Arquivos ] *****

*No malicious files found.

***** [ DLL ] *****

*No malicious DLLs found.

***** [ WMI ] *****

*No malicious keys found.

***** [ Atalhos ] *****

Procurando por atalhos infectados ...

***** [ Tarefas agendadas ] *****

*No malicious task found.

***** [ Registro ] *****

Encontrado HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Encontrado HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Encontrado HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Encontrado HKU\S-1-5-21-2149204864-3069041820-1801504021-1000\Software\SlimWare Utilities Inc
Encontrado HKU\S-1-5-21-2149204864-3069041820-1801504021-1000\Software\Smart PC Solutions
Encontrado HKCU\Software\SlimWare Utilities Inc
Encontrado HKCU\Software\Smart PC Solutions
Encontrado HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Encontrado HKLM\SOFTWARE\SlimWare Utilities Inc
Encontrado HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Encontrado HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Encontrado HKCU\Software\Microsoft\Internet Explorer\DOMStorage\piroga.space

***** [ Navegadores ] *****

Procurando por itens do registro
*Chromium pref Found: [C:\Users\987TGH654\AppData\Local\Google\Chrome\User Data\Default\Web data] - br.ask.com
*Chromium pref Found: [C:\Users\987TGH654\AppData\Local\Google\Chrome\User Data\Default\Web data] - daemon-tools.softonic.com.br

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [2596 *Bytes] - [23/08/2016 11:29:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2670 *Bytes] ##########

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org

Data da verifica&ccedil;&atilde;o: 23/08/2016
Hora da verifica&ccedil;&atilde;o: 11:43
Arquivo de registro: malwarebytes.txt
Administrador: Sim

Vers&atilde;o: 2.2.1.1043
Banco de dados de malware: v2016.08.23.08
Banco de dados de rootkit: v2016.08.15.01
Licen&ccedil;a: Vers&atilde;o de avalia&ccedil;&atilde;o
Prote&ccedil;&atilde;o contra malware: Habilitado
Prote&ccedil;&atilde;o contra website malicioso: Habilitado
Autoprote&ccedil;&atilde;o: Desabilitado

Sistema operacional: Windows 7 Service Pack 1
CPU: x86
Sistema de arquivos: NTFS
Usu&aacute;rio: 987TGH654

Tipo de verifica&ccedil;&atilde;o: Verifica&ccedil;&atilde;o da amea&ccedil;a
Resultado: Conclu&iacute;do
Objetos verificados: 262426
Tempo decorrido: 7 min, 44 seg

Mem&oacute;ria: Habilitado
Inicializa&ccedil;&atilde;o: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Desabilitado
Heur&iacute;stica: Habilitado
PUP: Habilitado
PUM: Habilitado

Processos: 0
(Nenhum item malicioso detectado)

M&oacute;dulos: 0
(Nenhum item malicioso detectado)

Chaves de registro: 0
(Nenhum item malicioso detectado)

Valores de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Pastas: 0
(Nenhum item malicioso detectado)

Arquivos: 2
PUP.Optional.GsearchFinder, C:\Users\987TGH654\AppData\Roaming\Profiles\hahsphesaentetetain\extensions\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.xpi, Quarentena, [e1a387c76c2ed6600583e11ce41fff01],
PUP.Optional.Trotux, C:\Users\987TGH654\AppData\Roaming\Profiles\iu18l38h.default\searchplugins\y9pgq9h6.xml, Quarentena, [1e6653fb5b3f47efe2e58623a3614fb1],

Setores f&iacute;sicos: 0
(Nenhum item malicioso detectado)

(end)

[QUOTE=TmfeijoMMonroe, post: 7536822, member: 713513]Bom dia e bem vindo !   Prezado  regente WladimirFaker

Bom ; logo  de inicio ; constatei que usas o  avast .  Mas isto um mero detalhe .

Finalize este processo pelo  pr&oacute;prio  gerenciador .

A seguir por enquanto  rode o eset on line :

http://www.eset.com/pt/online-scanner-popup/

Assinale  permitir  (  para a a&ccedil;&atilde;o do programa ) e em configura&ccedil;&otilde;es  avan&ccedil;adas  marque  todas as op&ccedil;&otilde;es .

Abra&ccedil;os[/QUOTE]
[QUOTE=TmfeijoMMonroe, post: 7536822, member: 713513]Bom dia e bem vindo !   Prezado  regente WladimirFaker

Bom ; logo  de inicio ; constatei que usas o  avast .  Mas isto um mero detalhe .

Finalize este processo pelo  pr&oacute;prio  gerenciador .

A seguir por enquanto  rode o eset on line :

http://www.eset.com/pt/online-scanner-popup/

Assinale  permitir  (  para a a&ccedil;&atilde;o do programa ) e em configura&ccedil;&otilde;es  avan&ccedil;adas  marque  todas as op&ccedil;&otilde;es .

Abra&ccedil;os[/QUOTE]

Boa Tarde  TmfeijoMMonroe!
Fiz tudo como disse, e o programa achou alguns problemas e os excluiu =D
Obrigado pela dica.

Answer

Boa  tarde !  Prezado regente autor

Seu sistema &eacute; o 7 ; sendo poss&iacute;vel assim rodar o combofix :

http://www.bleepingcomputer.com/download/combofix/

Rode-o .

Abra&ccedil;os

Answer

WladimirFaker, ser&aacute; que esse nome de usu&aacute;rio j&aacute; n&atilde;o estava a&iacute; e voc&ecirc; n&atilde;o percebeu?

&Eacute; porque no Windows o que &eacute; poss&iacute;vel alterar &eacute; o nome de exibi&ccedil;&atilde;o do usu&aacute;rio.
Mesmo que se altere o nome de exibi&ccedil;&atilde;o, a conta de usu&aacute;rio permanece com o nome com o qual foi criada.

Se quer deixar o nome de usu&aacute;rio do SO como Wladimir, crie outro perfil de usu&aacute;rio com esse nome, copie para ele os dados do seu perfil atual, logue nele e ent&atilde;o pode excluir o perfil atual.

[]s.

Answer

Boa tarde !  Prezado  regente autor WladimirFaker

Desinstale o eset on line  com o revo uninstall ; que todos  os itens  quarentenados ir&atilde;o embora juntos .
Voc&ecirc; instalou este programa abaixo ?:daa::dance::eek::eek::eek:

http://www.baixaki.com.br/download/mpc-cleaner.htm    (  N&atilde;o  instale novamente; estou apenas mostrando/questionando/contestando o mesmo )

https://www.hardware.com.br/comunidade/software-limpeza/1371672/   (  E eu  heim ?  Perito digital vision&aacute;rio-futur&iacute;stico !:rolleyes::rolleyes::rolleyes:  )

Este t&oacute;pico acima &eacute; um hist&oacute;rico de maio/2015 .

Abra&ccedil;os

Answer

[QUOTE=TmfeijoMMonroe, post: 7540322, member: 713513]Boa  tarde !  Prezado regente autor

Seu sistema &eacute; o 7 ; sendo poss&iacute;vel assim rodar o combofix :

http://www.bleepingcomputer.com/download/combofix/

Rode-o .

Abra&ccedil;os[/QUOTE]

Combofix &eacute; um antiv&iacute;rus n&atilde;o? preciso desinstalar o avast?

[QUOTE=Komm, post: 7540362, member: 32096]WladimirFaker, ser&aacute; que esse nome de usu&aacute;rio j&aacute; n&atilde;o estava a&iacute; e voc&ecirc; n&atilde;o percebeu?

&Eacute; porque no Windows o que &eacute; poss&iacute;vel alterar &eacute; o nome de exibi&ccedil;&atilde;o do usu&aacute;rio.
Mesmo que se altere o nome de exibi&ccedil;&atilde;o, a conta de usu&aacute;rio permanece com o nome com o qual foi criada.

Se quer deixar o nome de usu&aacute;rio do SO como Wladimir, crie outro perfil de usu&aacute;rio com esse nome, copie para ele os dados do seu perfil atual, logue nele e ent&atilde;o pode excluir o perfil atual.

[]s.[/QUOTE]

Ah sim kk, entendi .
Se &eacute; normal do Windows tudo bem.
Obrigado pela ajuda, meu PC melhorou drasticamente =D

Answer

Boa tarde !  Prezado  autor

Apenas  desative o avast . E d&ecirc; continuidade  com o combofix .

No que tange  (  diz respeito )  ao  MPC Cleaner cfe. acima ;  para  ir aniquilando o mesmo e um pouco por enquanto :

No cmd como administrador ; digite  sc delete MPCProtectService  e enter .

Abra&ccedil;os

[QUOTE=WladimirFaker, post: 7540480, member: 1073638]Combofix &eacute; um antiv&iacute;rus n&atilde;o? preciso desinstalar o avast?[/QUOTE]

Answer

[QUOTE=TmfeijoMMonroe, post: 7540484, member: 713513]Boa tarde !  Prezado  autor

Apenas  desative o avast . E d&ecirc; continuidade  com o combofix .

No que tange  (  diz respeito )  ao  MPC Cleaner cfe. acima ;  para  ir aniquilando o mesmo e um pouco por enquanto :

No cmd como administrador ; digite  sc delete MPCProtectService  e enter .

Abra&ccedil;os[/QUOTE]

Fiz tudo como voc&ecirc; disse, mas n&atilde;o consegui deletar o MPCProtectService.
Quando tento pelo CMD aparece O servi&ccedil;o especificado n&atilde;o existe como servi&ccedil;o instalado.
Depois que usei o Combofix meu CPU s&oacute; fica acima do 50% ser&aacute; que fiz algo errado ?

Answer

Boa tarde ! Prezado  autor

Nada n&atilde;o .
Poste o log do mesmo .

Abra&ccedil;os

[QUOTE=WladimirFaker, post: 7540558, member: 1073638]Fiz tudo como voc&ecirc; disse, mas n&atilde;o consegui deletar o MPCProtectService.
Quando tento pelo CMD aparece O servi&ccedil;o especificado n&atilde;o existe como servi&ccedil;o instalado.
Depois que usei o Combofix meu CPU s&oacute; fica acima do 50% ser&aacute; que fiz algo errado ?[/QUOTE]

Answer

[QUOTE=TmfeijoMMonroe, post: 7540578, member: 713513]Boa tarde ! Prezado  autor

Nada n&atilde;o .
Poste o log do mesmo .

Abra&ccedil;os[/QUOTE]

Este &eacute; o Log do ComboFix

ComboFix 16-08-21.02 - 987TGH654 23/08/2016  14:37:58.1.2 - x86
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.55.1046.18.2047.837 [GMT -3:00]
Executando de: c:\users\987TGH654\Downloads\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((  Outras Exclus&otilde;es  )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20160708.txt
c:\cflog\CrashLog_20160709.txt
c:\windows\msdownld.tmp
.
.
((((((((((((((((  Arquivos/Ficheiros criados de 2016-07-23 to 2016-08-23  ))))))))))))))))))))))))))))
.
.
2016-08-23 17:47 . 2016-08-23 17:47   --------   d-----w-   c:\users\Default\AppData\Local	emp
2016-08-23 14:40 . 2016-08-23 14:40   --------   d-----w-   c:\programdata\Malwarebytes
2016-08-23 14:34 . 2016-08-23 14:34   --------   d-----w-   c:\users\987TGH654\AppData\Roaming\ProductData
2016-08-23 14:33 . 2016-08-23 14:40   --------   d-----w-   c:\programdata\ProductData
2016-08-23 14:27 . 2016-08-23 14:31   --------   d-----w-   C:\AdwCleaner
2016-08-23 08:51 . 2016-08-23 14:52   --------   d-----w-   c:\users\987TGH654\AppData\Roaming\ZHP
2016-08-23 07:53 . 2016-08-23 07:53   --------   d-----w-   c:\program files\Common Files\Java
2016-08-23 04:46 . 2016-08-23 04:46   --------   d-----w-   c:\programdata\Steam
2016-08-23 03:00 . 2016-08-23 03:00   --------   d-----w-   c:\program files\Outlast
2016-08-23 02:58 . 2016-08-23 02:58   --------   d-----w-   c:\program files\Tribo Gamer
2016-08-23 02:44 . 2016-08-23 02:44   --------   d-----w-   c:\program files\Red Barrels
2016-08-23 01:46 . 2016-08-23 01:46   --------   d-----w-   c:\program files\Ubisoft
2016-08-22 07:28 . 2012-07-26 02:32   155136   ----a-w-   c:\windows\system32\drivers\WUDFRd.sys
2016-08-22 07:28 . 2012-07-26 02:33   66560   ----a-w-   c:\windows\system32\drivers\WUDFPf.sys
2016-08-22 07:28 . 2012-07-26 03:21   196608   ----a-w-   c:\windows\system32\WUDFHost.exe
2016-08-22 07:28 . 2012-07-26 03:20   73216   ----a-w-   c:\windows\system32\WUDFSvc.dll
2016-08-22 07:28 . 2012-07-26 03:20   613888   ----a-w-   c:\windows\system32\WUDFx.dll
2016-08-22 07:28 . 2012-07-26 03:20   38912   ----a-w-   c:\windows\system32\WUDFCoinstaller.dll
2016-08-22 07:28 . 2012-07-26 03:20   172032   ----a-w-   c:\windows\system32\WUDFPlatform.dll
2016-08-22 07:23 . 2014-03-09 21:47   99480   ----a-w-   c:\windows\system32\infocardapi.dll
2016-08-22 07:23 . 2014-06-30 22:14   8856   ----a-w-   c:\windows\system32\icardres.dll
2016-08-22 07:23 . 2014-03-09 21:47   619672   ----a-w-   c:\windows\system32\icardagt.exe
2016-08-22 07:23 . 2014-06-06 06:16   35480   ----a-w-   c:\windows\system32\TsWpfWrp.exe
2016-08-22 07:22 . 2012-03-01 05:46   19824   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2016-08-22 07:22 . 2012-03-01 05:33   159232   ----a-w-   c:\windows\system32\imagehlp.dll
2016-08-22 07:22 . 2012-03-01 05:29   5120   ----a-w-   c:\windows\system32\wmi.dll
2016-08-22 06:50 . 2016-08-22 06:50   --------   d-----w-   c:\windows\Migration
2016-08-22 06:22 . 2016-08-22 06:22   338944   ----a-w-   c:\windows\system32\drivers\afd.sys
2016-08-22 06:22 . 2016-08-22 06:22   49152   ----a-w-   c:\windows\system32	askhost.exe
2016-08-22 06:17 . 2016-08-22 06:17   1505280   ----a-w-   c:\windows\system32\d3d11.dll
2016-08-22 06:13 . 2015-07-30 13:13   103120   ----a-w-   c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-08-21 13:36 . 2015-05-25 18:01   853504   ----a-w-   c:\windows\system32\diagtrack.dll
2016-08-21 13:36 . 2015-05-25 16:53   36864   ----a-w-   c:\windows\system32\UtcResources.dll
2016-08-21 13:36 . 2015-05-25 18:01   635392   ----a-w-   c:\windows\system32	dh.dll
2016-08-21 13:36 . 2015-05-25 18:00   364544   ----a-w-   c:\windows\system32	racerpt.exe
2016-08-21 13:36 . 2015-05-25 18:01   92160   ----a-w-   c:\windows\system32\sechost.dll
2016-08-21 13:36 . 2015-05-25 18:00   40448   ----a-w-   c:\windows\system32	ypeperf.exe
2016-08-21 13:36 . 2015-05-25 18:00   37888   ----a-w-   c:\windows\system32elog.exe
2016-08-21 13:36 . 2015-05-25 18:00   82944   ----a-w-   c:\windows\system32\logman.exe
2016-08-21 13:36 . 2015-05-25 18:00   17408   ----a-w-   c:\windows\system32\diskperf.exe
2016-08-21 13:34 . 2012-09-25 22:47   78336   ----a-w-   c:\windows\system32\synceng.dll
2016-08-21 13:33 . 2015-11-05 19:02   14848   ----a-w-   c:\windows\system32\wshrm.dll
2016-08-21 13:32 . 2013-07-04 11:57   205824   ----a-w-   c:\windows\system32\WebClnt.dll
2016-08-21 13:31 . 2015-12-08 21:54   1620992   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2016-08-21 13:30 . 2013-12-04 02:03   87040   ----a-w-   c:\windows\system32\secproc_ssp_isv.dll
2016-08-21 13:30 . 2013-12-04 02:03   87040   ----a-w-   c:\windows\system32\secproc_ssp.dll
2016-08-21 13:30 . 2013-12-04 02:03   423936   ----a-w-   c:\windows\system32\secproc_isv.dll
2016-08-21 13:30 . 2013-12-04 02:03   428032   ----a-w-   c:\windows\system32\secproc.dll
2016-08-21 13:30 . 2013-12-04 02:02   390144   ----a-w-   c:\windows\system32\msdrm.dll
2016-08-21 13:30 . 2013-12-04 01:54   510976   ----a-w-   c:\windows\system32\RMActivate_ssp.exe
2016-08-21 13:30 . 2013-12-04 01:54   594944   ----a-w-   c:\windows\system32\RMActivate_isv.exe
2016-08-21 13:30 . 2013-12-04 01:54   572416   ----a-w-   c:\windows\system32\RMActivate.exe
2016-08-21 13:30 . 2013-12-04 01:54   508928   ----a-w-   c:\windows\system32\RMActivate_ssp_isv.exe
2016-08-21 13:30 . 2014-12-08 02:46   308224   ----a-w-   c:\windows\system32\scesrv.dll
2016-08-21 13:30 . 2015-04-24 17:56   530432   ----a-w-   c:\windows\system32\comctl32.dll
2016-08-21 13:30 . 2014-10-14 01:50   523776   ----a-w-   c:\windows\system32	ermsrv.dll
2016-08-21 13:09 . 2016-01-11 18:54   1212352   ----a-w-   c:\windows\system32\drivers
tfs.sys
2016-08-21 12:56 . 2014-10-03 01:45   1177088   ----a-w-   c:\windows\system32\WsmSvc.dll
2016-08-21 12:56 . 2014-10-03 01:45   248832   ----a-w-   c:\windows\system32\WSManMigrationPlugin.dll
2016-08-21 12:56 . 2014-10-03 01:45   214016   ----a-w-   c:\windows\system32\WsmWmiPl.dll
2016-08-21 12:56 . 2014-10-03 01:45   145920   ----a-w-   c:\windows\system32\WsmAuto.dll
2016-08-21 12:56 . 2014-10-03 01:44   198656   ----a-w-   c:\windows\system32\WSManHTTPConfig.exe
2016-08-21 12:55 . 2016-05-18 16:10   306688   ----a-w-   c:\windows\system32\gdi32.dll
2016-08-21 07:18 . 2016-08-21 07:18   --------   d-----w-   C:\Riot Games
2016-08-21 02:19 . 2016-08-23 06:15   --------   d-----w-   c:\users\987TGH654\AppData\Roaming\MPC-HC
2016-08-20 20:50 . 2016-08-20 20:50   --------   d-----w-   c:\users\987TGH654\AppData\Roaming\XRay Engine
2016-08-19 04:08 . 2016-08-23 00:03   --------   d-----w-   C:\Call of Duty Modern Warfare 3
2016-08-18 00:56 . 2016-08-21 04:27   --------   d-----w-   c:\windows\system32\config\systemprofile\.oracle_jre_usage
2016-08-16 19:04 . 2008-10-15 09:22   452440   ----a-w-   c:\windows\system32\d3dx10_40.dll
2016-08-16 19:04 . 2008-10-15 09:22   2036576   ----a-w-   c:\windows\system32\D3DCompiler_40.dll
2016-08-16 19:04 . 2008-10-15 09:22   4379984   ----a-w-   c:\windows\system32\D3DX9_40.dll
2016-08-16 18:20 . 2016-08-16 18:20   --------   d-----w-   c:\users\987TGH654\AppData\Local\Steam
2016-08-16 18:14 . 2016-08-23 07:04   --------   d-----w-   c:\program files\Steam
2016-08-16 18:12 . 2016-08-16 23:27   --------   d-----w-   c:\program files\Common Files\Steam
2016-08-16 18:10 . 2016-08-18 00:17   --------   d-----w-   c:\program files\Microsoft
2016-08-16 17:54 . 2016-08-16 17:54   --------   d-----w-   c:\users\987TGH654\AppData\Local\SKIDROW
2016-08-16 05:30 . 2014-04-04 18:22   3024152   ----a-w-   c:\windows\system32\wxmsw28u_core_vc_custom.dll
2016-08-16 04:43 . 2016-08-16 04:43   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2016-08-16 02:54 . 2016-08-16 02:54   242240   ----a-w-   c:\windows\system32\drivers\dtsoftbus01.sys
2016-08-16 02:54 . 2016-08-16 02:54   --------   d-----w-   c:\program files\DAEMON Tools Pro
2016-08-16 02:54 . 2016-08-23 06:15   --------   d-----w-   c:\users\987TGH654\AppData\Roaming\DAEMON Tools Pro
2016-08-16 02:52 . 2016-08-16 02:54   --------   d-----w-   c:\programdata\DAEMON Tools Pro
2016-08-14 17:17 . 2016-08-14 17:17   62576   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CCB3308-013B-4910-8992-14053B8791EF}\offreg.6068.dll
2016-08-12 17:45 . 2016-08-12 17:45   --------   d-----w-   c:\program files\Mozilla Maintenance Service
2016-08-12 17:29 . 2016-08-23 06:45   --------   d-----w-   c:\users\987TGH654\AppData\Roaming\.minecraft
2016-08-12 17:28 . 2016-08-20 11:20   --------   d-----w-   c:\users\987TGH654\.oracle_jre_usage
2016-08-12 17:28 . 2016-08-23 07:33   95808   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2016-08-12 17:28 . 2016-08-23 07:52   --------   d-----w-   c:\program files\Java
2016-08-12 17:27 . 2016-08-23 07:53   --------   d-----w-   c:\programdata\Oracle
2016-08-09 06:50 . 2016-08-09 06:50   62576   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CCB3308-013B-4910-8992-14053B8791EF}\offreg.3000.dll
2016-08-09 03:26 . 2016-08-09 03:26   --------   d-----w-   c:\windows\system32\Macromed
2016-08-06 15:50 . 2016-08-06 15:50   --------   d-----w-   c:\users\987TGH654\AppData\Local\CEF
2016-08-06 12:36 . 2016-08-06 15:50   --------   d-----w-   c:\users\987TGH654\AppData\Local\Razer
2016-08-06 12:21 . 2016-06-27 21:53   69112   ----a-w-   c:\windows\system32\driverszpnk.sys
2016-08-06 12:21 . 2016-05-06 22:50   27248   ----a-w-   c:\windows\system32\driverszpmgrk.sys
2016-08-06 12:20 . 2016-08-06 15:50   --------   d-----w-   c:\programdata\Razer
2016-08-06 12:20 . 2016-08-06 12:22   --------   d-----w-   c:\program files\Razer
2016-08-06 11:45 . 2016-08-08 20:13   --------   d-----w-   c:\users\987TGH654\.android
2016-08-06 11:35 . 2016-08-06 11:35   --------   d-----w-   c:\users\987TGH654\Nox_share
2016-08-06 11:32 . 2016-08-23 08:35   --------   d-----w-   c:\users\987TGH654\vmlogs
2016-08-06 11:32 . 2016-08-23 08:35   --------   d-----w-   c:\users\987TGH654\.BigNox
2016-08-06 11:32 . 2016-07-29 08:39   104064   ----a-w-   c:\windows\system32\drivers\VBoxUSBMon.sys
2016-08-06 11:32 . 2016-08-06 11:32   --------   d-----w-   c:\program files\DIFX
2016-08-06 11:32 . 2016-08-06 11:32   --------   dc----w-   c:\windows\system32\DRVSTORE
2016-08-06 11:31 . 2016-08-06 11:32   --------   d-----w-   c:\program files\Bignox
2016-08-06 11:29 . 2016-08-10 18:26   --------   d-----w-   c:\users\987TGH654\AppData\Roaming\Nox
2016-08-06 11:27 . 2016-08-23 08:35   --------   d-----w-   c:\users\987TGH654\AppData\Local\Nox
2016-08-06 05:24 . 2016-08-06 05:24   62576   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CCB3308-013B-4910-8992-14053B8791EF}\offreg.2192.dll
2016-08-02 16:26 . 2016-08-02 16:26   62576   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CCB3308-013B-4910-8992-14053B8791EF}\offreg.4468.dll
2016-08-01 16:29 . 2014-05-14 16:23   45536   ----a-w-   c:\windows\system32\wups2.dll
2016-08-01 16:29 . 2014-05-14 16:23   54240   ----a-w-   c:\windows\system32\wuauclt.exe
2016-08-01 16:29 . 2014-05-14 16:23   1973728   ----a-w-   c:\windows\system32\wuaueng.dll
2016-08-01 16:29 . 2014-05-14 16:17   2425856   ----a-w-   c:\windows\system32\wucltux.dll
2016-08-01 16:28 . 2014-05-14 16:23   36320   ----a-w-   c:\windows\system32\wups.dll
2016-08-01 16:28 . 2014-05-14 16:23   581600   ----a-w-   c:\windows\system32\wuapi.dll
2016-08-01 16:28 . 2014-05-14 16:17   92672   ----a-w-   c:\windows\system32\wudriver.dll
2016-08-01 16:28 . 2014-05-14 12:23   179656   ----a-w-   c:\windows\system32\wuwebv.dll
2016-08-01 16:28 . 2014-05-14 12:17   33792   ----a-w-   c:\windows\system32\wuapp.exe
2016-08-01 15:35 . 2016-08-01 15:35   62576   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CCB3308-013B-4910-8992-14053B8791EF}\offreg.2592.dll
2016-07-31 21:45 . 2016-08-01 18:34   --------   d-----w-   c:\windows\system32\vbox
2016-07-29 08:40 . 2016-07-29 08:40   203392   ----a-w-   c:\windows\system32\drivers\XQHDrv.sys
2016-07-28 21:32 . 2016-07-28 21:32   84248   ----a-w-   c:\windows\system32\drivers\ssudbus.sys
2016-07-28 21:30 . 2016-07-28 21:30   453152   ----a-w-   c:\windows\system32
vuninst.exe
2016-07-28 21:30 . 2016-07-28 21:30   453152   ----a-w-   c:\windows\system32
vusmb.exe
2016-07-28 21:30 . 2016-07-28 21:30   122880   ----a-w-   c:\windows\system32\NVCOSMB.DLL
.
.
(((((((((((((((((((((((((((((((((((((  Relat&oacute;rio Find3M  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-07-28 21:28 . 2016-06-22 18:05   102976   ----a-w-   c:\windows\system32
vaudcap32v.dll
2016-07-23 07:46 . 2016-07-23 07:46   62576   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CCB3308-013B-4910-8992-14053B8791EF}\offreg.2528.dll
2016-07-08 22:21 . 2016-07-08 22:21   19984   ----a-w-   c:\windows\system32\drivers\EsgScanner.sys
2016-07-08 05:24 . 2016-07-08 05:24   62576   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CCB3308-013B-4910-8992-14053B8791EF}\offreg.572.dll
2016-07-07 20:16 . 2016-07-07 20:16   40504   ----a-w-   c:\windows\system32\drivers\dtultrausbbus.sys
2016-07-07 20:16 . 2016-07-07 20:16   26168   ----a-w-   c:\windows\system32\drivers\dtultrascsibus.sys
2016-06-29 15:19 . 2016-07-07 20:19   9507208   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CCB3308-013B-4910-8992-14053B8791EF}\mpengine.dll
2016-06-21 15:13 . 2016-06-22 15:58   400552   ------w-   c:\windows\system32\MpSigStub.exe
2016-06-08 05:34 . 2016-07-13 00:48   249104   ----a-w-   c:\windows\system32\EasyAntiCheat.exe
.
.
((((((((((((((((((((((((((  Pontos de Carregamento do Registro  )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e leg&iacute;timas por padr&atilde;o n&atilde;o s&atilde;o apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@={472083B0-C522-11CF-8763-00608CC02F24}
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-08-18 00:55   832488   ----a-w-   c:\program files\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Advanced SystemCare 9=c:\program files\IObit\Advanced SystemCare\ASCTray.exe [2016-04-26 2022688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AvastUI.exe=c:\program files\Avast\AvastUI.exe [2016-08-18 9103976]
SunJavaUpdateSched=c:\program files\Common Files\Java\Java Update\jusched.exe [2016-06-22 598552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
ConsentPromptBehaviorAdmin= 5 (0x5)
ConsentPromptBehaviorUser= 3 (0x3)
EnableUIADesktopToggle= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
HideSCAHealth= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
NoSimpleNetIDList= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 17:54   91520   ----a-w-   c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 22:03   152872   ----a-w-   c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 18:57   153136   ----a-w-   c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2016-01-29 12:04   2585744   ----a-w-   c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
2016-01-29 12:04   1278920   ----a-w-   c:\windows\System32
vspcap.dll
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2016-04-22 2960160]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2016-08-18 34008]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2016-07-28 84248]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 dtultrascsibus;DAEMON Tools Ultra Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtultrascsibus.sys [2016-07-07 26168]
R3 dtultrausbbus;DAEMON Tools Ultra Virtual USB Bus;c:\windows\system32\DRIVERS\dtultrausbbus.sys [2016-07-07 40504]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe [2016-06-08 249104]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2016-07-08 19984]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-08-22 102912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\driversdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers	erminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers	susbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers	susbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\driversdvgkmd.sys [x]
R3 XDva534;XDva534;c:\windows\system32\XDva534.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
R3 xspirit;xspirit;c:\windows\xspirit.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2016-08-18 735352]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2016-08-18 434144]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2016-08-16 242240]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2016-07-28 23840]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2016-07-29 104064]
S1 XQHDrv;BigNox Service;c:\windows\system32\DRIVERS\XQHDrv.sys [2016-07-29 203392]
S2 AdvancedSystemCareService9;Advanced SystemCare Service 9;c:\program files\IObit\Advanced SystemCare\ASCService.exe [2016-01-05 446240]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2016-08-18 92256]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2016-08-18 118664]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-01-29 915600]
S2 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2014-10-22 169992]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-01-29 1706128]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv
vstreamsvc.exe [2016-01-29 19775632]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files\Razer\Razer Services\GSS\GameScannerService.exe [2016-07-20 187824]
S2 RzKLService;RzKLService;c:\program files\Razer\Razer Cortex\RzKLService.exe [2016-07-22 133376]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\driverszpmgrk.sys [2016-05-06 27248]
S2 rzpnk;rzpnk;c:\windows\system32\driverszpnk.sys [2016-06-27 69112]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-01-29 18576]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers
vvad32v.sys [2016-07-28 50744]
.
.
--- =Outros Servi&ccedil;os/Drivers Na Mem&oacute;ria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ     SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc   REG_MULTI_SZ     DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-08-08 19:23   1262408   ----a-w-   c:\program files\Google\Chrome\Application\52.0.2743.116\Installer\chrmstp.exe
.
Conte&uacute;do da pasta 'Tarefas Agendadas'
.
2016-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-07-08 00:00]
.
2016-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-07-08 00:00]
.
.
------- Scan Suplementar -------
.
uStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\987TGH654\AppData\Roaming\Mozilla\Firefox\Profiles\28cm04l1.default\
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - ORF&Atilde;OS REMOVIDOS - - - -
.
AddRemove-Call of Duty 4 Modern Warfare (TM) - c:\users\987TGH654\Downloads\!CALL OF DUTY 4 MW!\!CALL OF DUTY 4 MW!\COD 4 MW\UNINSTALL COD4.exe
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601
.
CreateFile(\.\PHYSICALDRIVE0): O arquivo j&aacute; est&aacute; sendo usado por outro processo.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execu&ccedil;&atilde;o ------------------------
.
c:\windows\system32
vvsvc.exe
c:\program files\Avast\AvastSvc.exe
c:\program files\NVIDIA Corporation\Display
vxdsync.exe
c:\windows\system32
vvsvc.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32	askhost.exe
c:\program files\IObit\Advanced SystemCare\Monitor.exe
c:\program files\NVIDIA Corporation\Display
vtray.exe
c:\windows\System32undll32.exe
c:\windows\system32\conhost.exe
c:\program files\IObit\IObit Uninstaller\UninstallMonitor.exe
c:\program files\Avast\asulaunch.exe
c:\windows\system32\conhost.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\DAEMON Tools Pro\DTShellHlp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Avast\avBugReport.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Tempo para conclus&atilde;o: 2016-08-23  14:57:58 - M&aacute;quina reiniciou
ComboFix-quarantined-files.txt  2016-08-23 17:57
.
Pr&eacute;-execu&ccedil;&atilde;o: 156.504.252.416 bytes dispon&iacute;veis
P&oacute;s execu&ccedil;&atilde;o: 156.414.922.752 bytes dispon&iacute;veis
.
- - End Of File - - E32605A842C9EB7C1E636CC47353917D
A36C5E4F47E84449FF07ED3517B43A31

Answer

Boa tarde !  Prezado autor

Desinstale isto :

c:\program files\IObit\Advanced SystemCare\Monitor.exe

E :
c:\program files\IObit\IObit Uninstaller\UninstallMonitor.exe

N&atilde;o use-os mais e nem  qualquer outro produto da IOBIT .

Programa desinstalador de softwares  use sempre o revo uninstall  (  e sempre  com o modo  avan&ccedil;ado  ) ; o qual  vc agora ir&aacute;  usar para desinstalar os itens acima :

http://www.revouninstaller.com/revo_uninstaller_free_download.html

Abra&ccedil;os

Answer

[QUOTE=TmfeijoMMonroe, post: 7540604, member: 713513]Boa tarde !  Prezado autor

Desinstale isto :

c:\program files\IObit\Advanced SystemCare\Monitor.exe

E :
c:\program files\IObit\IObit Uninstaller\UninstallMonitor.exe

N&atilde;o use-os mais e nem  qualquer outro produto da IOBIT .

Programa desinstalador de softwares  use sempre o revo uninstall  (  e sempre  com o modo  avan&ccedil;ado  ) ; o qual  vc agora ir&aacute;  usar para desinstalar os itens acima :

http://www.revouninstaller.com/revo_uninstaller_free_download.html

Abra&ccedil;os[/QUOTE]

Nossa, fiz como voc&ecirc; falou e meu PC voltou ao normal, sempre achei que os programas da IObit eram bons.
Obrigado pela ajuda me salvou =D

Answer

Boa  noite !

&Eacute; .  Realmente &eacute; complicado estes  programas  que n&oacute;s  todos  internautas  adquirimos . E est&aacute;s  ficando pior ainda .
Como est&aacute; o pc ?
Podemos  fechar a an&aacute;lise/o t&oacute;pico ?

Execute a DEL FIX ; assinalando  remover pontos de restaura&ccedil;&atilde;o e desinstalar ferramentas de desinfec&ccedil;&atilde;o :

https://toolslib.net/downloads/viewdownload/2-delfix/

PS :  Ser&aacute;  criado um &uacute;nico ponto .

Abra&ccedil;os

[QUOTE=WladimirFaker, post: 7540842, member: 1073638]Nossa, fiz como voc&ecirc; falou e meu PC voltou ao normal, sempre achei que os programas da IObit eram bons.
Obrigado pela ajuda me salvou =D[/QUOTE]

Ferramentas

Mover Tópico