Jump to content

Annluciap

Members
  • Content count

    440
  • Joined

  • Last visited

Community Reputation

0 Comum

About Annluciap

Informações Pessoais

  • Sexo
    Indefinido
  1. Boa tarde, DigRam! Segue abaixo o relatório. Obrigada. Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 28-03-2021 Executado por Ivan (28-03-2021 16:01:53) Run:4 Executando a partir de C:\Users\Ana\Desktop Perfis Carregados: Ivan & Ana & postgres Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CloseProcesses: Createrestorepoints: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {25bb5ae4-8632-11ea-bc0c-00158307c667} - "E:\Windows/AutoRun.exe" HKU\S-1-5-21-1793361252-1642306814-3946400002-1004\...\MountPoints2: {25bb5ae4-8632-11ea-bc0c-00158307c667} - "E:\Windows/AutoRun.exe" Task: {166C390A-1AC0-4A57-9FB9-89C3C873F4D9} - \Adobe Flash Player Updater -> Nenhum Arquivo <==== ATENÇÃO Task: {D36AC41E-4056-4C76-A92A-BEE7ACC5CC7C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Pessoa 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 6" SearchScopes: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000 -> URL hxxps://br.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=81_25050030005_76.0.3809.132_u_ds&p={searchTerms} SearchScopes: HKU\S-1-5-21-1793361252-1642306814-3946400002-1004 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=82_25050004005_65.0.2.15_u_ds&p={searchTerms} FirewallRules: [UDP Query User{DC2E45F4-50AD-4C1C-9915-4AF0556F7AF7}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo FirewallRules: [TCP Query User{7E4F4740-54D5-4D58-8AF7-CC2BFA0EC069}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo FirewallRules: [UDP Query User{8C4A0A8E-A43D-4232-BA28-5649BBA2DD08}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo FirewallRules: [TCP Query User{99D6D03E-FC57-40D1-B950-9C748AB8FDD7}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo FirewallRules: [TCP Query User{62655275-AAB8-4D84-8FA8-449E58C3D0AF}C:\program files (x86)\comodo\dragon\dragon.exe] => (Allow) C:\program files (x86)\comodo\dragon\dragon.exe => Nenhum Arquivo FirewallRules: [UDP Query User{B8E728AC-69D2-4D7C-A389-34011778A0EA}C:\program files (x86)\comodo\dragon\dragon.exe] => (Allow) C:\program files (x86)\comodo\dragon\dragon.exe => Nenhum Arquivo FirewallRules: [{FCD38E26-CFEE-4F33-BA6C-48F6AF2142D9}] => (Allow) C:\Users\Ivan\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo FirewallRules: [{C7CF382D-71AC-45E2-9B8F-B05B36D84F7E}] => (Allow) C:\Users\Ivan\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo EmptyTemp: Reboot: ***************** Processos fechados com sucesso. Createrestorepoints: => Erro: Nenhuma correção automática foi encontrada para esta entrada. HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25bb5ae4-8632-11ea-bc0c-00158307c667} => removido (a) com sucesso. HKU\S-1-5-21-1793361252-1642306814-3946400002-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25bb5ae4-8632-11ea-bc0c-00158307c667} => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{166C390A-1AC0-4A57-9FB9-89C3C873F4D9}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{166C390A-1AC0-4A57-9FB9-89C3C873F4D9}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D36AC41E-4056-4C76-A92A-BEE7ACC5CC7C}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D36AC41E-4056-4C76-A92A-BEE7ACC5CC7C}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removido (a) com sucesso. C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Pessoa 1 - Chrome.lnk => Atalho argumento removido (a) com sucesso. "HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL" => removido (a) com sucesso. HKU\S-1-5-21-1793361252-1642306814-3946400002-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0AA24E16-07B3-4694-8357-3C21ACC5F516} => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DC2E45F4-50AD-4C1C-9915-4AF0556F7AF7}C:\program files (x86)\bsgo\launcher\launcher.exe" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7E4F4740-54D5-4D58-8AF7-CC2BFA0EC069}C:\program files (x86)\bsgo\launcher\launcher.exe" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8C4A0A8E-A43D-4232-BA28-5649BBA2DD08}C:\program files (x86)\bsgo\launcher\launcher.exe" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{99D6D03E-FC57-40D1-B950-9C748AB8FDD7}C:\program files (x86)\bsgo\launcher\launcher.exe" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{62655275-AAB8-4D84-8FA8-449E58C3D0AF}C:\program files (x86)\comodo\dragon\dragon.exe" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B8E728AC-69D2-4D7C-A389-34011778A0EA}C:\program files (x86)\comodo\dragon\dragon.exe" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FCD38E26-CFEE-4F33-BA6C-48F6AF2142D9}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C7CF382D-71AC-45E2-9B8F-B05B36D84F7E}" => removido (a) com sucesso. =========== EmptyTemp: ========== BITS transfer queue => 12607488 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 195212909 B Java, Flash, Steam htmlcache => 1095 B Windows/system/drivers => 141098158 B Edge => 0 B Chrome => 2284501 B Firefox => 1138797994 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 9019374 B Ivan => 1183767532 B Ana => 1441549614 B postgres => 1441549614 B RecycleBin => 775424631 B EmptyTemp: => 5.9 GB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 16:08:56 ====
  2. Boa noite, DigRam! Conforme orientações, seguem os relatórios. Obrigada e desculpa pela demora! Obs.: Após o evento de troca de datas dos arquivos e outros, eu fiz uma varredura com o Win Defender, copiei os arquivos que não foram corrompidos para outro local e formatei o pendrive. # ---------------------------------------------------- # UsbFix Antivirus Premium # ---------------------------------------------------- # Version : 11.032 # Database : # Contact : https://www.usb-antivirus.com/contact # ---------------------------------------------------- # Scan type : Windows # User : Ivan (Administrator) # Device : IVAN-PC # Started : 24/03/2021 18:43:05 # ---------------------------------------------------- ------------ | Analyzed disks | C:\ NTFS (216GB/465GB) [Fixed] ------------ | Infected elements | ~ No element detected ~ ------------ | Run | F2 - HKLM\..\Winlogon : [Shell] explorer.exe F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe, 04 - HKCU\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background 04 - HKCU\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe 04 - HKCU\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" 04 - HKCU\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun 04 - HKCU\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7 04 - HKLM\..\Run : [IseUI] C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe 04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 04 - [x64] HKLM\..\Run : [SecurityHealth] %windir%\system32\SecurityHealthSystray.exe 04 - [x64] HKLM\..\Run : [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe 04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\RunOnce : [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade 04GS - AnyDesk.lnk : C:\Program Files (x86)\AnyDesk\AnyDesk.exe 04GS - Monitor Apache Servers.lnk : C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe 04GS - Monitor Biblivre 5.lnk : C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe ------------ | Tasks | Task - Adobe Acrobat Update Task --> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe Task - Adobe Flash Player NPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe -check plugin Task - Adobe Flash Player PPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe -check pepperplugin Task - CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} Task - GoogleUpdateTaskMachineCore --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c Task - GoogleUpdateTaskMachineUA --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler Task - MicrosoftEdgeUpdateTaskMachineCore --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c Task - MicrosoftEdgeUpdateTaskMachineUA --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1000 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1004 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task - UsbFix Boot Scan --> "C:\Program Files (x86)\UsbFix\UsbFix.exe" -scanonstart Task - UsbFix Monitor --> "C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe" Task - User_Feed_Synchronization-{37BA45BF-BFCF-4431-A92D-C5E9AB481B69} --> C:\WINDOWS\system32\msfeedssync.exe sync ------------ | C:\ %SystemDrive% - Fixed drive (NTFS) | [13/09/2016 - 21:50:20 | A | 1 Ko] - DelFix.txt [24/03/2021 - 09:02:18 | ASH | 8 Ko] - DumpStack.log.tmp [24/03/2021 - 09:02:17 | ASH | 3138180 Ko] - hiberfil.sys [24/03/2021 - 09:02:18 | ASH | 262144 Ko] - swapfile.sys [24/03/2021 - 16:05:38 | ASH | 2438768 Ko] - pagefile.sys [06/10/2015 - 20:26:43 | A | 1 Ko] - .rnd [10/06/2020 - 20:06:24 | SHD] - Config.Msi [06/03/2017 - 22:23:55 | A | 2 Ko] - console.log [20/02/2021 - 13:19:26 | ASH | 8 Ko] - DumpStack.log [25/09/2018 - 12:02:57 | SH | 0 Ko] - bootTel.dat [30/11/2020 - 22:43:52 | SHD] - $Recycle.Bin [14/07/2009 - 02:08:56 | SHD] - Documents and Settings [12/11/2013 - 09:06:26 | SHD] - Arquivos de Programas [12/11/2013 - 10:20:06 | RHD] - MSOCache [06/02/2014 - 12:56:19 | D] - Php2 [06/02/2014 - 13:13:19 | D] - PHP [06/07/2014 - 15:26:11 | D] - ODF_MAINFRAME [15/12/2014 - 09:21:55 | D] - temp [06/02/2015 - 16:28:10 | D] - Level up [01/09/2015 - 10:08:30 | D] - MySQL_1 [23/09/2015 - 01:08:37 | D] - 3aeb140115f410706a411c [30/10/2015 - 04:18:34 | ASH | 0 Ko] - BOOTNXT [07/09/2017 - 21:37:32 | D] - dosprog [02/03/2018 - 14:47:49 | HD] - $SysReset [03/03/2018 - 12:13:01 | RSHD] - Office Activation Technologies [24/03/2018 - 15:36:46 | D] - Sierra [25/01/2019 - 12:02:04 | D] - instaldor [28/01/2019 - 22:05:43 | D] - Jogos [26/05/2019 - 18:37:51 | HD] - VTRoot [22/09/2019 - 20:11:51 | D] - Boruto [07/12/2019 - 06:14:52 | D] - PerfLogs [20/02/2020 - 17:16:08 | D] - Arquivos de Programas RFB [11/07/2020 - 22:42:25 | D] - Python [26/09/2020 - 18:38:31 | HD] - $WinREAgent [29/09/2020 - 01:55:27 | SHD] - Recovery [14/11/2020 - 21:30:44 | D] - SecurityCheck [30/11/2020 - 16:58:48 | HD] - ProgramData [28/02/2021 - 19:33:11 | D] - FRST [12/03/2021 - 00:46:33 | D] - Windows [22/03/2021 - 12:07:29 | RD] - Users [22/03/2021 - 12:09:00 | RD] - Program Files [24/03/2021 - 18:41:55 | RD] - Program Files (x86) Infected elements : 0 Analyzed elements : 88788 in 00h 00m 51s # UsbFix-Report-01.txt [6841B] ------------ | E.O.F | # ---------------------------------------------------- # UsbFix Antivirus Premium # ---------------------------------------------------- # Version : 11.032 # Database : # Contact : https://www.usb-antivirus.com/contact # ---------------------------------------------------- # Scan type : USB # User : Ivan (Administrator) # Device : IVAN-PC # Started : 24/03/2021 18:48:14 # ---------------------------------------------------- ------------ | Analyzed disks | H:\ FAT32 (8GB/8GB) [Removable] ------------ | Infected elements | ~ No element detected ~ ------------ | Run | F2 - HKLM\..\Winlogon : [Shell] explorer.exe F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe, 04 - HKCU\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background 04 - HKCU\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe 04 - HKCU\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" 04 - HKCU\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun 04 - HKCU\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7 04 - HKLM\..\Run : [IseUI] C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe 04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 04 - [x64] HKLM\..\Run : [SecurityHealth] %windir%\system32\SecurityHealthSystray.exe 04 - [x64] HKLM\..\Run : [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe 04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\RunOnce : [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade 04GS - AnyDesk.lnk : C:\Program Files (x86)\AnyDesk\AnyDesk.exe 04GS - Monitor Apache Servers.lnk : C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe 04GS - Monitor Biblivre 5.lnk : C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe ------------ | Tasks | Task - Adobe Acrobat Update Task --> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe Task - Adobe Flash Player NPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe -check plugin Task - Adobe Flash Player PPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe -check pepperplugin Task - CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} Task - GoogleUpdateTaskMachineCore --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c Task - GoogleUpdateTaskMachineUA --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler Task - MicrosoftEdgeUpdateTaskMachineCore --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c Task - MicrosoftEdgeUpdateTaskMachineUA --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1000 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1004 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task - UsbFix Boot Scan --> "C:\Program Files (x86)\UsbFix\UsbFix.exe" -scanonstart Task - UsbFix Monitor --> "C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe" Task - User_Feed_Synchronization-{37BA45BF-BFCF-4431-A92D-C5E9AB481B69} --> C:\WINDOWS\system32\msfeedssync.exe sync ------------ | H:\ - Removable drive (FAT32) | Infected elements : 0 Analyzed elements : 65992 in 00h 00m 12s # UsbFix-Report-01.txt [4912B] ------------ | E.O.F |
  3. Boa noite! Estava trabalhando em um arquivo de um pendrive e ele ficou inacessível. Quando abri o pendrive vi que esse arquivo e outros estavam com datas de criação último acesso de 2030, 2040, entre outras. Outros arquivos ficaram corrompidos. Fiz uma varredura no pendrive e no computador e nada foi detectado. Será que há algum malware não detectado pelo Win Defender? Seguem abaixo os logs da FRST: https://www.cjoint.com/c/KBCxH5n7VaZ https://www.cjoint.com/c/KBCxJaDfAGZ Muito obrigada! Obs.: O mesmo tópico foi possivelmente criado em local errado, peço que seja deletado.
  4. Boa noite, DigRam! Foram feitas as desinstalações sugeridas, exceto o AnyDesk. Obrigada e desculpa pela demora!
  5. Boa noite, DigRam! A lentidão diminuiu. Segue abaixo relatório. Obrigada! SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17] WebSite: www.safezone.cc DateLog: 14.11.2020 21:30:44 Path starting: C:\Users\Ivan\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: Ivan VersionXML: 7.94s-04.10.2020 ___________________________________________________________________________ Windows 10(6.3.19041) (x64) Core Release: 2004 Lang: Portuguese(0416) Installation date OS: 29.09.2020 04:57:49 LicenseStatus: Windows(R), Core edition The machine is permanently activated. LicenseStatus: Office 15, OfficeProPlusVL_KMS_Client edition Windows is in Notification mode Boot Mode: Normal Default Browser: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe SystemDrive: C: FS: [NTFS] Capacity: [465.2 Gb] Used: [182.9 Gb] Free: [282.3 Gb] ------------------------------- [ Windows ] ------------------------------- Internet Explorer 11.572.19041.0 [+] User Account Control enabled (Level 3) Automatically download and schedule installation Central de Segurança (wscsvc) - The service is running Registro remoto (RemoteRegistry) - The service has stopped Descoberta SSDP (SSDPSRV) - The service is running Serviços de Área de Trabalho Remota (TermService) - The service has stopped Windows Remote Management (WS-Management) (WinRM) - The service has stopped ------------------------------ [ MS Office ] ------------------------------ Microsoft Office 2013 x86 v.15.0.4569.1506 ---------------------------- [ Antivirus_WMI ] ---------------------------- Windows Defender (enabled and up to date) ---------------------------- [ Firewall_WMI ] ----------------------------- COMODO Firewall (disabled) COMODO Firewall (disabled) -------------------------- [ SecurityUtilities ] -------------------------- Internet Security Essentials v.1.6.472587.185 --------------------------- [ OtherUtilities ] ---------------------------- VLC media player v.3.0.11 Microsoft Silverlight v.5.1.50918.0 Cisco Webex Meetings v.40.10.3 [+] Microsoft OneDrive v.20.169.0823.0008 [+] Zoom v.5.0 Warning! Download Update Python 3.7.3 (32-bit) v.3.7.3150.0 Warning! Download Update K-Lite Codec Pack 10.0.0 Full v.10.0.0 Warning! Download Update TeamViewer v.15.8.3 Warning! Download Update TeamViewer (TeamViewer) - The service is running -------------------------------- [ Arch ] --------------------------------- WinRAR 4.20 (32-bit) v.4.20.0 Warning! Download Update --------------------------------- [ IM ] ---------------------------------- Discord v.0.0.306 Warning! Download Update Telegram Desktop version 2.4.1 v.2.4.1 Warning! Download Update ---------------------------- [ ProxyAndVPNs ] ----------------------------- McAfee Safe Connect v.1.6.0.223 --------------------------------- [ SPY ] --------------------------------- AnyDesk v.ad 6.0.7 Warning! RAT!. -------------------------------- [ Java ] --------------------------------- Java 8 Update 261 v.8.0.2610.12 --------------------------- [ AdobeProduction ] --------------------------- Adobe AIR v.18.0.0.144 Warning! Download Update Adobe Flash Player 32 NPAPI v.32.0.0.453 [+] Adobe Flash Player 32 PPAPI v.32.0.0.453 [+] Adobe Shockwave Player 12.0 v.12.0.3.133 Warning! This software is no longer supported. Please uninstall it. swMSM v.12.0.0.1 << Hidden Warning! This software is no longer supported. Please uninstall it. Adobe Reader XI (11.0.23) v.11.0.23 Warning! This software is no longer supported. Please uninstall it and use Adobe Acrobat Reader DC. ------------------------------- [ Browser ] ------------------------------- Mozilla Firefox 82.0.3 (x64 pt-BR) v.82.0.3 [+] Google Chrome v.86.0.4240.193 [+] Microsoft Edge v.86.0.622.69 [+] ------------------ [ AntivirusFirewallProcessServices ] ------------------- C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe v.1.6.13835.185 isesrv (isesrv) - The service is running C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe v.1.6.13835.185 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2010.7-0\MsMpEng.exe v.4.18.2010.7 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2010.7-0\NisSrv.exe v.4.18.2010.7 Serviço Microsoft Defender Antivírus (WinDefend) - The service is running Serviço de Inspeção de Rede do Microsoft Defender Antivírus (WdNisSvc) - The service is running ---------------------------- [ UnwantedApps ] ----------------------------- McAfee Security Scan Plus v.3.11.1924.1 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering. VdhCoApp 1.5.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering. Paltalk Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!! ----------------------------- [ End of Log ] ------------------------------
  6. Boa noite segue o log, Perdão pela demora Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 24-10-2020 Executado por Ivan (24-10-2020 21:31:26) Run:3 Executando a partir de C:\Users\Ana\Desktop Perfis Carregados: Ivan & Ana Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CloseProcesses: COMODO Firewall (HKLM\...\{0E9AFD45-C3BA-41D1-B54B-495A22CB3409}) (Version: 12.2.2.7036 - COMODO Security Solutions Inc.) Hidden FirewallRules: [{774701DB-F707-4453-9472-6F8C3C282346}] => (Allow) C:\Users\Ivan\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo FirewallRules: [UDP Query User{F5D5078A-D2C9-457D-880B-C80037C10552}C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe => Nenhum Arquivo FirewallRules: [TCP Query User{B410A6D0-575A-441C-B4BE-2BF74902DC48}C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe => Nenhum Arquivo HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\StartupApproved\Run: => "McAfeeSafeConnect" ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 6" EmptyTemp: Reboot: ***************** Processos fechados com sucesso. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0E9AFD45-C3BA-41D1-B54B-495A22CB3409}\\SystemComponent" => não encontrado (a) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{774701DB-F707-4453-9472-6F8C3C282346}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F5D5078A-D2C9-457D-880B-C80037C10552}C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B410A6D0-575A-441C-B4BE-2BF74902DC48}C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe" => removido (a) com sucesso. "HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\McAfeeSafeConnect" => removido (a) com sucesso. "HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\McAfeeSafeConnect" => não encontrado (a) C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Google Chrome.lnk => Atalho argumento removido (a) com sucesso. =========== EmptyTemp: ========== BITS transfer queue => 12345344 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 55381551 B Java, Flash, Steam htmlcache => 291 B Windows/system/drivers => 620486 B Edge => 0 B Chrome => 23729963 B Firefox => 801299193 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B
  7. Boa noite, DigRam! Seguem: - Link para o relatório Addition.txt: https://www.cjoint.com/c/JJqbe6XrveV - Relatório Fixlog.txt. Muito obrigada! Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 14-10-2020 Executado por Ivan (15-10-2020 21:08:55) Run:2 Executando a partir de C:\Users\Ana\Desktop Perfis Carregados: Ivan Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CloseProcesses: (McAfee, LLC -> McAfee, LLC) C:\FRST\Quarantine\C\Program Files\McAfee Security Scan\3.11.1924\SSScheduler.exe HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe [1112960 2018-03-14] (AnchorFree Inc -> McAfee Inc.) HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {25bb5ae4-8632-11ea-bc0c-00158307c667} - "E:\Windows/AutoRun.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2020-08-14] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.1924\SSScheduler.exe (Nenhum Arquivo) Task: {12B7BC63-E09C-4BBE-85B2-C3F1649FFCF0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.) 2020-10-09 10:22 - 2020-10-09 10:22 - 000000000 ____D C:\Users\Todos os Usuários\McAfee 2020-10-09 10:22 - 2020-10-09 10:22 - 000000000 ____D C:\ProgramData\McAfee 2020-09-29 01:54 - 2020-10-13 18:36 - 000004612 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier 2020-09-29 01:54 - 2020-10-13 17:36 - 000004642 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier 2020-09-29 01:54 - 2020-10-13 17:36 - 000004494 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater 2020-09-25 10:23 - 2020-08-14 10:57 - 000000000 ____D C:\Users\Todos os Usuários\McAfee Security Scan 2020-09-25 10:23 - 2020-08-14 10:57 - 000000000 ____D C:\ProgramData\McAfee Security Scan 2020-07-18 22:00 - 2020-07-18 22:00 - 000004608 _____ () C:\Users\Ivan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini EmptyTemp: Reboot: Hosts: ***************** Processos fechados com sucesso. C:\FRST\Quarantine\C\Program Files\McAfee Security Scan\3.11.1924\SSScheduler.exe => Não foi encontrado em execução o processo "HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\Software\Microsoft\Windows\CurrentVersion\Run\\McAfeeSafeConnect" => removido (a) com sucesso. HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25bb5ae4-8632-11ea-bc0c-00158307c667} => removido (a) com sucesso. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => movido com sucesso "C:\Program Files\McAfee Security Scan\3.11.1924\SSScheduler.exe" => não encontrado (a) "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{12B7BC63-E09C-4BBE-85B2-C3F1649FFCF0}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12B7BC63-E09C-4BBE-85B2-C3F1649FFCF0}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removido (a) com sucesso. C:\Users\Todos os Usuários\McAfee => movido com sucesso "C:\ProgramData\McAfee" => não encontrado (a) C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier => movido com sucesso C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier => movido com sucesso C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater => movido com sucesso C:\Users\Todos os Usuários\McAfee Security Scan => movido com sucesso "C:\ProgramData\McAfee Security Scan" => não encontrado (a) C:\Users\Ivan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => movido com sucesso C:\Windows\System32\Drivers\etc\hosts => movido com sucesso Hosts restaurado com sucesso. =========== EmptyTemp: ========== BITS transfer queue => 12345344 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 54565276 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 239795 B Edge => 0 B Chrome => 46835686 B Firefox => 381724413 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 43688 B Ivan => 651231180 B Ana => 651231180 B RecycleBin => 201680724 B EmptyTemp: => 1.9 GB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 21:11:40 ====
  8. Boa tarde, DigRam! Desculpa pela demora. Segue link para os logs: https://www.cjoint.com/c/JJpsoS7xi4E Obrigada.
  9. Boa tarde, DigRam! Tudo ok pela demora! O importante é ficar bem de saúde. Eu gerei o log anterior em um usuário não administrador. Hoje, não verifiquei o primeiro item (BCD). Se for ncessário, posso gerar outro log e aí em um usuário administrador. Segue log, conforme solicitado por ti. Muito obrigada! __________________________________________________________________________________________________________
  10. Seguem links dos logs do FRST para análise: https://www.cjoint.com/c/IEuvOzhKaPa https://www.cjoint.com/c/IEuvQSrcnWa Obrigada.
  11. Boa noite, sim, removi as detecções. Agora está tudo ok com o note. Muito obrigada pela ajuda. :)
  12. Boa noite, Como o relatório é longo envio o link para acessá-lo. http://www.cjoint.com/c/GAlapoKchA5 Obrigada.
  13. Boa tarde, seguem logs conforme solicitado. Obrigada. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.0 (12.05.2016) Operating System: Windows 7 Ultimate x64 Ran by Lucimar (Limited) on 10/01/2017 at 13:01:30,02 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 10/01/2017 at 13:05:18,15 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~ ZHPCleaner v2017.1.7.4 by Nicolas Coolman (2017/01/07) ~ Run by Lucimar (Administrator) (10/01/2017 14:21:27) ~ Web: https://www.nicolascoolman.com ~ Blog: https://www.anti-malware.top ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : ~ Type : Reparo ~ Report : C:\Users\Lucimar\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Lucimar\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\\ Serviços (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Navegadores de Internet (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Arquivo hosts (1) ~ O arquivo hosts é legítimo (21) ---\\ Tarefas automáticas agendadas. (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Explorer ( Arquivos, Pastas) (60) MOVIDO pasta: C:\Users\Public\Desktop\1-click optimization.lnk [bad : C:\Program Files (x86)\simplitec\simpliclean\PowerSuiteStart.exe](.simplitec GmbH.) =>.Superfluous.SimpliClean MOVIDO pasta: C:\Users\Lucimar\AppData\Roaming\unins001.exe [ - Setup/Uninstall] =>PUP.Optional.Pirrit MOVIDO pasta: C:\Users\Lucimar\AppData\Roaming\unins002.exe [ - Setup/Uninstall] =>PUP.Optional.Pirrit MOVIDO pasta: C:\Windows\Prefetch\YTDOWNLOADER.EXE-16291FE1.pf =>PUP.Optional.YTDownloader MOVIDO arquivo: C:\Users\Lucimar\AppData\Local\Temp\scoped_dir_292_23992 =>.Superfluous.Temporary.Steam MOVIDO arquivo: C:\Program Files (x86)\simplitec\simpliclean =>.Superfluous.SimpliClean MOVIDO arquivo: C:\Windows\Installer\MSI110F.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI1748.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI1A58.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI1C79.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI1E28.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI22.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI2800.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI3052.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI32A4.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI3737.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI37AA.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI388.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI38BD.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI3A.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI3BAB.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI3C68.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI404D.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI41F3.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI437D.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI4619.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI48F5.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI4D1F.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI50B3.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI5216.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI583D.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI5948.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI5E96.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI5F3F.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI678C.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI6F79.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI97B1.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIA16D.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIA38F.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIB99F.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIC522.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIC838.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSICB99.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSICF9F.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSICFAF.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSID30A.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSID645.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSID73F.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSID75.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIDB17.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIE32D.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIE653.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIE81C.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIEFEA.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIF355.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIF7C9.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIFB91.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIFDC3.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIFEAD.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIFFE4.tmp- =>.Superfluous.Empty ---\\ Registro ( Chaves, Valores, Dados ) (32) SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Ammyy [] =>.Superfluous.Ammyy SUPRIMIDO chave: HKCU\Software\Ammyy [] =>.Superfluous.Ammyy SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net [188] =>.Superfluous.AkamaiHD SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\api.smarterpowerunite.com [172147] =>PUP.Optional.SmarterPower SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdncache-a.akamaihd.net [464] =>.Superfluous.AkamaiHD SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\d15vtg97aygy3q.cloudfront.net [10] =>.Superfluous.CloudfrontNet SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hdapp1008-a.akamaihd.net [8] =>.Superfluous.AkamaiHD SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mixvideoplayer.com [] =>.Superfluous.Softforce SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\smarterpowerunite.com [153385] =>PUP.Optional.SmarterPower SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\vitruvianleads.com [] =>Adware.Vitruvian SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.vitruvianleads.com [25] =>Adware.Vitruvian SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net [] =>.Superfluous.AkamaiHD SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\browsepulse-a.akamaihd.net [95848] =>PUP.Optional.BrowsePulse SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cdncache-a.akamaihd.net [308] =>.Superfluous.AkamaiHD SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d15vtg97aygy3q.cloudfront.net [28] =>.Superfluous.CloudfrontNet SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hdapp1008-a.akamaihd.net [8] =>.Superfluous.AkamaiHD SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\vitruvianleads.com [] =>Adware.Vitruvian SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.vitruvianleads.com [25] =>Adware.Vitruvian SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Primary Color [] =>PUP.Optional.PrimaryColor SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Primary Color [] =>PUP.Optional.PrimaryColor SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Sakura [] =>PUP.Optional.GameGogle SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32 [] =>.Superfluous.ByteFence SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS [] =>.Superfluous.ByteFence SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\MixVideoPlayer_RASAPI32 [] =>.Superfluous.Softforce SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\MixVideoPlayer_RASMANCS [] =>.Superfluous.Softforce SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASAPI32 [] =>PUP.Optional.MyPCBackup SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASMANCS [] =>PUP.Optional.MyPCBackup SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\SmarterPower_RASAPI32 [] =>PUP.Optional.SmarterPower SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\SmarterPower_RASMANCS [] =>PUP.Optional.SmarterPower SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Sakura [] =>PUP.Optional.GameGogle SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\simplitec POWER SUITE_is1 [simplitec GmbH] =>.Superfluous.SimpliClean SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect ---\\ Resumo dos elementos encontrados na sua estação de trabalho (17) =>.Superfluous.SimpliClean =>PUP.Optional.Pirrit =>PUP.Optional.YTDownloader =>.Superfluous.Temporary.Steam =>.Superfluous.Empty =>.Superfluous.Ammyy =>.Superfluous.AkamaiHD =>PUP.Optional.SmarterPower =>.Superfluous.CloudfrontNet =>.Superfluous.Softforce =>Adware.Vitruvian =>PUP.Optional.BrowsePulse =>PUP.Optional.PrimaryColor =>PUP.Optional.GameGogle =>.Superfluous.ByteFence =>PUP.Optional.MyPCBackup https://www.anti-malware.top/2016/04/22/heuristic-suspect/%C2'> =>Heuristic.Suspect ---\\ Dodatkowe oczyszczenie. (37) ~ Chave de registro Tracing Supprimido (37) ~ Remover os relatórios antigos ZHPCleaner. (0) ---\\ Resultado de reparação Reparação efectuada com sucesso ---\\ Estatísticas ~ Items scan : 3698 ~ Items encontrado : 0 ~ items cancelados : 0 ~ Items réparo : 92 ~ End of clean in 00h02mn29s ~==================== ZHPCleaner-[R]-10012017-14_23_56.txt ZHPCleaner--10012017-14_10_33.txt
  14. Boa tarde, segue relatório. Obrigada. # AdwCleaner v6.042 - Relatório criado 08/01/2017 às 12:42:54 # *Updated on 06/01/2017 by Malwarebytes # Banco de dados : 2017-01-06.1 [servidor] # Sistema operacional : Windows 7 Ultimate Service Pack 1 (X64) # Usuário : Lucimar - LUCIMAR-PC # Executando de : C:\Users\Lucimar\Desktop\adwcleaner_6.042.exe # Limpar # Apoio : https://www.malwarebytes.com/support ***** [ Serviços ] ***** [-] Políticas do IE excluídasswdumon [-] Políticas do IE excluídasNETTCPHANDLER ***** [ Pastas ] ***** [-] RestauradoC:\ProgramData\{1005F8C6-4087-2940-F101-59C221838A4C} [#] *Folder deleted on reboot: C:\ProgramData\Application Data\{1005F8C6-4087-2940-F101-59C221838A4C} [-] RestauradoC:\Users\Lucimar\AppData\Local\BrowserHelper [-] RestauradoC:\Users\Lucimar\AppData\Local\slimware utilities inc [-] RestauradoC:\Users\Lucimar\AppData\Local\wincheck [-] RestauradoC:\Users\Lucimar\AppData\Local\YSearchUtil [#] *Folder deleted on reboot: C:\Users\Lucimar\AppData\Local\SlimWare Utilities Inc [-] RestauradoC:\Users\Lucimar\AppData\Roaming\Elex-tech [-] RestauradoC:\Users\Lucimar\AppData\Roaming\GoldenGate [-] RestauradoC:\Users\Lucimar\AppData\Roaming\NetService [-] RestauradoC:\Users\Lucimar\AppData\Roaming\RunDir [-] RestauradoC:\Users\Lucimar\AppData\Roaming\shortCutStore [-] RestauradoC:\Users\Lucimar\AppData\Roaming\WinNetSvc [-] RestauradoC:\Users\Lucimar\AppData\Roaming\Booking_helper [-] RestauradoC:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence [-] RestauradoC:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oTweak Software [-] RestauradoC:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader [-] RestauradoC:\ProgramData\apn [-] RestauradoC:\ProgramData\SlimWare Utilities, Inc [#] *Folder deleted on reboot: C:\ProgramData\Application Data\apn [#] *Folder deleted on reboot: C:\ProgramData\Application Data\SlimWare Utilities, Inc [-] RestauradoC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com [-] RestauradoC:\Users\Public\Documents\Guid [-] RestauradoC:\Users\Public\Documents\pc faster [-] RestauradoC:\Users\Public\Documents\Downloaded Installers [-] RestauradoC:\Program Files (x86)\Elex-tech [-] RestauradoC:\Program Files (x86)\oTweak [-] RestauradoC:\Program Files (x86)\predm [-] RestauradoC:\Program Files (x86)\YTDownloader [-] RestauradoC:\Program Files (x86)\Booking.com [-] RestauradoC:\Program Files (x86)\Yahoo!\yset [-] RestauradoC:\Program Files (x86)\Common Files\Umbrella [-] RestauradoC:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\ntsvc [-] RestauradoC:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\WeatherTool [-] RestauradoC:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil [-] RestauradoC:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk [-] RestauradoC:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej ***** [ Arquivos ] ***** [-] RestauradoC:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url [-] RestauradoC:\Users\Lucimar\Desktop\Play Games Online.url [-] RestauradoC:\Windows\SysNative\drivers\swdumon.sys [-] RestauradoC:\END [-] RestauradoC:\Users\Public\Desktop\simpliclean.lnk [-] RestauradoC:\Users\Public\Desktop\Booking.com.lnk [-] RestauradoC:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk [-] RestauradoC:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml [#] RestauradoC:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml [#] RestauradoC:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Atalhos ] ***** ***** [ Tarefas agendadas ] ***** [-] Chaves %sTracing%s excluídas{1005F8C6-4087-2940-F101-59C221838A4C} [-] Chaves %sTracing%s excluídas{D11EAD46-8D5B-4C3C-B5F5-E67B4B3C7841} ***** [ Registro ] ***** [-] RestauradoHKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\NETTCPHANDLER [#] *Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\NETTCPHANDLER [-] RestauradoHKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF [-] RestauradoHKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg [-] RestauradoHKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1 [-] RestauradoHKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2 [-] RestauradoHKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1 [#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF [#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg [#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1 [#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2 [#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1 [-] RestauradoHKLM\SOFTWARE\Classes\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E [-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} [-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8} [-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000} [-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF} [-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF} [-] RestauradoHKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} [-] RestauradoHKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88} [-] RestauradoHKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF} [-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}] [-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] [-] RestauradoHKU\.DEFAULT\Software\PennyBee [-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\GoldenGate [-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\oTweak [-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\PRODUCTSETUP [-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\SlimWare Utilities Inc [-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\WeatherTool [-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Booking.com [-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\csastats [-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\YTDownloader [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2705312239-909248705-17524377-1000\Software\ShopperPro [#] *Key deleted on reboot: HKU\S-1-5-18\Software\PennyBee [#] *Key deleted on reboot: HKCU\Software\GoldenGate [#] *Key deleted on reboot: HKCU\Software\oTweak [#] *Key deleted on reboot: HKCU\Software\PRODUCTSETUP [#] *Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc [#] *Key deleted on reboot: HKCU\Software\WeatherTool [#] *Key deleted on reboot: HKCU\Software\Booking.com [#] *Key deleted on reboot: HKCU\Software\csastats [#] *Key deleted on reboot: HKCU\Software\YTDownloader [-] RestauradoHKLM\SOFTWARE\SLIMWARE UTILITIES, INC. [-] RestauradoHKLM\SOFTWARE\Clara [-] RestauradoHKLM\SOFTWARE\NetTcpHandler [-] RestauradoHKLM\SOFTWARE\NtSvcHandler [-] RestauradoHKLM\SOFTWARE\searchult [-] RestauradoHKLM\SOFTWARE\SlimWare Utilities Inc [-] RestauradoHKLM\SOFTWARE\WaInternetEn [-] RestauradoHKLM\SOFTWARE\SkypeUpdateEx [-] RestauradoHKLM\SOFTWARE\MaxPower [-] RestauradoHKLM\SOFTWARE\WMPNetworkAcSvc [-] RestauradoHKLM\SOFTWARE\YTDownloader [-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU [-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet [-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B552B283-6EBC-457E-8187-01682C83F26C}_is1 [-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winsearch [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2705312239-909248705-17524377-1000\Software\ShopperPro [#] *Key deleted on reboot: [x64] HKCU\Software\GoldenGate [#] *Key deleted on reboot: [x64] HKCU\Software\oTweak [#] *Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP [#] *Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc [#] *Key deleted on reboot: [x64] HKCU\Software\WeatherTool [#] *Key deleted on reboot: [x64] HKCU\Software\Booking.com [#] *Key deleted on reboot: [x64] HKCU\Software\csastats [#] *Key deleted on reboot: [x64] HKCU\Software\YTDownloader [-] Restaurado[x64] HKLM\SOFTWARE\im-dosearch [-] Restaurado[x64] HKLM\SOFTWARE\navegaki [-] Restaurado[x64] HKLM\SOFTWARE\WaInternetEn [-] Restaurado[x64] HKLM\SOFTWARE\DtsEncodeTools [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\adserver.iminent.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\iminent.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\webssearches.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adserver.iminent.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\binkiland.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\iminent.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istart.webssearches.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\start.iminent.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\adserver.iminent.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\iminent.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\webssearches.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adserver.iminent.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\binkiland.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\iminent.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istart.webssearches.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\start.iminent.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com [-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\3D BubbleSound [-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\DriverUpdaterPro [-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\SPDriver [-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\YTDownloader [-] RestauradoHKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249} [-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [browserWeb.exe] [-] RestauradoHKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5} [-] RestauradoHKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D} [#] *Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E [-] RestauradoHKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej [-] RestauradoHKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej [#] *Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej [-] Restaurado[x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej ***** [ Verificando navegadores ... ] ***** [-] [C:\Users\Lucimar\AppData\Local\Chromium\User Data\Default\Web data] [search Provider] Excluídosearch provided by yahoo [-] [C:\Users\Lucimar\AppData\Local\Chromium\User Data\Default] [extension] Excluídoelggllhppljlljkgfeokjpehmdamkejk [-] [C:\Users\Lucimar\AppData\Local\Chromium\User Data\Default] [homepage] Excluídohxxp://br.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxi01_15_27&param1=1&param2=f%3D1%26b%3DIS Browser%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCtByBtBtN1L2XzutAtFtCtDtFtCtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0DyD0CtCzz0DyEtGyC0F0BtAtGzy0D0F0CtGyD0D0B0EtGyE0F0AtDyB0E0DtB0DyEtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtDtB0AyDyCyCyCtGtA0AyEtDtGyE0CtCtAtGzyzyyDtCtGtAtCzytAyByCtCzztC0C0F0F2QtN0A0LzuyE%26cr%3D2012913086%26a%3Dwncy_bxi01_15_27%26os%3DWindows 7 Ultimate%26uref%3Dchmm [-] [C:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Excluídobr.ask.com [-] [C:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídoelggllhppljlljkgfeokjpehmdamkejk [-] [C:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídojcgcoifbkbphhjnekfkmohklfaimhikk [-] [C:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídonbljechdpodpbchbmjcoamidppmpnmlc [-] [C:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídooilkkkefbalmbfppgjmgjoefbclebkce [-] [C:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídopilplloabdedfmialnfchjomjmpjcoej ************************* :: Chaves "Tracing" excluídas :: Configurações Winsock restauradas :: Configurações Proxy restauradas :: Políticas do IE excluídas :: Políticas do Chrome excluídas :: Chrome preferences resetC:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default :: *Hosts file cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [16774 *Bytes] - [08/01/2017 12:42:54] C:\AdwCleaner\AdwCleaner[s0].txt - [15266 *Bytes] - [08/01/2017 12:31:31] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [16924 *Bytes] ##########
×

Important Information

Ao usar o fórum, você concorda com nossos Terms of Use.