Rodrigow

Novato
  • Total de itens

    36
  • Registro em

  • Última visita

Reputação

0 Neutral

Sobre Rodrigow

  • Rank
    Novato

Últimos Visitantes

369 visualizações
  1. Oi Elias! Eis ai o link com o resultado da detecção: https://www.virustotal.com/pt/file/d76e1acffccea4299e186f21433352a37489a52a0a4dcc76ee67cdf0698b438e/analysis/ Mais uma vez obrigado pelo suporte!
  2. Oi Elias e amigos do fórum! obrigado por reabri. Eis ai o log do MB. OBS: ele não permitiu deletar, apenas mover para quarentena: Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 27/07/17 Hora da análise: 08:34 Arquivo de registro: mb log.txt Administrador: Sim -Informação do software- Versão: 3.1.2.1733 Versão de componentes: 1.0.160 Versão do pacote de definições: 1.0.2448 Licença: Grátis -Informação do sistema- Sistema operacional: Windows 7 Service Pack 1 CPU: x64 Sistema de arquivos: NTFS Usuário: RODRIGO-PC\RODRIGO -Resumo da análise- Tipo de análise: Análise de Ameaças Resultado: Concluído Objetos verificados: 389516 Ameaças detectadas: 19 Ameaças em quarentena: 0 (Nenhum item malicioso detectado) Tempo decorrido: 1 min, 28 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Desabilitado Heurística: Habilitado PUP: Habilitado PUM: Habilitado -Detalhes da análise- Processo: 2 Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\EXPLORER.EXE, Nenhuma ação do usuário, [626], [355551],1.0.2448 Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\SVCHOST.EXE, Nenhuma ação do usuário, [626], [355551],1.0.2448 Módulo: 2 Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\EXPLORER.EXE, Nenhuma ação do usuário, [626], [355551],1.0.2448 Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\SVCHOST.EXE, Nenhuma ação do usuário, [626], [355551],1.0.2448 Chave de registro: 1 PUP.Optional.InstallCore, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DAEMON Tools Lite, Nenhuma ação do usuário, [2], [407013],1.0.2448 Valor de registro: 4 Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Explorer, Nenhuma ação do usuário, [626], [355551],1.0.2448 Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Explorer, Nenhuma ação do usuário, [626], [355551],1.0.2448 Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Svchost, Nenhuma ação do usuário, [626], [355551],1.0.2448 Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Svchost, Nenhuma ação do usuário, [626], [355551],1.0.2448 Dados de registro: 1 Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell, Nenhuma ação do usuário, [626], [355551],1.0.2448 Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 0 (Nenhum item malicioso detectado) Arquivo: 9 Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\EXPLORER.EXE, Nenhuma ação do usuário, [626], [355551],1.0.2448 Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\SVCHOST.EXE, Nenhuma ação do usuário, [626], [355551],1.0.2448 Backdoor.Agent.Generic, C:\USERS\RODRIGO\APPDATA\ROAMING\MRSYS.EXE, Nenhuma ação do usuário, [626], [355551],1.0.2448 PUP.Optional.InstallCore, C:\PROGRAM FILES\DAEMON TOOLS LITE\UNINST.EXE, Nenhuma ação do usuário, [2], [407013],1.0.2448 Backdoor.Agent.Generic, C:\USERS\RODRIGO\DOWNLOADS\ZA-SCAN.EXE,, Nenhuma ação do usuário, [626], [355551],1.0.2448 Backdoor.Agent.Generic, C:\USERS\RODRIGO\APPDATA\LOCAL\STSYS.EXE, Nenhuma ação do usuário, [626], [355551],1.0.2448 Backdoor.Agent.Generic, C:\USERS\RODRIGO\APPDATA\LOCAL\VIRTUALSTORE\DRIVER PARA HP PHOTOSMART C4480.EXE,, Nenhuma ação do usuário, [626], [355551],1.0.2448 Backdoor.Agent.Generic, C:\USERS\RODRIGO\APPDATA\LOCAL\ICSYS.ICN.EXE, Nenhuma ação do usuário, [626], [355551],1.0.2448 Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\SPOOLSV.EXE, Nenhuma ação do usuário, [626], [355551],1.0.2448 Setor físico: 0 (Nenhum item malicioso detectado) (end) No aguardo das instruções!
  3. Oi Elias. Demorou bastante. Tentei fazer duas vezes, mas por ter que utilizar o CPU tive que interromper. Acordei bem cedo hoje e deixei fazendo. Ei ai o log: ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ZA-Scan V1.0.0.5 Updated 30-09-2015 Tool run by RODRIGO on 08/07/2017 at 5:05:46,42. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\RODRIGO\Desktop\ZA-Scan.exe Script used: C:\Users\RODRIGO\Desktop\zascript.txt ==== System Restore Info ====================== 08/07/2017 05:05:58 Zoek.exe System Restore Point Created Successfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C9531E65-098D-4D6F-8065-8EDC0A22EB95} deleted successfully HKEY_USERS\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully HKEY_USERS\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully HKEY_USERS\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE7CD045-E861-484F-8273-0445EE161910} deleted successfully HKEY_USERS\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE7CD045-E861-484F-8273-0445EE161910} deleted successfully HKEY_USERS\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4971EE7-DAA0-4053-9964-665D8EE6A077} deleted successfully HKEY_USERS\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F4971EE7-DAA0-4053-9964-665D8EE6A077} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484F-8273-0445EE161910} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484F-8273-0445EE161910} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\RODRIGO\AppData\Roaming\Mozilla\Firefox\Profiles\jky6kgx8.default\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); Added to C:\Users\RODRIGO\AppData\Roaming\Mozilla\Firefox\Profiles\jky6kgx8.default\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ProfilePath: C:\Users\RODRIGO\AppData\Roaming\Mozilla\Firefox\Profiles\jky6kgx8.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_072017_0514_.backup prefs_082016_1906_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell"="explorer.exe" ==== Batch Command(s) Run By Tool====================== Configura‡Æo de IP do Windows Libera‡Æo do Cache do DNS Resolver bem-sucedida. ==== Deleting Files \ Folders ====================== C:\Users\RODRIGO\AppData\Roaming\Mozilla\Firefox\Profiles\jky6kgx8.default\extensions\ascsurfingprotection@iobit.com not found C:\PROGRA~2\Cracklock deleted C:\Users\RODRIGO\AppData\Roaming\CodecsLE_Install.log deleted C:\PROGRA~3\ProductData deleted C:\PROGRA~3\Package Cache deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted C:\Users\RODRIGO\Desktop\4kvideodownloader - Atalho.lnk deleted C:\Users\RODRIGO\Desktop\Mega-Downloader 1.7.lnk deleted C:\Users\RODRIGO\AppData\Roaming\mrsys.exe deleted C:\Users\RODRIGO\AppData\Local\icsys.icn.exe deleted C:\Users\RODRIGO\AppData\Local\stsys.exe deleted C:\Users\RODRIGO\AppData\Roaming\Mozilla\Firefox\Profiles\jky6kgx8.default\extensions\ascsurfingprotectionnew@iobit.com.xpi deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\RODRIGO\AppData\Roaming\Mozilla\Firefox\Profiles\jky6kgx8.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [28/06/2017 17:39] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [28/06/2017 17:39] ==== Firefox Extensions ====================== ProfilePath: C:\Users\RODRIGO\AppData\Roaming\Mozilla\Firefox\Profiles\jky6kgx8.default - Undetermined - C:\Program Files (x86)\IObit Apps Toolbar\FF - Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\RODRIGO\AppData\Roaming\Mozilla\Firefox\Profiles\jky6kgx8.default 62D98B286C805E193568037B70D936D2 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll - Shockwave Flash ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cifnddnffldieaamihfkhkdgnbhfmaci - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\\plugins\Creator\ChromeAddin\ChromeAddin.crx[21/07/2016 11:51] efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[01/10/2016 08:10] fabhkdeopjkcpkmofliimbjckmocfiom - No path found[] kpdmjodecdegfglgaapafjleomjjlpnh - No path found[] ngpampappnmepgilojfohadhhmbhlaek - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx[09/06/2016 13:48] Quick Links - RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegkifofjmpcimhejjpjhafihlcpcifl Video Downloader - RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc uBlockâ‚€ - RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm IDM Integration Module - RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek Chrome Media Router - RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Chromium Fix ====================== C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc deleted successfully C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aiimdkdngfcipjohbjenkahhlhccpdbc_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Reset Google Chrome ====================== C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Web Data.ReadOnly was reset successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== shortcuts on Users Desktops ====================== C:\Users\RODRIGO\Desktop\00. ESCRITA - Atalho.lnk - E:\Meus Documentos\Downloads\2016.2\00. ESCRITA C:\Users\RODRIGO\Desktop\00. TESE - Atalho.lnk - E:\Meus Documentos\Downloads\2016.1 (salvos)\00. TESE C:\Users\RODRIGO\Desktop\2016.2 - Atalho.lnk - E:\Meus Documentos\Downloads\2016.2 C:\Users\RODRIGO\Desktop\Addictive Keys.lnk - E:\Program Files\XLN Audio\Addictive Keys\Addictive Keys.exe C:\Users\RODRIGO\Desktop\Adobe Acrobat XI Pro.lnk - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe C:\Users\RODRIGO\Desktop\Awave Studio.lnk - C:\Program Files (x86)\Awave Studio\Awave Studio.exe C:\Users\RODRIGO\Desktop\bloco de notas - Atalho.lnk - E:\Meus Documentos\Downloads\2016.2\bloco de notas C:\Users\RODRIGO\Desktop\ChordPulse.lnk - C:\Program Files (x86)\ChordPulse\ChordPulse.exe C:\Users\RODRIGO\Desktop\Dicionário eletrônico Houaiss 3.lnk - C:\Users\RODRIGO\Desktop\Documents - Atalho.lnk - E:\Meus Documentos\Downloads\Documents C:\Users\RODRIGO\Desktop\DP9 (64 bit).lnk - C:\Program Files (x86)\MOTU\Digital Performer 9.1\DP.exe C:\Users\RODRIGO\Desktop\DVD Flick.lnk - C:\Program Files (x86)\DVD Flick\dvdflick.exe C:\Users\RODRIGO\Desktop\Google Books Download.lnk - C:\Program Files (x86)\PDFsvg\Google Books Download\GoogleBooks.exe C:\Users\RODRIGO\Desktop\i-Menu - Atalho.lnk - C:\Program Files (x86)\i-Menu\i-Menu.exe C:\Users\RODRIGO\Desktop\ImageEnlarger - Atalho.lnk - E:\Meus Documentos\Downloads\Programs\Image Enlarger-v0.8-win32\ImageEnlarger-v0.8\ImageEnlarger\ImageEnlarger.exe C:\Users\RODRIGO\Desktop\Internet Download Manager.lnk - C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Users\RODRIGO\Desktop\MEGAsync.lnk - C:\Users\RODRIGO\AppData\Local\MEGAsync\MEGAsync.exe C:\Users\RODRIGO\Desktop\Melodyne Studio 4.lnk - C:\Program Files\Celemony\Melodyne Studio 4\Melodyne.exe C:\Users\RODRIGO\Desktop\Menu Iniciar no Sandboxie.lnk - C:\Program Files (x86)\Sandboxie\Start.exe /box:__ask__ start_menu C:\Users\RODRIGO\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\RODRIGO\Desktop\Navegador web em uma caixa.lnk - C:\Program Files\Sandboxie\Start.exe default_browser C:\Users\RODRIGO\Desktop\Paint.lnk - C:\Windows\system32\mspaint.exe C:\Users\RODRIGO\Desktop\PCN 2001 - Atalho.lnk - C:\Program Files (x86)\PCN2001\pcn2k1.exe C:\Users\RODRIGO\Desktop\PDFToMusic Pro v.1.0.4.lnk - C:\Program Files (x86)\PDFtoMusic Pro\PDFToMusic Pro.exe C:\Users\RODRIGO\Desktop\Viena.lnk - C:\Program Files (x86)\Viena\Viena.exe C:\Users\RODRIGO\Desktop\WIDI 4.0 Pro.lnk - C:\Program Files (x86)\WIDI 4.0 Pro\widi.exe C:\Users\RODRIGO\Desktop\WinDirStat.lnk - C:\Program Files (x86)\WinDirStat\windirstat.exe C:\Users\RODRIGO\Desktop\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\ACDSee Ultimate 9 (64-bit).lnk - C:\Program Files (x86)\ACD Systems\ACDSee Ultimate\9.0\ACDSeeUltimate9.exe C:\Users\Public\Desktop\Adobe Digital Editions 4.5.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe C:\Users\Public\Desktop\Ashampoo WinOptimizer 2017.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2017\WO2017.exe C:\Users\Public\Desktop\Audacity.lnk - C:\Program Files (x86)\Audacity\audacity.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\Central de Soluções HP.lnk - C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files\DAEMON Tools Lite\DTLauncher.exe C:\Users\Public\Desktop\Defraggler.lnk - C:\Program Files\Defraggler\Defraggler64.exe C:\Users\Public\Desktop\ePub Converter.lnk - E:\Program Files (x86)\eBook Converter\ePub Converter\epubconverter.exe C:\Users\Public\Desktop\Epubor Ultimate.lnk - C:\Program Files (x86)\Epubor\ultimate\ultimate.exe C:\Users\Public\Desktop\Finale 2014.5.lnk - C:\Program Files (x86)\Finale 2014.5\Finale.exe C:\Users\Public\Desktop\Finale.lnk - C:\Program Files (x86)\Finale\Finale.exe C:\Users\Public\Desktop\Foxit PhantomPDF.lnk - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitPhantomPDF.exe C:\Users\Public\Desktop\Freemake Video Converter.lnk - C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe C:\Users\Public\Desktop\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe C:\Users\Public\Desktop\Google2SRT.lnk - C:\Program Files (x86)\Google2SRT\Google2SRT.exe C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe C:\Users\Public\Desktop\IObit Malware Fighter.lnk - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe C:\Users\Public\Desktop\IObit Unlocker.lnk - C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.exe C:\Users\Public\Desktop\Kobo.lnk - C:\Program Files (x86)\Kobo\Kobo.exe C:\Users\Public\Desktop\Kontakt 5.lnk - C:\Program Files (x86)\Native Instruments\Kontakt 5\Kontakt 5.exe C:\Users\Public\Desktop\Lighten PDF Converter OCR.lnk - C:\Program Files (x86)\Lighten PDF Converter OCR\PDF Converter OCR.exe C:\Users\Public\Desktop\Loja de Suprimentos HP.lnk - C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe C:\Users\Public\Desktop\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe C:\Users\Public\Desktop\Neuro-Programmer 3.lnk - C:\Program Files (x86)\Neuro-Programmer 3\Neuro-Programmer 3.exe C:\Users\Public\Desktop\Notepad++.lnk - C:\Program Files (x86)\Notepad++\notepad++.exe C:\Users\Public\Desktop\Otimizador 1-Clique (WO2017).lnk - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2017\WO2017.exe -OCO C:\Users\Public\Desktop\PDFPasswordRemover.lnk - C:\Program Files\PDF Password Remover\PPR.exe C:\Users\Public\Desktop\PhotoInstrument.lnk - C:\Program Files (x86)\PhotoInstrument\PhotoInstrument.exe C:\Users\Public\Desktop\PowerISO.lnk - C:\Program Files\PowerISO\PowerISO.exe C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe C:\Users\Public\Desktop\REAPER (x64).lnk - C:\Program Files\REAPER (x64)\reaper.exe C:\Users\Public\Desktop\Recuva.lnk - C:\Program Files\Recuva\recuva64.exe C:\Users\Public\Desktop\SmartScore X2 Pro.lnk - C:\Windows\Installer\{A6E3CDA1-ABA4-4E11-94E3-B05CDC80F496}\_670E72EBDA2B7C008ED37F.exe C:\Users\Public\Desktop\Sound Forge Pro 11.0.lnk - C:\Program Files (x86)\Sony\Sound Forge Pro 11.0\Forge110.exe C:\Users\Public\Desktop\Speccy.lnk - C:\Program Files\Speccy\Speccy64.exe C:\Users\Public\Desktop\SpectraLayers Pro 3.0.lnk - C:\Program Files (x86)\Sony\SpectraLayers Pro 3.0\Win64\SpectraLayers.exe C:\Users\Public\Desktop\STDU Converter.lnk - C:\Program Files (x86)\STDU Converter\STDUConverterApp.exe C:\Users\Public\Desktop\Vegas Pro 13.0 (64-bit).lnk - C:\Program Files (x86)\Sony\Vegas Pro 13.0\vegas130.exe ==== shortcuts in Users Start Menu ====================== C:\Users\RODRIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\MEGA Website.lnk - C:\Users\RODRIGO\AppData\Local\MEGAsync\MEGA Website.url C:\Users\RODRIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\MEGAsync.lnk - C:\Users\RODRIGO\AppData\Local\MEGAsync\MEGAsync.exe C:\Users\RODRIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\Uninstall.lnk - C:\Users\RODRIGO\AppData\Local\MEGAsync\uninst.exe C:\Users\RODRIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk - C:\Users\RODRIGO\AppData\Local\MEGAsync\MEGAsync.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Central de Soluções HP.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center.lnk - C:\Program Files (x86)\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registro OCR I.R.I.S..lnk - C:\Program Files (x86)\HP\Digital Imaging\DocProc\regipe.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accusonus\ERA-D\Uninstall.lnk - C:\Program Files\Accusonus\ERA-D\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accusonus\Regroover Pro\Uninstall.lnk - C:\Program Files\Accusonus\Regroover Pro\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\DVD Flick.lnk - C:\Program Files (x86)\DVD Flick\dvdflick.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Uninstall DVD Flick.lnk - C:\Program Files (x86)\DVD Flick\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\Changelog.lnk - C:\Program Files (x86)\DVD Flick\changelog.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\GNU GPL License.lnk - C:\Program Files (x86)\DVD Flick\license.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\Guide.lnk - C:\Program Files (x86)\DVD Flick\guide\index_en.html C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\Readme.lnk - C:\Program Files (x86)\DVD Flick\readme.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Atualização HP.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Central de Soluções HP.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Loja de Suprimentos HP.lnk - C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photosmart Essential 3.5\Desinstalar HP Photosmart Essential 3.5.lnk - C:\Program Files (x86)\HP\Digital Imaging\photosmartessential\hpzscr01.exe -datfile hpqbud13.dat C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photosmart Essential 3.5\HP Photosmart Essential 3.5.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Smart Web Printing\Ajuda da HP Smart Web Printing.lnk - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\Help\hpsmartprint.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4400 series\Adicionar dispositivo.lnk - C:\Program Files (x86)\HP\Digital Imaging\{8181C5B7-2FF5-4677-BA6A-8E2C3F5A7601}\hpzstub.exe -addadevice C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4400 series\Ajuda.lnk - C:\Program Files (x86)\HP\Digital Imaging\help\aio47.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4400 series\Desinstalar.lnk - C:\Program Files (x86)\HP\Digital Imaging\{8181C5B7-2FF5-4677-BA6A-8E2C3F5A7601}\setup\hpzscr40.exe -datfile hposcr29.dat -onestop C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4400 series\Leiame.lnk - C:\Program Files (x86)\HP\Digital Imaging\help\PS_AIO_03_C4400_readme\readme.html C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4400 series\Registro do produto.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe "HP Photosmart C4400 series" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4400 series\Site de suporte a produtos.lnk - C:\Program Files (x86)\HP\Digital Imaging\HP Photosmart C4400 series\help\HP Product Support Website.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter\Desinstalar IObit Malware Fighter.lnk - C:\Program Files (x86)\IObit\IObit Malware Fighter\unins001.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter\IObit Malware Fighter.lnk - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com\Memory Cleaner\Clear System Cache.lnk - C:\Users\RODRIGO\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe cache C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com\Memory Cleaner\Memory Cleaner.lnk - C:\Users\RODRIGO\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com\Memory Cleaner\Trim Processes' Working Set.lnk - C:\Users\RODRIGO\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe process C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com\Memory Cleaner\Uninstall Memory Cleaner.lnk - C:\Users\RODRIGO\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe uninstall C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lennar Digital Sylenth1 v2.2.1\Uninstall Sylenth1 v2.2.1.lnk - E:\Samples\Steinberg\VSTI x64\Army of Ninjas Sylenth1 v2.2.1.1\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /show C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /disable C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /enable C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\ReaMote Slave (x64).lnk - C:\Program Files\REAPER (x64)\reamote.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\REAPER (x64) (create new project).lnk - C:\Program Files\REAPER (x64)\reaper.exe -new C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\REAPER (x64) (reset configuration to factory defaults).lnk - C:\Program Files\REAPER (x64)\reaper.exe -resetconfig C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\REAPER (x64) (ReWire slave mode).lnk - C:\Program Files\REAPER (x64)\reaper.exe -rewire C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\REAPER (x64) (show audio configuration on startup).lnk - C:\Program Files\REAPER (x64)\reaper.exe -audiocfg C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\REAPER (x64).lnk - C:\Program Files\REAPER (x64)\reaper.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\REAPER License and User Agreement.lnk - C:\Program Files\REAPER (x64)\license.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\Uninstall REAPER (x64).lnk - C:\Program Files\REAPER (x64)\Uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\Whatsnew.txt.lnk - C:\Program Files\REAPER (x64)\whatsnew.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Controle do Sandboxie.lnk - C:\Program Files\Sandboxie\SbieCtrl.exe /open C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Desinstalar o Sandboxie.lnk - C:\Windows\Installer\SandboxieInstall64.exe /remove C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Menu Iniciar no Sandboxie.lnk - C:\Program Files\Sandboxie\Start.exe /box:__ask__ start_menu C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Rodar o navegador web em uma caixa de areia.lnk - C:\Program Files\Sandboxie\Start.exe default_browser C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Rodar o Windows Explorer em uma caixa de areia.lnk - C:\Program Files\Sandboxie\Start.exe . C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Rodar qualquer programa em uma caixa de areia.lnk - C:\Program Files\Sandboxie\Start.exe /box:__ask__ run_dialog C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\RODRIGO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 4.5.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe C:\Users\RODRIGO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\RODRIGO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\RODRIGO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Navegador web em uma caixa.lnk - C:\Program Files\Sandboxie\Start.exe default_browser C:\Users\RODRIGO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\RODRIGO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\RODRIGO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\RODRIGO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe C:\Users\RODRIGO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk - C:\Windows\system32\notepad.exe C:\Users\RODRIGO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\RODRIGO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\RODRIGO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk - C:\Windows\system32\notepad.exe C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductUpdater deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== Reset WMI ====================== Os seguintes servi‡os sÆo dependentes do servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows. Finalizar o servi‡o Testador de instrumenta‡Æo de gerenciam. do Windows tamb‚m finalizar estes servi‡os. Central de Seguran‡a Auxiliar de IP O servi‡o de Central de Seguran‡a est sendo finalizado . O servi‡o de Central de Seguran‡a foi finalizado com ˆxito. O servi‡o de Auxiliar de IP est sendo finalizado . O servi‡o de Auxiliar de IP foi finalizado com ˆxito. O servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows est sendo finalizado . O servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows foi finalizado com ˆxito. C:\Windows\system32\wbem\repository renamed to repository.old C:\Windows\syswow64\wbem\repository renamed to repository.old ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\RODRIGO\AppData\Local\Temp will be emptied at reboot C:\Users\USURIO~1\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\RODRIGO\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 08/07/2017 at 10:53:19,63 ====================== ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ Outra coisa Elias. Ontem, o Malwarebytes (MB) disse que meu último scan tinha sido no dia 08. Ele escaneou automaticamente e pegou várias pragas. Backdoors no SVCHOST, PUP.optionals, mas como você não pediu pra que eu passasse o scan do MB novamente, eu não deletei esses infecções encontradas. Daí, fechei o programa sem excluir as detecções. Pouco depois de enviar essa mensagem, me antecipei e passei o scan do MB. Te mando também o log das infecções encontradas: ==================================================================================================================================================== Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 08/07/17 Hora da análise: 11:05 Arquivo de registro: Malwarebytes log.txt Administrador: Sim -Informação do software- Versão: 3.1.2.1733 Versão de componentes: 1.0.141 Versão do pacote de definições: 1.0.2319 Licença: Grátis -Informação do sistema- Sistema operacional: Windows 7 Service Pack 1 CPU: x64 Sistema de arquivos: NTFS Usuário: RODRIGO-PC\RODRIGO -Resumo da análise- Tipo de análise: Análise de Ameaças Resultado: Concluído Objetos verificados: 405218 Ameaças detectadas: 18 Ameaças em quarentena: 0 (Nenhum item malicioso detectado) Tempo decorrido: 0 min, 48 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Desabilitado Heurística: Habilitado PUP: Habilitado PUM: Habilitado -Detalhes da análise- Processo: 2 Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\SVCHOST.EXE, Nenhuma ação do usuário, [675], [355551],1.0.2319 Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\EXPLORER.EXE, Nenhuma ação do usuário, [675], [355551],1.0.2319 Módulo: 2 Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\SVCHOST.EXE, Nenhuma ação do usuário, [675], [355551],1.0.2319 Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\EXPLORER.EXE, Nenhuma ação do usuário, [675], [355551],1.0.2319 Chave de registro: 1 PUP.Optional.InstallCore, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DAEMON Tools Lite, Nenhuma ação do usuário, [3], [407013],1.0.2319 Valor de registro: 4 Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Svchost, Nenhuma ação do usuário, [675], [355551],1.0.2319 Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Svchost, Nenhuma ação do usuário, [675], [355551],1.0.2319 Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Explorer, Nenhuma ação do usuário, [675], [355551],1.0.2319 Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Explorer, Nenhuma ação do usuário, [675], [355551],1.0.2319 Dados de registro: 1 Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell, Nenhuma ação do usuário, [675], [355551],1.0.2319 Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 0 (Nenhum item malicioso detectado) Arquivo: 8 Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\SVCHOST.EXE, Nenhuma ação do usuário, [675], [355551],1.0.2319 Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\EXPLORER.EXE, Nenhuma ação do usuário, [675], [355551],1.0.2319 Backdoor.Agent.Generic, C:\USERS\RODRIGO\APPDATA\ROAMING\MRSYS.EXE, Nenhuma ação do usuário, [675], [355551],1.0.2319 PUP.Optional.InstallCore, C:\PROGRAM FILES\DAEMON TOOLS LITE\UNINST.EXE, Nenhuma ação do usuário, [3], [407013],1.0.2319 Backdoor.Agent.Generic, C:\USERS\RODRIGO\APPDATA\LOCAL\STSYS.EXE, Nenhuma ação do usuário, [675], [355551],1.0.2319 Backdoor.Agent.Generic, C:\USERS\RODRIGO\DOWNLOADS\ZA-SCAN.EXE,, Nenhuma ação do usuário, [675], [355551],1.0.2319 Backdoor.Agent.Generic, C:\USERS\RODRIGO\APPDATA\LOCAL\VIRTUALSTORE\DRIVER PARA HP PHOTOSMART C4480.EXE,, Nenhuma ação do usuário, [675], [355551],1.0.2319 RiskWare.HeuristicsReservedWordExploit, C:\WINDOWS\SYSTEM\SPOOLSV.EXE, Nenhuma ação do usuário, [15497], [293552],1.0.2319 Setor físico: 0 (Nenhum item malicioso detectado) (end) ==================================================================================================================================== Devo rodar o MB novamente e excluir essas detecções ou devo aguardar a tua orientação aqui? Outra coisa Elias. O Z-scan eliminou todas as minhas extensões no google chrome (adblocks e similares). Estou reinstalando porque a navegação sem essas coisas é simplesmente inviável. Mais uma vez muito obrigado por toda ajuda.
  4. Oi Elias. No momento em que executei sim. Ambos estavam no desktop. Houve algum problema? Mais uma vez obrigado pela atenção!
  5. Olá Elias. Amigo, o ZA-Scan não estava iniciando com o duplo clique. Só rodou quando cliquei nele e executei como Admin. Ai vai o log: ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ZA-Scan V1.0.0.5 Updated 30-09-2015 Tool run by RODRIGO on 26/06/2017 at 9:04:48,24. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode No Internet Access Detected ==== Older Logs ====================== C:\zoek-results2016-08-17-215036.log 21253 bytes C:\zoek-results2016-08-18-024457.log 780 bytes C:\zoek-results2016-08-22-221238.log 57923 bytes C:\zoek-results2017-05-29-050432.log 26283 bytes ==== System Restore Info ====================== 26/06/2017 09:05:00 Zoek.exe System Restore Point Created Successfully. ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell"="explorer.exe" ==== C:\zoek_backup content ====================== C:\zoek_backup (files=267 folders=258 1280379600 bytes) ==== EOF on 26/06/2017 at 9:05:08,94 ====================== ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ Mais uma vez, obrigado pela ajuda.
  6. Oi Elias. Eis ai o log que você solicitou referente à remoção do Roguekiller: ▀▀▀▀▀▀▀▀▀▀▀▀▀ RogueKiller V12.11.2.0 (x64) [Jun 12 2017] (Free) por Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Site : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Iniciou : Modo normal Usuário : RODRIGO [Administrador] Started from : c:\users\rodrigo\desktop\limpar\roguekiller 12.11.2.0_portable64.exe Modo : Deletar -- Data : 06/19/2017 09:51:18 (Duration : 00:14:55) ¤¤¤ Processos : 5 ¤¤¤ [Hj.Name|VT.PWS:Win32/VB] explorer.exe(3796) -- C:\Windows\system\explorer.exe[-] -> Interrompido [TermProc] [Hj.Name|VT.PWS:Win32/VB.CU] svchost.exe(3764) -- C:\Windows\system\svchost.exe[-] -> Interrompido [TermProc] [Proc.Svchost] svchost.exe(3764) -- C:\Windows\system\svchost.exe[-] -> Interrompido [TermProc] [Hj.Name|MalPE.40|VT.PWS:Win32/VB] explorer.exe(3796) -- C:\Windows\system\explorer.exe[-] -> Encontrado [MalPE.40] MSVBVM60.DLL(3796) -- C:\Windows\system32\MSVBVM60.DLL[x] -> Encontrado ¤¤¤ Registro : 7 ¤¤¤ [Hj.Name|VT.PWS:Win32/VB] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Explorer : c:\windows\system\explorer.exe RU [-] -> Deletado [Hj.Name|VT.PWS:Win32/VB.CU] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Svchost : c:\windows\system\svchost.exe RU [-] -> Deletado [Hj.Name|VT.PWS:Win32/VB] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | Explorer : c:\windows\system\explorer.exe RO [-] -> Deletado [Hj.Name|VT.PWS:Win32/VB.CU] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | Svchost : c:\windows\system\svchost.exe RO [-] -> Deletado [Hj.RegVal] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : C:\Windows\explorer.exe, c:\windows\system\explorer.exe -> Substituído (explorer.exe) [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Substituído (1) [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Substituído (1) ¤¤¤ Tarefas : 0 ¤¤¤ ¤¤¤ Arquivos : 6 ¤¤¤ [PUP.AutoIt.Gen][Arquivo] C:\Users\RODRIGO\Desktop\Memory Cleaner.lnk [LNK@] C:\Users\RODRIGO\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe -> Deletado [File.Forged][Arquivo] C:\Windows\BS_DEF.sys -> Substituído na reinicialização ( @Src C:\Users\RODRIGO\AppData\Local\Temp\snack\BS_DEF.sys) [PUP.Gen1][Pasta] C:\Users\RODRIGO\AppData\Roaming\Easeware -> Deletado [PUP.AutoIt.Gen][Arquivo] C:\Users\RODRIGO\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe -> Deletado [PUP.Gen1][Pasta] C:\Program Files\Easeware -> Deletado [PUP.AutoIt.Gen][Arquivo] C:\Users\RODRIGO\Desktop\Memory Cleaner.lnk [LNK@] C:\Users\RODRIGO\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe -> Removido na reinicialização [2] ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Arquivos de hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤ ¤¤¤ Navegadores : 0 ¤¤¤ ¤¤¤ Verificação da MBR : ¤¤¤ +++++ PhysicalDrive0: ST1000DM 003-1CH162 SCSI Disk Device +++++ --- User --- [MBR] e73cc35fb667427567c7058fad189503 [BSP] 876aec463e61c590e9c4536ea9052879 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: +++++ --- User --- [MBR] 12a2f6bb2a0e3deaa97ac9ceec015450 [BSP] 95025fcd93a332dd6f284e400161a684 : Unknown MBR Code Partition table: 0 - EFI System Partition | Offset (sectors): 40 | Size: 200 MB 1 - Sem Título 1 | Offset (sectors): 409640 | Size: 57715 MB 2 - Sem Título 2 | Offset (sectors): 118873872 | Size: 895205 MB 3 - Recovery HD | Offset (sectors): 1952255592 | Size: 619 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: KINGSTON SV300S37A120G SCSI Disk Device +++++ --- User --- [MBR] 562eae5bc24cc3cb43d488487215422c [BSP] 7b0db447eb9de33a005b39518e2bd51d : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK ▀▀▀▀▀▀▀▀▀▀▀▀▀ No aguardo dos próximos passos. Como sempre, muito obrigado.
  7. Oi Elias. Eis ai o log que você solicitou: ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ RogueKiller V12.11.2.0 (x64) [Jun 12 2017] (Free) por Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Site : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Iniciou : Modo normal Usuário : RODRIGO [Administrador] Started from : C:\Users\RODRIGO\Desktop\RogueKiller 12.11.2.0_portable64.exe Modo : Escanear -- Data : 06/14/2017 03:03:31 (Duration : 00:15:04) ¤¤¤ Processos : 5 ¤¤¤ [Hj.Name|VT.PWS:Win32/VB] explorer.exe(4056) -- C:\Windows\system\explorer.exe[-] -> Encontrado [Hj.Name|VT.PWS:Win32/VB.CU] svchost.exe(3792) -- C:\Windows\system\svchost.exe[-] -> Encontrado [Proc.Svchost] svchost.exe(3792) -- C:\Windows\system\svchost.exe[-] -> Encontrado [Hj.Name|MalPE.40|VT.PWS:Win32/VB] explorer.exe(4056) -- C:\Windows\system\explorer.exe[-] -> Encontrado [MalPE.40] MSVBVM60.DLL(4056) -- C:\Windows\system32\MSVBVM60.DLL[x] -> Encontrado ¤¤¤ Registro : 7 ¤¤¤ [Hj.Name|VT.PWS:Win32/VB] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Explorer : c:\windows\system\explorer.exe RU [-] -> Encontrado [Hj.Name|VT.PWS:Win32/VB.CU] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Svchost : c:\windows\system\svchost.exe RU [-] -> Encontrado [Hj.Name|VT.PWS:Win32/VB] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | Explorer : c:\windows\system\explorer.exe RO [-] -> Encontrado [Hj.Name|VT.PWS:Win32/VB.CU] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | Svchost : c:\windows\system\svchost.exe RO [-] -> Encontrado [Hj.RegVal] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : C:\Windows\explorer.exe, c:\windows\system\explorer.exe -> Encontrado [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Encontrado [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Encontrado ¤¤¤ Tarefas : 0 ¤¤¤ ¤¤¤ Arquivos : 6 ¤¤¤ [PUP.AutoIt.Gen][Arquivo] C:\Users\RODRIGO\Desktop\Memory Cleaner.lnk [LNK@] C:\Users\RODRIGO\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe -> Encontrado [File.Forged][Arquivo] C:\Windows\BS_DEF.sys -> Encontrado [PUP.Gen1][Pasta] C:\Users\RODRIGO\AppData\Roaming\Easeware -> Encontrado [PUP.AutoIt.Gen][Arquivo] C:\Users\RODRIGO\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe -> Encontrado [PUP.Gen1][Pasta] C:\Program Files\Easeware -> Encontrado [PUP.AutoIt.Gen][Arquivo] C:\Users\RODRIGO\Desktop\Memory Cleaner.lnk [LNK@] C:\Users\RODRIGO\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe -> Encontrado ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Arquivos de hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤ ¤¤¤ Navegadores : 0 ¤¤¤ ¤¤¤ Verificação da MBR : ¤¤¤ +++++ PhysicalDrive0: ST1000DM 003-1CH162 SCSI Disk Device +++++ --- User --- [MBR] e73cc35fb667427567c7058fad189503 [BSP] 876aec463e61c590e9c4536ea9052879 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: +++++ --- User --- [MBR] 12a2f6bb2a0e3deaa97ac9ceec015450 [BSP] 95025fcd93a332dd6f284e400161a684 : Unknown MBR Code Partition table: 0 - EFI System Partition | Offset (sectors): 40 | Size: 200 MB 1 - Sem Título 1 | Offset (sectors): 409640 | Size: 57715 MB 2 - Sem Título 2 | Offset (sectors): 118873872 | Size: 895205 MB 3 - Recovery HD | Offset (sectors): 1952255592 | Size: 619 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: KINGSTON SV300S37A120G SCSI Disk Device +++++ --- User --- [MBR] 562eae5bc24cc3cb43d488487215422c [BSP] 7b0db447eb9de33a005b39518e2bd51d : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK ▀▀▀▀▀▀▀▀▀▀▀▀▀ No aguardo dos próximos passos. Muito obrigado.
  8. Oi Caro Elias. Muito obrigado por responder! Eis ai os logs solicitados: Malwarebytes Relatório: Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 08/06/17 Hora da análise: 21:51 Arquivo de registro: mb-Relatório.txt Administrador: Sim -Informação do software- Versão: 3.1.2.1733 Versão de componentes: 1.0.141 Versão do pacote de definições: 1.0.2116 Licença: Grátis -Informação do sistema- Sistema operacional: Windows 7 Service Pack 1 CPU: x64 Sistema de arquivos: NTFS Usuário: RODRIGO-PC\RODRIGO -Resumo da análise- Tipo de análise: Análise de Ameaças Resultado: Concluído Objetos verificados: 395581 Ameaças detectadas: 47 Ameaças em quarentena: 46 Tempo decorrido: 0 min, 56 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Desabilitado Heurística: Habilitado PUP: Habilitado PUM: Habilitado -Detalhes da análise- Processo: 2 Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\SVCHOST.EXE, Quarentena, [657], [355551],1.0.2116 Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\EXPLORER.EXE, Quarentena, [657], [355551],1.0.2116 Módulo: 2 Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\SVCHOST.EXE, Quarentena, [657], [355551],1.0.2116 Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\EXPLORER.EXE, Quarentena, [657], [355551],1.0.2116 Chave de registro: 4 Trojan.Agent, HKU\S-1-5-21-2971753865-502576637-3763037539-1000\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}, Quarentena, [24], [165494],1.0.2116 Trojan.Agent, HKU\S-1-5-21-2971753865-502576637-3763037539-1000\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}, Quarentena, [24], [165483],1.0.2116 PUP.Optional.SmartDriverUpdater, HKU\S-1-5-21-2971753865-502576637-3763037539-1000\SOFTWARE\SMART PC SOLUTIONS\Smart Driver Updater, Quarentena, [748], [333237],1.0.2116 PUP.Optional.SmartDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Smart Driver Updater Schedule, Quarentena, [748], [257649],1.0.2116 Valor de registro: 4 Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Svchost, Quarentena, [657], [355551],1.0.2116 Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Svchost, Quarentena, [657], [355551],1.0.2116 Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Explorer, Quarentena, [657], [355551],1.0.2116 Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Explorer, Quarentena, [657], [355551],1.0.2116 Dados de registro: 1 Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell, Substituído, [657], [355551],1.0.2116 Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 1 PUP.Optional.SmartDriverUpdater, C:\USERS\RODRIGO\APPDATA\ROAMING\Smart Driver Updater, Quarentena, [748], [354828],1.0.2116 Arquivo: 33 Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\SVCHOST.EXE, Quarentena, [657], [355551],1.0.2116 Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\EXPLORER.EXE, Quarentena, [657], [355551],1.0.2116 PUP.Optional.AshampooDriverUpdater, C:\PROGRAMDATA\ASHAMPOO\ICO_ASHAMPOO_DEALS.ICO, Quarentena, [2483], [354924],1.0.2116 PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\Devices.ini, Quarentena, [748], [354828],1.0.2116 PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\DevicesPlus.ini, Quarentena, [748], [354828],1.0.2116 PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\Drivers64.db, Quarentena, [748], [354828],1.0.2116 PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\n36c0fa46c3f9.zip.pre, Quarentena, [748], [354828],1.0.2116 PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\n36c0fa46c3f9.zip.status, Quarentena, [748], [354828],1.0.2116 PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\n6fca9c3149fb.exe.pre, Quarentena, [748], [354828],1.0.2116 PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\n6fca9c3149fb.exe.status, Quarentena, [748], [354828],1.0.2116 PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\n923fa24ebe77.zip.pre, Quarentena, [748], [354828],1.0.2116 PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\n923fa24ebe77.zip.status, Quarentena, [748], [354828],1.0.2116 PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\nbd661a149b96.zip.pre, Quarentena, [748], [354828],1.0.2116 PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\nbd661a149b96.zip.status, Quarentena, [748], [354828],1.0.2116 PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\nc6e5a82e6800.zip.pre, Quarentena, [748], [354828],1.0.2116 PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\nc6e5a82e6800.zip.status, Quarentena, [748], [354828],1.0.2116 PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\nd5ab8fe86ad2.exe.pre, Quarentena, [748], [354828],1.0.2116 PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\nd5ab8fe86ad2.exe.status, Quarentena, [748], [354828],1.0.2116 PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\ne7a28201a80c.zip.pre, Quarentena, [748], [354828],1.0.2116 PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\ne7a28201a80c.zip.status, Quarentena, [748], [354828],1.0.2116 PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\program.log, Quarentena, [748], [354828],1.0.2116 PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\program_error.log, Quarentena, [748], [354828],1.0.2116 PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\Scan.ini, Quarentena, [748], [354828],1.0.2116 PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\settings.ini, Quarentena, [748], [354828],1.0.2116 Backdoor.Agent.Generic, C:\USERS\RODRIGO\APPDATA\ROAMING\MRSYS.EXE, Falha ao remover, [657], [355551],1.0.2116 Backdoor.Agent.Generic, C:\USERS\RODRIGO\DOWNLOADS\FSSGOOGLEBOOKSDOWNLOADERSETUP.EXE,, Quarentena, [657], [355551],1.0.2116 RiskWare.DontStealOurSoftware, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Substituído, [715], [353142],1.0.2116 Backdoor.Agent.Generic, C:\USERS\RODRIGO\DOWNLOADS\ZA-SCAN.EXE,, Quarentena, [657], [355551],1.0.2116 Backdoor.Agent.Generic, C:\USERS\RODRIGO\DOWNLOADS\ZA-SCAN (1).EXE,, Quarentena, [657], [355551],1.0.2116 Backdoor.Agent.Generic, C:\USERS\RODRIGO\APPDATA\LOCAL\STSYS.EXE, Quarentena, [657], [355551],1.0.2116 Backdoor.Agent.Generic, C:\USERS\RODRIGO\APPDATA\LOCAL\ICSYS.ICN.EXE, Quarentena, [657], [355551],1.0.2116 RiskWare.HeuristicsReservedWordExploit, C:\WINDOWS\SYSTEM\SPOOLSV.EXE, Quarentena, [15347], [293552],1.0.2116 PUP.Optional.SmartDriverUpdater, C:\WINDOWS\SYSTEM32\TASKS\SMART DRIVER UPDATER SCHEDULE, Quarentena, [748], [257647],1.0.2116 Setor físico: 0 (Nenhum item malicioso detectado) (end) ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ AdwCleaner Relatório # AdwCleaner v6.047 - Relatório criado 08/06/2017 às 22:04:39 # Atualizado em 19/05/2017 por Malwarebytes # Banco de dados : 2017-06-08.1 [Servidor] # Sistema operacional : Windows 7 Ultimate Service Pack 1 (X64) # Usuário : RODRIGO - RODRIGO-PC # Executando de : c:\Users\RODRIGO\Desktop\LIMPAR\adwcleaner (6.047).exe # Modo: Limpo # Apoio : https://www.malwarebytes.com/support ***** [ Serviços ] ***** ***** [ Pastas ] ***** [-] Pasta excluída:C:\Users\RODRIGO\AppData\Local\YSearchUtil [-] Pasta excluída:C:\Users\RODRIGO\AppData\LocalLow\IObit\Advanced SystemCare [-] Pasta excluída:C:\Users\RODRIGO\AppData\Roaming\IObit\Advanced SystemCare [-] Pasta excluída:C:\Users\RODRIGO\Documents\Smart Driver Updater [-] Pasta excluída:C:\ProgramData\IObit\ASCDownloader [-] Pasta excluída:C:\ProgramData\IObit\Advanced SystemCare [#] Pasta excluída na reinicialização:C:\ProgramData\Application Data\IObit\ASCDownloader [#] Pasta excluída na reinicialização:C:\ProgramData\Application Data\IObit\Advanced SystemCare [-] Pasta excluída:C:\Program Files (x86)\IObit\Advanced SystemCare [-] Pasta excluída:C:\Program Files (x86)\Common Files\freemake shared [-] Pasta excluída:C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil [-] Pasta excluída:C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegneaniplmfjcmohoclabblbahcbjoe ***** [ Arquivos ] ***** [-] Arquivo excluído:C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hegneaniplmfjcmohoclabblbahcbjoe_0.localstorage ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Atalhos ] ***** ***** [ Atividades agendadas ] ***** ***** [ Registro ] ***** [-] Chave excluída:HKU\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890} [-] Chave excluída:HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} [-] Chave excluída:HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A} [-] Chave excluída:HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8} [-] Chave excluída:HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7} [-] Chave excluída:HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890} [-] Chave excluída:HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15} [-] Chave excluída:HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69} [-] Chave excluída:HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2} [#] Chave excluída na reinicialização:HKCU\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890} [-] Chave excluída:HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890} [-] Chave excluída:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} [-] Chave excluída:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} [-] Chave excluída:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} [-] Chave excluída:HKU\S-1-5-21-2971753865-502576637-3763037539-1000\Software\APN PIP [-] Chave excluída:HKU\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Smart PC Solutions [-] Chave excluída:HKU\S-1-5-21-2971753865-502576637-3763037539-1000\Software\drpsu [#] Chave excluída na reinicialização:HKCU\Software\APN PIP [#] Chave excluída na reinicialização:HKCU\Software\Smart PC Solutions [#] Chave excluída na reinicialização:HKCU\Software\drpsu [-] Chave excluída:HKLM\SOFTWARE\PIP [-] Chave excluída:HKLM\SOFTWARE\IOBIT\ASC [#] Chave excluída na reinicialização:[x64] HKCU\Software\APN PIP [#] Chave excluída na reinicialização:[x64] HKCU\Software\Smart PC Solutions [#] Chave excluída na reinicialização:[x64] HKCU\Software\drpsu [-] Chave excluída:HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect [-] Chave excluída:HKCU\Software\Google\Chrome\Extensions\hegneaniplmfjcmohoclabblbahcbjoe [-] Chave excluída:HKLM\SOFTWARE\Google\Chrome\Extensions\hegneaniplmfjcmohoclabblbahcbjoe [#] Chave excluída na reinicialização:[x64] HKCU\Software\Google\Chrome\Extensions\hegneaniplmfjcmohoclabblbahcbjoe ***** [ Verificando navegadores ... ] ***** [-] [C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Eliminado:br.ask.com [-] [C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default] [extension] Eliminado:hegneaniplmfjcmohoclabblbahcbjoe ************************* :: Chaves "Tracing" excluídas :: Configurações Winsock restauradas ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [4814 Bytes] - [08/06/2017 22:04:39] C:\AdwCleaner\AdwCleaner[S0].txt - [5100 Bytes] - [08/06/2017 22:01:49] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4960 Bytes] ########## ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ Junkware Relatório ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.3 (04.10.2017) Operating System: Windows 7 Ultimate x64 Ran by RODRIGO (Administrator) on 08/06/2017 at 22:08:55,63 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 246 Successfully deleted: C:\ProgramData\1471435998.bdinstall.bin (File) Successfully deleted: C:\ProgramData\1471437489.bdinstall.bin (File) Successfully deleted: C:\ProgramData\1471437490.bdinstall.bin (File) Successfully deleted: C:\ProgramData\productdata (Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Roaming\productdata (Folder) Successfully deleted: C:\Windows\wininit.ini (File) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02EFY7YJ (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05Q4DAPO (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\07R66467 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\097V8CCY (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HHHK75R (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0RQ7JNC3 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10UILRSE (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\12BXMJZ2 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16X8H9L3 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\18XRPG65 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MWTFUV3 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1NN7FB65 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1NRDEE8V (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1XLWVOWP (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20GM1GO8 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\29FB295Y (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DO71A7X (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EYIKT3A (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KFV3WSY (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3C51G4SA (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3J55127W (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\45LC3A2B (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R135XCO (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56OK9ANX (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5HBH3R0W (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5IRCXYJ0 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5MQEVB7A (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66HEMRJ9 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68RMWH37 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DP8UACX (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6L3WFCM6 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6L49E0F0 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QTILAZ7 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7B1EJR2M (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7NQ97UFQ (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7OHQSYEO (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7Q4W7YTW (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TJ70QH9 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87U1XLY9 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\88XPRF33 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8H8WNALP (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ME9UDPZ (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9SQ81AYQ (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9U0H48LM (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9YXZI8SR (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZWT3EL9 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFHQ72TM (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHCKZ5DC (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BL2JJECZ (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRIE0PVU (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BST1OIAF (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPMZX4NZ (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQKYU2PU (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBT1FQXO (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRBDLD44 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1L87COV (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5J75NYD (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5UU0O5S (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFP0CLW3 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFTT3IVI (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EI22TKYJ (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EKJXS4Y3 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F91F6MBO (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDFG0NL0 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPLQ51AG (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4WLGM2F (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GF7D5SHL (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GP33NYNZ (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GQ928OOZ (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWWY616T (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9XRG990 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HIV26FB5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I1YULTYD (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I5LB2UIZ (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IU9O78AL (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J2S8PFZ7 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K5Y98FP8 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LE8MN6VT (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW8K0LR8 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZDCIDSN (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6AD99LW (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MHPA4HNA (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MW8OSADH (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N0VTW0TH (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NLLT96GA (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT5HV5X8 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2VXC0G0 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O40UU0OQ (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OG8OPO5L (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OU0HGVRA (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVRZGYNX (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P15IZPMV (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P62Z3OGU (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3LO3XUP (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QC7UFJ27 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHJSN0M6 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QO78W9C0 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUBFXVWQ (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RM82EBFA (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNB5XKXW (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S70RROSK (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7TJWZJB (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMF2EQ0I (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TFK9TNNK (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TUUPPR72 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V4G9HWKR (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VX2OTLIY (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VZ7R8RRU (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WH6553BI (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WLZU71UT (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WXWBJZPH (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WY7P8ZPX (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XFQ7M6MO (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMC0B8UQ (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XX6Y8Z91 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y9CF740J (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YDPM0O1O (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQU7P8K6 (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YT73607U (Temporary Internet Files Folder) Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGG4HAD2 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02EFY7YJ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05Q4DAPO (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\07R66467 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\097V8CCY (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HHHK75R (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0RQ7JNC3 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10UILRSE (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\12BXMJZ2 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16X8H9L3 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\18XRPG65 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MWTFUV3 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1NN7FB65 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1NRDEE8V (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1XLWVOWP (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20GM1GO8 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\29FB295Y (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DO71A7X (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EYIKT3A (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KFV3WSY (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3C51G4SA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3J55127W (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\45LC3A2B (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R135XCO (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56OK9ANX (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5HBH3R0W (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5IRCXYJ0 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5MQEVB7A (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66HEMRJ9 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68RMWH37 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DP8UACX (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6L3WFCM6 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6L49E0F0 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QTILAZ7 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7B1EJR2M (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7NQ97UFQ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7OHQSYEO (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7Q4W7YTW (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TJ70QH9 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87U1XLY9 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\88XPRF33 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8H8WNALP (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ME9UDPZ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9SQ81AYQ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9U0H48LM (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9YXZI8SR (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZWT3EL9 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFHQ72TM (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHCKZ5DC (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BL2JJECZ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRIE0PVU (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BST1OIAF (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPMZX4NZ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQKYU2PU (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBT1FQXO (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRBDLD44 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1L87COV (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5J75NYD (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5UU0O5S (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFP0CLW3 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFTT3IVI (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EI22TKYJ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EKJXS4Y3 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F91F6MBO (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDFG0NL0 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPLQ51AG (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4WLGM2F (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GF7D5SHL (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GP33NYNZ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GQ928OOZ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWWY616T (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9XRG990 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HIV26FB5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I1YULTYD (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I5LB2UIZ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IU9O78AL (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J2S8PFZ7 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K5Y98FP8 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LE8MN6VT (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW8K0LR8 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZDCIDSN (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6AD99LW (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MHPA4HNA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MW8OSADH (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N0VTW0TH (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NLLT96GA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT5HV5X8 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2VXC0G0 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O40UU0OQ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OG8OPO5L (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OU0HGVRA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVRZGYNX (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P15IZPMV (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P62Z3OGU (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3LO3XUP (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QC7UFJ27 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHJSN0M6 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QO78W9C0 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUBFXVWQ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RM82EBFA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNB5XKXW (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S70RROSK (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7TJWZJB (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMF2EQ0I (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TFK9TNNK (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TUUPPR72 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V4G9HWKR (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VX2OTLIY (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VZ7R8RRU (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WH6553BI (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WLZU71UT (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WXWBJZPH (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WY7P8ZPX (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XFQ7M6MO (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMC0B8UQ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XX6Y8Z91 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y9CF740J (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YDPM0O1O (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQU7P8K6 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YT73607U (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGG4HAD2 (Temporary Internet Files Folder) Registry: 4 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BFD9D8A8-57FF-488A-B919-065EC77CF82F} (Registry Value) Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{BFD9D8A8-57FF-488A-B919-065EC77CF82F} (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 08/06/2017 at 22:10:13,36 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ No aguardo das próximas instruções. Muito obrigado!
  9. Oi pessoal. Seguinte: Algum tempo após instalar o IObit Malware Fighter reparei que o consumo de memória disparou absurdamente! Tipo, quando ligo o PC fica tudo normal, mas gradativamente, com o passar das horas, o consumo de memória dispara! Depois de 3 ou 5 horas de uso, quando vou abrir um documento do word, recebo a mensagem do windows dizendo que não tenho mais memória disponível! Gente, se tenho 16 gigas de memória e só uso editores de texto e PDF (que no momento do aviso da falta de meória estavam fechados), como posso estar utilizando 88% de memoria física? Outra coisa, quando o consumo de memória esta alto, ao digitar palavras no teclado, ele começa a ficar lento, ao ponto de, se eu insistir em digitar na velocidade normal, as palavras saem quase todas erradas, incompletas. Daí reinicio o SO e volta tudo ao normal, até que entre 3 ou 5 horas depois, volta tudo novamente. Haja paciência! Daí, fui olhar no monitor de memória do windows e vi que o acrobat usava muita memória. Achei até normal, pois as vezes trabalho com 15 documentos (ao mesmo tempo). Mas tem dois processos que estão detonando com a memória: IMFsrv.exe e svchost.exe (secsvcs) (vide o arquivo jpg "monitor de memória"). Reparem também que o Chrome aparece na lista, mas, no momento da medição, vejam que eu não estava com ele aberto. Não sei se há alguma relação com as extensões que utilizo (bloqueio de anúncios, baixar videos, documntos, etc.). Vocês podem me ajudar a tentar resolver isso? é caso que envolva formatação? se houver risco, peço que, por favor, avisem de antemão, pois preciso colocar meus arquivos do C: para o D: antes de fazer qualquer alteração no SO. Em tempo, deixo as atualizações do windows 7 desligadas por 2 motivos: 1-na última vez que deixei ligadas, apareceu uma pré-instalação do windows 10, que eu abomino e não pretendo usar de maneira alguma. 2-Tenho apenas 11 gigas livres no HD do SO. Obrigado pela ajuda! Seguem os LOGs pedidos mais o screen cap do monitor de memória acusando consumo elevado e os devidos processos responsáveis. ZA-Scan.txt MbrScan.log FSS.txt
  10. Bom dia amigos. Pessoal, instalei o Spybot-S&D. Mas, como sempre, antes de instalá-lo, fiz um ponto de restauração de sistema. Instalei, atualizei e, no momento em que estava atualizando o PC reinicializou sozinho. Terminei de atualizar e executei. Ele acusou as mesmas indicações que o Malwarebytes Anti-Malware (MAM). De mais grave, o que ele acusou foi uma infecção no svchost.exe. Assim que cliquei no fix que incluiu o svchost.exe apareceu a seguinte mensagem: ❝Você está prestes a ser desconectado. O Windows deve ser reiniciado agora porque o serviço Inicializador de Processo de Servidor DCOM foi finalizado de forma inesperada❞. Depois de reinicializar, o ponteiro do mouse ficou piscando sem parar. Fechei o Spybot-S&D e rodei o MAM. Novamente, lá estavam os mesmos malwares. Efetuei o fix e reinicializei. O ponteiro do mouse parou de piscar. Executei novamente o MAM e, novamente, lá estavam as mesmas infecções. Tá difícil pessoal. Peço, por favor, ajuda dos experts do fórum, pois acho que essa infecção no svchost.exe é coisa séria. Em anexo, os dois logs do Spybot-S&D e o último log do MAM. Obrigado pela ajuda! Checks.160819-1034.txt Checks.160819-1054.txt Malwarebytes Anti-Malware ultimo LOG.txt
  11. Bom dia amigos do forum. Vou formatar meu OS (localizado no drive C): O problema é que tenho programas que rodam no OS (C:) mas que estão instalados no meu HD Slave (drive F:) pra liberar espaço no C: Objetivando liberar espaço no drive F:, após formatar meu OS (drive C:), posso simplesmente deletar todas as pastas (localizadas no drive F:) referentes aos programas instalados da versão anterior do Windows ou o procedimento correto seria formatar o meu HD Slave? Obrigado pelo esclarecimento
  12. Boa noite amigos do fórum. Fui acessar essa página da web (http://ethnomusicologyreview.ucla.edu/journal/volume/17/piece/583) e oInternet Security Essentials (ISE) acusou uma infecção. O programa disse que conseguiu efetuar a limpeza. Parecia tudo Ok. Mas, de ontem pra hoje, ao reiniciar o PC (3 vezes), reparei que o ISE encontrava-se sempre deligado (digo, a proteção em tempo real). Ao reiniciar, eu tinha que reabilita-la sempre... Dai, desconfio que algum malware desconfigurou alguma coisa. Podem me ajudar a checar se estou infectado com alguma malware? Após isso, executei o scan do próprio ISE e do Malwarebytes Anti-Malware e não apareceu nada, mas estou pressentindo algo estranho.... Muito obrigado pela ajuda!
  13. Boa noite amigos do fórum. Fui acessar essa página da web (http://ethnomusicologyreview.ucla.edu/journal/volume/17/piece/583) e o Internet Security Essentials (ISE) acusou uma infecção. O programa disse que efetuou a limpeza. Parecia tudo Ok. Mas, de ontem pra hoje, ao reiniciar o PC (3 vezes), reparei que o ISE encontrava-se sempre deligado (a proteção em tempo real). Ao reiniciar, eu tinha que reabilita-la sempre... Dai, desconfio que algum malware desconfigurou alguma coisa. Podem me ajudar a checar se estou infectado com alguma praga? Muito obrigado!
  14. Valeu pelo suporte Spade e tudo de bom pra você e pros seus sempre. Abraço!
  15. Oi spade. Desculpa a demora, mas a vingadora me derrubou cara... febrão terrível. O problema de aparente hackeamento ocorreu pois o pessoal do Cbox esta limitando o número de downloads pra por em fila de acelerador (IDM). Quando descobri o número permitido os problemas diminuíram sensivelmente. Mas uma vez ou outra ainda ocorre da conexão ficar lenta (principalmente quando deixo cookies no meu navegador). Daí reinicio o modem e tudo normaliza. Só é um saco ter que fazer isso quando esqueço de deletar os arquivos temporários. Então, como não sei se 30 gigas dão pra fazer o update que você sugeriu, prefiro esperar, pois to com trabalhos de faculdade pra fazer e ter de lidar agora com problemas referentes a atualizações que deram pau (por falta de espaço em disco) seria uma tragédia! Você sugere algum outro procedimento? Em tempo, você viu a mensagem privada? Abraço.