Ir ao conteúdo
  • Cadastre-se
rg_sc

Lentidão

Recommended Posts

Boa noite.

Notebook está com lentidão excessiva (ao inicializar, na internet, nos processos, etc.), além de o uso de CPU e memória estarem elevados.

A execução de tarefas é muito demorada.

 

Favor ajudar.

Segue log do ZA-Scan.

 


Obrigado

ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @rg_sc

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

 

Por favor, atente para o seguinte:

 

  1. Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  2. O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  3. Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  4. Sempre coloque suas respostas neste tópico... Não abra outro!
  5. Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  6. Respeite a ordem das instruções passadas.

 

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

# Etapa nº 1 #
 
Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop)

Execute o arquivo adwcleaner.exe

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome"
  • Clique no botão Verificar e aguarde o exame finalizar.
  • Clique no botão Limpar.
  • Abrirá um bloco de notas com o resultado.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.
  • O log também será salvo em C:\AdwCleaner


NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar.
 
# Etapa nº 2 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Junkware Removal Tool (JRT) e salve em sua Área de trabalho (Desktop)

 

Clique duas vezes para executar o jrt.exe.
 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • A ferramenta começará o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Ao final um log se abrirá. Será salvo no desktop com o nome de JRT.txt.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 
# Etapa nº 3 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro  @diego_moicano

Seguem logs de acordo com a ordem solicitada.

Obg. :thumbsup:

 

 

1)

# AdwCleaner v5.101 - Relatório criado 08/03/2016 às 10:52:43
# Atualizado 07/03/2016 por Xplode
# Banco de dados : 2016-03-08.1 [Servidor]
# Sistema operacional : Windows 7 Ultimate Service Pack 1 (x86)
# Usuário : Familia - FAMILIA-PC
# Executando de : C:\Users\Familia\Desktop\adwcleaner_5.101.exe
# Opção : Limpar
# Apoio : http://toolslib.net/forum

***** [ Serviços ] *****


***** [ Pastas ] *****


***** [ Arquivos ] *****

[#] Arquivo Excluído : C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fopdddcinljmpmioaklghcalngfhbaen

***** [ DLLs ] *****


***** [ Atalhos ] *****


***** [ Tarefas agendadas ] *****


***** [ Registro ] *****

[-] Chave Excluída : HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.updatepm.oneclickctrl.9
[-] Chave Excluída : HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.updatepm.update3webcontrol.3
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{553D53FA-59F3-44D0-ABC4-58F290DB70DC}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{59E8D94C-7A20-41AD-83CF-3E156D3AEB2F}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{5EF4F032-2DB4-48E9-B5A9-ADAC095E096A}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{6FE5D7AF-5812-4E08-BA22-9805FFE9F429}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{781999CA-3F51-4A56-94CA-0C8A8E0100AF}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{A39B7A1C-F58A-4C22-9015-E2C8EF1C31BA}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{AB121BE6-2299-4B9B-8545-9104ABA20717}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{C0833ED4-281E-441C-B004-43752001A629}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{DC330A23-4FBE-414C-AB3D-1C42056E5245}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{DCD71BA3-32C2-455F-8DF0-37EE26E0C395}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{E9C30691-5CE7-46BF-B940-C0125DA9E05B}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{F654B5BE-1A20-48A6-BED0-7C9E29CB8099}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{0DA40B75-6FEE-49BF-BDDE-E2598E786C8C}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{12FF3C6A-56FB-4B3E-858D-0877CD39B025}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{15DDC42D-13A8-432B-B31D-36A8FB50758F}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{1CD6E593-ABBF-45AC-9F94-21E8F1BDC10B}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{2B584AEB-6C8F-4238-89E4-850CFD7B2065}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{30A2947A-664F-440B-908D-E0FEDFEAE5DE}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{34BCEF11-CE38-48EC-9D08-5CC0557E8887}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{3B06CDDC-2ECB-45DC-B565-D41CC095BE40}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{3FD7EB0A-96B6-43E0-9D94-44929F3FD1B3}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{4D2525EE-3B7B-44C6-8960-77843DBC67A3}

***** [ Navegadores ] *****

[-] [C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Excluído : br.ask.com

*************************

:: Políticas do IE excluídas
:: Políticas do Chrome excluídas

*************************

C:\Program Files\AdwCleaner\AdwCleaner[C1].txt - [3400 bytes] - [08/03/2016 10:52:43]
C:\Program Files\AdwCleaner\AdwCleaner[S1].txt - [3402 bytes] - [08/03/2016 10:50:49]

########## EOF - C:\Program Files\AdwCleaner\AdwCleaner[C1].txt - [3574 bytes] ##########
 

 

 

2)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Ultimate x86 
Ran by Familia (Administrator) on 08/03/2016 at 11:01:29,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 11 

Successfully deleted: C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio (Folder) 
Successfully deleted: C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage (File) 
Successfully deleted: C:\Users\Familia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0T768TOI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Familia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BCXCNL2J (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Familia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q1MZIRNO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Familia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VC2SO2IZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0T768TOI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BCXCNL2J (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q1MZIRNO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VC2SO2IZ (Temporary Internet Files Folder) 

Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/03/2016 at 11:38:31,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

3)

~ ZHPCleaner v2016.3.8.38 by Nicolas Coolman (2016/03/08)
~ Run by Familia (Administrator)  (08/03/2016 12:07:07)
~ Site : http://www.nicolascoolman.com
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Users\Familia\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Familia\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)


---\\  Serviços (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Navegadores de Internet (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Arquivo hosts (1)
~ O arquivo hosts é legítimo (1)


---\\  Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Explorer ( Arquivos, Pastas) (1)
MOVIDO arquivo: C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}  =>PUP.Optional.Generic


---\\  Registro ( Chaves, Valores, Dados ) (4)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\CLSID\{206DAA08-0036-11D5-80D8-0050DA5F08E3} [Groove WebBrowserView2]  =>PUP.Optional.CrossRider
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\CLSID\{940D6050-66DF-4126-AABE-C346DB1AACC1} [NMCFEventManager Class]  =>PUP.Optional.CrossRider
SUPRIMIDO chave: HKLM\SOFTWARE\Classes\CLSID\{206DAA08-0036-11D5-80D8-0050DA5F08E3}\InprocServer32 [C:\Program Files\Microsoft Office\Office12\GrooveWebBrowserTool2.dll]  =>PUP.Optional.CrossRider
SUPRIMIDO chave: HKLM\SOFTWARE\Classes\CLSID\{940D6050-66DF-4126-AABE-C346DB1AACC1}\InprocServer32 [C:\Program Files\Common Files\Ahead\Lib\NMCoFoundation.dll]  =>PUP.Optional.CrossRider


---\\  Resumo dos elementos encontrados na sua estação de trabalho (2)
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.Generic
http://www.nicolascoolman.fr/?p=180  =>PUP.Optional.CrossRider


---\\  Dodatkowe oczyszczenie. (31)
~ Chave de registro Tracing Supprimido (14)
~ Remover os relatórios antigos ZHPCleaner. (17)


---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Opera Software)


---\\ Estatísticas
~ Items scan : 575
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 5


~ End of clean in 00h00mn30s
===================
ZHPCleaner-[R]-08032016-12_07_37.txt
ZHPCleaner-[R]-11082015-02_52_06.txt
ZHPCleaner--08032016-12_06_20.txt
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @rg_sc

 

Leia as instruções contidas neste link: "Como usar o ComboFix"
 
Faça o download do ComboFix e salve em sua Área de Trabalho (Desktop).

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

  • Clique duas vezes em ComboFix.exe salvo em sua Área de Trabalho (Desktop).
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
  • Leia e aceite as condições, teclando ENTER.
  • Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.
  • Poderá surgir o aviso que é necessário reiniciar o computador.  
  • NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.
  • Quando a ferramenta terminar, será gerado um log (o arquivo C:\ComboFix.txt).
  • Copie e cole o conteúdo desse arquivo em sua próxima resposta.

Abraços :D

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite diego_moicano

 

 

ComboFix 16-03-07.01 - Familia 09/03/2016  12:18:57.1.1 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.1982.785 [GMT -3:00]
Executando de: c:\users\Familia\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: AVG AntiVirus Free Edition *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - system32: deleted 2 bytes in 1 streams.
ADS - drivers: deleted 208 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\ar\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\bg\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\ca\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\cs\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\da\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\de\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\el\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\en\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\es\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\fi\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\fr\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\gu\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\he\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\hr\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\hu\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\id\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\it\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\ja\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\ko\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\nb\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\nl\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\pl\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\pt_BR\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\pt_PT\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\ro\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\ru\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\sk\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\sl\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\sr\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\sv\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\tr\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\uk\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\vi\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\zh_CN\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_locales\zh_TW\messages.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_metadata\computed_hashes.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\_metadata\verified_contents.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\adblock_safari_beforeload.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\adblock_safari_contentblocking.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\adblock_start_chrome.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\adblock_start_common.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\background.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\bandaids.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\button\popup.css
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\button\popup.html
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\button\popup.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\CHANGELOG.txt
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\checkupdates.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\chrome_oauth_receiver.html
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\chrome_oauth_receiver.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\datacollection.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\dropbox-datastores.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\filtering\declarativewebrequest.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\filtering\domainset.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\filtering\filternormalizer.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\filtering\filteroptions.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\filtering\filterset.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\filtering\filtertypes.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\filtering\myfilters.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\functions.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\gab_question.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\idlehandler.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\delete.gif
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\dropbox1.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\dropbox2.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\dropbox3.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\facebook-sprite.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\gplus-sprite.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\icon128.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\icon16.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\icon16_grayscale.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\icon16_grayscale@2x.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\icon19-grayscale.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\icon19-whitelisted.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\icon19.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\icon24.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\icon32.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\icon38-grayscale.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\icon38-whitelisted.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\icon38.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\icon48.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\loader.gif
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\logo.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\search\check.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\search\magnifying_glass.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\search\search-engine-card_no-shadow.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\search\search-engine-icons.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\search\search-omnibox-card_no-shadow.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\search\search_engine_select_arrow.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\img\twitter-sprite.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\jquery\css\images\ui-bg_flat_55_999999_40x100.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\jquery\css\images\ui-bg_flat_75_aaaaaa_40x100.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\jquery\css\images\ui-bg_glass_45_0078ae_1x400.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\jquery\css\images\ui-bg_glass_55_f8da4e_1x400.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\jquery\css\images\ui-bg_glass_75_79c9ec_1x400.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\jquery\css\images\ui-bg_gloss-wave_50_38cfff_500x100.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\jquery\css\images\ui-bg_gloss-wave_75_2191c0_500x100.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\jquery\css\images\ui-bg_inset-hard_100_fcfdfd_1x100.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\jquery\css\images\ui-icons_056b93_256x240.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\jquery\css\images\ui-icons_d8e7f3_256x240.png
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\jquery\css\jquery-ui.custom.css
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\jquery\css\override-page.css
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\jquery\jquery-ui.custom.min.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\jquery\jquery.cookie.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\jquery\jquery.min.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\LICENSE
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\manifest.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\notificationoverlay.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\options\bug-report.html
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\options\bug-report.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\options\customize.html
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\options\customize.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\options\filters.html
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\options\filters.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\options\general.html
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\options\general.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\options\index.html
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\options\index.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\options\options.css
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\options\support.html
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\options\support.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\pages\adreport.html
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\pages\adreport.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\pages\resourceblock.css
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\pages\resourceblock.html
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\pages\resourceblock.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\pages\subscribe.css
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\pages\subscribe.html
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\pages\subscribe.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\port.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\punycode.min.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\README.markdown
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\stats.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\survey.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\translators.json
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\uiscripts\blacklisting\blacklistui.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\uiscripts\blacklisting\clickwatcher.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\uiscripts\blacklisting\elementchain.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\uiscripts\blacklisting\overlay.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\uiscripts\blacklisting\rightclick_hook.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\uiscripts\load_jquery_ui.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\uiscripts\send_content_to_back.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\uiscripts\top_open_blacklist_ui.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\uiscripts\top_open_whitelist_ui.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.50_0\ytchannel.js
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage-journal
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
c:\users\Familia\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Familia\ZHPCleaner.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\Config.ini
c:\windows\unin0416.exe
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2016-02-09 to 2016-03-09  ))))))))))))))))))))))))))))
.
.
2016-03-09 22:07 . 2016-03-09 22:07    --------    d-----w-    c:\users\Default\AppData\Local\temp
2016-03-08 13:48 . 2016-03-08 13:52    --------    d-----w-    c:\program files\AdwCleaner
2016-03-08 01:38 . 2016-02-19 01:31    9067696    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DAB38947-3AAF-4358-9961-59503D602787}\mpengine.dll
2016-03-05 15:22 . 2016-03-05 15:22    --------    d-----w-    C:\8b42c36fba7db8ccafc86341
2016-03-01 00:09 . 2015-11-25 10:43    9014120    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-02-28 18:06 . 2016-02-28 18:06    --------    d-----w-    C:\temp
2016-02-28 17:02 . 2016-02-28 17:02    --------    d-----w-    c:\program files\Programas RFB
2016-02-24 15:20 . 2016-02-24 16:37    --------    d-----w-    c:\program files\Common Files\InstallShield
2016-02-23 10:22 . 2016-02-23 10:22    --------    d-----w-    c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-09 22:12 . 2015-11-21 19:28    80728    ----a-w-    c:\windows\system32\drivers\wsddfac.sys
2016-03-04 14:55 . 2013-09-24 20:20    796864    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2016-03-04 14:55 . 2013-09-24 20:20    142528    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2016-02-23 10:19 . 2015-03-15 02:01    95840    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2016-02-14 15:08 . 2015-07-18 21:26    170200    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-01-22 17:13 . 2016-01-22 17:13    198576    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2016-01-08 12:49 . 2016-01-08 12:49    207792    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2016-01-08 12:49 . 2016-01-08 12:49    23472    ----a-w-    c:\windows\system32\drivers\avgunivx.sys
2016-01-05 18:18 . 2016-01-05 18:18    257456    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37    199488    ----a-w-    c:\program files\Dropbox\Client\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37    199488    ----a-w-    c:\program files\Dropbox\Client\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37    199488    ----a-w-    c:\program files\Dropbox\Client\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37    199488    ----a-w-    c:\program files\Dropbox\Client\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37    199488    ----a-w-    c:\program files\Dropbox\Client\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37    199488    ----a-w-    c:\program files\Dropbox\Client\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37    199488    ----a-w-    c:\program files\Dropbox\Client\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37    199488    ----a-w-    c:\program files\Dropbox\Client\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 981688]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"Diebold - Warsaw"="c:\program files\Diebold\Warsaw\core.exe" [2015-11-04 529632]
"Dropbox"="c:\program files\Dropbox\Client\Dropbox.exe" [2016-02-16 25122080]
"AvgUi"="c:\program files\AVG\Framework\Common\avguirnx.exe" [2016-02-18 179624]
"AVG_UI"="c:\program files\AVG\Av\avuirunnerx.exe" [2016-02-01 25512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-01-29 594992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2015-10-20 17:09    1945472    ----a-w-    c:\program files\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Familia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitorar alertas de tinta - .lnk]
path=c:\users\Familia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - .lnk
backup=c:\windows\pss\Monitorar alertas de tinta - .lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Familia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitorar alertas de tinta - HP Deskjet 2540 series.lnk]
path=c:\users\Familia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 2540 series.lnk
backup=c:\windows\pss\Monitorar alertas de tinta - HP Deskjet 2540 series.lnk.Startup
backupExtension=.Startup
.
R0 gbpddreg;Gbpddreg svc;c:\windows\system32\drivers\gbpddreg32.sys [x]
R2 dbupdate;Serviço Atualização do Dropbox (dbupdate);c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-08-11 136048]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 AvgAMPS;AvgAMPS;c:\program files\AVG\Av\avgamps.exe [2016-02-01 604144]
R3 dbupdatem;Serviço Atualização do Dropbox (dbupdatem);c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-08-11 136048]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-07-16 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-10-05 51928]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\gbpndisrd.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 95408]
R3 NisSrv;Inspeção de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2015-04-30 284504]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-09-25 1343400]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2016-01-08 207792]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2015-08-14 308656]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2015-12-04 37296]
S0 Avgunivx;AVG Universal Driver;c:\windows\system32\DRIVERS\avgunivx.sys [2016-01-08 23472]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2015-08-26 49496]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2015-11-06 149936]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2016-01-05 257456]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2015-11-20 31664]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2015-10-21 229296]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2015-10-08 231856]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2015-02-20 23840]
S1 Ndisrd;GAS Tecnologia Filter Driver;c:\windows\system32\DRIVERS\gbpndisrdn.sys [2014-03-03 29400]
S1 wsddfac;wsddfac;c:\windows\system32\drivers\wsddfac.sys [2016-03-09 80728]
S1 wsddpp;Warsaw - Driver (PP);c:\windows\system32\drivers\wsddpp.sys [2015-03-18 79064]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\Av\avgidsagent.exe [2016-02-01 3881184]
S2 avgsvc;AVG Service;c:\program files\AVG\Framework\Common\avgsvcx.exe [2016-02-18 865704]
S2 avgwd;AVG WatchDog;c:\program files\AVG\Av\avgwdsvcx.exe [2016-02-01 561104]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2015-09-22 593120]
S2 Warsaw Technology;Warsaw Technology;c:\program files\Diebold\Warsaw\core.exe [2015-11-04 529632]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2014-05-18 109256]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-10-05 23256]
S4 WinDivert1.1;WinDivert1.1;c:\program files\Diebold\Warsaw\WinDivert32.sys [2015-07-07 31448]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - GbFtIn
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc    REG_MULTI_SZ       DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-19 22:09    1088664    ----a-w-    c:\program files\Google\Chrome\Application\48.0.2564.116\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-12-18 15:42    286904    ----a-w-    c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2016-03-09 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-08-11 13:07]
.
2016-03-09 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-08-11 13:07]
.
2016-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-24 12:51]
.
2016-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-24 12:51]
.
.
------- Scan Suplementar -------
.
uStart Page = https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
mStart Page = about:blank
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\seg
Trusted Zone: bb.com.br\www
TCP: DhcpNameServer = 192.168.15.1
FF - ProfilePath - c:\users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\7c75wojk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://br.yahoo.com/?type=orcl_hpset
.
- - - - ORFÃOS REMOVIDOS - - - -
.
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_13_0_0_206_ActiveX.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Warsaw Technology]
"ImagePath"="c:\program files\Diebold\Warsaw\core.exe"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,1e,48,e9,41,5e,1d,4e,87,2b,8d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,1e,48,e9,41,5e,1d,4e,87,2b,8d,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'Explorer.exe'(2932)
c:\windows\system32\WindowsCodecs.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\progra~1\AVG\Av\avgrsx.exe
c:\program files\AVG\Av\avgcsrvx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\AVG\Av\avgnsx.exe
c:\program files\AVG\Av\avgemcx.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Tempo para conclusão: 2016-03-09  19:30:26 - Máquina reiniciou
ComboFix-quarantined-files.txt  2016-03-09 22:30
.
Pré-execução: 117.853.163.520 bytes disponíveis
Pós execução: 117.380.370.432 bytes disponíveis
.
- - End Of File - - 5F1D6201571BB1017D9FE4FC6CC30E2E
A36C5E4F47E84449FF07ED3517B43A31
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @rg_sc

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop).


32 bit (x86) ou 64 bit (x64)

 

  • Clique duas vezes para executar a ferramenta.
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
  • Marque a caixa Arquivos 90 dias,  e clique no botão Examinar.
  • Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop).
  • Selecione, copie e cole o conteúdo do log  FRST.txt em sua próxima resposta.
  • Anexe o log Addition.txt

Abraços :D

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá digo_moicano

 

seguem logs.

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:05-03-2016 01
Executado por Familia (administrador) em FAMILIA-PC (10-03-2016 14:16:47)
Executando a partir de C:\Users\Familia\Desktop
Perfis Carregados: Familia (Perfis Disponíveis: Familia)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [529632 2015-11-04] (GAS Tecnologia LTDA)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25122080 2016-02-16] (Dropbox, Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [179624 2016-02-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3873704 2016-02-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GbPlugin\gbieh.dll [1945472 2015-10-20] (Banco do Brasil)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{1D8CF559-6035-485D-B6DF-05E8852D0A7A}: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{6E891A88-AEBF-4D30-A155-C7D57117B877}: [DhcpNameServer] 201.54.193.235 201.54.201.19

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\S-1-5-21-1651314772-3310645414-2808803064-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1651314772-3310645414-2808803064-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1651314772-3310645414-2808803064-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1651314772-3310645414-2808803064-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1651314772-3310645414-2808803064-1000 -> {896F3C36-23FE-4E7C-AFCD-B780E7D1154A} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES\GBPLUGIN\gbieh.dll [2015-10-20] (Banco do Brasil)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\7c75wojk.default
FF DefaultSearchEngine: Yahoo Web
FF SelectedSearchEngine: Google
FF Homepage: hxxps://br.yahoo.com/?type=orcl_hpset
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-21] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-07] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1651314772-3310645414-2808803064-1000: gastecnologia.com.br/sf/bb -> C:\Users\Familia\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-04-01] (GAS Tecnologia)
FF SearchPlugin: C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\7c75wojk.default\searchplugins\yahoo-ysp.xml [2015-11-26]
FF Extension: GBBD Banco do Brasil - C:\Users\Familia\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2015-04-01] [não assinado]
FF HKU\S-1-5-21-1651314772-3310645414-2808803064-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Familia\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
FF HKU\S-1-5-21-1651314772-3310645414-2808803064-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi => não encontrado (a)

Chrome: 
=======
CHR Profile: C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-09]
CHR Extension: (Google Docs) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-09]
CHR Extension: (Google Drive) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-09]
CHR Extension: (Adguard Ad Blocker) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-02-08]
CHR Extension: (YouTube) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-09]
CHR Extension: (Google Search) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-09]
CHR Extension: (Planilhas do Google) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-09]
CHR Extension: (Documentos Google off-line) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-10]
CHR Extension: (AdBlock) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-10]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-03-08]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh [2015-07-18]
CHR Extension: (Gmail) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-09]
CHR HKU\S-1-5-21-1651314772-3310645414-2808803064-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pgacfjdigcddmmncljpflgcfpfahebkh] - C:\Users\Familia\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx [2014-03-28]

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

"Warsaw Technology" => serviço foi desbloqueado. <===== ATENÇÃO

S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [604144 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3881184 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [865704 2016-02-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [561104 2016-02-01] (AVG Technologies CZ, s.r.o.)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-11] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-11] (Dropbox, Inc.)
R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [529632 2015-11-04] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2014-07-07] (Advanced Micro Devices Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [149936 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [257456 2016-01-05] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [207792 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [308656 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [198576 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [37296 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.)
R0 Avgunivx; C:\Windows\System32\DRIVERS\avgunivx.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [49496 2015-08-26] (GAS Tecnologia)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-02-20] (REALiX(tm))
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [109256 2014-05-18] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 Ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-03-03] (GAS Tecnologia)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert32.sys [31448 2015-07-07] (Basil)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [80728 2016-03-10] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [79064 2015-03-18] (GAS Tecnologia)
S3 catchme; \??\C:\Users\Familia\AppData\Local\Temp\catchme.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg32.sys [X]
S3 NdisrdMP; system32\DRIVERS\gbpndisrd.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-03-10 14:16 - 2016-03-10 14:20 - 00017098 _____ C:\Users\Familia\Desktop\FRST.txt
2016-03-10 13:49 - 2016-03-10 14:16 - 00000000 ____D C:\FRST
2016-03-10 13:47 - 2016-03-10 13:47 - 01725440 _____ (Farbar) C:\Users\Familia\Desktop\FRST.exe
2016-03-09 19:30 - 2016-03-09 19:30 - 00036294 _____ C:\ComboFix.txt
2016-03-09 11:58 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe
2016-03-09 11:58 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe
2016-03-09 11:58 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-03-09 11:58 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-03-09 11:58 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-03-09 11:58 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe
2016-03-09 11:58 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe
2016-03-09 11:58 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe
2016-03-09 11:51 - 2016-03-09 19:31 - 00000000 ____D C:\Qoobox
2016-03-09 11:48 - 2016-03-09 19:21 - 00000000 ____D C:\Windows\erdnt
2016-03-09 11:46 - 2016-03-09 11:46 - 05658088 ____R (Swearware) C:\Users\Familia\Desktop\ComboFix.exe
2016-03-08 16:12 - 2016-03-08 16:12 - 00111464 _____ C:\Users\Familia\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-08 16:10 - 2016-03-08 16:11 - 00411256 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-08 12:07 - 2016-03-08 12:07 - 00002452 _____ C:\Users\Familia\Desktop\ZHPCleaner.txt
2016-03-08 11:38 - 2016-03-08 11:38 - 00002367 _____ C:\Users\Familia\Desktop\JRT.txt
2016-03-08 10:59 - 2016-03-08 10:59 - 00003670 _____ C:\Users\Familia\Desktop\AdwCleaner[C1].txt
2016-03-08 10:48 - 2016-03-08 10:52 - 00000000 ____D C:\Program Files\AdwCleaner
2016-03-08 10:48 - 2016-03-08 10:48 - 02084352 _____ C:\Users\Familia\Desktop\ZHPCleaner.exe
2016-03-08 10:44 - 2016-03-08 10:45 - 01609216 _____ (Malwarebytes) C:\Users\Familia\Desktop\JRT.exe
2016-03-08 10:41 - 2016-03-08 10:42 - 01524224 _____ C:\Users\Familia\Desktop\adwcleaner_5.101.exe
2016-03-07 23:17 - 2016-03-07 23:17 - 00018093 _____ C:\ZA-Scan.txt
2016-03-07 21:55 - 2016-03-07 21:57 - 01370112 _____ C:\Users\Familia\Desktop\ZA-Scan.exe
2016-03-07 19:34 - 2016-03-07 19:38 - 00000000 ____D C:\Users\Familia\Desktop\IR
2016-03-05 12:22 - 2016-03-05 12:22 - 00000000 ____D C:\8b42c36fba7db8ccafc86341
2016-02-28 15:06 - 2016-02-28 15:06 - 00000000 ____D C:\temp
2016-02-28 14:25 - 2015-03-08 19:05 - 00047917 _____ C:\Users\Familia\Desktop\05634328969-IRPF-2015-2014-origi-imagem-declaracao.pdf
2016-02-28 14:24 - 2015-03-08 19:15 - 00043138 _____ C:\Users\Familia\Desktop\04151767940-IRPF-2015-2014-origi-imagem-declaracao.pdf
2016-02-28 14:03 - 2016-02-28 14:03 - 00002171 _____ C:\Users\Public\Desktop\Receitanet 1.07 .lnk
2016-02-28 14:03 - 2016-02-28 14:03 - 00000176 _____ C:\Windows\REC-NET.INI
2016-02-28 14:03 - 2016-02-28 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB
2016-02-28 14:02 - 2016-02-28 14:02 - 00000000 ____D C:\Program Files\Programas RFB
2016-02-28 13:58 - 2016-02-28 13:58 - 00001724 _____ C:\Users\Familia\Desktop\IRPF2016 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk
2016-02-28 13:57 - 2016-02-28 13:57 - 00000000 ____D C:\Users\Familia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2016
2016-02-23 07:22 - 2016-02-23 07:22 - 00000000 ____D C:\Program Files\Common Files\Java
2016-02-19 14:27 - 2016-03-08 12:32 - 00196431 _____ C:\Users\Familia\Downloads\Curriculo_completo_Ricardo_Goede.pdf
2016-02-18 11:23 - 2016-02-18 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-09 11:29 - 2016-02-09 11:29 - 00001766 _____ C:\Users\Familia\Desktop\01 (TER) A&E - EDITAR CAPs.lnk
2016-02-07 14:27 - 2016-02-07 15:27 - 00000000 ____D C:\Users\Familia\AppData\Roaming\Media Player Classic
2016-01-26 19:00 - 2016-01-26 19:01 - 00000000 ____D C:\06df74f5af10ebec3cdf943cb3cd14
2016-01-22 14:13 - 2016-01-22 14:13 - 00198576 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2016-01-08 09:49 - 2016-01-08 09:49 - 00207792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2016-01-08 09:49 - 2016-01-08 09:49 - 00023472 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgunivx.sys
2016-01-05 15:18 - 2016-01-05 15:18 - 00257456 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2015-12-15 19:08 - 2015-12-15 19:29 - 00001039 _____ C:\DelFix.txt
2015-12-14 10:48 - 2016-02-07 16:47 - 00268333 _____ C:\Users\Familia\Downloads\Currículo_Ricardo_Goede.pdf
2015-12-13 18:46 - 2016-02-07 16:46 - 00015402 _____ C:\Users\Familia\Downloads\Currículo.docx

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-03-10 14:14 - 2013-09-24 18:05 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-10 14:13 - 2015-08-11 10:07 - 00001010 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-03-10 13:52 - 2009-07-14 01:34 - 00021024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-10 13:52 - 2009-07-14 01:34 - 00021024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-10 13:34 - 2015-11-10 16:02 - 00000000 ____D C:\Users\Todos os Usuários\MFAData
2016-03-10 13:34 - 2015-11-10 16:02 - 00000000 ____D C:\ProgramData\MFAData
2016-03-10 13:30 - 2015-11-21 16:28 - 00080728 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-03-10 13:29 - 2015-08-11 10:07 - 00001006 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-03-10 13:29 - 2013-09-24 18:05 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-10 13:29 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-09 19:14 - 2009-07-13 23:04 - 00000215 _____ C:\Windows\system.ini
2016-03-09 19:12 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf
2016-03-09 19:10 - 2015-08-12 14:46 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2016-03-09 19:10 - 2015-08-12 14:46 - 00000000 ____D C:\ProgramData\GbPlugin
2016-03-09 19:02 - 2013-09-24 08:02 - 00000000 ____D C:\Users\Familia
2016-03-09 12:58 - 2013-10-15 19:10 - 00000000 ____D C:\Users\Todos os Usuários\Temp
2016-03-09 12:58 - 2013-10-15 19:10 - 00000000 ____D C:\ProgramData\Temp
2016-03-08 19:19 - 2013-11-20 20:27 - 00737520 _____ C:\Windows\system32\perfh00C.dat
2016-03-08 19:19 - 2013-11-20 20:27 - 00737260 _____ C:\Windows\system32\perfh00A.dat
2016-03-08 19:19 - 2013-11-20 20:27 - 00689012 _____ C:\Windows\system32\perfh007.dat
2016-03-08 19:19 - 2013-11-20 20:27 - 00158342 _____ C:\Windows\system32\perfc00A.dat
2016-03-08 19:19 - 2013-11-20 20:27 - 00149448 _____ C:\Windows\system32\perfc00C.dat
2016-03-08 19:19 - 2013-11-20 20:27 - 00148984 _____ C:\Windows\system32\perfc007.dat
2016-03-08 19:19 - 2013-09-24 08:08 - 04253558 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-08 19:19 - 2009-07-29 15:46 - 00705684 _____ C:\Windows\system32\prfh0416.dat
2016-03-08 19:19 - 2009-07-29 15:46 - 00147524 _____ C:\Windows\system32\prfc0416.dat
2016-03-08 12:37 - 2014-10-21 20:47 - 00000590 _____ C:\Users\Familia\Desktop\Anotações.txt
2016-03-08 12:32 - 2015-08-11 10:34 - 00000000 ___RD C:\Users\Familia\Dropbox
2016-03-08 12:07 - 2015-07-18 17:39 - 00000000 ____D C:\Users\Familia\AppData\Roaming\ZHP
2016-03-07 19:34 - 2015-08-11 10:07 - 00000000 ____D C:\Users\Familia\AppData\Local\Dropbox
2016-03-04 11:55 - 2013-09-24 17:20 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-03-04 11:55 - 2013-09-24 17:20 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-02-28 14:02 - 2014-03-03 09:06 - 00000000 ___HD C:\Program Files\InstallJammer Registry
2016-02-28 13:57 - 2014-03-03 09:06 - 00000000 ____D C:\Arquivos de Programas RFB
2016-02-24 12:26 - 2013-12-30 20:34 - 00000000 ____D C:\Users\Familia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-02-23 07:50 - 2014-04-28 17:49 - 00000000 ____D C:\Users\Todos os Usuários\Oracle
2016-02-23 07:50 - 2014-04-28 17:49 - 00000000 ____D C:\ProgramData\Oracle
2016-02-23 07:23 - 2014-10-18 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-23 07:23 - 2014-10-18 17:45 - 00000000 ____D C:\Program Files\Java
2016-02-23 07:21 - 2015-09-22 22:40 - 00000000 ____D C:\Users\Familia\.oracle_jre_usage
2016-02-23 07:19 - 2015-03-14 23:01 - 00095840 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-02-19 19:13 - 2013-09-24 18:05 - 00002156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 19:13 - 2013-09-24 18:05 - 00002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-19 10:49 - 2015-11-08 15:15 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-18 19:01 - 2014-02-14 17:51 - 00000000 ____D C:\Users\Familia\Downloads\FURB_materia
2016-02-18 11:24 - 2015-08-11 10:07 - 00000000 ____D C:\Program Files\Dropbox
2016-02-14 12:08 - 2015-07-18 18:26 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-14 10:48 - 2015-11-10 16:09 - 00000906 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-02-14 10:48 - 2015-11-10 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

==================== Arquivos na raiz de alguns diretórios =======

2014-08-22 16:16 - 2015-11-15 12:36 - 0009216 _____ () C:\Users\Familia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-27 18:10 - 2015-09-27 18:10 - 0000000 _____ () C:\Users\Familia\AppData\Local\{B274C3B9-F0CE-4441-B00F-ED73EB3155CE}
2015-08-16 11:31 - 2015-08-16 11:31 - 0000000 _____ () C:\Users\Familia\AppData\Local\{F8863DD0-FA37-41BC-86FF-619A9F4B3C56}
2014-04-22 18:19 - 2014-04-22 18:19 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-05-17 14:17 - 2014-05-17 14:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-02-19 14:57

==================== Fim de FRST.txt ============================

Addition.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @rg_sc

 

# Etapa nº 1 #

 

Ative o Firewall! ;)

 

# Etapa nº 2 #

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está abaixo:

 

Citação

CreateRestorePoint:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\S-1-5-21-1651314772-3310645414-2808803064-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\S-1-5-21-1651314772-3310645414-2808803064-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1651314772-3310645414-2808803064-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1651314772-3310645414-2808803064-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1651314772-3310645414-2808803064-1000 -> {896F3C36-23FE-4E7C-AFCD-B780E7D1154A} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
S3 catchme; \??\C:\Users\Familia\AppData\Local\Temp\catchme.sys [X]
C:\Users\Familia\AppData\Local\Temp\catchme.sys
S0 gbpddreg; system32\drivers\gbpddreg32.sys [X]
S3 NdisrdMP; system32\DRIVERS\gbpndisrd.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\ProgramData\DP45977C.lfl
AlternateDataStreams: C:\ProgramData\Temp:862BDB1A [132]
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:862BDB1A [132]

CMD:ipconfig /flushdns
EmptyTemp:

 

  • Salve este arquivo na Área de Trabalho (Desktop) como fixlist.txt
  • Execute novamente o FRST e clique no botão Corrigir;
  • Aguarde... ao final será gerado o log Fixlog.txt em sua Área de Trabalho (Desktop).
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

diego_moicano

 

procedimento realizado.

 

 

Resultado da Correção pela Farbar Recovery Scan Tool (x86) Versão:05-03-2016 01
Executado por Familia (2016-03-11 12:19:14) Run:1
Executando a partir de C:\Users\Familia\Desktop
Perfis Carregados: Familia (Perfis Disponíveis: Familia)
Modo da Inicialização: Normal

==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\S-1-5-21-1651314772-3310645414-2808803064-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\S-1-5-21-1651314772-3310645414-2808803064-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1651314772-3310645414-2808803064-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1651314772-3310645414-2808803064-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1651314772-3310645414-2808803064-1000 -> {896F3C36-23FE-4E7C-AFCD-B780E7D1154A} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
S3 catchme; \??\C:\Users\Familia\AppData\Local\Temp\catchme.sys [X]
C:\Users\Familia\AppData\Local\Temp\catchme.sys
S0 gbpddreg; system32\drivers\gbpddreg32.sys [X]
S3 NdisrdMP; system32\DRIVERS\gbpndisrd.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\ProgramData\DP45977C.lfl
AlternateDataStreams: C:\ProgramData\Temp:862BDB1A [132]
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:862BDB1A [132]
CMD:ipconfig /flushdns
EmptyTemp:
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => chave removido (a) com sucesso.
"HKU\S-1-5-21-1651314772-3310645414-2808803064-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => chave removido (a) com sucesso.
HKU\S-1-5-21-1651314772-3310645414-2808803064-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso
HKU\S-1-5-21-1651314772-3310645414-2808803064-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
"HKU\S-1-5-21-1651314772-3310645414-2808803064-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => chave removido (a) com sucesso.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => chave não encontrado (a). 
"HKU\S-1-5-21-1651314772-3310645414-2808803064-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{896F3C36-23FE-4E7C-AFCD-B780E7D1154A}" => chave removido (a) com sucesso.
HKCR\CLSID\{896F3C36-23FE-4E7C-AFCD-B780E7D1154A} => chave não encontrado (a). 
catchme => serviço removido (a) com sucesso.
"C:\Users\Familia\AppData\Local\Temp\catchme.sys" => não encontrado (a).
gbpddreg => serviço removido (a) com sucesso.
NdisrdMP => serviço removido (a) com sucesso.
Synth3dVsc => serviço removido (a) com sucesso.
tsusbhub => serviço removido (a) com sucesso.
VGPU => serviço removido (a) com sucesso.
C:\ProgramData\DP45977C.lfl => movido com sucesso
C:\ProgramData\Temp => ":862BDB1A" ADS removido (a) com sucesso..
"C:\Users\Todos os Usuários\Temp" => ":862BDB1A" ADS não encontrado (a).

========= ipconfig /flushdns =========

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @rg_sc

 

Baixe a Malwarebytes Anti-Malware (MBAM).
 
Clique duas vezes no mbam-setup.exe para instalar o programa.

  • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas..
  • Clique em Configurações, clique em Detecção e proteção, marque Verificar por Rootkits.
  • Volte ao Painel e por fim clique em Verificar agora.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Registros do aplicativo na janela principal do programa.
  • Clique duas vezes no log (Registro de verificação). Utilize o formato .txt para exportar o log.
  • O log de Proteção é desnecessário para a análise, exporte sempre o log correto.
  • Selecione, copie e cole o conteúdo deste log em sua próxima resposta.

 

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

olá diego_moicano

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Data da verificação: 13/03/2016
Hora da verificação: 08:26
Arquivo de registro: log.txt
Administrador: Sim

Versão: 2.2.0.1024
Banco de dados de malware: v2016.03.13.01
Banco de dados de rootkit: v2016.03.12.01
Licença: Gratuita
Proteção contra malware: Desabilitado
Proteção contra website malicioso: Desabilitado
Autoproteção: Desabilitado

Sistema operacional: Windows 7 Service Pack 1
CPU: x86
Sistema de arquivos: NTFS
Usuário: Familia

Tipo de verificação: Verificação da ameaça
Resultado: Concluído
Objetos verificados: 326356
Tempo decorrido: 1 hr, 50 min, 56 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

Processos: 0
(Nenhum item malicioso detectado)

Módulos: 0
(Nenhum item malicioso detectado)

Chaves de registro: 0
(Nenhum item malicioso detectado)

Valores de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Pastas: 0
(Nenhum item malicioso detectado)

Arquivos: 0
(Nenhum item malicioso detectado)

Setores físicos: 0
(Nenhum item malicioso detectado)


(end)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @rg_sc

 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Stinger e salve em sua Área de trabalho (Desktop).
32 bit (x86) ou 64 bit (x64)

  • Execute o arquivo Stinger.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
  • Clique no botão “I Accept”


Stinger%20a.png

Na nova janela clique em “Advanced” e depois “Settings”

Stinger%20b.png

Na janela configurações deixe conforme imagem abaixo e clique no botão “Save”

9hnsyu.png

Clique em “Customize my Scan”

Stinger%20f.png

Selecione as unidades do sistema e em seguida clique no botão “Scan”

Stinger%20g.png

Ao final clique em “View log”, será aberto uma janela com o log em seu navegador.
Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 

Abraços :D

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

@diego_moicano

 

Interessante a ferramenta não ter encontrado nada, pois o note ainda está muito lento (por ex. para fazer o scroll down desta página, a tela vai travando)....

 

abs.

 

 

McAfee® Labs Stinger™ Version 12.1.0.1958 built on Mar 14 2016 at 13:26:12
Copyright© 2015, McAfee, Inc. All Rights Reserved.

AV Engine version v5800.7501 for Windows.
Virus data file v1000.0 created on Mar 14, 2016
Ready to scan for 9737 viruses, trojans and variants.

Custom scan initiated on segunda-feira, março 14, 2016 13:19:23


Rootkit scan result : Not Scanned.



Summary Report on C:
D:
File(s)
	TotalFiles:............	1260789
	Clean:.................	172026
	Not Scanned:........... 1088763
	Possibly Infected:.....	0

Time: 14:13:02

Scan completed on terça-feira, março 15, 2016 03:32:25

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @rg_sc

 

Lentidão nem sempre está relacionado a malware. ;)

 

Baixe Security Check, by glax24 e salve em sua Área de trabalho (Desktop).

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • Aguarde enquanto a ferramenta faz o exame.
  • Ao final abrirá um log: SecurityCheck.txt.
  • Este log é salvo em C: (Disco local) na pasta SecurityCheck que foi criada.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

@diego_moicano

 

Ok, entendido.

 

SecurityCheck by glax24 & Severnyj v.1.4.0.37 [05.03.16]
WebSite: www.safezone.cc
DateLog: 15.03.2016 11:46:26
Path starting: C:\Users\Familia\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Familia
VersionXML: 2.59is-10.03.2016
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x86) Ultimate Lang: Portuguese(0416)
Installation date OS: 24.09.2013 11:01:46
LicenseStatus: Windows(R) 7, Ultimate edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [149 Gb] Used: [40.1 Gb] Free: [108.9 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.17959 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled
Notify of download and installation
Date install updates: 2015-08-16 17:58:58
Windows Update (wuauserv) - The service is running
Central de Segurança (wscsvc) - The service is running
Registro remoto (RemoteRegistry) - The service has stopped
Descoberta SSDP (SSDPSRV) - The service is running
Serviços de Área de Trabalho Remota (TermService) - The service is running
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Microsoft Security Essentials (enabled and out of date)
AVG AntiVirus Free Edition (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Firewall do Windows (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Microsoft Security Essentials (enabled and out of date)
Windows Defender (disabled and out of date)
AVG AntiVirus Free Edition (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Microsoft Security Essentials v.4.8.204.0
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware versão 2.2.0.1024 v.2.2.0.1024
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 4.01 (32-bit) v.4.01.0 Warning! Download Update
Microsoft Silverlight v.5.1.40728.0 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.8 v.7.8.102 Warning! Download Update
^Optional update.^
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 73 v.8.0.730.2 Warning! Download Update
Uninstall old version and install new one.
--------------------------- [ AppleProduction ] ---------------------------
QuickTime v.7.73.80.64 Warning! Download Update
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 20 ActiveX v.20.0.0.306 Warning! Download Update
Adobe Flash Player 17 NPAPI v.17.0.0.134 Warning! Download Update
Adobe Shockwave Player 12.1 v.12.1.7.157 Warning! Download Update
Adobe Acrobat Reader DC - Português v.15.010.20060 [+]
------------------------------- [ Browser ] -------------------------------
Google Chrome v.49.0.2623.87
Mozilla Firefox 40.0.3 (x86 pt-BR) v.40.0.3 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files\AVG\Av\avgidsagent.exe v.16.41.0.7442
C:\Program Files\AVG\Av\avgui.exe v.16.41.0.7442
C:\Windows\System32\mfevtps.exe v.15.4.0.543
C:\Program Files\Microsoft Security Client\MsMpEng.exe v.4.8.204.0
c:\Program Files\Microsoft Security Client\MpCmdRun.exe v.4.8.204.0
C:\Program Files\Microsoft Security Client\NisSrv.exe v.4.8.204.0
---------------------------- [ UnwantedApps ] -----------------------------
Driver Booster 2.1 v.2.1 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
----------------------------- [ End of Log ] ------------------------------
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

@diego_moicano

 

Atualizei tudo, exceto os navegadores IE e Mozilla (Não utilizo).

Foi uma via sacra, comecei às 15hs e terminou só agora... tamanha a lentidão...

 

Agora está até travando ao digitar o texto.

 

Abs.

Compartilhar este post


Link para o post
Compartilhar em outros sites

@diego_moicano

 

Bom dia!

 

Realmente faz muito tempo que não formato e reinstalo o Windows. Aqui no fórum existe algum procedimento (passo-a-passo) para realizar a formatação?

 

Configuração:

AMD Athlon Processador TF-20 1.60 GHz

2,00 GB Ram 

Windows 7 Ultimate SP 1

 

Obg.

Compartilhar este post


Link para o post
Compartilhar em outros sites

@rg_sc

 

Deixo aqui dois links:

 

http://www.techtudo.com.br/dicas-e-tutoriais/noticia/2011/02/como-formatar-o-seu-computador-e-instalar-o-windows-7.html

 

http://optclean.com.br/aprenda-a-formatar-o-pc-e-instalar-o-windows-7/

 

Com relação a malware estes (abaixo) são os últimos procedimentos. ;)

 

# Etapa nº 1 #

 

Baixe o Delfix by Xplode e salve na sua área de trabalho.

 

Clique duas vezes no delfix.exe para executá-lo. Marque as caixas conforme imagem.

 

** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo delfix.exe, depois clique em execadmin.png.

 

2mez6ld.png

 

Clique no botão Executar.

 

Ao final será gerado um log, mas não é necessário postar.
 
# Etapa nº 2 #
 
imageproxy.php?img=http%3A%2F%2Fi65.tiny Versões antigas de programas têm vulnerabilidades que alguns malwares podem usar para infectar o seu sistema.
 
Por isso, é recomendável atualizar os programas que o Security Check apontou como desatualizados (os updates opcionais ficam ao seu critério).
 
Basta clicar no Download Update de cada aviso, que irá para o site do desenvolvedor.

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

 

# Etapa nº 3 #

 

O Ccleaner é um excelente utilitário de limpeza para o computador.

 

Faça o download dele aqui Ccleaner

 

  • Após a instalação vá até o local onde o programa foi instalado, geralmente em C:\Arquivos de programas\CCleaner.
  • Clique duas vezes nesta pasta;
  • Numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta;
  • Coloque o nome de backups.
  • Abra o programa e clique em Executar Limpeza;
  • Clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
  • Observação: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

Abraços :D

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×