Rodrigow

IMFsrv.exe e svchost.exe acabando com a memoria física!

23 posts neste tópico

Oi pessoal.

Seguinte: Algum tempo após instalar o IObit Malware Fighter reparei que o consumo de memória disparou absurdamente!

Tipo, quando ligo o PC fica tudo normal, mas gradativamente, com o passar das horas, o consumo de memória dispara! Depois de 3 ou 5 horas de uso, quando vou abrir um documento do word, recebo a mensagem do windows dizendo que não tenho mais memória disponível! Gente, se tenho 16 gigas de memória e só uso editores de texto e PDF (que no momento do aviso da falta de meória estavam fechados), como posso estar utilizando 88% de memoria física? Outra coisa, quando o consumo de memória esta alto, ao digitar palavras no teclado, ele começa a ficar lento, ao ponto de, se eu insistir em digitar na velocidade normal, as palavras saem quase todas erradas, incompletas. Daí reinicio o SO e volta tudo ao normal, até que entre 3 ou 5 horas depois, volta tudo novamente. Haja paciência!

Daí, fui olhar no monitor de memória do windows e vi que o acrobat usava muita memória. Achei até normal, pois as vezes trabalho com 15 documentos (ao mesmo tempo). Mas tem dois processos que estão detonando com a memória: IMFsrv.exe e svchost.exe (secsvcs) (vide o arquivo jpg "monitor de memória"). Reparem também que o Chrome aparece na lista, mas, no momento da medição, vejam que eu não estava com ele aberto. Não sei se há alguma relação com as extensões que utilizo (bloqueio de anúncios, baixar videos, documntos, etc.). 

Vocês podem me ajudar a tentar resolver isso? é caso que envolva formatação? se houver risco, peço que, por favor, avisem de antemão, pois preciso colocar meus arquivos do C: para o D: antes de fazer qualquer alteração no SO.

Em tempo, deixo as atualizações do windows 7 desligadas por 2 motivos: 

1-na última vez que deixei ligadas, apareceu uma pré-instalação do windows 10, que eu abomino e não pretendo usar de maneira alguma. 

2-Tenho apenas 11 gigas livres no HD do SO.

Obrigado pela ajuda!

Seguem os LOGs pedidos mais o screen cap do monitor de memória acusando consumo elevado e os devidos processos responsáveis. 

ZA-Scan.txt

MbrScan.log

FSS.txt

monitor de memória.jpg

Editado por Rodrigow
Deixar o texto mais claro

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Siga os passos abaixo:

ETAPA 1

Baixe o Malwarebytes Anti-Malware (MBAM) do link abaixo e salve no seu desktop.
https://downloads.malwarebytes.org/file/mbam_current/
 
Clique duas vezes no mbam-setup.exe e siga o solicitado para instalar o programa.

  • Na aba Análise marque a opção Procurar rootkits e as entradas referente a instalação do sistema operacional. Normalmente é o drive C:;
  • Clique em Analisar Agora. Aguarde, pois o scan pode demorar;
  • Ao acabar o scan, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas ou Colocar em Quarentena;
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo);
  • Caso o mbam não seja executado automaticamente após a reinicialização, execute manualmente;
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Relatórios na janela principal do programa;
  • Clique duas vezes no log (Registro de verificação). Clique no botão Exportar e utilize o formato .txt para exportar o log. Salve na Área de Trabalho;
  • Abra o arquivo, selecione tudo, copie e cole o conteúdo deste log em sua próxima resposta.



NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

ETAPA 2

Faça o download do AdwCleaner de um dos links abaixo e salve no desktop.
https://toolslib.net/downloads/viewdownload/1-adwcleaner/
http://www.bleepingcomputer.com/download/adwcleaner/

Clique em DOWNLOAD NOW para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em execadmin.png

Clique em EXAMINAR. Após o termino clique em LIMPAR e aguarde.

Será aberto o bloco de notas com o resultado.

Selecione, copie e cole o seu conteúdo na próxima resposta.

ETAPA 3

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe jrt.exe do link abaixo e salve no desktop.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo jrt.exe, depois clique em execadmin.png

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Caro Elias. Muito obrigado por responder!

Eis ai os logs solicitados:

 

Malwarebytes Relatório:

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 08/06/17
Hora da análise: 21:51
Arquivo de registro: mb-Relatório.txt
Administrador: Sim

-Informação do software-
Versão: 3.1.2.1733
Versão de componentes: 1.0.141
Versão do pacote de definições: 1.0.2116
Licença: Grátis

-Informação do sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x64
Sistema de arquivos: NTFS
Usuário: RODRIGO-PC\RODRIGO

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Resultado: Concluído
Objetos verificados: 395581
Ameaças detectadas: 47
Ameaças em quarentena: 46
Tempo decorrido: 0 min, 56 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Desabilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

-Detalhes da análise-
Processo: 2
Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\SVCHOST.EXE, Quarentena, [657], [355551],1.0.2116
Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\EXPLORER.EXE, Quarentena, [657], [355551],1.0.2116

Módulo: 2
Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\SVCHOST.EXE, Quarentena, [657], [355551],1.0.2116
Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\EXPLORER.EXE, Quarentena, [657], [355551],1.0.2116

Chave de registro: 4
Trojan.Agent, HKU\S-1-5-21-2971753865-502576637-3763037539-1000\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}, Quarentena, [24], [165494],1.0.2116
Trojan.Agent, HKU\S-1-5-21-2971753865-502576637-3763037539-1000\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}, Quarentena, [24], [165483],1.0.2116
PUP.Optional.SmartDriverUpdater, HKU\S-1-5-21-2971753865-502576637-3763037539-1000\SOFTWARE\SMART PC SOLUTIONS\Smart Driver Updater, Quarentena, [748], [333237],1.0.2116
PUP.Optional.SmartDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Smart Driver Updater Schedule, Quarentena, [748], [257649],1.0.2116

Valor de registro: 4
Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Svchost, Quarentena, [657], [355551],1.0.2116
Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Svchost, Quarentena, [657], [355551],1.0.2116
Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Explorer, Quarentena, [657], [355551],1.0.2116
Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Explorer, Quarentena, [657], [355551],1.0.2116

Dados de registro: 1
Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell, Substituído, [657], [355551],1.0.2116

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 1
PUP.Optional.SmartDriverUpdater, C:\USERS\RODRIGO\APPDATA\ROAMING\Smart Driver Updater, Quarentena, [748], [354828],1.0.2116

Arquivo: 33
Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\SVCHOST.EXE, Quarentena, [657], [355551],1.0.2116
Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\EXPLORER.EXE, Quarentena, [657], [355551],1.0.2116
PUP.Optional.AshampooDriverUpdater, C:\PROGRAMDATA\ASHAMPOO\ICO_ASHAMPOO_DEALS.ICO, Quarentena, [2483], [354924],1.0.2116
PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\Devices.ini, Quarentena, [748], [354828],1.0.2116
PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\DevicesPlus.ini, Quarentena, [748], [354828],1.0.2116
PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\Drivers64.db, Quarentena, [748], [354828],1.0.2116
PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\n36c0fa46c3f9.zip.pre, Quarentena, [748], [354828],1.0.2116
PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\n36c0fa46c3f9.zip.status, Quarentena, [748], [354828],1.0.2116
PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\n6fca9c3149fb.exe.pre, Quarentena, [748], [354828],1.0.2116
PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\n6fca9c3149fb.exe.status, Quarentena, [748], [354828],1.0.2116
PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\n923fa24ebe77.zip.pre, Quarentena, [748], [354828],1.0.2116
PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\n923fa24ebe77.zip.status, Quarentena, [748], [354828],1.0.2116
PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\nbd661a149b96.zip.pre, Quarentena, [748], [354828],1.0.2116
PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\nbd661a149b96.zip.status, Quarentena, [748], [354828],1.0.2116
PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\nc6e5a82e6800.zip.pre, Quarentena, [748], [354828],1.0.2116
PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\nc6e5a82e6800.zip.status, Quarentena, [748], [354828],1.0.2116
PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\nd5ab8fe86ad2.exe.pre, Quarentena, [748], [354828],1.0.2116
PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\nd5ab8fe86ad2.exe.status, Quarentena, [748], [354828],1.0.2116
PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\ne7a28201a80c.zip.pre, Quarentena, [748], [354828],1.0.2116
PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\ne7a28201a80c.zip.status, Quarentena, [748], [354828],1.0.2116
PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\program.log, Quarentena, [748], [354828],1.0.2116
PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\program_error.log, Quarentena, [748], [354828],1.0.2116
PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\Scan.ini, Quarentena, [748], [354828],1.0.2116
PUP.Optional.SmartDriverUpdater, C:\Users\RODRIGO\AppData\Roaming\Smart Driver Updater\settings.ini, Quarentena, [748], [354828],1.0.2116
Backdoor.Agent.Generic, C:\USERS\RODRIGO\APPDATA\ROAMING\MRSYS.EXE, Falha ao remover, [657], [355551],1.0.2116
Backdoor.Agent.Generic, C:\USERS\RODRIGO\DOWNLOADS\FSSGOOGLEBOOKSDOWNLOADERSETUP.EXE,, Quarentena, [657], [355551],1.0.2116
RiskWare.DontStealOurSoftware, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Substituído, [715], [353142],1.0.2116
Backdoor.Agent.Generic, C:\USERS\RODRIGO\DOWNLOADS\ZA-SCAN.EXE,, Quarentena, [657], [355551],1.0.2116
Backdoor.Agent.Generic, C:\USERS\RODRIGO\DOWNLOADS\ZA-SCAN (1).EXE,, Quarentena, [657], [355551],1.0.2116
Backdoor.Agent.Generic, C:\USERS\RODRIGO\APPDATA\LOCAL\STSYS.EXE, Quarentena, [657], [355551],1.0.2116
Backdoor.Agent.Generic, C:\USERS\RODRIGO\APPDATA\LOCAL\ICSYS.ICN.EXE, Quarentena, [657], [355551],1.0.2116
RiskWare.HeuristicsReservedWordExploit, C:\WINDOWS\SYSTEM\SPOOLSV.EXE, Quarentena, [15347], [293552],1.0.2116
PUP.Optional.SmartDriverUpdater, C:\WINDOWS\SYSTEM32\TASKS\SMART DRIVER UPDATER SCHEDULE, Quarentena, [748], [257647],1.0.2116

Setor físico: 0
(Nenhum item malicioso detectado)
(end)

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

AdwCleaner Relatório

# AdwCleaner v6.047 - Relatório criado 08/06/2017 às 22:04:39
# Atualizado em 19/05/2017 por Malwarebytes
# Banco de dados : 2017-06-08.1 [Servidor]
# Sistema operacional : Windows 7 Ultimate Service Pack 1 (X64)
# Usuário : RODRIGO - RODRIGO-PC
# Executando de : c:\Users\RODRIGO\Desktop\LIMPAR\adwcleaner (6.047).exe 
# Modo: Limpo
# Apoio : https://www.malwarebytes.com/support

***** [ Serviços ] *****

***** [ Pastas ] *****

[-] Pasta excluída:C:\Users\RODRIGO\AppData\Local\YSearchUtil
[-] Pasta excluída:C:\Users\RODRIGO\AppData\LocalLow\IObit\Advanced SystemCare
[-] Pasta excluída:C:\Users\RODRIGO\AppData\Roaming\IObit\Advanced SystemCare
[-] Pasta excluída:C:\Users\RODRIGO\Documents\Smart Driver Updater
[-] Pasta excluída:C:\ProgramData\IObit\ASCDownloader
[-] Pasta excluída:C:\ProgramData\IObit\Advanced SystemCare
[#] Pasta excluída na reinicialização:C:\ProgramData\Application Data\IObit\ASCDownloader
[#] Pasta excluída na reinicialização:C:\ProgramData\Application Data\IObit\Advanced SystemCare
[-] Pasta excluída:C:\Program Files (x86)\IObit\Advanced SystemCare
[-] Pasta excluída:C:\Program Files (x86)\Common Files\freemake shared
[-] Pasta excluída:C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
[-] Pasta excluída:C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegneaniplmfjcmohoclabblbahcbjoe


***** [ Arquivos ] *****

[-] Arquivo excluído:C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hegneaniplmfjcmohoclabblbahcbjoe_0.localstorage


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Atalhos ] *****

***** [ Atividades agendadas ] *****

***** [ Registro ] *****

[-] Chave excluída:HKU\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
[-] Chave excluída:HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Chave excluída:HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
[-] Chave excluída:HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
[-] Chave excluída:HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
[-] Chave excluída:HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
[-] Chave excluída:HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
[-] Chave excluída:HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
[-] Chave excluída:HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
[#] Chave excluída na reinicialização:HKCU\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
[-] Chave excluída:HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
[-] Chave excluída:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Chave excluída:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Chave excluída:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Chave excluída:HKU\S-1-5-21-2971753865-502576637-3763037539-1000\Software\APN PIP
[-] Chave excluída:HKU\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Smart PC Solutions
[-] Chave excluída:HKU\S-1-5-21-2971753865-502576637-3763037539-1000\Software\drpsu
[#] Chave excluída na reinicialização:HKCU\Software\APN PIP
[#] Chave excluída na reinicialização:HKCU\Software\Smart PC Solutions
[#] Chave excluída na reinicialização:HKCU\Software\drpsu
[-] Chave excluída:HKLM\SOFTWARE\PIP
[-] Chave excluída:HKLM\SOFTWARE\IOBIT\ASC
[#] Chave excluída na reinicialização:[x64] HKCU\Software\APN PIP
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Smart PC Solutions
[#] Chave excluída na reinicialização:[x64] HKCU\Software\drpsu
[-] Chave excluída:HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
[-] Chave excluída:HKCU\Software\Google\Chrome\Extensions\hegneaniplmfjcmohoclabblbahcbjoe
[-] Chave excluída:HKLM\SOFTWARE\Google\Chrome\Extensions\hegneaniplmfjcmohoclabblbahcbjoe
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Google\Chrome\Extensions\hegneaniplmfjcmohoclabblbahcbjoe


***** [ Verificando navegadores ... ] *****

[-] [C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Eliminado:br.ask.com
[-] [C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default] [extension] Eliminado:hegneaniplmfjcmohoclabblbahcbjoe


*************************

:: Chaves "Tracing" excluídas
:: Configurações Winsock restauradas

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [4814 Bytes] - [08/06/2017 22:04:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [5100 Bytes] - [08/06/2017 22:01:49]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4960 Bytes] ##########

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

Junkware Relatório

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Ultimate x64 
Ran by RODRIGO (Administrator) on 08/06/2017 at 22:08:55,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 246 

Successfully deleted: C:\ProgramData\1471435998.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1471437489.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1471437490.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Roaming\productdata (Folder) 
Successfully deleted: C:\Windows\wininit.ini (File) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02EFY7YJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05Q4DAPO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\07R66467 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\097V8CCY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HHHK75R (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0RQ7JNC3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10UILRSE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\12BXMJZ2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16X8H9L3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\18XRPG65 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MWTFUV3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1NN7FB65 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1NRDEE8V (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1XLWVOWP (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20GM1GO8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\29FB295Y (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DO71A7X (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EYIKT3A (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KFV3WSY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3C51G4SA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3J55127W (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\45LC3A2B (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R135XCO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56OK9ANX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5HBH3R0W (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5IRCXYJ0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5MQEVB7A (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66HEMRJ9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68RMWH37 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DP8UACX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6L3WFCM6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6L49E0F0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QTILAZ7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7B1EJR2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7NQ97UFQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7OHQSYEO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7Q4W7YTW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TJ70QH9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87U1XLY9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\88XPRF33 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8H8WNALP (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ME9UDPZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9SQ81AYQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9U0H48LM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9YXZI8SR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZWT3EL9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFHQ72TM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHCKZ5DC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BL2JJECZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRIE0PVU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BST1OIAF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPMZX4NZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQKYU2PU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBT1FQXO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRBDLD44 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1L87COV (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5J75NYD (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5UU0O5S (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFP0CLW3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFTT3IVI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EI22TKYJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EKJXS4Y3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F91F6MBO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDFG0NL0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPLQ51AG (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4WLGM2F (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GF7D5SHL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GP33NYNZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GQ928OOZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWWY616T (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9XRG990 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HIV26FB5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I1YULTYD (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I5LB2UIZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IU9O78AL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J2S8PFZ7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K5Y98FP8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LE8MN6VT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW8K0LR8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZDCIDSN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6AD99LW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MHPA4HNA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MW8OSADH (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N0VTW0TH (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NLLT96GA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT5HV5X8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2VXC0G0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O40UU0OQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OG8OPO5L (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OU0HGVRA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVRZGYNX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P15IZPMV (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P62Z3OGU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3LO3XUP (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QC7UFJ27 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHJSN0M6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QO78W9C0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUBFXVWQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RM82EBFA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNB5XKXW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S70RROSK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7TJWZJB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMF2EQ0I (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TFK9TNNK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TUUPPR72 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V4G9HWKR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VX2OTLIY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VZ7R8RRU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WH6553BI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WLZU71UT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WXWBJZPH (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WY7P8ZPX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XFQ7M6MO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMC0B8UQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XX6Y8Z91 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y9CF740J (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YDPM0O1O (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQU7P8K6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YT73607U (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGG4HAD2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02EFY7YJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05Q4DAPO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\07R66467 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\097V8CCY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HHHK75R (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0RQ7JNC3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10UILRSE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\12BXMJZ2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16X8H9L3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\18XRPG65 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MWTFUV3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1NN7FB65 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1NRDEE8V (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1XLWVOWP (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20GM1GO8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\29FB295Y (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DO71A7X (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EYIKT3A (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KFV3WSY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3C51G4SA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3J55127W (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\45LC3A2B (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R135XCO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56OK9ANX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5HBH3R0W (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5IRCXYJ0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5MQEVB7A (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66HEMRJ9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68RMWH37 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DP8UACX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6L3WFCM6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6L49E0F0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QTILAZ7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7B1EJR2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7NQ97UFQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7OHQSYEO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7Q4W7YTW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TJ70QH9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87U1XLY9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\88XPRF33 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8H8WNALP (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ME9UDPZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9SQ81AYQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9U0H48LM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9YXZI8SR (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZWT3EL9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFHQ72TM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHCKZ5DC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BL2JJECZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRIE0PVU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BST1OIAF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPMZX4NZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQKYU2PU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBT1FQXO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRBDLD44 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1L87COV (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5J75NYD (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5UU0O5S (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFP0CLW3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFTT3IVI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EI22TKYJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EKJXS4Y3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F91F6MBO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDFG0NL0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPLQ51AG (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4WLGM2F (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GF7D5SHL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GP33NYNZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GQ928OOZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWWY616T (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9XRG990 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HIV26FB5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I1YULTYD (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I5LB2UIZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IU9O78AL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J2S8PFZ7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K5Y98FP8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LE8MN6VT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW8K0LR8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZDCIDSN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6AD99LW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MHPA4HNA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MW8OSADH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N0VTW0TH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NLLT96GA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT5HV5X8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2VXC0G0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O40UU0OQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OG8OPO5L (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OU0HGVRA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVRZGYNX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P15IZPMV (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P62Z3OGU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3LO3XUP (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QC7UFJ27 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHJSN0M6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QO78W9C0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUBFXVWQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RM82EBFA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNB5XKXW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S70RROSK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7TJWZJB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMF2EQ0I (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TFK9TNNK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TUUPPR72 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V4G9HWKR (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VX2OTLIY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VZ7R8RRU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WH6553BI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WLZU71UT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WXWBJZPH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WY7P8ZPX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XFQ7M6MO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMC0B8UQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XX6Y8Z91 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y9CF740J (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YDPM0O1O (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQU7P8K6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YT73607U (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGG4HAD2 (Temporary Internet Files Folder) 

Registry: 4 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BFD9D8A8-57FF-488A-B919-065EC77CF82F} (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{BFD9D8A8-57FF-488A-B919-065EC77CF82F} (Registry Value) 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/06/2017 at 22:10:13,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

No aguardo das próximas instruções.

Muito obrigado!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do RogueKiller by Tigzy, e salve na sua área de trabalho (Desktop).
roguekiller << link

  • Feche todos os programasExecute RogueKiller.exe.
    ** Usuários do Windows Vista, Windows 7 e Windows 8:
    Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em execadmin.png.
  • Quando a janela da Eula aparecer, clique em Accept.
  • Selecione a aba SCAN
  • Clique em START SCAN
  • Aguarde ate que o scan termine...
  • Clique no botão OPEN REPORT
  • Clique na opção EXPORT TXT e salve na Área de Trabalho com o nome de roguekiller.txt
  • Clique em OK e feche o RogueKiller.



Atente para abrir o arquivo, copiar e colar todo o conteúdo na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Elias. Eis ai o log que você solicitou:

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

RogueKiller V12.11.2.0 (x64) [Jun 12 2017] (Free) por Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Site : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciou : Modo normal
Usuário : RODRIGO [Administrador]
Started from : C:\Users\RODRIGO\Desktop\RogueKiller 12.11.2.0_portable64.exe
Modo : Escanear -- Data : 06/14/2017 03:03:31 (Duration : 00:15:04)

¤¤¤ Processos : 5 ¤¤¤
[Hj.Name|VT.PWS:Win32/VB] explorer.exe(4056) -- C:\Windows\system\explorer.exe[-] -> Encontrado
[Hj.Name|VT.PWS:Win32/VB.CU] svchost.exe(3792) -- C:\Windows\system\svchost.exe[-] -> Encontrado
[Proc.Svchost] svchost.exe(3792) -- C:\Windows\system\svchost.exe[-] -> Encontrado
[Hj.Name|MalPE.40|VT.PWS:Win32/VB] explorer.exe(4056) -- C:\Windows\system\explorer.exe[-] -> Encontrado
[MalPE.40] MSVBVM60.DLL(4056) -- C:\Windows\system32\MSVBVM60.DLL[x] -> Encontrado

¤¤¤ Registro : 7 ¤¤¤
[Hj.Name|VT.PWS:Win32/VB] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Explorer : c:\windows\system\explorer.exe RU [-] -> Encontrado
[Hj.Name|VT.PWS:Win32/VB.CU] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Svchost : c:\windows\system\svchost.exe RU [-] -> Encontrado
[Hj.Name|VT.PWS:Win32/VB] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | Explorer : c:\windows\system\explorer.exe RO [-] -> Encontrado
[Hj.Name|VT.PWS:Win32/VB.CU] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | Svchost : c:\windows\system\svchost.exe RO [-] -> Encontrado
[Hj.RegVal] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : C:\Windows\explorer.exe, c:\windows\system\explorer.exe  -> Encontrado
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Encontrado
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Encontrado

¤¤¤ Tarefas : 0 ¤¤¤

¤¤¤ Arquivos : 6 ¤¤¤
[PUP.AutoIt.Gen][Arquivo] C:\Users\RODRIGO\Desktop\Memory Cleaner.lnk [LNK@] C:\Users\RODRIGO\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe -> Encontrado
[File.Forged][Arquivo] C:\Windows\BS_DEF.sys -> Encontrado
[PUP.Gen1][Pasta] C:\Users\RODRIGO\AppData\Roaming\Easeware -> Encontrado
[PUP.AutoIt.Gen][Arquivo] C:\Users\RODRIGO\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe -> Encontrado
[PUP.Gen1][Pasta] C:\Program Files\Easeware -> Encontrado
[PUP.AutoIt.Gen][Arquivo] C:\Users\RODRIGO\Desktop\Memory Cleaner.lnk [LNK@] C:\Users\RODRIGO\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe -> Encontrado

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

¤¤¤ Navegadores : 0 ¤¤¤

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DM 003-1CH162 SCSI Disk Device +++++
--- User ---
[MBR] e73cc35fb667427567c7058fad189503
[BSP] 876aec463e61c590e9c4536ea9052879 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] 12a2f6bb2a0e3deaa97ac9ceec015450
[BSP] 95025fcd93a332dd6f284e400161a684 : Unknown MBR Code
Partition table:
0 - EFI System Partition | Offset (sectors): 40 | Size: 200 MB
1 - Sem Título 1 | Offset (sectors): 409640 | Size: 57715 MB
2 - Sem Título 2 | Offset (sectors): 118873872 | Size: 895205 MB
3 - Recovery HD | Offset (sectors): 1952255592 | Size: 619 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: KINGSTON SV300S37A120G SCSI Disk Device +++++
--- User ---
[MBR] 562eae5bc24cc3cb43d488487215422c
[BSP] 7b0db447eb9de33a005b39518e2bd51d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

▀▀▀▀▀▀▀▀▀▀▀▀▀

No aguardo dos próximos passos.

Muito obrigado.

 

Editado por Rodrigow

Compartilhar este post


Link para o post
Compartilhar em outros sites

Feche todos os programas

  • Execute RogueKiller.exe.
    ** Usuários do Windows Vista, 7, 8/8.1 e windows 10:
    Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em execadmin.png
  • Quando a Eula aparecer, clique em Accept.
  • Selecione a aba SCAN e clique em START SCAN
  • Aguarde ate que o scan termine.
  • >>>>>>> Navegue entre as abas e marque todas as entradas encontradas <<<<<<<
  • Clique em REMOVE SELECTED
  • Aguarde ate que o programa termine de deletar as infecções.
  • Clique no botão OPEN REPORT e depois em EXPORT TXT
  • Salve como report.txt na sua Área de Trabalho



Abra o arquivo report.txt salvo no sua Área de Trabalho, copie e cole todo o conteudo na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Elias. Eis ai o log que você solicitou referente à remoção do Roguekiller:

▀▀▀▀▀▀▀▀▀▀▀▀▀

RogueKiller V12.11.2.0 (x64) [Jun 12 2017] (Free) por Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Site : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciou : Modo normal
Usuário : RODRIGO [Administrador]
Started from : c:\users\rodrigo\desktop\limpar\roguekiller 12.11.2.0_portable64.exe 
Modo : Deletar -- Data : 06/19/2017 09:51:18 (Duration : 00:14:55)

¤¤¤ Processos : 5 ¤¤¤
[Hj.Name|VT.PWS:Win32/VB] explorer.exe(3796) -- C:\Windows\system\explorer.exe[-] -> Interrompido [TermProc]
[Hj.Name|VT.PWS:Win32/VB.CU] svchost.exe(3764) -- C:\Windows\system\svchost.exe[-] -> Interrompido [TermProc]
[Proc.Svchost] svchost.exe(3764) -- C:\Windows\system\svchost.exe[-] -> Interrompido [TermProc]
[Hj.Name|MalPE.40|VT.PWS:Win32/VB] explorer.exe(3796) -- C:\Windows\system\explorer.exe[-] -> Encontrado
[MalPE.40] MSVBVM60.DLL(3796) -- C:\Windows\system32\MSVBVM60.DLL[x] -> Encontrado

¤¤¤ Registro : 7 ¤¤¤
[Hj.Name|VT.PWS:Win32/VB] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Explorer : c:\windows\system\explorer.exe RU [-] -> Deletado
[Hj.Name|VT.PWS:Win32/VB.CU] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Svchost : c:\windows\system\svchost.exe RU [-] -> Deletado
[Hj.Name|VT.PWS:Win32/VB] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | Explorer : c:\windows\system\explorer.exe RO [-] -> Deletado
[Hj.Name|VT.PWS:Win32/VB.CU] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | Svchost : c:\windows\system\svchost.exe RO [-] -> Deletado
[Hj.RegVal] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : C:\Windows\explorer.exe, c:\windows\system\explorer.exe  -> Substituído (explorer.exe)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Substituído (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Substituído (1)

¤¤¤ Tarefas : 0 ¤¤¤

¤¤¤ Arquivos : 6 ¤¤¤
[PUP.AutoIt.Gen][Arquivo] C:\Users\RODRIGO\Desktop\Memory Cleaner.lnk [LNK@] C:\Users\RODRIGO\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe -> Deletado
[File.Forged][Arquivo] C:\Windows\BS_DEF.sys -> Substituído na reinicialização ( @Src C:\Users\RODRIGO\AppData\Local\Temp\snack\BS_DEF.sys)
[PUP.Gen1][Pasta] C:\Users\RODRIGO\AppData\Roaming\Easeware -> Deletado
[PUP.AutoIt.Gen][Arquivo] C:\Users\RODRIGO\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe -> Deletado
[PUP.Gen1][Pasta] C:\Program Files\Easeware -> Deletado
[PUP.AutoIt.Gen][Arquivo] C:\Users\RODRIGO\Desktop\Memory Cleaner.lnk [LNK@] C:\Users\RODRIGO\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe -> Removido na reinicialização [2]

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

¤¤¤ Navegadores : 0 ¤¤¤

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DM 003-1CH162 SCSI Disk Device +++++
--- User ---
[MBR] e73cc35fb667427567c7058fad189503
[BSP] 876aec463e61c590e9c4536ea9052879 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] 12a2f6bb2a0e3deaa97ac9ceec015450
[BSP] 95025fcd93a332dd6f284e400161a684 : Unknown MBR Code
Partition table:
0 - EFI System Partition | Offset (sectors): 40 | Size: 200 MB
1 - Sem Título 1 | Offset (sectors): 409640 | Size: 57715 MB
2 - Sem Título 2 | Offset (sectors): 118873872 | Size: 895205 MB
3 - Recovery HD | Offset (sectors): 1952255592 | Size: 619 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: KINGSTON SV300S37A120G SCSI Disk Device +++++
--- User ---
[MBR] 562eae5bc24cc3cb43d488487215422c
[BSP] 7b0db447eb9de33a005b39518e2bd51d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

▀▀▀▀▀▀▀▀▀▀▀▀▀

No aguardo dos próximos passos.

Como sempre, muito obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

createsrpoint;
shortcutfix;
ffdefaults;
chrdefaults;
resetwmi;
resetieproxy;
network.proxy;
ffemptyclsid;
autoclean;
ipconfig /flushdns >>"%temp%\log.txt";b

Salve este arquivo na na sua área de trabalho com o nome zascript

Novamente, execute o ZA-Scan.exe e aguarde.

NOTA: Copie e cole o conteúdo desse arquivo em sua próxima resposta.
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Elias.

Amigo, o ZA-Scan não estava iniciando com o duplo clique. Só rodou quando cliquei nele e executei como Admin.

Ai vai o log:

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
ZA-Scan V1.0.0.5 Updated 30-09-2015
Tool run by RODRIGO on 26/06/2017 at  9:04:48,24.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected

==== Older Logs ======================

C:\zoek-results2016-08-17-215036.log    21253 bytes
C:\zoek-results2016-08-18-024457.log    780 bytes
C:\zoek-results2016-08-22-221238.log    57923 bytes
C:\zoek-results2017-05-29-050432.log    26283 bytes

==== System Restore Info ======================

26/06/2017 09:05:00 Zoek.exe System Restore Point Created Successfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=267 folders=258 1280379600 bytes)

==== EOF on 26/06/2017 at  9:05:08,94 ======================
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

Mais uma vez, obrigado pela ajuda. 

Compartilhar este post


Link para o post
Compartilhar em outros sites

O za-scan.exe e o zascript estão salvos na Área de Trabalho?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Elias. No momento em que executei sim. Ambos estavam no desktop.

Houve algum problema?

Mais uma vez obrigado pela atenção!

Editado por Rodrigow

Compartilhar este post


Link para o post
Compartilhar em outros sites

O zascript não foi executado. Atente para o nome: zascript

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Elias.

Demorou bastante. Tentei fazer duas vezes, mas por ter que utilizar o CPU tive que interromper. Acordei bem cedo hoje e deixei fazendo.

Ei ai o log:

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀


ZA-Scan V1.0.0.5 Updated 30-09-2015
Tool run by RODRIGO on 08/07/2017 at  5:05:46,42.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\RODRIGO\Desktop\ZA-Scan.exe
Script used: C:\Users\RODRIGO\Desktop\zascript.txt

==== System Restore Info ======================

08/07/2017 05:05:58 Zoek.exe System Restore Point Created Successfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C9531E65-098D-4D6F-8065-8EDC0A22EB95} deleted successfully
HKEY_USERS\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully
HKEY_USERS\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully
HKEY_USERS\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE7CD045-E861-484F-8273-0445EE161910} deleted successfully
HKEY_USERS\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE7CD045-E861-484F-8273-0445EE161910} deleted successfully
HKEY_USERS\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4971EE7-DAA0-4053-9964-665D8EE6A077} deleted successfully
HKEY_USERS\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F4971EE7-DAA0-4053-9964-665D8EE6A077} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484F-8273-0445EE161910} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484F-8273-0445EE161910} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2971753865-502576637-3763037539-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\RODRIGO\AppData\Roaming\Mozilla\Firefox\Profiles\jky6kgx8.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\RODRIGO\AppData\Roaming\Mozilla\Firefox\Profiles\jky6kgx8.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\RODRIGO\AppData\Roaming\Mozilla\Firefox\Profiles\jky6kgx8.default

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs_072017_0514_.backup
prefs_082016_1906_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"

==== Batch Command(s) Run By Tool======================


Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

==== Deleting Files \ Folders ======================

C:\Users\RODRIGO\AppData\Roaming\Mozilla\Firefox\Profiles\jky6kgx8.default\extensions\ascsurfingprotection@iobit.com not found
C:\PROGRA~2\Cracklock deleted
C:\Users\RODRIGO\AppData\Roaming\CodecsLE_Install.log deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\RODRIGO\Desktop\4kvideodownloader - Atalho.lnk deleted
C:\Users\RODRIGO\Desktop\Mega-Downloader 1.7.lnk deleted
C:\Users\RODRIGO\AppData\Roaming\mrsys.exe deleted
C:\Users\RODRIGO\AppData\Local\icsys.icn.exe deleted
C:\Users\RODRIGO\AppData\Local\stsys.exe deleted
C:\Users\RODRIGO\AppData\Roaming\Mozilla\Firefox\Profiles\jky6kgx8.default\extensions\ascsurfingprotectionnew@iobit.com.xpi deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\RODRIGO\AppData\Roaming\Mozilla\Firefox\Profiles\jky6kgx8.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [28/06/2017 17:39]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [28/06/2017 17:39]

==== Firefox Extensions ======================

ProfilePath: C:\Users\RODRIGO\AppData\Roaming\Mozilla\Firefox\Profiles\jky6kgx8.default
- Undetermined - C:\Program Files (x86)\IObit Apps Toolbar\FF
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\RODRIGO\AppData\Roaming\Mozilla\Firefox\Profiles\jky6kgx8.default
62D98B286C805E193568037B70D936D2    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll -    Shockwave Flash


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cifnddnffldieaamihfkhkdgnbhfmaci - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\\plugins\Creator\ChromeAddin\ChromeAddin.crx[21/07/2016 11:51]
efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[01/10/2016 08:10]
fabhkdeopjkcpkmofliimbjckmocfiom - No path found[]
kpdmjodecdegfglgaapafjleomjjlpnh - No path found[]
ngpampappnmepgilojfohadhhmbhlaek - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx[09/06/2016 13:48]

Quick Links - RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegkifofjmpcimhejjpjhafihlcpcifl
Video Downloader - RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc
uBlockâ‚€ - RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm
IDM Integration Module - RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek
Chrome Media Router - RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc deleted successfully
C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aiimdkdngfcipjohbjenkahhlhccpdbc_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Reset Google Chrome ======================

C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Web Data.ReadOnly was reset successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== shortcuts on Users Desktops ======================

C:\Users\RODRIGO\Desktop\00. ESCRITA - Atalho.lnk - E:\Meus Documentos\Downloads\2016.2\00. ESCRITA 
C:\Users\RODRIGO\Desktop\00. TESE - Atalho.lnk - E:\Meus Documentos\Downloads\2016.1 (salvos)\00. TESE 
C:\Users\RODRIGO\Desktop\2016.2 - Atalho.lnk - E:\Meus Documentos\Downloads\2016.2 
C:\Users\RODRIGO\Desktop\Addictive Keys.lnk - E:\Program Files\XLN Audio\Addictive Keys\Addictive Keys.exe 
C:\Users\RODRIGO\Desktop\Adobe Acrobat XI Pro.lnk - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe 
C:\Users\RODRIGO\Desktop\Awave Studio.lnk - C:\Program Files (x86)\Awave Studio\Awave Studio.exe 
C:\Users\RODRIGO\Desktop\bloco de notas - Atalho.lnk - E:\Meus Documentos\Downloads\2016.2\bloco de notas 
C:\Users\RODRIGO\Desktop\ChordPulse.lnk - C:\Program Files (x86)\ChordPulse\ChordPulse.exe 
C:\Users\RODRIGO\Desktop\Dicionário eletrônico Houaiss 3.lnk -  
C:\Users\RODRIGO\Desktop\Documents - Atalho.lnk - E:\Meus Documentos\Downloads\Documents 
C:\Users\RODRIGO\Desktop\DP9 (64 bit).lnk - C:\Program Files (x86)\MOTU\Digital Performer 9.1\DP.exe 
C:\Users\RODRIGO\Desktop\DVD Flick.lnk - C:\Program Files (x86)\DVD Flick\dvdflick.exe 
C:\Users\RODRIGO\Desktop\Google Books Download.lnk - C:\Program Files (x86)\PDFsvg\Google Books Download\GoogleBooks.exe 
C:\Users\RODRIGO\Desktop\i-Menu - Atalho.lnk - C:\Program Files (x86)\i-Menu\i-Menu.exe 
C:\Users\RODRIGO\Desktop\ImageEnlarger - Atalho.lnk - E:\Meus Documentos\Downloads\Programs\Image Enlarger-v0.8-win32\ImageEnlarger-v0.8\ImageEnlarger\ImageEnlarger.exe 
C:\Users\RODRIGO\Desktop\Internet Download Manager.lnk - C:\Program Files (x86)\Internet Download Manager\IDMan.exe 
C:\Users\RODRIGO\Desktop\MEGAsync.lnk - C:\Users\RODRIGO\AppData\Local\MEGAsync\MEGAsync.exe 
C:\Users\RODRIGO\Desktop\Melodyne Studio 4.lnk - C:\Program Files\Celemony\Melodyne Studio 4\Melodyne.exe 
C:\Users\RODRIGO\Desktop\Menu Iniciar no Sandboxie.lnk - C:\Program Files (x86)\Sandboxie\Start.exe /box:__ask__ start_menu
C:\Users\RODRIGO\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe 
C:\Users\RODRIGO\Desktop\Navegador web em uma caixa.lnk - C:\Program Files\Sandboxie\Start.exe default_browser
C:\Users\RODRIGO\Desktop\Paint.lnk - C:\Windows\system32\mspaint.exe 
C:\Users\RODRIGO\Desktop\PCN 2001 - Atalho.lnk - C:\Program Files (x86)\PCN2001\pcn2k1.exe 
C:\Users\RODRIGO\Desktop\PDFToMusic Pro v.1.0.4.lnk - C:\Program Files (x86)\PDFtoMusic Pro\PDFToMusic Pro.exe 
C:\Users\RODRIGO\Desktop\Viena.lnk - C:\Program Files (x86)\Viena\Viena.exe 
C:\Users\RODRIGO\Desktop\WIDI 4.0 Pro.lnk - C:\Program Files (x86)\WIDI 4.0 Pro\widi.exe 
C:\Users\RODRIGO\Desktop\WinDirStat.lnk - C:\Program Files (x86)\WinDirStat\windirstat.exe 
C:\Users\RODRIGO\Desktop\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\ACDSee Ultimate 9 (64-bit).lnk - C:\Program Files (x86)\ACD Systems\ACDSee Ultimate\9.0\ACDSeeUltimate9.exe 
C:\Users\Public\Desktop\Adobe Digital Editions 4.5.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe 
C:\Users\Public\Desktop\Ashampoo WinOptimizer 2017.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2017\WO2017.exe 
C:\Users\Public\Desktop\Audacity.lnk - C:\Program Files (x86)\Audacity\audacity.exe 
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 
C:\Users\Public\Desktop\Central de Soluções HP.lnk -  
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files\DAEMON Tools Lite\DTLauncher.exe 
C:\Users\Public\Desktop\Defraggler.lnk - C:\Program Files\Defraggler\Defraggler64.exe 
C:\Users\Public\Desktop\ePub Converter.lnk - E:\Program Files (x86)\eBook Converter\ePub Converter\epubconverter.exe 
C:\Users\Public\Desktop\Epubor Ultimate.lnk - C:\Program Files (x86)\Epubor\ultimate\ultimate.exe 
C:\Users\Public\Desktop\Finale 2014.5.lnk - C:\Program Files (x86)\Finale 2014.5\Finale.exe 
C:\Users\Public\Desktop\Finale.lnk - C:\Program Files (x86)\Finale\Finale.exe 
C:\Users\Public\Desktop\Foxit PhantomPDF.lnk - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitPhantomPDF.exe 
C:\Users\Public\Desktop\Freemake Video Converter.lnk - C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe 
C:\Users\Public\Desktop\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe 
C:\Users\Public\Desktop\Google2SRT.lnk - C:\Program Files (x86)\Google2SRT\Google2SRT.exe 
C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe 
C:\Users\Public\Desktop\IObit Malware Fighter.lnk - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe 
C:\Users\Public\Desktop\IObit Unlocker.lnk - C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.exe 
C:\Users\Public\Desktop\Kobo.lnk - C:\Program Files (x86)\Kobo\Kobo.exe 
C:\Users\Public\Desktop\Kontakt 5.lnk - C:\Program Files (x86)\Native Instruments\Kontakt 5\Kontakt 5.exe 
C:\Users\Public\Desktop\Lighten PDF Converter OCR.lnk - C:\Program Files (x86)\Lighten PDF Converter OCR\PDF Converter OCR.exe 
C:\Users\Public\Desktop\Loja de Suprimentos HP.lnk - C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe 
C:\Users\Public\Desktop\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe 
C:\Users\Public\Desktop\Neuro-Programmer 3.lnk - C:\Program Files (x86)\Neuro-Programmer 3\Neuro-Programmer 3.exe 
C:\Users\Public\Desktop\Notepad++.lnk - C:\Program Files (x86)\Notepad++\notepad++.exe 
C:\Users\Public\Desktop\Otimizador 1-Clique (WO2017).lnk - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2017\WO2017.exe -OCO
C:\Users\Public\Desktop\PDFPasswordRemover.lnk - C:\Program Files\PDF Password Remover\PPR.exe 
C:\Users\Public\Desktop\PhotoInstrument.lnk - C:\Program Files (x86)\PhotoInstrument\PhotoInstrument.exe 
C:\Users\Public\Desktop\PowerISO.lnk - C:\Program Files\PowerISO\PowerISO.exe 
C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe 
C:\Users\Public\Desktop\REAPER (x64).lnk - C:\Program Files\REAPER (x64)\reaper.exe 
C:\Users\Public\Desktop\Recuva.lnk - C:\Program Files\Recuva\recuva64.exe 
C:\Users\Public\Desktop\SmartScore X2 Pro.lnk - C:\Windows\Installer\{A6E3CDA1-ABA4-4E11-94E3-B05CDC80F496}\_670E72EBDA2B7C008ED37F.exe 
C:\Users\Public\Desktop\Sound Forge Pro 11.0.lnk - C:\Program Files (x86)\Sony\Sound Forge Pro 11.0\Forge110.exe 
C:\Users\Public\Desktop\Speccy.lnk - C:\Program Files\Speccy\Speccy64.exe 
C:\Users\Public\Desktop\SpectraLayers Pro 3.0.lnk - C:\Program Files (x86)\Sony\SpectraLayers Pro 3.0\Win64\SpectraLayers.exe 
C:\Users\Public\Desktop\STDU Converter.lnk - C:\Program Files (x86)\STDU Converter\STDUConverterApp.exe 
C:\Users\Public\Desktop\Vegas Pro 13.0 (64-bit).lnk - C:\Program Files (x86)\Sony\Vegas Pro 13.0\vegas130.exe 

==== shortcuts in Users Start Menu ======================

C:\Users\RODRIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\MEGA Website.lnk - C:\Users\RODRIGO\AppData\Local\MEGAsync\MEGA Website.url 
C:\Users\RODRIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\MEGAsync.lnk - C:\Users\RODRIGO\AppData\Local\MEGAsync\MEGAsync.exe 
C:\Users\RODRIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\Uninstall.lnk - C:\Users\RODRIGO\AppData\Local\MEGAsync\uninst.exe 
C:\Users\RODRIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk - C:\Users\RODRIGO\AppData\Local\MEGAsync\MEGAsync.exe 

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Central de Soluções HP.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center.lnk - C:\Program Files (x86)\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registro OCR I.R.I.S..lnk - C:\Program Files (x86)\HP\Digital Imaging\DocProc\regipe.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accusonus\ERA-D\Uninstall.lnk - C:\Program Files\Accusonus\ERA-D\unins000.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accusonus\Regroover Pro\Uninstall.lnk - C:\Program Files\Accusonus\Regroover Pro\unins000.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\DVD Flick.lnk - C:\Program Files (x86)\DVD Flick\dvdflick.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Uninstall  DVD Flick.lnk - C:\Program Files (x86)\DVD Flick\unins000.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\Changelog.lnk - C:\Program Files (x86)\DVD Flick\changelog.txt 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\GNU GPL License.lnk - C:\Program Files (x86)\DVD Flick\license.txt 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\Guide.lnk - C:\Program Files (x86)\DVD Flick\guide\index_en.html 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\Readme.lnk - C:\Program Files (x86)\DVD Flick\readme.txt 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Atualização HP.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Central de Soluções HP.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Loja de Suprimentos HP.lnk - C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photosmart Essential 3.5\Desinstalar HP Photosmart Essential 3.5.lnk - C:\Program Files (x86)\HP\Digital Imaging\photosmartessential\hpzscr01.exe -datfile hpqbud13.dat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photosmart Essential 3.5\HP Photosmart Essential 3.5.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Smart Web Printing\Ajuda da HP Smart Web Printing.lnk - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\Help\hpsmartprint.chm 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4400 series\Adicionar dispositivo.lnk - C:\Program Files (x86)\HP\Digital Imaging\{8181C5B7-2FF5-4677-BA6A-8E2C3F5A7601}\hpzstub.exe -addadevice
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4400 series\Ajuda.lnk - C:\Program Files (x86)\HP\Digital Imaging\help\aio47.chm 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4400 series\Desinstalar.lnk - C:\Program Files (x86)\HP\Digital Imaging\{8181C5B7-2FF5-4677-BA6A-8E2C3F5A7601}\setup\hpzscr40.exe -datfile hposcr29.dat -onestop
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4400 series\Leiame.lnk - C:\Program Files (x86)\HP\Digital Imaging\help\PS_AIO_03_C4400_readme\readme.html 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4400 series\Registro do produto.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe "HP Photosmart C4400 series"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4400 series\Site de suporte a produtos.lnk - C:\Program Files (x86)\HP\Digital Imaging\HP Photosmart C4400 series\help\HP Product Support Website.url 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter\Desinstalar IObit Malware Fighter.lnk - C:\Program Files (x86)\IObit\IObit Malware Fighter\unins001.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter\IObit Malware Fighter.lnk - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com\Memory Cleaner\Clear System Cache.lnk - C:\Users\RODRIGO\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe cache
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com\Memory Cleaner\Memory Cleaner.lnk - C:\Users\RODRIGO\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com\Memory Cleaner\Trim Processes' Working Set.lnk - C:\Users\RODRIGO\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe process
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com\Memory Cleaner\Uninstall Memory Cleaner.lnk - C:\Users\RODRIGO\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe uninstall
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lennar Digital Sylenth1 v2.2.1\Uninstall Sylenth1 v2.2.1.lnk - E:\Samples\Steinberg\VSTI  x64\Army of Ninjas Sylenth1 v2.2.1.1\unins000.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /show
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /disable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /enable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\ReaMote Slave (x64).lnk - C:\Program Files\REAPER (x64)\reamote.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\REAPER (x64) (create new project).lnk - C:\Program Files\REAPER (x64)\reaper.exe -new
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\REAPER (x64) (reset configuration to factory defaults).lnk - C:\Program Files\REAPER (x64)\reaper.exe -resetconfig
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\REAPER (x64) (ReWire slave mode).lnk - C:\Program Files\REAPER (x64)\reaper.exe -rewire
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\REAPER (x64) (show audio configuration on startup).lnk - C:\Program Files\REAPER (x64)\reaper.exe -audiocfg
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\REAPER (x64).lnk - C:\Program Files\REAPER (x64)\reaper.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\REAPER License and User Agreement.lnk - C:\Program Files\REAPER (x64)\license.txt 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\Uninstall REAPER (x64).lnk - C:\Program Files\REAPER (x64)\Uninstall.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\Whatsnew.txt.lnk - C:\Program Files\REAPER (x64)\whatsnew.txt 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Controle do Sandboxie.lnk - C:\Program Files\Sandboxie\SbieCtrl.exe /open
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Desinstalar o Sandboxie.lnk - C:\Windows\Installer\SandboxieInstall64.exe /remove
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Menu Iniciar no Sandboxie.lnk - C:\Program Files\Sandboxie\Start.exe /box:__ask__ start_menu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Rodar o navegador web em uma caixa de areia.lnk - C:\Program Files\Sandboxie\Start.exe default_browser
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Rodar o Windows Explorer em uma caixa de areia.lnk - C:\Program Files\Sandboxie\Start.exe .
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Rodar qualquer programa em uma caixa de areia.lnk - C:\Program Files\Sandboxie\Start.exe /box:__ask__ run_dialog
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe 

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\RODRIGO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 4.5.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe 
C:\Users\RODRIGO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\RODRIGO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\RODRIGO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Navegador web em uma caixa.lnk - C:\Program Files\Sandboxie\Start.exe default_browser
C:\Users\RODRIGO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\RODRIGO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\RODRIGO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe 
C:\Users\RODRIGO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe 
C:\Users\RODRIGO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk - C:\Windows\system32\notepad.exe 
C:\Users\RODRIGO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\RODRIGO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\RODRIGO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk - C:\Windows\system32\notepad.exe 
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductUpdater deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\RODRIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\RODRIGO\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== Reset WMI ======================

Os seguintes servi‡os sÆo dependentes do servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows.
Finalizar o servi‡o Testador de instrumenta‡Æo de gerenciam. do Windows tamb‚m finalizar  estes servi‡os.

   Central de Seguran‡a
   Auxiliar de IP

O servi‡o de Central de Seguran‡a est  sendo finalizado .
O servi‡o de Central de Seguran‡a foi finalizado com ˆxito.

O servi‡o de Auxiliar de IP est  sendo finalizado .
O servi‡o de Auxiliar de IP foi finalizado com ˆxito.

O servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows est  sendo finalizado .
O servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows foi finalizado com ˆxito.

C:\Windows\system32\wbem\repository renamed to repository.old
C:\Windows\syswow64\wbem\repository renamed to repository.old

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\RODRIGO\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\RODRIGO\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 08/07/2017 at 10:53:19,63 ======================
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

Outra coisa Elias. Ontem, o Malwarebytes (MB) disse que meu último scan tinha sido no dia 08. Ele escaneou automaticamente e pegou várias pragas. Backdoors no SVCHOST, PUP.optionals, mas como você não pediu pra que eu passasse o scan do MB novamente, eu não deletei esses infecções encontradas. Daí, fechei o programa sem excluir as detecções. Pouco depois de enviar essa mensagem, me antecipei e passei o scan do MB. Te mando também o log das infecções encontradas:

====================================================================================================================================================

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 08/07/17
Hora da análise: 11:05
Arquivo de registro: Malwarebytes log.txt
Administrador: Sim

-Informação do software-
Versão: 3.1.2.1733
Versão de componentes: 1.0.141
Versão do pacote de definições: 1.0.2319
Licença: Grátis

-Informação do sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x64
Sistema de arquivos: NTFS
Usuário: RODRIGO-PC\RODRIGO

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Resultado: Concluído
Objetos verificados: 405218
Ameaças detectadas: 18
Ameaças em quarentena: 0
(Nenhum item malicioso detectado)
Tempo decorrido: 0 min, 48 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Desabilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

-Detalhes da análise-
Processo: 2
Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\SVCHOST.EXE, Nenhuma ação do usuário, [675], [355551],1.0.2319
Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\EXPLORER.EXE, Nenhuma ação do usuário, [675], [355551],1.0.2319

Módulo: 2
Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\SVCHOST.EXE, Nenhuma ação do usuário, [675], [355551],1.0.2319
Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\EXPLORER.EXE, Nenhuma ação do usuário, [675], [355551],1.0.2319

Chave de registro: 1
PUP.Optional.InstallCore, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DAEMON Tools Lite, Nenhuma ação do usuário, [3], [407013],1.0.2319

Valor de registro: 4
Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Svchost, Nenhuma ação do usuário, [675], [355551],1.0.2319
Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Svchost, Nenhuma ação do usuário, [675], [355551],1.0.2319
Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Explorer, Nenhuma ação do usuário, [675], [355551],1.0.2319
Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Explorer, Nenhuma ação do usuário, [675], [355551],1.0.2319

Dados de registro: 1
Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell, Nenhuma ação do usuário, [675], [355551],1.0.2319

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 0
(Nenhum item malicioso detectado)

Arquivo: 8
Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\SVCHOST.EXE, Nenhuma ação do usuário, [675], [355551],1.0.2319
Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\EXPLORER.EXE, Nenhuma ação do usuário, [675], [355551],1.0.2319
Backdoor.Agent.Generic, C:\USERS\RODRIGO\APPDATA\ROAMING\MRSYS.EXE, Nenhuma ação do usuário, [675], [355551],1.0.2319
PUP.Optional.InstallCore, C:\PROGRAM FILES\DAEMON TOOLS LITE\UNINST.EXE, Nenhuma ação do usuário, [3], [407013],1.0.2319
Backdoor.Agent.Generic, C:\USERS\RODRIGO\APPDATA\LOCAL\STSYS.EXE, Nenhuma ação do usuário, [675], [355551],1.0.2319
Backdoor.Agent.Generic, C:\USERS\RODRIGO\DOWNLOADS\ZA-SCAN.EXE,, Nenhuma ação do usuário, [675], [355551],1.0.2319
Backdoor.Agent.Generic, C:\USERS\RODRIGO\APPDATA\LOCAL\VIRTUALSTORE\DRIVER PARA HP PHOTOSMART C4480.EXE,, Nenhuma ação do usuário, [675], [355551],1.0.2319
RiskWare.HeuristicsReservedWordExploit, C:\WINDOWS\SYSTEM\SPOOLSV.EXE, Nenhuma ação do usuário, [15497], [293552],1.0.2319

Setor físico: 0
(Nenhum item malicioso detectado)


(end)

====================================================================================================================================

Devo rodar o MB novamente e excluir essas detecções ou devo aguardar a tua orientação aqui?

Outra coisa Elias. O Z-scan eliminou todas as minhas extensões no google chrome (adblocks e similares).

Estou reinstalando porque a navegação sem essas coisas é simplesmente inviável.

Mais uma vez muito obrigado por toda ajuda.

 

Editado por Rodrigow
Completar o post

Compartilhar este post


Link para o post
Compartilhar em outros sites
Em 08/07/2017 at 11:07, Rodrigow disse:

Devo rodar o MB novamente e excluir essas detecções ou devo aguardar a tua orientação aqui?

Outra coisa Elias. O Z-scan eliminou todas as minhas extensões no google chrome (adblocks e similares).

Estou reinstalando porque a navegação sem essas coisas é simplesmente inviável.

Mais uma vez muito obrigado por toda ajuda.

Ok. Rode o MB novamente e depois remova as entradas encontradas.

Compartilhar este post


Link para o post
Compartilhar em outros sites

TÓPICO ARQUIVADO


Como o autor não respondeu ao tópico por um prazo superior ao permitido, o mesmo foi arquivado.

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um moderador ou assistente com um link para este tópico e justifique porque você precisa dele reaberto.Há um prazo máximo para reabertura de tópicos. Consulte as regras do fórum para conhecer os prazos.

Compartilhar este post


Link para o post
Compartilhar em outros sites

TÓPICO REABERTO


Tópico reaberto de acordo com o pedido do autor.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Rode o MB novamente e depois remova as entradas encontradas.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Elias e amigos do fórum! obrigado por reabri. Eis ai o log do MB. 

OBS: ele não permitiu deletar, apenas mover para quarentena:

 

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 27/07/17
Hora da análise: 08:34
Arquivo de registro: mb log.txt
Administrador: Sim

-Informação do software-
Versão: 3.1.2.1733
Versão de componentes: 1.0.160
Versão do pacote de definições: 1.0.2448
Licença: Grátis

-Informação do sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x64
Sistema de arquivos: NTFS
Usuário: RODRIGO-PC\RODRIGO

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Resultado: Concluído
Objetos verificados: 389516
Ameaças detectadas: 19
Ameaças em quarentena: 0
(Nenhum item malicioso detectado)
Tempo decorrido: 1 min, 28 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Desabilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

-Detalhes da análise-
Processo: 2
Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\EXPLORER.EXE, Nenhuma ação do usuário, [626], [355551],1.0.2448
Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\SVCHOST.EXE, Nenhuma ação do usuário, [626], [355551],1.0.2448

Módulo: 2
Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\EXPLORER.EXE, Nenhuma ação do usuário, [626], [355551],1.0.2448
Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\SVCHOST.EXE, Nenhuma ação do usuário, [626], [355551],1.0.2448

Chave de registro: 1
PUP.Optional.InstallCore, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DAEMON Tools Lite, Nenhuma ação do usuário, [2], [407013],1.0.2448

Valor de registro: 4
Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Explorer, Nenhuma ação do usuário, [626], [355551],1.0.2448
Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Explorer, Nenhuma ação do usuário, [626], [355551],1.0.2448
Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Svchost, Nenhuma ação do usuário, [626], [355551],1.0.2448
Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Svchost, Nenhuma ação do usuário, [626], [355551],1.0.2448

Dados de registro: 1
Backdoor.Agent.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell, Nenhuma ação do usuário, [626], [355551],1.0.2448

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 0
(Nenhum item malicioso detectado)

Arquivo: 9
Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\EXPLORER.EXE, Nenhuma ação do usuário, [626], [355551],1.0.2448
Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\SVCHOST.EXE, Nenhuma ação do usuário, [626], [355551],1.0.2448
Backdoor.Agent.Generic, C:\USERS\RODRIGO\APPDATA\ROAMING\MRSYS.EXE, Nenhuma ação do usuário, [626], [355551],1.0.2448
PUP.Optional.InstallCore, C:\PROGRAM FILES\DAEMON TOOLS LITE\UNINST.EXE, Nenhuma ação do usuário, [2], [407013],1.0.2448
Backdoor.Agent.Generic, C:\USERS\RODRIGO\DOWNLOADS\ZA-SCAN.EXE,, Nenhuma ação do usuário, [626], [355551],1.0.2448
Backdoor.Agent.Generic, C:\USERS\RODRIGO\APPDATA\LOCAL\STSYS.EXE, Nenhuma ação do usuário, [626], [355551],1.0.2448
Backdoor.Agent.Generic, C:\USERS\RODRIGO\APPDATA\LOCAL\VIRTUALSTORE\DRIVER PARA HP PHOTOSMART C4480.EXE,, Nenhuma ação do usuário, [626], [355551],1.0.2448
Backdoor.Agent.Generic, C:\USERS\RODRIGO\APPDATA\LOCAL\ICSYS.ICN.EXE, Nenhuma ação do usuário, [626], [355551],1.0.2448
Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\SPOOLSV.EXE, Nenhuma ação do usuário, [626], [355551],1.0.2448

Setor físico: 0
(Nenhum item malicioso detectado)


(end)

 

No aguardo das instruções!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Acesse o VirusTotal no link abaixo e siga as instruções para analisar o arquivo:
http://www.virustotal.com/

  1. Antes selecione a opção Arquivo como mostra a imagem abaixo:
    2qvun9v.png
  2. Clique em Selecionar arquivo
  3. Copie o conteudo do CODE abaixo:
    OBS: Copie uma linha por vez.
    C:\WINDOWS\SYSTEM\EXPLORER.EXE

  4. Cole onde diz: Nome do arquivo: e clique em Abrir
  5. Clique em Analise!
  6. Se aparecer a mensagem que já foi analisado, clique em Reanalizar
  7. Aguarde a análise terminar, então copie e cole a URL/Link do site na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Rodrigow Você ainda precisa de análise para este PC? Por gentileza informe-nos.

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Rodrigow

Desculpa pela imensa demora.

Faça o download do RogueKiller by Tigzy, e salve na sua área de trabalho (Desktop).
roguekiller.exe (x64) << link

  • Feche todos os programasExecute RogueKiller.exe.
    ** Usuários do Windows Vista, Windows 7 e Windows 8:
    Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em VRIfczU.png.
  • Quando a janela da Eula aparecer, clique em Accept.
  • Selecione a aba SCAN
  • Clique em START SCAN
  • Aguarde ate que o scan termine...
  • Clique no botão OPEN REPORT
  • Clique na opção EXPORT TXT e salve na Área de Trabalho com o nome de roguekiller.txt
  • Clique em OK e feche o RogueKiller.



Atente para abrir o arquivo, copiar e colar todo o conteúdo na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

TÓPICO ARQUIVADO


Como o autor não respondeu ao tópico por um prazo superior ao permitido, o mesmo foi arquivado.

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um moderador ou assistente com um link para este tópico e justifique porque você precisa dele reaberto.Há um prazo máximo para reabertura de tópicos. Consulte as regras do fórum para conhecer os prazos.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

  • Quem Está Navegando   0 membros estão online

    Nenhum usuário registrado visualizando esta página.