Logo Hardware.com.br
Daniel Sadler
Daniel Sadle... Novo Membro Registrado
6 Mensagens 0 Curtidas

Log Combofix

#1 Por Daniel Sadle... 10/07/2015 - 11:53
Olá.

[code=log ComboFix]
ComboFix 15-07-10.01 - GEDI 10/07/2015 10:18:16.2.6 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1033.18.4094.2827 [GMT -3:00]
Executando de: c:\users\GEDI\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Skype\Phone\Skype.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeUpdateService
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2015-06-10 to 2015-07-10 ))))))))))))))))))))))))))))
.
.
2015-07-10 13:25 . 2015-07-10 13:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-10 12:57 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3428234C-39B2-4721-8979-7011027FA411}\mpengine.dll
2015-07-08 00:28 . 2015-07-10 12:59 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-08 00:27 . 2015-07-08 00:28 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-07-08 00:27 . 2015-07-08 00:27 -------- d-----w- c:\programdata\Malwarebytes
2015-07-08 00:27 . 2015-06-18 11:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-07-08 00:27 . 2015-06-18 11:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-08 00:27 . 2015-06-18 11:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-07-07 23:29 . 2015-07-07 23:29 -------- d-----w- c:\windows\MATS
2015-07-07 23:29 . 2015-07-07 23:29 -------- d-----w- c:\program files\Microsoft Fix it Center
2015-07-07 23:14 . 2015-07-07 23:14 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-07-07 16:31 . 2015-07-07 16:30 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-07-07 16:30 . 2015-07-07 16:30 43112 ----a-w- c:\windows\avastSS.scr
2015-06-30 20:00 . 2015-06-30 20:00 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2015-06-30 19:00 . 2015-06-30 19:00 -------- d-----w- c:\program files (x86)\Skillbrains
2015-06-30 14:36 . 2015-06-30 20:11 -------- d-----w- c:\program files\Reason
2015-06-29 14:40 . 2015-05-19 03:29 46768 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2015-06-29 14:40 . 2015-05-19 03:14 57520 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2015-06-29 14:19 . 2015-06-29 14:19 986368 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2015-06-29 14:19 . 2015-06-29 14:19 82544 ----a-w- c:\windows\system32\RtNicProp64.dll
2015-06-29 14:18 . 2015-06-29 14:18 11944 ----a-w- c:\windows\system32\drivers\amdide64.sys
2015-06-29 13:59 . 2015-06-29 13:59 -------- d-----w- c:\program files\Common Files\Bitdefender
2015-06-23 17:33 . 2015-06-23 17:33 -------- d-----w- c:\users\GEDI\AppData\Roaming\Sony Creative Software Inc
2015-06-17 18:33 . 2015-06-17 18:33 -------- d-----w- c:\users\GEDI\AppData\Local\YSearchUtil
2015-06-17 18:31 . 2015-06-17 18:31 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-06-14 11:52 . 2015-06-14 11:52 -------- d-----w- C:\found.001
2015-06-12 00:05 . 2015-07-10 12:33 -------- d-----w- c:\programdata\boost_interprocess
2015-06-11 23:59 . 2015-06-24 17:18 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-11 23:58 . 2015-06-11 23:58 -------- d-----w- c:\windows\system32\Macromed
2015-06-11 23:48 . 2015-06-11 23:48 -------- d-----w- c:\programdata\GAS Tecnologia
2015-06-11 23:48 . 2015-07-08 00:02 -------- d-----w- c:\program files (x86)\GbPlugin
2015-06-11 23:48 . 2015-06-12 10:19 -------- d-----w- c:\programdata\GbPlugin
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-07 16:31 . 2015-03-26 02:45 442264 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-07-07 16:30 . 2015-03-26 02:45 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-07-07 16:30 . 2015-03-26 02:45 137288 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-07-07 16:30 . 2015-03-26 02:45 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-07-07 16:30 . 2015-03-26 02:45 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-07-07 16:30 . 2015-03-26 02:45 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-07-07 16:30 . 2015-03-26 02:45 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-07-07 16:30 . 2015-03-26 02:45 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-06-29 14:19 . 2015-03-26 02:23 116304 ----a-w- c:\windows\system32\RTNUninst64.dll
2015-06-24 17:18 . 2015-04-28 19:30 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-24 11:36 . 2015-03-26 03:02 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-06-24 11:36 . 2015-03-26 03:02 1571696 ----a-w- c:\windows\system32\nvspcap64.dll
2015-06-24 11:36 . 2015-03-26 03:02 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-06-23 16:30 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-17 18:30 . 2015-03-26 02:35 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-27 03:04 . 2015-03-28 04:34 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:01 . 2015-06-10 15:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-19 03:14 . 2015-03-26 02:55 61616 ----a-w- c:\windows\system32\nvaudcap64v.dll
2015-05-16 22:36 . 2015-05-16 22:36 15416 ----a-w- c:\windows\system32\drivers\ASACPI.sys
2015-05-16 18:58 . 2015-05-16 18:58 26528 ----a-w- c:\windows\SysWow64\drivers\HWiNFO64A.SYS
2015-05-01 13:17 . 2015-05-12 18:56 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-12 18:56 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-12 18:33 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-12 18:33 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-12 18:33 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-12 18:36 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-12 18:36 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-14 06:38 . 2015-04-14 06:38 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-04-13 03:28 . 2015-05-12 18:34 328704 ----a-w- c:\windows\system32\services.exe
2015-03-29 15:37 . 2015-03-29 15:37 506880 ----a-w- c:\program files\CustomHooks.dll
2015-03-29 15:33 . 2015-03-29 15:33 662208 ----a-w- c:\program files\updaternotifications.dll
2015-03-29 15:32 . 2015-03-29 15:32 2596864 ----a-w- c:\program files\libcurl.dll
2015-03-29 15:32 . 2015-03-29 15:32 13916672 ----a-w- c:\program files\icudt40.dll
2015-03-29 15:32 . 2015-03-29 15:32 1121792 ----a-w- c:\program files\icuuc40.dll
2015-03-29 15:32 . 2015-05-29 19:01 2736320 ----a-w- c:\program files\amtlib.dll.BAK
2015-03-29 15:32 . 2015-03-29 15:32 927232 ----a-w- c:\program files\boost_regex.dll
2015-03-29 15:32 . 2015-03-29 15:32 89600 ----a-w- c:\program files\boost_signals.dll
2015-03-29 15:32 . 2015-03-29 15:32 7888576 ----a-w- c:\program files\dvaui.dll
2015-03-29 15:32 . 2015-03-29 15:32 75776 ----a-w- c:\program files\boost_date_time.dll
2015-03-29 15:32 . 2015-03-29 15:32 4955328 ----a-w- c:\program files\dvaadameve.dll
2015-03-29 15:32 . 2015-03-29 15:32 2951360 ----a-w- c:\program files\dvacore.dll
2015-03-29 15:32 . 2015-03-29 15:32 2736320 ------w- c:\program files\amtlib.dll
2015-03-29 15:32 . 2015-03-29 15:32 24064 ----a-w- c:\program files\boost_system.dll
2015-03-29 15:32 . 2015-03-29 15:32 1614528 ----a-w- c:\program files\exo.dll
2015-03-29 15:32 . 2015-03-29 15:32 144384 ----a-w- c:\program files\boost_filesystem.dll
2015-03-29 15:32 . 2015-03-29 15:32 1410752 ----a-w- c:\program files\dvaworkspace.dll
2015-03-29 15:32 . 2015-03-29 15:32 132096 ----a-w- c:\program files\boost_threads.dll
2015-03-29 15:32 . 2015-03-29 15:32 115904 ----a-w- c:\program files\dvaflashview.dll
2015-03-29 15:32 . 2015-03-29 15:32 1028448 ----a-w- c:\program files\axlibv7.dll
2015-03-29 15:32 . 2015-03-29 15:32 6315200 ----a-w- c:\program files\WebKit.dll
2015-03-29 15:32 . 2015-03-29 15:32 43712 ----a-w- c:\program files\adbeape.dll
2015-03-29 15:32 . 2015-03-29 15:32 428224 ----a-w- c:\program files\adobe_caps.dll
2015-03-29 15:32 . 2015-03-29 15:32 2886496 ----a-w- c:\program files\adobe_oobelib.dll
2015-03-29 15:32 . 2015-03-29 15:32 179904 ----a-w- c:\program files\adbeapecore.dll
2015-03-29 15:32 . 2015-03-29 15:32 1406144 ----a-w- c:\program files\WRServices.dll
2015-03-29 15:32 . 2015-03-29 15:32 11759296 ----a-w- c:\program files\adbeapeengine.dll
2015-03-29 15:32 . 2015-03-29 15:32 1140576 ----a-w- c:\program files\adobe_upgrade.dll
2015-03-29 15:32 . 2015-03-29 15:32 6271680 ----a-w- c:\program files\NPSWF32.dll
2015-03-29 15:32 . 2015-03-29 15:32 34496 ----a-w- c:\program files\MuseOobeCall.exe
2015-03-29 15:32 . 2015-03-29 15:32 694976 ----a-w- c:\program files\LogSession.dll
2015-03-29 15:32 . 2015-03-29 15:32 473280 ----a-w- c:\program files\LogTransport2.exe
2015-03-29 15:32 . 2015-03-29 15:32 14320320 ----a-w- c:\program files\Muse.exe
2015-03-29 15:30 . 2015-03-29 15:30 12992 ----a-w- c:\program files\CustomAction.dll
2015-03-29 15:30 . 2015-03-29 15:30 678592 ----a-w- c:\program files\AdobeXMP.dll
2015-03-29 15:30 . 2015-03-29 15:30 482496 ----a-w- c:\program files\AdobePIP.dll
2015-03-29 15:30 . 2015-03-29 15:30 423104 ----a-w- c:\program files\BIB.dll
2015-03-29 15:30 . 2015-03-29 15:30 2284736 ----a-w- c:\program files\AdobeOwl.dll
2015-03-29 15:30 . 2015-03-29 15:30 224448 ----a-w- c:\program files\AXE8SharedExpat.dll
2015-03-29 15:30 . 2015-03-29 15:30 1689280 ----a-w- c:\program files\AdobeLinguistic.dll
2015-03-29 15:30 . 2015-03-29 15:30 1373376 ----a-w- c:\program files\AIDE.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-11-21 7063832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-07-07 5515496]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2015-07-02 2303152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399017}"= "c:\program files (x86)\GbPlugin\gbiehbnt.dll" [2014-09-04 1722880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBnt]
2014-09-04 19:17 1722880 ----a-w- c:\program files (x86)\GbPlugin\gbiehbnt.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe;c:\program files\Microsoft Fix it Center\Matsvc.exe [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
R4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [x]
R4 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [x]
R4 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
R4 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R4 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S0 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys;c:\windows\SYSNATIVE\DRIVERS\amdide64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]
S2 RtDashPt;Realtek DASH Protocol Driver;c:\windows\system32\DRIVERS\RtDashPt.sys;c:\windows\SYSNATIVE\DRIVERS\RtDashPt.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-07 22:41 991048 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.132\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2015-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-11 17:18]
.
2015-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-26 02:28]
.
2015-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-26 02:28]
.
2015-07-10 c:\windows\Tasks\RtlDashSrvStart.job
- c:\program files (x86)\Realtek\RtkDashClientInstaller\RtkDashClient.exe [2011-09-22 18:21]
.
2015-07-09 c:\windows\Tasks\update-S-1-5-21-2262729717-3660117857-1048417266-1000.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2015-06-30 16:29]
.
2015-07-10 c:\windows\Tasks\update-sys.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2015-06-30 16:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2015-06-13 17:17 803488 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2015-06-13 17:17 803488 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2015-06-13 17:17 803488 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-07-07 16:30 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = www.google.com
uStart Page = https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: banestes.com.br\seg
Trusted Zone: banestes.com.br\www
Trusted Zone: banestes.com.br\wwws
TCP: DhcpNameServer = 177.84.99.254 8.8.8.8 192.168.1.1
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-2262729717-3660117857-1048417266-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7BFEA890-ACEA-CF76-9A42-C3ED97A02226}*]
"haepibjdlnpibhng"=hex:69,61,62,6f,6e,65,6d,6c,6c,6c,69,6f,63,70,62,69,6a,66,
00,77
"iagaomaiknfoloicbl"=hex:63,61,6e,6f,63,6a,00,01
"iakpockhndpnndaaoh"=hex:69,61,6e,6f,6a,6a,66,63,6d,61,69,6a,65,67,66,6b,6f,6b,
00,77
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Tempo para conclusão: 2015-07-10 10:34:53 - Máquina reiniciou
ComboFix-quarantined-files.txt 2015-07-10 13:34
ComboFix2.txt 2015-07-07 13:50
.
Pré-execução: 210.690.363.392 bytes disponíveis
Pós execução: 210.883.743.744 bytes disponíveis
.
- - End Of File - - A52C809D4E405772810C7B820A66C443
A36C5E4F47E84449FF07ED3517B43A31

[/code]
log combofix windows 10 log avast x64 updated combofix gedi
caedurodrigues
caedurodrigu... Tô em todas Registrado
710 Mensagens 257 Curtidas
#2 Por caedurodrigu...
10/07/2015 - 14:03
Boa tarde Daniel, informe o que está ocorrendo com o seu equipamento.
  • Baixe: <ZHPDiag3 ><Imagem> ( ...Nicolas Coolman)
  • Na página, clique Imagem
  • Salve-a no Desktop (Área de trabalho)
  • Dê um duplo clique para executar Imagem.
  • Para Windows 7, 8 clique direito e depois em Imagem
  • Clique "Eu"
    Imagem
  • Clique em Scanner
  • Após a Conclusão
    Imagem
  • Clique em Relatório
  • Obs: O relatório por ser extenso deve ser postado em um desses sites:
  • Acesse: <Imagem>
  • Ou acesse:<Imagem>
  • Ou anexe-o ao fórum.
  • Maiores informações:<Link> << Hospedagem !
caedurodrigues
caedurodrigu... Tô em todas Registrado
710 Mensagens 257 Curtidas
#4 Por caedurodrigu...
10/07/2015 - 19:09
Boa noite Daniel, eu gostaria que você informasse melhor o que vem ocorrendo com o seu equipamento por gentileza.
  • Baixe: <Imagem>
  • Estando na página,clique: Imagem
  • Salve na Desktop, instale a ferramenta.
  • Execute este script na ferramenta ZHPFix.
  • Copie estas informações que estão em vermelho para o Bloco de notas.
  • Com o Bloco de notas aberto, faça: ctrl+a >> ctrl+c.
  • À seguir, minimize o Bloco de notas.

Script ZHPFix
SysRestore
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com/
O2 - BHO: (no name) [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Orphean)
O2 - BHO: G-Buster Browser Defense BANESTES [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540017} (Orphean)
O2 - BHO: (no name) [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} (Orphean)
HKLM\SOFTWARE\Wow6432Node\IObit
HKLM\SOFTWARE\Wow6432Node\Skillbrains =>PUP.Optional.SkillBrains
HKCU\SOFTWARE\eSupport.com =>PUP.Optional.eSupport
HKCU\SOFTWARE\MediaProgramasGen =>PUP.Optional.InstallCore
HKCU\SOFTWARE\SimplyTech =>PUP.Optional.SimplyTech
HKCU\SOFTWARE\SkillBrains =>PUP.Optional.SkillBrains
O43 - CFD: 2015/05/08 18:15:02 - [0] D -- C:\Program Files (x86)\NJax
O43 - CFD: 2015/06/30 16:00:16 - [] D -- C:\Program Files (x86)\Skillbrains =>PUP.Optional.SkillBrains
O43 - CFD: 2015/07/10 09:33:52 - [] D -- C:\ProgramData\boost_interprocess
O43 - CFD: 2015/05/16 15:59:00 - [] D -- C:\ProgramData\IObit
O43 - CFD: 2015/05/16 15:58:59 - [] D -- C:\Users\GEDI\AppData\Roaming\IObit
O43 - CFD: 2015/03/28 08:27:20 - [] D -- C:\Users\GEDI\AppData\Local\CrashRpt =>SUP.CrashReports
O43 - CFD: 2015/03/25 23:29:17 - [0] D -- C:\Users\GEDI\AppData\Local\eSupport.com =>PUP.Optional.eSupport
O53 - SMSR:HKLM\...\startupreg\Lightshot [Key] . (...) -- C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe (.not file.) =>PUP.Optional.SkillBrains
O69 - SBI: SearchScopes [HKCU] {663124E0-1ECE-4F8B-88A7-F4E88170E500} [DefaultScope] - (Yahoo Search) - http://br.search.yahoo.com/
HKLM\SOFTWARE\Wow6432Node\Skillbrains =>PUP.Optional.SkillBrains
HKCU\SOFTWARE\eSupport.com =>PUP.Optional.eSupport
HKCU\SOFTWARE\MediaProgramasGen =>PUP.Optional.InstallCore
HKCU\SOFTWARE\SimplyTech =>PUP.Optional.SimplyTech
HKCU\SOFTWARE\SkillBrains =>PUP.Optional.SkillBrains
C:\Program Files (x86)\Skillbrains =>PUP.Optional.SkillBrains
C:\Users\GEDI\AppData\Local\CrashRpt =>SUP.CrashReports
C:\Users\GEDI\AppData\Local\eSupport.com =>PUP.Optional.eSupport
EmptyClsid
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash


Abra a ferramenta ZHPFix. <Imagem>
Clique em IMPORTAÇÃO > OK
Clique "GO".
Poste o Relatório!


Um grande abraço.

Imagem Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.
Daniel Sadler
Daniel Sadle... Novo Membro Registrado
6 Mensagens 0 Curtidas
#5 Por Daniel Sadle...
11/07/2015 - 11:43
Olá, desculpe não ter detalhado. O problema é o seguinte, eu estou tentando desinstalar alguns programas, mais especificamente da Adobe, mas ele diz que não é possível achar Setup.exe. Já tentei Revo Uninstaller e nada, ele não consegue criar ponto de restauração. O Fix It da Microsoft não consegue rodar tb, dá erro. Algumas atualizações do próprio Windows tb não foram instaladas e quando tento instalá-las novamente não consigo. Vou tentar isso que vc me mandou agora no PC e dou um retorno aqui.

Até agora muito obrigado!

caedurodrigues disse:
Boa noite Daniel, eu gostaria que você informasse melhor o que vem ocorrendo com o seu equipamento por gentileza.
  • Baixe: <Imagem>
  • Estando na página,clique: Imagem
  • Salve na Desktop, instale a ferramenta.
  • Execute este script na ferramenta ZHPFix.
  • Copie estas informações que estão em vermelho para o Bloco de notas.
  • Com o Bloco de notas aberto, faça: ctrl+a >> ctrl+c.
  • À seguir, minimize o Bloco de notas.

Script ZHPFix
SysRestore
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com/
O2 - BHO: (no name) [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Orphean)
O2 - BHO: G-Buster Browser Defense BANESTES [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540017} (Orphean)
O2 - BHO: (no name) [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} (Orphean)
HKLM\SOFTWARE\Wow6432Node\IObit
HKLM\SOFTWARE\Wow6432Node\Skillbrains =>PUP.Optional.SkillBrains
HKCU\SOFTWARE\eSupport.com =>PUP.Optional.eSupport
HKCU\SOFTWARE\MediaProgramasGen =>PUP.Optional.InstallCore
HKCU\SOFTWARE\SimplyTech =>PUP.Optional.SimplyTech
HKCU\SOFTWARE\SkillBrains =>PUP.Optional.SkillBrains
O43 - CFD: 2015/05/08 18:15:02 - [0] D -- C:\Program Files (x86)\NJax
O43 - CFD: 2015/06/30 16:00:16 - [] D -- C:\Program Files (x86)\Skillbrains =>PUP.Optional.SkillBrains
O43 - CFD: 2015/07/10 09:33:52 - [] D -- C:\ProgramData\boost_interprocess
O43 - CFD: 2015/05/16 15:59:00 - [] D -- C:\ProgramData\IObit
O43 - CFD: 2015/05/16 15:58:59 - [] D -- C:\Users\GEDI\AppData\Roaming\IObit
O43 - CFD: 2015/03/28 08:27:20 - [] D -- C:\Users\GEDI\AppData\Local\CrashRpt =>SUP.CrashReports
O43 - CFD: 2015/03/25 23:29:17 - [0] D -- C:\Users\GEDI\AppData\Local\eSupport.com =>PUP.Optional.eSupport
O53 - SMSR:HKLM\...\startupreg\Lightshot [Key] . (...) -- C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe (.not file.) =>PUP.Optional.SkillBrains
O69 - SBI: SearchScopes [HKCU] {663124E0-1ECE-4F8B-88A7-F4E88170E500} [DefaultScope] - (Yahoo Search) - http://br.search.yahoo.com/
HKLM\SOFTWARE\Wow6432Node\Skillbrains =>PUP.Optional.SkillBrains
HKCU\SOFTWARE\eSupport.com =>PUP.Optional.eSupport
HKCU\SOFTWARE\MediaProgramasGen =>PUP.Optional.InstallCore
HKCU\SOFTWARE\SimplyTech =>PUP.Optional.SimplyTech
HKCU\SOFTWARE\SkillBrains =>PUP.Optional.SkillBrains
C:\Program Files (x86)\Skillbrains =>PUP.Optional.SkillBrains
C:\Users\GEDI\AppData\Local\CrashRpt =>SUP.CrashReports
C:\Users\GEDI\AppData\Local\eSupport.com =>PUP.Optional.eSupport
EmptyClsid
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash


Abra a ferramenta ZHPFix. <Imagem>
Clique em IMPORTAÇÃO > OK
Clique "GO".
Poste o Relatório!


Um grande abraço.

Imagem Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.
Daniel Sadler
Daniel Sadle... Novo Membro Registrado
6 Mensagens 0 Curtidas
#6 Por Daniel Sadle...
14/07/2015 - 13:30
Segue o log do ZHP Fix:

Rapport de ZHPFix 2015.7.7.6 par Nicolas Coolman, Update du 07/07/2015
Fichier d'export Registre :
Run by GEDI at 14/07/2015 13:28:28
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 03s)
Prefetcher vazio

========== Chaves do Registo ==========
ELIMINÉ: CLSID BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
ELIMINÉ: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540017}
ELIMINÉ: CLSID BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9}
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\IObit
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Skillbrains
ELIMINÉ: HKCU\SOFTWARE\eSupport.com
ELIMINÉ: HKCU\SOFTWARE\MediaProgramasGen
ELIMINÉ: HKCU\SOFTWARE\SimplyTech
ELIMINÉ: HKCU\SOFTWARE\SkillBrains
ELIMINÉ:* StartupReg: Lightshot
ELIMINÉ: SearchScopes :{663124E0-1ECE-4F8B-88A7-F4E88170E500}

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (None) : {947850FC-A7D0-4707-B8ED-387308EF0254}

========== Elementos dos dados do Registo ==========
ELIMINÉ: R0 - Main,Start Page = KCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (43)
ELIMINÉ Flash Cookies (0)

========== Ficheiros ==========
ELIMINÉ Temporários windows (186) (40.636.137 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Nenhum ponto de restauro do sistema foi criado


========== Recapitulativo ==========
11 : Chaves do Registo
3 : Valores do Registo
1 : Elementos dos dados do Registo
3 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 15s

========== Caminho do ficheiro do relatório ==========
C:\Users\GEDI\AppData\Roaming\ZHP\ZHPFix[R1].txt - 14/07/2015 13:28:31 [1816]


caedurodrigues disse:
Boa noite Daniel, eu gostaria que você informasse melhor o que vem ocorrendo com o seu equipamento por gentileza.
  • Baixe: <Imagem>
  • Estando na página,clique: Imagem
  • Salve na Desktop, instale a ferramenta.
  • Execute este script na ferramenta ZHPFix.
  • Copie estas informações que estão em vermelho para o Bloco de notas.
  • Com o Bloco de notas aberto, faça: ctrl+a >> ctrl+c.
  • À seguir, minimize o Bloco de notas.

Script ZHPFix
SysRestore
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com/
O2 - BHO: (no name) [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Orphean)
O2 - BHO: G-Buster Browser Defense BANESTES [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540017} (Orphean)
O2 - BHO: (no name) [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} (Orphean)
HKLM\SOFTWARE\Wow6432Node\IObit
HKLM\SOFTWARE\Wow6432Node\Skillbrains =>PUP.Optional.SkillBrains
HKCU\SOFTWARE\eSupport.com =>PUP.Optional.eSupport
HKCU\SOFTWARE\MediaProgramasGen =>PUP.Optional.InstallCore
HKCU\SOFTWARE\SimplyTech =>PUP.Optional.SimplyTech
HKCU\SOFTWARE\SkillBrains =>PUP.Optional.SkillBrains
O43 - CFD: 2015/05/08 18:15:02 - [0] D -- C:\Program Files (x86)\NJax
O43 - CFD: 2015/06/30 16:00:16 - [] D -- C:\Program Files (x86)\Skillbrains =>PUP.Optional.SkillBrains
O43 - CFD: 2015/07/10 09:33:52 - [] D -- C:\ProgramData\boost_interprocess
O43 - CFD: 2015/05/16 15:59:00 - [] D -- C:\ProgramData\IObit
O43 - CFD: 2015/05/16 15:58:59 - [] D -- C:\Users\GEDI\AppData\Roaming\IObit
O43 - CFD: 2015/03/28 08:27:20 - [] D -- C:\Users\GEDI\AppData\Local\CrashRpt =>SUP.CrashReports
O43 - CFD: 2015/03/25 23:29:17 - [0] D -- C:\Users\GEDI\AppData\Local\eSupport.com =>PUP.Optional.eSupport
O53 - SMSR:HKLM\...\startupreg\Lightshot [Key] . (...) -- C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe (.not file.) =>PUP.Optional.SkillBrains
O69 - SBI: SearchScopes [HKCU] {663124E0-1ECE-4F8B-88A7-F4E88170E500} [DefaultScope] - (Yahoo Search) - http://br.search.yahoo.com/
HKLM\SOFTWARE\Wow6432Node\Skillbrains =>PUP.Optional.SkillBrains
HKCU\SOFTWARE\eSupport.com =>PUP.Optional.eSupport
HKCU\SOFTWARE\MediaProgramasGen =>PUP.Optional.InstallCore
HKCU\SOFTWARE\SimplyTech =>PUP.Optional.SimplyTech
HKCU\SOFTWARE\SkillBrains =>PUP.Optional.SkillBrains
C:\Program Files (x86)\Skillbrains =>PUP.Optional.SkillBrains
C:\Users\GEDI\AppData\Local\CrashRpt =>SUP.CrashReports
C:\Users\GEDI\AppData\Local\eSupport.com =>PUP.Optional.eSupport
EmptyClsid
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash


Abra a ferramenta ZHPFix. <Imagem>
Clique em IMPORTAÇÃO > OK
Clique "GO".
Poste o Relatório!


Um grande abraço.

Imagem Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.
caedurodrigues
caedurodrigu... Tô em todas Registrado
710 Mensagens 257 Curtidas
#7 Por caedurodrigu...
14/07/2015 - 19:17
Boa noite Daniel,
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.
  • Baixe: <2cb63f5a3cb2891ffea3918328744eaf> (...par Xplode)
  • Ou aqui >>AdwCleaner<<
  • Salve-a na sua Desktop (área de trabalho).
  • Feche todos os programas e navegadores de internet abertos.
  • Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo AdwCleaner.exe,depois clique em:
    715687bce3607a295707796273fb2e69

    43c99d23e544ec749d16171b30fe4b3c

  • Clique em Examinar, para iniciar o escaneamento!

    c16bf206c6be4697bd007bbcc0ea8fc9
  • Ao término, clique em limpar
  • Copie o log ou clique "Relatório".
  • Poste: >>C:\AdwCleaner\AdwCleaner [S0].txt<<

  • Baixe:<e0b01a906c9c268945ffd934f8bb5ecf> (...by Nicolas Coolman)
  • Na página, clique 8f54b5fb32ed6c80721a744721d21a30
  • Salve-a na Desktop (Área de trabalho)
  • Execute ZHPCleaner.exe.
  • Clique "Eu"
    9f3876090e52eb7249cc6865aa29999b
  • Clique Scanner.
    c7c3a96bbade36df867c29e477ce00f2
  • Ao concluir,clique Reparar.
  • Aguarde a Conclusão !
    2931de12474b7f1a16918bba7b4d5110
  • Clique Relatório.
  • Poste o Relatório.
Daniel Sadler
Daniel Sadle... Novo Membro Registrado
6 Mensagens 0 Curtidas
#8 Por Daniel Sadle...
20/07/2015 - 09:51
Desculpe não estar respondendo mais rápido, não estou mais recebendo notificação por e-mail.

Segue log AdwCleaner:

"Log AdwCleaner"

# AdwCleaner v4.208 - Relatório criado 20/07/2015 às 09:22:14
# Atualizado 09/07/2015 por Xplode
# Base de dados : 2015-07-15.1 [Servidor]
# Sistema operacional : Windows 7 Ultimate Service Pack 1 (x64)
# Usuário : GEDI - ENCONTRO
# Executando de : C:\Users\GEDI\Desktop\adwcleaner_4.208.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Excluído : IHProtect Service
[#] Serviço Excluído : WindowsMangerProtect
[#] Serviço Excluído : wsafd_1_10_0_19

***** [ Arquivos / Pastas ] *****

Pasta Excluído : C:\ProgramData\WindowsMangerProtect
Pasta Excluído : C:\ProgramData\IHProtectUpDate
Pasta Excluído : C:\Program Files (x86)\miuitab
Pasta Excluído : C:\Program Files (x86)\WordSurfer_1.10.0.19
Pasta Excluído : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
Pasta Excluído : C:\Users\GEDI\AppData\LocalLow\SmartWeb
Pasta Excluído : C:\Users\GEDI\AppData\Roaming\istartsurf
Pasta Excluído : C:\Users\GEDI\AppData\Roaming\Solvusoft
Pasta Excluído : C:\Users\GEDI\AppData\Roaming\VOPackage
Pasta Excluído : C:\Users\GEDI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Arquivo Excluído : C:\Windows\System32\roboot64.exe
Arquivo Excluído : C:\Windows\System32\drivers\wsafd_1_10_0_19.sys
Arquivo Excluído : C:\Users\GEDI\AppData\Roaming\AdobeWLCMCache.dat
Arquivo Excluído : C:\Users\GEDI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk

***** [ Tarefas agendadas ] *****

Tarefa Apagado : SmartWeb Upgrade Trigger Task
Tarefa Apagado : WordSurfer Auto Updater 1.10.0.19 Core
Tarefa Apagado : WordSurfer Auto Updater 1.10.0.19 Pending Update

***** [ Atalhos ] *****

Atalho Desinfectado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Atalho Desinfectado : C:\Users\GEDI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectado : C:\Users\GEDI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Hangouts (1).lnk
Atalho Desinfectado : C:\Users\GEDI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Hangouts.lnk
Atalho Desinfectado : C:\Users\GEDI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectado : C:\Users\GEDI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Atalho Desinfectado : C:\Users\GEDI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Desinfectado : C:\Users\GEDI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Atalho Desinfectado : C:\Users\GEDI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ff13ca23fee04978\Google Chrome.lnk
Atalho Desinfectado : C:\Users\GEDI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Pessoa 1 - Chrome.lnk
Atalho Desinfectado : C:\Users\GEDI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Google Chrome.lnk
Atalho Desinfectado : C:\Users\GEDI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Google Chrome.lnk

***** [ Registro ] *****

Chave Apagado : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Valor Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SmartWeb]
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Apagado : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Dados Restaurado : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Dados Restaurado : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Chave Apagado : HKCU\Software\APN PIP
Chave Apagado : HKCU\Software\AskPartnerNetwork
Chave Apagado : HKCU\Software\HomeTab
Chave Apagado : HKCU\Software\simplytech
Chave Apagado : HKCU\Software\WajIEnhance
Chave Apagado : HKCU\Software\TNT2
Chave Apagado : HKCU\Software\WajIntEnhance
Chave Apagado : HKCU\Software\CrossBrowser
Chave Apagado : HKCU\Software\SearchProtectWS
Chave Apagado : HKCU\Software\Linkey
Chave Apagado : HKCU\Software\Kromtech
Chave Apagado : HKCU\Software\AppDataLow\Software\SmartWeb
Chave Apagado : HKLM\SOFTWARE\AskPartnerNetwork
Chave Apagado : HKLM\SOFTWARE\Conduit
Chave Apagado : HKLM\SOFTWARE\Iminent
Chave Apagado : HKLM\SOFTWARE\istartsurfSoftware
Chave Apagado : HKLM\SOFTWARE\SearchProtect
Chave Apagado : HKLM\SOFTWARE\SupDp
Chave Apagado : HKLM\SOFTWARE\SupTab
Chave Apagado : HKLM\SOFTWARE\supWindowsMangerProtect
Chave Apagado : HKLM\SOFTWARE\IHProtect
Chave Apagado : HKLM\SOFTWARE\WajIntEnhance
Chave Apagado : HKLM\SOFTWARE\SpeedBit
Chave Apagado : HKLM\SOFTWARE\AIM Toolbar
Chave Apagado : HKLM\SOFTWARE\searchult
Chave Apagado : HKLM\SOFTWARE\WordSurfer_1.10.0.19
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WordSurfer_1.10.0.19

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17909

Configuração Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Configuração Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configuração Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configuração Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configuração Restaurado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configuração Restaurado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configuração Restaurado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configuração Restaurado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v43.0.2357.134

[C:\Users\GEDI\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Apagado [Search Provider] : hxxp://br.ask.com/web?q={searchTerms}
[C:\Users\GEDI\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Apagado [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=119556&tt=201112_1849_4712_4&babsrc=SP_ss&mntrId=800f87940000000000009439e5c73751
[C:\Users\GEDI\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Apagado [Search Provider] : hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=800FB639E5C73751&affID=121225&tt=280813_ts&tsp=4989
[C:\Users\GEDI\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Apagado [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1432135642&z=0b0b17a2c82153aa0e73a3fg9zecfo1g3c1w7qczeq&from=wpm05203&uid=SAMSUNGXHD502HJ_S2BWJ50ZC43206&q={searchTerms}

*************************

AdwCleaner[R0].txt - [12526 bytes] - [20/07/2015 09:21:20]
AdwCleaner[S0].txt - [9075 bytes] - [20/07/2015 09:22:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9134 bytes] ##########


Log do ZHP Cleaner:

"Log do ZHP Cleaner"

~ ZHPCleaner v2015.7.20.302 by Nicolas Coolman (2015/07/20)
~ Run by GEDI (Administrator) (20/07/2015 09:48:40)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Users\GEDI\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\GEDI\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\ Serviços (0)


---\\ Navegadores de Internet (2)
SUBSTITUIDO IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant [hxxp://]"]www.istartsurf.com/web/?type=ds&ts=1437072671&z=0b2b0628a218657da41e12dg6[...]] =>PUP.Optional.IsStart
SUBSTITUIDO IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch [hxxp://]"]www.istartsurf.com/web/?type=ds&ts=1437072671&z=0b2b0628a218657da41e12dg6[...]] =>PUP.Optional.IsStart


---\\ Arquivo hosts (1)
~ O arquivo hosts é legítimo (1)


---\\ Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\ Explorer ( Arquivos, Pastas) (6)
MOVIDO pasta: C:\Windows\Prefetch\WORDSURFERAUTOUPDATECLIENT.EX-4E78B08A.pf =>PUP.Optional.WordSurfer
MOVIDO pasta: C:\Users\GEDI\AppData\Local\Temp\adblocker_installer__1437070759.txt =>PUP.Optional.Adblocker
MOVIDO pasta: C:\Users\GEDI\AppData\Local\Temp\Uninstall.exe [Copyright 2013 - ] =>PUP.Optional
MOVIDO pasta: C:\Users\GEDI\AppData\Local\Temp\vitruvian-installer-install-v0003 =>PUP.Optional.Vitruvian
MOVIDO pasta: C:\Users\GEDI\AppData\Local\Temp\vitruvian-installer-processes-v0002 =>PUP.Optional.Vitruvian
MOVIDO pasta: C:\Users\GEDI\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001 =>PUP.Optional.Vitruvian


---\\ Registro ( Chaves, Valores, Dados ) (1)
SUPRIMIDO chave*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\wsasvc_1.10.0.19 ["C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe" (Not File)] =>Heuristic.Optional


---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Mozilla Firefox)
~ Este navegador está faltando ! (Opera Software)


---\\ Estatísticas
~ Items scan : 4040
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 10


End of clean in 0 minutes
===================
ZHPCleaner-[R]-20072015-09_48_56.txt
ZHPCleaner-[S]-20072015-09_47_38.txt

[/S]
[S]


caedurodrigues disse:
Boa noite Daniel,
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.
  • Baixe: <Imagem> (...par Xplode)
  • Ou aqui >>AdwCleaner<<
  • Salve-a na sua Desktop (área de trabalho).
  • Feche todos os programas e navegadores de internet abertos.
  • Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo AdwCleaner.exe,depois clique em:
    Imagem

    Imagem

  • Clique em Examinar, para iniciar o escaneamento!

    Imagem
  • Ao término, clique em limpar
  • Copie o log ou clique "Relatório".
  • Poste: >>C:\AdwCleaner\AdwCleaner [S0].txt<<

  • Baixe:<Imagem> (...by Nicolas Coolman)
  • Na página, clique Imagem
  • Salve-a na Desktop (Área de trabalho)
  • Execute ZHPCleaner.exe.
  • Clique "Eu"
    Imagem
  • Clique Scanner.
    Imagem
  • Ao concluir,clique Reparar.
  • Aguarde a Conclusão !
    Imagem
  • Clique Relatório.
  • Poste o Relatório.

[/s]
caedurodrigues
caedurodrigu... Tô em todas Registrado
710 Mensagens 257 Curtidas
#9 Por caedurodrigu...
23/07/2015 - 08:13
Bom dia Daniel,
  • Baixe:<1e79137ad22ffc22963ed8e379e7607d> <(...by Farbar)>
  • Ou aqui:<Farbar Recovery Scan Tool 64-bits>
  • Salve-a na Área de trabalho !
  • Execute a ferramenta ! Clique "Yes" >> "Scan".

    0992225242d758a549890a7b6b0fbe43
  • Verifique se as caixinhas em "Whitelist" estão assinaladas.
  • Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
  • Marque também a checkbox 90 Days Files
  • Será gerado o relatório! (FRST.txt)
  • Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
  • Acesse: <b7cb62cfb007715d3990c0ffc7a9f4ee>
  • Ou acesse:<317c011bca045ff7fc0b26f3766d4d22>
  • Ou anexe-o ao fórum.
  • Maiores informações:<Link> << Hospedagem !


ATENÇÃO: para o correto funcionamento da ferramenta, ela tem de estar diretamente na área de trabalho, não pode ficar em uma pasta.
Daniel Sadler
Daniel Sadle... Novo Membro Registrado
6 Mensagens 0 Curtidas
#10 Por Daniel Sadle...
23/07/2015 - 09:40
Bom dia Carlos Eduardo. Eu agradeço todo o suporte, mas devido à pressão que estava aqui no trabalho, resolvi formatar o computador. Mas mesmo assim, suas dicas foram preciosas. Deus abençoe, grande abraço.

Daniel

caedurodrigues disse:
Bom dia Daniel,
  • Baixe:<Imagem> <(...by Farbar)>
  • Ou aqui:<Farbar Recovery Scan Tool 64-bits>
  • Salve-a na Área de trabalho !
  • Execute a ferramenta ! Clique "Yes" >> "Scan".

    Imagem
  • Verifique se as caixinhas em "Whitelist" estão assinaladas.
  • Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
  • Marque também a checkbox 90 Days Files
  • Será gerado o relatório! (FRST.txt)
  • Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
  • Acesse: <Imagem>
  • Ou acesse:<Imagem>
  • Ou anexe-o ao fórum.
  • Maiores informações:<Link> << Hospedagem !


ATENÇÃO: para o correto funcionamento da ferramenta, ela tem de estar diretamente na área de trabalho, não pode ficar em uma pasta.
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal