Logo Hardware.com.br
katsuriko
katsuriko Geek Registrado
1.9K Mensagens 227 Curtidas

[Resolvido] Virus

#1 Por katsuriko 18/07/2019 - 14:40
"FRST"

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 15-07-2019 01
Executado por RODRIGO (administrador) em RODRIGO-PC (18-07-2019 14:23:13)
Executando a partir de C:\Users\RODRIGO\Desktop
Perfis Carregados: RODRIGO (Perfis Disponíveis: RODRIGO)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Piotr Pawłowski -> Piotr Pawlowski) [Arquivo não assinado] C:\Program Files (x86)\foobar2000\foobar2000.exe
(VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [CorelDRAW Graphics Suite 11b] => C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe [729088 2003-11-28] (Corel Corporation) [Arquivo não assinado]
HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe /AUTORUN
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2019-05-14] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3571200 2015-02-28] (x264vfw project) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [309248 2015-12-18] () [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [126976 2015-10-24] () [Arquivo não assinado]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3591680 2015-02-28] (x264vfw project) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [282112 2015-12-18] () [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [Arquivo não assinado]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [Arquivo não assinado]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-16] (Google LLC -> Google LLC)
==================== Tarefas Agendadas (Whitelisted) =============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
Task: {1BF7B4FB-4966-4145-9D18-D52EBC6E9657} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {1C63D597-95FB-44DB-9103-20503CC96206} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe)
Task: {3B1CAC7F-2F75-4854-B3FA-4B417D7DBC82} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [662464 2018-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4B01B7F0-EB25-4E2D-A04C-FD9E5813ACF4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-05-19] (Google Inc -> Google Inc.)
Task: {57E87571-82E2-47D2-A5FF-FFE3903725EF} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [976832 2018-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {58CEF893-01D9-4913-83F4-E33AE9B2C284} - System32\Tasks\ASUS\i-Setup171410 => C:\Windows\MEI-Win7-8-8-1_VER10001204\AsusSetup.exe [1203032 2013-08-22] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {65ACB6E3-D5C9-425B-868C-53F15713E0F6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {735E5621-4F15-4BBF-AEAA-0E142F890952} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {89D0A9EF-39A3-45D1-A68F-06A1A9E8E276} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [662464 2018-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9F56865D-8F3B-4895-8144-19CCEB59389A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {A2EA2138-9670-48C3-A90A-D9DAB14B179C} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [469952 2018-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BC6C8FA4-56DD-4BE5-B6E7-151C62B4D802} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2069952 2018-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BD2EC9E2-C96B-4A91-BB4B-1C96B2740E10} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [510912 2018-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C1C4FD95-4BA5-4C24-B277-E9E43C85392C} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [757184 2018-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D5BB9F61-4F09-4CDA-88CA-A11406CE5B07} - \{F4AFBCFE-BFCC-4A5D-AC47-41ED120FD804} -> Nenhum Arquivo <==== ATENÇÃO
Task: {DF30B12E-4B46-4E7E-9EF6-33F861702D52} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {E16A4FF5-4CDA-460B-8400-5D3B288A9BCE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-05-19] (Google Inc -> Google Inc.)
Task: {EBB981F3-DD20-4DBB-9CD9-CE3E1B368DF9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-09] (Adobe Inc. -> Adobe)
Task: {F74369AB-4129-4C3E-85B2-4819375F15CB} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2884456 2019-07-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B34A520C-8D09-4CAB-97B5-17EEE0566B5E}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{B34A520C-8D09-4CAB-97B5-17EEE0566B5E}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2569912285-2516486697-1191534479-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2569912285-2516486697-1191534479-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_92\bin\ssv.dll [2016-05-19] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-05-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-19] (Oracle America, Inc. -> Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 7j8xkag6.default
FF ProfilePath: C:\Users\RODRIGO\AppData\Roaming\Mozilla\Firefox\Profiles\7j8xkag6.default [2017-09-22]
FF Plugin: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-05-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-05-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) [Arquivo não assinado]
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-23] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Arquivo não assinado]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-23] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Arquivo não assinado]
FF Plugin-x32: @softnyxNpruntime -> C:\Game\SoftnyxGame\NyxLauncherPS\npSoftnyx.dll [2015-09-22] (Softnyx Co., Ltd. -> )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srchbar.com/?s={searchTerms}
CHR Profile: C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default [2019-07-18]
CHR Extension: (Apresentações) - C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Documentos) - C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-19]
CHR Extension: (YouTube) - C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-19]
CHR Extension: (Adblock Plus - bloqueador de anúncios grátis) - C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-04-20]
CHR Extension: (Planilhas) - C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Documentos Google off-line) - C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
CHR Extension: (AdBlock) - C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-07-09]
CHR Extension: (Social Book Post Manager) - C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljfidlkcmdmmibngdfikhffffdmphjae [2019-01-09]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-21]
CHR HKLM\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2569912285-2516486697-1191534479-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1215768 2019-07-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [486960 2019-07-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [486960 2019-07-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1777912 2019-07-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [455424 2019-05-14] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2016-05-19] (VIA Technologies Inc. -> VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvStreamNetworkSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" [X]
S2 NvStreamSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe" [X]
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1394688 2009-06-19] (Microsoft Windows -> Atheros Communications, Inc.)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [68152 2019-06-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [214424 2019-06-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [176808 2019-06-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36072 2019-02-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35376 2019-02-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 GunBod; C:\Windows\system32\gunbod64.sys [84384 2016-12-20] (Beijing Apex Weifeng Technology Co.,Ltd. -> )
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-05-19] (Martin Malik - REALiX -> REALiX(tm))
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2016-05-19] (ASUSTeK Computer Inc. -> )
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [59240 2018-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [58816 2018-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [465624 2014-01-03] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [688648 2016-05-19] (VIA Technologies Inc. -> VIA Technologies, Inc.)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três meses (criados) ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2019-07-18 14:21 - 2019-07-18 14:22 - 002095104 _____ (Farbar) C:\Users\RODRIGO\Desktop\FRST64.exe
2019-07-16 19:41 - 2019-07-16 19:51 - 000000000 ____D C:\Users\RODRIGO\Downloads\midnitec-theregoe-2018-zTa (1)
2019-07-16 17:35 - 2019-07-16 17:46 - 114411328 _____ C:\Users\RODRIGO\Downloads\midnitec-theregoe-2018-zTa (1).zip
2019-07-01 23:13 - 2019-07-01 23:13 - 013872017 _____ C:\Users\RODRIGO\Downloads\mGBA-0.7.2-win32.7z
2019-07-01 23:13 - 2019-07-01 23:13 - 000000000 ____D C:\Users\RODRIGO\Downloads\mGBA-0.7.2-win32
2019-07-01 23:10 - 2019-07-01 23:10 - 001346210 _____ C:\Users\RODRIGO\Downloads\mgba-20160107.zip
2019-07-01 23:10 - 2019-07-01 23:10 - 000000000 ____D C:\Users\RODRIGO\Downloads\mgba-20160107
2019-07-01 23:09 - 2019-07-01 23:09 - 000000000 ____D C:\Users\RODRIGO\Downloads\mgba-20190622-extra
2019-07-01 23:08 - 2019-07-01 23:09 - 003937461 _____ C:\Users\RODRIGO\Downloads\mgba-20190622-extra.7z
2019-07-01 23:07 - 2019-07-01 23:07 - 001701456 _____ C:\Users\RODRIGO\Downloads\mgba-20190622.zip
2019-07-01 23:07 - 2019-07-01 23:07 - 000000000 ____D C:\Users\RODRIGO\Downloads\mgba-20190622
2019-07-01 22:48 - 2019-07-01 22:53 - 000000000 ____D C:\Users\RODRIGO\Downloads\kega-fusion-3-64-en-win
2019-07-01 22:48 - 2019-07-01 22:48 - 000268430 _____ C:\Users\RODRIGO\Downloads\kega-fusion-3-64-en-win.7z
2019-06-28 18:22 - 2019-06-28 18:23 - 000091629 _____ C:\Users\RODRIGO\Desktop\Imprimir Pedido # 100007271 _ Medinas.pdf
2019-06-23 10:54 - 2019-06-23 10:54 - 000002324 _____ C:\Users\RODRIGO\AppData\Local\recently-used.xbel
2019-06-15 08:55 - 2019-06-15 08:55 - 000028807 _____ C:\Users\RODRIGO\Downloads\Cupom.pdf
2019-06-07 20:47 - 2019-06-07 20:47 - 000351807 _____ C:\Users\RODRIGO\Desktop\61919036_2216797665102806_146060099591340032_n.xcf
2019-06-07 20:47 - 2019-06-07 20:47 - 000000000 ____D C:\Users\RODRIGO\AppData\Local\gtk-2.0
2019-06-07 20:26 - 2019-06-23 10:54 - 000000000 ____D C:\Users\RODRIGO\AppData\Local\babl-0.1
2019-06-07 20:26 - 2019-06-07 20:26 - 000000000 ____D C:\Users\RODRIGO\AppData\Roaming\GIMP
2019-06-07 20:26 - 2019-06-07 20:26 - 000000000 ____D C:\Users\RODRIGO\AppData\Local\GIMP
2019-06-07 20:26 - 2019-06-07 20:26 - 000000000 ____D C:\Users\RODRIGO\AppData\Local\gegl-0.4
2019-06-07 20:26 - 2019-06-07 20:26 - 000000000 ____D C:\Users\RODRIGO\.cache
2019-06-07 20:25 - 2019-06-07 20:25 - 000000901 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.10.10.lnk
2019-06-07 20:25 - 2019-06-07 20:25 - 000000889 _____ C:\Users\Public\Desktop\GIMP 2.10.10.lnk
2019-06-07 20:22 - 2019-06-07 20:23 - 000000000 ____D C:\Program Files\GIMP 2
2019-06-07 18:58 - 2019-06-07 19:02 - 216223208 _____ (The GIMP Team ) C:\Users\RODRIGO\Downloads\gimp-2.10.10-setup.exe
2019-06-06 23:10 - 2019-06-06 23:10 - 000001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2019.lnk
2019-06-06 23:10 - 2019-06-06 23:10 - 000000000 ____D C:\Users\RODRIGO\Documents\Adobe
2019-06-06 22:58 - 2019-06-06 23:10 - 000000000 ____D C:\Program Files\Common Files\Adobe
2019-06-06 22:58 - 2019-06-06 22:58 - 000000000 ____D C:\Program Files\Adobe
2019-06-06 22:48 - 2019-06-06 22:48 - 000000000 ____D C:\Users\RODRIGO\Downloads\APCC19v20x64 roonney
2019-06-06 22:27 - 2019-06-06 22:45 - 1710722158 _____ C:\Users\RODRIGO\Downloads\APCC19v20x64 roonney.rar
2019-05-28 18:32 - 2019-05-28 18:33 - 000001120 _____ C:\Users\Public\Desktop\Avira.lnk
2019-05-25 23:12 - 2019-05-25 23:12 - 000041332 _____ C:\Users\RODRIGO\Downloads\LEIS-ORDINARIAS-Fevereiro.zip
==================== Três meses (modificados) ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2019-07-18 14:24 - 2018-07-08 10:17 - 000024354 _____ C:\Users\RODRIGO\Desktop\FRST.txt
2019-07-18 14:23 - 2017-09-21 20:03 - 000000000 ____D C:\FRST
2019-07-18 14:09 - 2017-10-13 21:08 - 000003292 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray
2019-07-18 12:25 - 2016-05-19 14:53 - 000000000 ____D C:\Users\Todos os Usuários\NVIDIA
2019-07-18 12:25 - 2016-05-19 14:53 - 000000000 ____D C:\ProgramData\NVIDIA
2019-07-18 11:59 - 2009-07-14 01:45 - 000020352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-07-18 11:59 - 2009-07-14 01:45 - 000020352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-07-18 11:56 - 2016-05-19 16:03 - 000000000 ____D C:\Users\RODRIGO\AppData\Roaming\foobar2000
2019-07-18 11:51 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-07-16 16:07 - 2016-05-19 20:54 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-16 16:07 - 2016-05-19 20:54 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-07-15 09:34 - 2009-07-14 14:55 - 000702882 _____ C:\Windows\system32\prfh0416.dat
2019-07-15 09:34 - 2009-07-14 14:55 - 000145668 _____ C:\Windows\system32\prfc0416.dat
2019-07-15 09:34 - 2009-07-14 02:13 - 001626900 _____ C:\Windows\system32\PerfStringBackup.INI
2019-07-15 09:34 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
2019-07-09 18:05 - 2017-06-06 21:10 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-07-09 18:04 - 2017-06-06 21:10 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-07-09 18:04 - 2017-06-06 21:10 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-07-09 18:04 - 2017-06-06 21:10 - 000004554 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-07-09 18:04 - 2017-06-06 21:10 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-07-09 18:04 - 2017-06-06 21:10 - 000000000 ____D C:\Windows\system32\Macromed
2019-07-02 20:10 - 2016-05-19 16:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2019-07-01 23:14 - 2017-03-06 18:26 - 000000000 ____D C:\Users\RODRIGO\AppData\Local\NVIDIA
==================== Arquivos na raiz de alguns diretórios ================
2016-05-19 15:37 - 2016-05-19 15:37 - 000000044 _____ () C:\Users\RODRIGO\AppData\Roaming\WB.CFG
2019-06-23 10:54 - 2019-06-23 10:54 - 000002324 _____ () C:\Users\RODRIGO\AppData\Local\recently-used.xbel
2016-05-19 18:51 - 2017-11-30 17:27 - 000007609 _____ () C:\Users\RODRIGO\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ===============================
(Não há correção automática para arquivos que não passaram na verificação.)
LastRegBack: 2019-07-12 20:07
==================== Fim de FRST.txt ============================


"Addition"

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 15-07-2019 01
Executado por RODRIGO (18-07-2019 14:28:27)
Executando a partir de C:\Users\RODRIGO\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-05-19 17:24:20)
Modo da Inicialização: Normal
==========================================================
==================== Contas: =============================
Administrador (S-1-5-21-2569912285-2516486697-1191534479-500 - Administrator - Disabled)
Convidado (S-1-5-21-2569912285-2516486697-1191534479-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2569912285-2516486697-1191534479-1002 - Limited - Enabled)
RODRIGO (S-1-5-21-2569912285-2516486697-1191534479-1000 - Administrator - Enabled) => C:\Users\RODRIGO
==================== Central de Segurança ========================
(Se uma entrada for incluída na fixlist, será removida.)
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Programas Instalados ======================
(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)
7-Zip 16.01 (x64) (HKLM\...\7-Zip) (Version: 16.01 - Igor Pavlov)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_4) (Version: 20.0.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Atualizações da NVIDIA 31.1.10.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 31.1.10.0 - NVIDIA Corporation) Hidden
aTube Catcher versão 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Avira (HKLM-x32\...\{07641669-3466-4C2E-BA95-256AEA825533}) (Version: 1.2.134.23796 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{b7f9e12f-ca78-4964-9ffc-54acebd17675}) (Version: 1.2.134.23796 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.1906.1432 - Avira Operations GmbH & Co. KG)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.)
Chromium (HKU\S-1-5-21-2569912285-2516486697-1191534479-1000\...\Chromium) (Version: 51.0.2683.0 - Chromium)
CorelDRAW Graphics Suite 12 (HKLM-x32\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.458 - Corel Corporation)
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATENÇÃO
CPUID HWMonitor 1.37 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.37 - CPUID, Inc.)
Deluge 1.3.15 (HKLM-x32\...\Deluge) (Version: - )
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden
foobar2000 v1.3.10 (HKLM-x32\...\foobar2000) (Version: 1.3.10 - Peter Pawlowski)
GIMP 2.10.10 (HKLM\...\GIMP-2_is1) (Version: 2.10.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
GunboundPS (HKLM-x32\...\GunboundPS_is1) (Version: - Softnyx co.,Ltd.)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 92 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418092F0}) (Version: 8.0.920.14 - Oracle Corporation)
Matroska Pack (HKLM-x32\...\Matroska Pack) (Version: - )
MatroskaProp (remove only) (HKLM-x32\...\MatroskaProp) (Version: - )
MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
MPC-HC 1.7.11 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.11 - MPC-HC Team)
NVIDIA Driver de áudio HD 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA Driver de controle do 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA Driver de gráficos 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Driver do 3D Vision 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Software do sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NyxLauncherPS (HKLM-x32\...\NyxLauncherPS_is1) (Version: - Softnyx co.,ltd.)
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Painel de controle da NVIDIA 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 391.35 - NVIDIA Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.0 - pdfforge GmbH)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.37 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.8 - Winamp SA)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Winrar 5.00 (64-bit) (HKLM\...\Winrar 5.00 (64-bit)5.00) (Version: 5.00 - Friends in War)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
==================== Exame Personalizado CLSID (Whitelisted): ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-19] (Igor Pavlov) [Arquivo não assinado]
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2016-02-19] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2019-07-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-19] (Igor Pavlov) [Arquivo não assinado]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-19] (Igor Pavlov) [Arquivo não assinado]
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2019-07-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
==================== Atalhos & WMI ========================
(As entradas podem ser listadas para serem restauradas ou removidas.)
==================== Módulos Carregados (Whitelisted) ==============
2016-03-09 09:44 - 2016-03-09 09:44 - 000356352 _____ () [Arquivo não assinado] C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll
2016-03-25 07:58 - 2016-03-25 07:58 - 000309760 _____ () [Arquivo não assinado] C:\Program Files (x86)\foobar2000\components\foo_cdda.dll
2016-03-09 09:44 - 2016-03-09 09:44 - 000536064 _____ () [Arquivo não assinado] C:\Program Files (x86)\foobar2000\components\foo_converter.dll
2016-03-09 09:44 - 2016-03-09 09:44 - 000205312 _____ () [Arquivo não assinado] C:\Program Files (x86)\foobar2000\components\foo_dsp_eq.dll
2016-03-09 09:44 - 2016-03-09 09:44 - 000250368 _____ () [Arquivo não assinado] C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll
2016-03-09 09:42 - 2016-03-09 09:42 - 000294912 _____ () [Arquivo não assinado] C:\Program Files (x86)\foobar2000\components\foo_fileops.dll
2016-03-09 09:42 - 2016-03-09 09:42 - 000307200 _____ () [Arquivo não assinado] C:\Program Files (x86)\foobar2000\components\foo_freedb2.dll
2016-03-09 09:44 - 2016-03-09 09:44 - 000375296 _____ () [Arquivo não assinado] C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll
2016-03-25 07:58 - 2016-03-25 07:58 - 000263168 _____ () [Arquivo não assinado] C:\Program Files (x86)\foobar2000\components\foo_unpack.dll
2016-03-01 08:35 - 2016-03-01 08:35 - 000786446 _____ (FFmpeg Project) [Arquivo não assinado] C:\Program Files (x86)\foobar2000\avcodec-fb2k-57.dll
2016-03-01 08:35 - 2016-03-01 08:35 - 000522766 _____ (FFmpeg Project) [Arquivo não assinado] C:\Program Files (x86)\foobar2000\avutil-fb2k-55.dll
2016-05-19 16:11 - 2016-05-19 11:27 - 000077312 _____ (Igor Pavlov) [Arquivo não assinado] C:\Program Files\7-Zip\7-zip.dll
2016-06-18 12:46 - 2016-06-18 12:46 - 000109568 _____ (Microsoft Corporation) [Arquivo não assinado] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2018-12-27 12:40 - 2018-03-23 20:05 - 000880024 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Arquivo não assinado] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2018-12-27 12:41 - 2018-03-23 20:05 - 000343728 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Arquivo não assinado] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2016-06-18 12:50 - 2016-02-12 19:43 - 000019456 _____ (pdfforge GmbH) [Arquivo não assinado] C:\Program Files\PDFCreator\DataStorage.dll
2016-03-25 08:04 - 2016-03-25 08:04 - 001409496 _____ (Piotr Pawłowski -> ) [Arquivo não assinado] C:\Program Files (x86)\foobar2000\components\foo_input_std.dll
2016-03-25 08:04 - 2016-03-25 08:04 - 001087960 _____ (Piotr Pawłowski -> ) [Arquivo não assinado] C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll
2016-03-25 08:04 - 2016-03-25 08:04 - 000160704 _____ (Piotr Pawłowski -> ) [Arquivo não assinado] C:\Program Files (x86)\foobar2000\shared.dll
2016-03-17 09:58 - 2016-03-17 09:58 - 000095696 _____ (Piotr Pawłowski -> ) [Arquivo não assinado] C:\Program Files (x86)\foobar2000\zlib1.dll
2016-03-25 08:04 - 2016-03-25 08:04 - 001864136 _____ (Piotr Pawłowski -> Piotr Pawlowski) [Arquivo não assinado] C:\Program Files (x86)\foobar2000\foobar2000.exe
==================== Alternate Data Streams (Whitelisted) =========
(Se uma entrada for incluída na fixlist, somente o ADS será removido.)
==================== Modo de Segurança (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== Associação (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)
==================== Internet Explorer confiável/restrito ===============
(Se uma entrada for incluída na fixlist, será removida do Registro.)
==================== Hosts Conteúdo: ===============================
(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)
2009-07-13 23:34 - 2017-05-28 16:39 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Outras Áreas ============================
(Atualmente não há nenhuma correção automática para esta seção.)
HKU\S-1-5-21-2569912285-2516486697-1191534479-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\RODRIGO\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.
==================== MSCONFIG/TASK MANAGER ítens desabilitados ==
Se uma entrada for incluída na fixlist, será removida.
==================== Regras do Firewall (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
FirewallRules: [{BC926E03-9E09-4383-B0D0-92C2EB5DF5BE}] => (Allow) C:\Users\RODRIGO\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [Arquivo não assinado]
FirewallRules: [TCP Query User{811248B3-FC9F-4E6E-8CDD-E2F0E513339A}C:\game\softnyxgame\gunboundps\gunbound.gme] => (Allow) C:\game\softnyxgame\gunboundps\gunbound.gme (Softnyx) [Arquivo não assinado]
FirewallRules: [UDP Query User{2558D340-5DDF-4E76-835E-D09059B5DF0E}C:\game\softnyxgame\gunboundps\gunbound.gme] => (Allow) C:\game\softnyxgame\gunboundps\gunbound.gme (Softnyx) [Arquivo não assinado]
FirewallRules: [{313788CC-A1A7-4881-BDEC-C092E0A0D8E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe Nenhum Arquivo
FirewallRules: [{D4721F4C-8941-498E-9EB7-E2265EBBF6F3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe Nenhum Arquivo
FirewallRules: [{1703A1DF-76D0-4298-856E-C4824F58243E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe Nenhum Arquivo
FirewallRules: [{350104ED-B278-4DF5-8344-07D04945ACA3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4E55C136-037E-47A0-B583-3F3F783BC8C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{A1B9B51C-9192-46B0-9A80-6F1954A4D5C4}C:\program files (x86)\emuletorrent\emuletorrent.exe] => (Allow) C:\program files (x86)\emuletorrent\emuletorrent.exe Nenhum Arquivo
FirewallRules: [UDP Query User{68816F71-9CAF-4808-9C1D-61F9E06BBC74}C:\program files (x86)\emuletorrent\emuletorrent.exe] => (Allow) C:\program files (x86)\emuletorrent\emuletorrent.exe Nenhum Arquivo
FirewallRules: [TCP Query User{E0E93527-7E3A-4E47-9EE9-07A99628C0F6}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe Nenhum Arquivo
FirewallRules: [UDP Query User{F1E18E3B-C12E-4AEB-8642-0C36F11D9BFC}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe Nenhum Arquivo
FirewallRules: [{3B7EDB70-08B5-4CD0-B6E2-FE812F6E6AB7}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe Nenhum Arquivo
FirewallRules: [{8726AC61-CB5B-40ED-A065-3D482E6F6BFC}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe Nenhum Arquivo
FirewallRules: [TCP Query User{D189AFD2-66E5-4FA8-B523-C04884ECDE9C}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe (Deluge Team) [Arquivo não assinado]
FirewallRules: [UDP Query User{41B392F0-89FA-4819-A0D5-4A6898CE337F}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe (Deluge Team) [Arquivo não assinado]
FirewallRules: [{F4DE51C8-18D7-41A1-9B78-129674143CF1}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{DCCC97C4-7AF0-4F4F-B320-B77AA5B04E1A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [TCP Query User{29B3BC73-9700-4AC9-BA15-1FFDEA003D2A}C:\users\rodrigo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\rodrigo\appdata\roaming\spotify\spotify.exe Nenhum Arquivo
FirewallRules: [UDP Query User{1295339F-22F6-4603-945F-76C15A336049}C:\users\rodrigo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\rodrigo\appdata\roaming\spotify\spotify.exe Nenhum Arquivo
FirewallRules: [{21EB5626-157C-434F-A19F-AD9D9558EBA3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{AF5EB7F3-5F7D-4A10-9FAF-6F65D927673D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E6127EEF-DAF0-41B3-B64E-A39BCD01B425}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{ABC68690-3D86-412A-A47D-A4DBC4AC7EBB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9880D6BA-9B56-4230-8A7D-D91B02921CDC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7DF98D86-BF08-4A5F-A1CC-8CD1F1F5964F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B4447672-9F51-4805-BBA1-7985364FC9A1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Pontos de Restauração =========================
14-06-2019 17:17:17 Ponto de Verificação Agendado
21-06-2019 19:14:08 Ponto de Verificação Agendado
30-06-2019 08:52:36 Ponto de Verificação Agendado
08-07-2019 19:20:40 Ponto de Verificação Agendado
15-07-2019 19:49:03 Ponto de Verificação Agendado
==================== Dispositivos Apresentando Falhas No Gerenciador =============
Name: Atheros AR5005G Wireless Network Adapter #2
Description: Atheros AR5005G Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Erros no Log de eventos: =========================
Erros em Aplicativos:
==================
Error: (07/18/2019 11:51:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
Error: (07/18/2019 11:51:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
Error: (07/18/2019 11:51:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
Error: (07/18/2019 11:51:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
Error: (07/18/2019 11:51:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
Error: (07/18/2019 11:51:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
Error: (07/18/2019 11:51:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
Error: (07/18/2019 11:51:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
Erros de Sistema:
=============
Error: (07/18/2019 01:54:27 PM) (Source: Schannel) (EventID: 4119) (User: AUTORIDADE NT)
Description: O seguinte alerta fatal foi recebido: 80.
Error: (07/18/2019 01:54:27 PM) (Source: Schannel) (EventID: 4119) (User: AUTORIDADE NT)
Description: O seguinte alerta fatal foi recebido: 70.
Error: (07/18/2019 12:54:27 PM) (Source: Schannel) (EventID: 4119) (User: AUTORIDADE NT)
Description: O seguinte alerta fatal foi recebido: 80.
Error: (07/18/2019 12:54:27 PM) (Source: Schannel) (EventID: 4119) (User: AUTORIDADE NT)
Description: O seguinte alerta fatal foi recebido: 70.
Error: (07/18/2019 12:22:27 PM) (Source: Schannel) (EventID: 4119) (User: AUTORIDADE NT)
Description: O seguinte alerta fatal foi recebido: 80.
Error: (07/18/2019 12:22:26 PM) (Source: Schannel) (EventID: 4119) (User: AUTORIDADE NT)
Description: O seguinte alerta fatal foi recebido: 70.
Error: (07/18/2019 12:06:26 PM) (Source: Schannel) (EventID: 4119) (User: AUTORIDADE NT)
Description: O seguinte alerta fatal foi recebido: 80.
Error: (07/18/2019 12:06:26 PM) (Source: Schannel) (EventID: 4119) (User: AUTORIDADE NT)
Description: O seguinte alerta fatal foi recebido: 70.
CodeIntegrity:
===================================
Date: 2019-05-03 20:08:41.565
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2019-05-03 20:08:41.540
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2019-05-03 20:08:00.720
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2019-05-03 20:08:00.695
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2019-05-03 20:07:49.752
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2019-05-03 20:07:49.721
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2019-05-03 18:35:08.322
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2019-05-03 18:35:08.289
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
==================== Informações da Memória ===========================
BIOS: American Megatrends Inc. 1102 06/12/2010
Motherboard: ASUSTeK Computer INC. M4N68T-M LE
Processador: AMD Athlon(tm) II X4 640 Processor
Percentagem de memória em uso: 96%
RAM física total: 4095.23 MB
RAM física disponível: 161.58 MB
Virtual Total: 8188.65 MB
Virtual disponível: 1760.9 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.99 GB) (Free:50.86 GB) NTFS
Drive e: (Novo volume) (Fixed) (Total:97.66 GB) (Free:53.18 GB) NTFS
Drive f: (BACKUP) (Fixed) (Total:75.13 GB) (Free:43.28 GB) NTFS
Drive g: (Rodrigo_02) (Fixed) (Total:292.97 GB) (Free:83.53 GB) NTFS
\\?\Volume{2057e563-1ddd-11e6-a438-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Tabela de Partições ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 8ED1C27F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: D7B70BC0)
Partition 1: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=75.1 GB) - (Type=0F Extended)
==================== Fim de Addition.txt ============================
virus
TmfeijoMMonroe
TmfeijoMMonr... Cyber Highlander Registrado
13.7K Mensagens 4.2K Curtidas
#2 Por TmfeijoMMonr...
18/07/2019 - 14:44
Boa tarde nobre benquisto autor !



A eset on line; marcando todas as opções em configurações avançadas.
https://www.eset.com/br/antivirus-domestico/online-scanner/



Caso não consiga através do link supra ( conforme acima ) . Obtenha o download daqui infra ( cfe. abaixo ):

https://www.eset.com/int/home/online-scanner/

Depois a família malwarebytes:
Adwcleanerhttps://br.malwarebytes.com/adwcleaner/
JRThttps://www.bleepingcomputer.com/download/junkware-removal-tool/
E o próprio malwarebytes; seguindo o tutorial logo infra (conforme abaixo ).
ttps://malwarebytes-anti-malware.br.uptodown.com/windows

http://www.caixadedicas.com/2009/10/tutorial-do-malwarebytes-anti-malware.html?m=1


Por fineza; poste os relatórios; prezado autor.


Uma observação apenas:

Acessa o WhatsApp através do PC ?
Participa de algum grupo ? No caso;saia destes grupos nos quais enviam muitas figurinhas; pois são todos moleques indolentes os quais fazem isto. E aposto que infelizmente te adicionam novamente para o ilícito feito.
Denuncie estes grupos.




Abraços
A ignorância é a pior inimiga do homem . Não tenho medo de nada; apenas da inveja . E o mundo cada vez melhor !!
Palavras sábias de um hiper profissional do judiciário; perito digital e em psicologia jurídica .
A sua inveja é a velocidade de meu sucesso .
Um coração medroso congela o trabalho . Um coração temerário incendeia qualquer serviço ; arrasando - o .
katsuriko
katsuriko Geek Registrado
1.9K Mensagens 227 Curtidas
#3 Por katsuriko
18/07/2019 - 16:11
"1"

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-07-15.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 07-18-2019
# Duration: 00:00:21
# OS: Windows 7 Ultimate
# Scanned: 27411
# Detected: 1
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.DriverBooster HKLM\Software\Wow6432Node\IObit\Driver Booster
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
AdwCleaner[S00].txt - [1538 octets] - [08/07/2018 10:23:57]
AdwCleaner[C00].txt - [1610 octets] - [08/07/2018 10:24:16]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########



"2"

Malwarebytes
www.malwarebytes.com
-Detalhes de registro-
Data da análise: 18/07/2019
Hora da análise: 15:38
Arquivo de registro: 2ca23130-a98b-11e9-891e-20cf30e0979b.json
-Informação do software-
Versão: 3.8.3.2965
Versão de componentes: 1.0.613
Versão do pacote de definições: 1.0.11618
Licença: Versão de Avaliação
-Informação do sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x64
Sistema de arquivos: NTFS
Usuário: RODRIGO-PC\RODRIGO
-Resumo da análise-
Tipo de análise: Análise de Ameaças
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 244476
Ameaças detectadas: 58
Ameaças em quarentena: 58
Tempo decorrido: 8 min, 28 seg
-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Desabilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar
-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)
Módulo: 0
(Nenhum item malicioso detectado)
Chave de registro: 5
PUP.Optional.WinYahoo.TskLnk, HKU\S-1-5-21-2569912285-2516486697-1191534479-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Chromium, Quarentena, [800], [484244],1.0.11618
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\OLOJCNAGMCBPLPDDDABMPFEHHLLEOBPB, Quarentena, [2078], [509543],1.0.11618
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\OLOJCNAGMCBPLPDDDABMPFEHHLLEOBPB, Quarentena, [2078], [509543],1.0.11618
PUP.Optional.SearchManager, HKU\S-1-5-21-2569912285-2516486697-1191534479-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\olojcnagmcbplpdddabmpfehhlleobpb, Quarentena, [2078], [509543],1.0.11618
PUP.Optional.WinYahoo, HKU\S-1-5-21-2569912285-2516486697-1191534479-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT, Quarentena, [241], [262014],1.0.11618
Valor de registro: 2
PUP.Optional.SearchManager, HKU\S-1-5-21-2569912285-2516486697-1191534479-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|OLOJCNAGMCBPLPDDDABMPFEHHLLEOBPB, Quarentena, [2078], [509543],1.0.11618
PUP.Optional.WinYahoo, HKU\S-1-5-21-2569912285-2516486697-1191534479-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT|FILENAME, Quarentena, [241], [262014],1.0.11618
Dados de registro: 0
(Nenhum item malicioso detectado)
Fluxo de dados: 0
(Nenhum item malicioso detectado)
Pasta: 2
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\USERS\RODRIGO\APPDATA\LOCAL\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}, Quarentena, [800], [484244],1.0.11618
Arquivo: 49
PUP.Optional.SearchManager, C:\USERS\RODRIGO\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, Quarentena, [2078], [260989],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\USERS\RODRIGO\APPDATA\LOCAL\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\cano, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\chromium-min.jpg, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\control panel-min-min.JPG, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\down.png, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\ff menu.JPG, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\ff search engine-min.png, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\HowToRemove.html, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\hp-min ff.png, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\hp-min ie.png, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\search engine.gif, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\setup pages.gif, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\sp-min.png, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\start-min.jpg, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\up.png, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\bapi_ff.dat, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\bapi_ie.dat, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\firi.cfg, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\install.log, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\loti, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\nino.dat, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\rici, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\sani.exe, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\Sqlite3.dll, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\uninst.dat, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\uninst.exe, Quarentena, [800], [484244],1.0.11618
PUP.Optional.SearchManager, C:\USERS\RODRIGO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [2078], [509543],1.0.11618
Generic.Malware/Suspicious, C:\USERS\RODRIGO\APPDATA\ROAMING\ZHP\QUARANTINE\KMSPICO\SERVICE_KMS.EXE, Quarentena, [0], [392686],1.0.11618
HackTool.Agent.KMS, C:\USERS\RODRIGO\APPDATA\ROAMING\ZHP\QUARANTINE\KMSPICO\KMSELDI.EXE, Quarentena, [8082], [700614],1.0.11618
Generic.Malware/Suspicious, C:\USERS\RODRIGO\APPDATA\ROAMING\ZHP\QUARANTINE\KMSPICO\AUTOPICO.EXE, Quarentena, [0], [392686],1.0.11618
PUP.Optional.InstallCore.Generic, C:\USERS\RODRIGO\DOWNLOADS\ATUBECATCHER.EXE, Quarentena, [563], [621110],1.0.11618
PUP.Optional.InstallCore, C:\USERS\RODRIGO\DOWNLOADS\BAIXAKI_PHOTOSCAPE.EXE, Quarentena, [446], [324268],1.0.11618
Adware.InstallCube, C:\USERS\RODRIGO\DOWNLOADS\ARQUIVO.RAR, Quarentena, [462], [526691],1.0.11618
Adware.FusionCore, C:\USERS\RODRIGO\DOWNLOADS\EMULE.EXE, Quarentena, [7653], [320181],1.0.11618
PUP.Optional.SearchManager.BITSRST, C:\USERS\RODRIGO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [271], [626729],1.0.11618
PUP.Optional.SearchManager.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarentena, [271], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarentena, [271], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarentena, [271], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarentena, [271], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarentena, [271], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarentena, [271], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarentena, [271], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarentena, [271], [-1],0.0.0
Generic.Malware/Suspicious, C:\USERS\RODRIGO\DOWNLOADS\FLASHINSTALLER.ZIP, Quarentena, [0], [392686],1.0.11618
Generic.Malware/Suspicious, C:\USERS\RODRIGO\DOWNLOADS\FLASH_PLAYER_APP.4.6.7.3.9.1.24.ZIP, Quarentena, [0], [392686],1.0.11618
PUP.Optional.SearchManager.BITSRST, C:\USERS\RODRIGO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [271], [626729],1.0.11618
PUP.Optional.InstallCore.Generic, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\aTube Catcher.lnk, Quarentena, [563], [621110],1.0.11618
PUP.Optional.InstallCore.Generic, C:\USERS\PUBLIC\Desktop\aTube Catcher.lnk, Quarentena, [563], [621110],1.0.11618
PUP.Optional.InstallCore.Generic, C:\PROGRAM FILES (X86)\DSNET CORP\ATUBE CATCHER 2.0\YCT.EXE, Quarentena, [563], [621110],1.0.11618
Setor físico: 0
(Nenhum item malicioso detectado)
Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)
(end)


não consigo achar o log do JRT, mals!
AMD Athlon X4 640 | ASUS M4N68T-LE | MARKVISION 4GB DDR3 1333Mhz | SEASONIC 620w | AKASA Freedon X2 | OZAKI 2.2 60W RMS | LG Ultra Wide 25UM58 | MICROSOFT Desktop 400 Wired | NVIDIA GeForce GT 610


TRONNER
TRONNER Cyber Highlander Registrado
32.2K Mensagens 7.3K Curtidas
#4 Por TRONNER
18/07/2019 - 16:27
É muita preguiça, seria trabalho demais relatar aqui o que aconteceu e como aconteceu até o evento em questão ?!
cool.png**Quando pensar ser um Golias, cuidado para não encontrar algum Davi**
veja.png Conheça os Poderosos e Gratuitos [ Iperius Backup ] e [ Iperius Remote ]
veja.png Todo dia um software novo e grátis [ clicando aqui ]
boa.gif Faça valer a sua voz com o Mudamos+ { https://www.mudamos.org }
Tangonauta
Tangonauta Novo Membro Registrado
2 Mensagens 0 Curtidas
#5 Por Tangonauta
24/07/2019 - 14:20
katsuriko disse:
"1"

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-07-15.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 07-18-2019
# Duration: 00:00:21
# OS: Windows 7 Ultimate
# Scanned: 27411
# Detected: 1
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.DriverBooster HKLM\Software\Wow6432Node\IObit\Driver Booster
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
AdwCleaner[S00].txt - [1538 octets] - [08/07/2018 10:23:57]
AdwCleaner[C00].txt - [1610 octets] - [08/07/2018 10:24:16]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########



"2"

Malwarebytes
www.malwarebytes.com
-Detalhes de registro-
Data da análise: 18/07/2019
Hora da análise: 15:38
Arquivo de registro: 2ca23130-a98b-11e9-891e-20cf30e0979b.json
-Informação do software-
Versão: 3.8.3.2965
Versão de componentes: 1.0.613
Versão do pacote de definições: 1.0.11618
Licença: Versão de Avaliação
-Informação do sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x64
Sistema de arquivos: NTFS
Usuário: RODRIGO-PC\RODRIGO
-Resumo da análise-
Tipo de análise: Análise de Ameaças
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 244476
Ameaças detectadas: 58
Ameaças em quarentena: 58
Tempo decorrido: 8 min, 28 seg
-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Desabilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar
-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)
Módulo: 0
(Nenhum item malicioso detectado)
Chave de registro: 5
PUP.Optional.WinYahoo.TskLnk, HKU\S-1-5-21-2569912285-2516486697-1191534479-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Chromium, Quarentena, [800], [484244],1.0.11618
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\OLOJCNAGMCBPLPDDDABMPFEHHLLEOBPB, Quarentena, [2078], [509543],1.0.11618
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\OLOJCNAGMCBPLPDDDABMPFEHHLLEOBPB, Quarentena, [2078], [509543],1.0.11618
PUP.Optional.SearchManager, HKU\S-1-5-21-2569912285-2516486697-1191534479-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\olojcnagmcbplpdddabmpfehhlleobpb, Quarentena, [2078], [509543],1.0.11618
PUP.Optional.WinYahoo, HKU\S-1-5-21-2569912285-2516486697-1191534479-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT, Quarentena, [241], [262014],1.0.11618
Valor de registro: 2
PUP.Optional.SearchManager, HKU\S-1-5-21-2569912285-2516486697-1191534479-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|OLOJCNAGMCBPLPDDDABMPFEHHLLEOBPB, Quarentena, [2078], [509543],1.0.11618
PUP.Optional.WinYahoo, HKU\S-1-5-21-2569912285-2516486697-1191534479-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT|FILENAME, Quarentena, [241], [262014],1.0.11618
Dados de registro: 0
(Nenhum item malicioso detectado)
Fluxo de dados: 0
(Nenhum item malicioso detectado)
Pasta: 2
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\USERS\RODRIGO\APPDATA\LOCAL\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}, Quarentena, [800], [484244],1.0.11618
Arquivo: 49
PUP.Optional.SearchManager, C:\USERS\RODRIGO\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, Quarentena, [2078], [260989],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\USERS\RODRIGO\APPDATA\LOCAL\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\cano, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\chromium-min.jpg, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\control panel-min-min.JPG, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\down.png, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\ff menu.JPG, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\ff search engine-min.png, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\HowToRemove.html, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\hp-min ff.png, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\hp-min ie.png, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\search engine.gif, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\setup pages.gif, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\sp-min.png, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\start-min.jpg, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\up.png, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\bapi_ff.dat, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\bapi_ie.dat, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\firi.cfg, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\install.log, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\loti, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\nino.dat, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\rici, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\sani.exe, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\Sqlite3.dll, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\uninst.dat, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\uninst.exe, Quarentena, [800], [484244],1.0.11618
PUP.Optional.SearchManager, C:\USERS\RODRIGO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [2078], [509543],1.0.11618
Generic.Malware/Suspicious, C:\USERS\RODRIGO\APPDATA\ROAMING\ZHP\QUARANTINE\KMSPICO\SERVICE_KMS.EXE, Quarentena, [0], [392686],1.0.11618
HackTool.Agent.KMS, C:\USERS\RODRIGO\APPDATA\ROAMING\ZHP\QUARANTINE\KMSPICO\KMSELDI.EXE, Quarentena, [8082], [700614],1.0.11618
Generic.Malware/Suspicious, C:\USERS\RODRIGO\APPDATA\ROAMING\ZHP\QUARANTINE\KMSPICO\AUTOPICO.EXE, Quarentena, [0], [392686],1.0.11618
PUP.Optional.InstallCore.Generic, C:\USERS\RODRIGO\DOWNLOADS\ATUBECATCHER.EXE, Quarentena, [563], [621110],1.0.11618
PUP.Optional.InstallCore, C:\USERS\RODRIGO\DOWNLOADS\BAIXAKI_PHOTOSCAPE.EXE, Quarentena, [446], [324268],1.0.11618
Adware.InstallCube, C:\USERS\RODRIGO\DOWNLOADS\ARQUIVO.RAR, Quarentena, [462], [526691],1.0.11618
Adware.FusionCore, C:\USERS\RODRIGO\DOWNLOADS\EMULE.EXE, Quarentena, [7653], [320181],1.0.11618
PUP.Optional.SearchManager.BITSRST, C:\USERS\RODRIGO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [271], [626729],1.0.11618
PUP.Optional.SearchManager.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarentena, [271], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarentena, [271], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarentena, [271], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarentena, [271], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarentena, [271], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarentena, [271], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarentena, [271], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarentena, [271], [-1],0.0.0
Generic.Malware/Suspicious, C:\USERS\RODRIGO\DOWNLOADS\FLASHINSTALLER.ZIP, Quarentena, [0], [392686],1.0.11618
Generic.Malware/Suspicious, C:\USERS\RODRIGO\DOWNLOADS\FLASH_PLAYER_APP.4.6.7.3.9.1.24.ZIP, Quarentena, [0], [392686],1.0.11618
PUP.Optional.SearchManager.BITSRST, C:\USERS\RODRIGO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [271], [626729],1.0.11618
PUP.Optional.InstallCore.Generic, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\censurado.png censurado.png.lnk, Quarentena, [563], [621110],1.0.11618
PUP.Optional.InstallCore.Generic, C:\USERS\PUBLIC\Desktop\censurado.png censurado.png.lnk, Quarentena, [563], [621110],1.0.11618
PUP.Optional.InstallCore.Generic, C:\PROGRAM FILES (X86)\DSNET CORP\censurado.png censurado.png 2.0\YCT.EXE, Quarentena, [563], [621110],1.0.11618
Setor físico: 0
(Nenhum item malicioso detectado)
Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)
(end)


não consigo achar o log do JRT, mals!


Oi,

Você tem o Driver Booster instalado no PC? Caso você tenha, ele é o culpado, pois o Malwarebytes e seus derivados o acusam-o de PUP (Programa potencialmente indesejado) por conta das alterações que ele faz no registro durante a instalação, passei pelo mesmo perrengue quando instalei ele no PC e o Malwarebytes logo acusou.

Outra coisa,

Caso tenha, não te recomendo muito usar atualizadores de drivers, esse vídeo explica em detalhes:

TmfeijoMMonroe
TmfeijoMMonr... Cyber Highlander Registrado
13.7K Mensagens 4.2K Curtidas
#6 Por TmfeijoMMonr...
31/07/2019 - 05:35
Bom dia nobre prezado autor !

No adwcleaner prima em limpar.

Desinstale o malwarebytes com o revo uninstaller usando a opção avançado que os itens quarentenados irão embora junto.

Abraços.
katsuriko disse:
"1"

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-07-15.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 07-18-2019
# Duration: 00:00:21
# OS: Windows 7 Ultimate
# Scanned: 27411
# Detected: 1
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.DriverBooster HKLM\Software\Wow6432Node\IObit\Driver Booster
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
AdwCleaner[S00].txt - [1538 octets] - [08/07/2018 10:23:57]
AdwCleaner[C00].txt - [1610 octets] - [08/07/2018 10:24:16]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########



"2"

Malwarebytes
www.malwarebytes.com
-Detalhes de registro-
Data da análise: 18/07/2019
Hora da análise: 15:38
Arquivo de registro: 2ca23130-a98b-11e9-891e-20cf30e0979b.json
-Informação do software-
Versão: 3.8.3.2965
Versão de componentes: 1.0.613
Versão do pacote de definições: 1.0.11618
Licença: Versão de Avaliação
-Informação do sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x64
Sistema de arquivos: NTFS
Usuário: RODRIGO-PC\RODRIGO
-Resumo da análise-
Tipo de análise: Análise de Ameaças
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 244476
Ameaças detectadas: 58
Ameaças em quarentena: 58
Tempo decorrido: 8 min, 28 seg
-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Desabilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar
-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)
Módulo: 0
(Nenhum item malicioso detectado)
Chave de registro: 5
PUP.Optional.WinYahoo.TskLnk, HKU\S-1-5-21-2569912285-2516486697-1191534479-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Chromium, Quarentena, [800], [484244],1.0.11618
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\OLOJCNAGMCBPLPDDDABMPFEHHLLEOBPB, Quarentena, [2078], [509543],1.0.11618
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\OLOJCNAGMCBPLPDDDABMPFEHHLLEOBPB, Quarentena, [2078], [509543],1.0.11618
PUP.Optional.SearchManager, HKU\S-1-5-21-2569912285-2516486697-1191534479-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\olojcnagmcbplpdddabmpfehhlleobpb, Quarentena, [2078], [509543],1.0.11618
PUP.Optional.WinYahoo, HKU\S-1-5-21-2569912285-2516486697-1191534479-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT, Quarentena, [241], [262014],1.0.11618
Valor de registro: 2
PUP.Optional.SearchManager, HKU\S-1-5-21-2569912285-2516486697-1191534479-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|OLOJCNAGMCBPLPDDDABMPFEHHLLEOBPB, Quarentena, [2078], [509543],1.0.11618
PUP.Optional.WinYahoo, HKU\S-1-5-21-2569912285-2516486697-1191534479-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT|FILENAME, Quarentena, [241], [262014],1.0.11618
Dados de registro: 0
(Nenhum item malicioso detectado)
Fluxo de dados: 0
(Nenhum item malicioso detectado)
Pasta: 2
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\USERS\RODRIGO\APPDATA\LOCAL\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}, Quarentena, [800], [484244],1.0.11618
Arquivo: 49
PUP.Optional.SearchManager, C:\USERS\RODRIGO\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, Quarentena, [2078], [260989],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\USERS\RODRIGO\APPDATA\LOCAL\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\cano, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\chromium-min.jpg, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\control panel-min-min.JPG, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\down.png, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\ff menu.JPG, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\ff search engine-min.png, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\HowToRemove.html, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\hp-min ff.png, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\hp-min ie.png, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\search engine.gif, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\setup pages.gif, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\sp-min.png, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\start-min.jpg, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\HowToRemove\up.png, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\bapi_ff.dat, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\bapi_ie.dat, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\firi.cfg, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\install.log, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\loti, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\nino.dat, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\rici, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\sani.exe, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\Sqlite3.dll, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\uninst.dat, Quarentena, [800], [484244],1.0.11618
PUP.Optional.WinYahoo.TskLnk, C:\Users\RODRIGO\AppData\Local\{D216E44A-F6BE-88F2-9B26-AD1ABF4E5182}\uninst.exe, Quarentena, [800], [484244],1.0.11618
PUP.Optional.SearchManager, C:\USERS\RODRIGO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [2078], [509543],1.0.11618
Generic.Malware/Suspicious, C:\USERS\RODRIGO\APPDATA\ROAMING\ZHP\QUARANTINE\KMSPICO\SERVICE_KMS.EXE, Quarentena, [0], [392686],1.0.11618
HackTool.Agent.KMS, C:\USERS\RODRIGO\APPDATA\ROAMING\ZHP\QUARANTINE\KMSPICO\KMSELDI.EXE, Quarentena, [8082], [700614],1.0.11618
Generic.Malware/Suspicious, C:\USERS\RODRIGO\APPDATA\ROAMING\ZHP\QUARANTINE\KMSPICO\AUTOPICO.EXE, Quarentena, [0], [392686],1.0.11618
PUP.Optional.InstallCore.Generic, C:\USERS\RODRIGO\DOWNLOADS\ATUBECATCHER.EXE, Quarentena, [563], [621110],1.0.11618
PUP.Optional.InstallCore, C:\USERS\RODRIGO\DOWNLOADS\BAIXAKI_PHOTOSCAPE.EXE, Quarentena, [446], [324268],1.0.11618
Adware.InstallCube, C:\USERS\RODRIGO\DOWNLOADS\ARQUIVO.RAR, Quarentena, [462], [526691],1.0.11618
Adware.FusionCore, C:\USERS\RODRIGO\DOWNLOADS\EMULE.EXE, Quarentena, [7653], [320181],1.0.11618
PUP.Optional.SearchManager.BITSRST, C:\USERS\RODRIGO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [271], [626729],1.0.11618
PUP.Optional.SearchManager.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarentena, [271], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarentena, [271], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarentena, [271], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarentena, [271], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarentena, [271], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarentena, [271], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarentena, [271], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarentena, [271], [-1],0.0.0
Generic.Malware/Suspicious, C:\USERS\RODRIGO\DOWNLOADS\FLASHINSTALLER.ZIP, Quarentena, [0], [392686],1.0.11618
Generic.Malware/Suspicious, C:\USERS\RODRIGO\DOWNLOADS\FLASH_PLAYER_APP.4.6.7.3.9.1.24.ZIP, Quarentena, [0], [392686],1.0.11618
PUP.Optional.SearchManager.BITSRST, C:\USERS\RODRIGO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [271], [626729],1.0.11618
PUP.Optional.InstallCore.Generic, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\censurado.png censurado.png.lnk, Quarentena, [563], [621110],1.0.11618
PUP.Optional.InstallCore.Generic, C:\USERS\PUBLIC\Desktop\censurado.png censurado.png.lnk, Quarentena, [563], [621110],1.0.11618
PUP.Optional.InstallCore.Generic, C:\PROGRAM FILES (X86)\DSNET CORP\censurado.png censurado.png 2.0\YCT.EXE, Quarentena, [563], [621110],1.0.11618
Setor físico: 0
(Nenhum item malicioso detectado)
Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)
(end)


não consigo achar o log do JRT, mals!
A ignorância é a pior inimiga do homem . Não tenho medo de nada; apenas da inveja . E o mundo cada vez melhor !!
Palavras sábias de um hiper profissional do judiciário; perito digital e em psicologia jurídica .
A sua inveja é a velocidade de meu sucesso .
Um coração medroso congela o trabalho . Um coração temerário incendeia qualquer serviço ; arrasando - o .
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal