Ir ao conteúdo
  • Cadastre-se
hesoyam123

Chrome travando e pc lento.

Recommended Posts

Sempre que eu abro o Chrome ele trava e as vezes fecha, o PC está bem lento também.

 

Usei o Spyhunter 4 para escanear o pc, e de fato achou vários vírus, consegui tirar a maioria, porém tem um que ele não conseguiu tirar, e nem eu consegui tirar manualmente, que é o Adware.BRApp. De acordo com o Spyhunter esse vírus está nas seguintes entradas no registro:

 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_POFILTERDRV

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_POFILTERDRV\0000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_POFILTERDRV

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_POFILTERDRV\0000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POFILTERDRV

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_POFILTERDRV\0000

 

Segue o log do ZA_Scan:

ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @hesoyam123

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

 

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

# Etapa nº 1 #
 
Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop)

Execute o arquivo adwcleaner.exe

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome"
  • Clique no botão Verificar e aguarde o exame finalizar.
  • Clique no botão Limpar.
  • Abrirá um bloco de notas com o resultado.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.
  • O log também será salvo em C:\AdwCleaner


NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar.
 
# Etapa nº 2 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Junkware Removal Tool (JRT) e salve em sua Área de trabalho (Desktop)

 

Clique duas vezes para executar o jrt.exe.
 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • A ferramenta começará o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Ao final um log se abrirá. Será salvo no desktop com o nome de JRT.txt.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 
# Etapa nº 3 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log AdwCleaner:

 

# AdwCleaner v6.020 - Relatório criado 26/09/2016 às 15:48:40
# *Updated on 14/09/2016 by ToolsLib
# Banco de dados : 2016-09-26.3 [Servidor]
# Sistema operacional : Windows 7 Ultimate Service Pack 1 (X64)
# Usuário : Admin - ADMIN-PC
# Executando de : C:\Users\Admin\Desktop\adwcleaner_6.020.exe
# Limpar
# Apoio : https://toolslib.net/forum

***** [ Serviços ] *****

***** [ Pastas ] *****

[-] RestauradoC:\Users\Public\Documents\Guid
[-] RestauradoC:\Users\Public\Documents\pc faster
[-] RestauradoC:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\PriceFountain
[-] RestauradoC:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\LightGate
[-] RestauradoC:\Windows\SysWOW64\config\systemprofile\AppData\Local\BrowserWeb
[-] RestauradoC:\Windows\SysWOW64\config\systemprofile\AppData\Local\PriceFountain
[-] RestauradoC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\mystarttb


***** [ Arquivos ] *****

[-] RestauradoC:\Users\Admin\AppData\Roaming\webad.xml
[-] RestauradoC:\ProgramData\webad.xml
[#] RestauradoC:\ProgramData\Application Data\webad.xml
[-] RestauradoC:\user.js
[-] RestauradoC:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fyleza5s.default\invalidprefs.js


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Atalhos ] *****

***** [ Tarefas agendadas ] *****

***** [ Registro ] *****

[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [C:\Program Files (x86)\Freeven pro 1.2\Freeven pro 1.2-nova.exe]
[-] RestauradoHKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ExpatSrv
[#] *Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ExpatSrv
[-] RestauradoHKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ExpatWd
[#] *Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ExpatWd
[-] RestauradoHKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpSvc
[#] *Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpSvc
[-] RestauradoHKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[#] *Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[-] RestauradoHKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Freeven pro 1.2
[#] *Key deleted on reboot: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Freeven pro 1.2
[-] RestauradoHKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\V-bates
[-] RestauradoHKLM\SOFTWARE\Clara
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\HomePageHelper
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\LightGate


***** [ Verificando navegadores ... ] *****

*************************

:: Políticas do IE excluídas
:: Políticas do Chrome excluídas

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3591 *Bytes] - [26/09/2016 15:48:40]
C:\AdwCleaner\AdwCleaner[S0].txt - [3690 *Bytes] - [26/09/2016 15:47:28]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3739 *Bytes] ##########
 

 

Log Junkware Removal Tool:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.8 (09.20.2016)
Operating System: Windows 7 Ultimate x64 
Ran by Admin (Administrator) on 26/09/2016 at 15:57:53,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 162 

Failed to delete: C:\ProgramData\productdata (Folder) 
Failed to delete: C:\Users\Admin\AppData\Local\innovative solutions (Folder) 
Failed to delete: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RM5N3AA (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6GNJ4ZQ (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MVWL07DT (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHP8JDY5 (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O37888JF (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OCRWSKTM (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1CTY26N (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PQQ3PRUH (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S4CRDSVW (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SO1WCUHC (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8QEZ595 (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TL1XZ069 (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCHGT021 (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5EGUFV (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W8VV0XSH (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBUZOF71 (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XKSLDLXY (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZHQ3VJF8 (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZRFLQSM7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\Admin\Appdata\LocalLow\company (Folder) 
Successfully deleted: C:\Users\Admin\AppData\Roaming\innovative solutions (Folder) 
Successfully deleted: C:\Users\Admin\AppData\Roaming\productdata (Folder) 
Successfully deleted: C:\Windows\wininit.ini (File) 
Successfully deleted: C:\Program Files (x86)\GUT32A5.tmp (File) 
Successfully deleted: C:\Program Files (x86)\GUT564B.tmp (File) 
Successfully deleted: C:\Program Files (x86)\GUTDD65.tmp (File) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2A85XBVU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2GGVTDHP (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UEO1NCC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2X0N37VH (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I2W1WUZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LCMJRS8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5FZRJ0Z0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JXEHXC2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6E64UERI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6PBYC8O3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6U6ZNVDQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WYT3MUM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHD65M15 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AOXJY2IA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BCWOQTA7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C0TPM4QW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDPLTYHR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EY7ODGQ4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F11QI7DX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FANZVW9B (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4R33DJM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GVFRFTZH (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H27XUR7H (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6IEBVL0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HFD1SZ8Q (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHPOZBIF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNMM02RB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNTNGGXA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX6W1KJZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I2XTUER0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I47IW812 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I75CSWMO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ILRUXCKE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZUODK5Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6EIRHFZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J90IDSZ0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K4KNPI52 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NMUXWKLT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NQB1LU4P (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O5W0KY77 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OZJKMPDC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P47FB2LY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJ5TN89Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QBLV6F8T (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R85ZUQL7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB57V273 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RET51DT8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJZCE8C2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UG74PZL1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W0GPXBMI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7I0MTLL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVIJTE1A (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y2M86H7G (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2A85XBVU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2GGVTDHP (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UEO1NCC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2X0N37VH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I2W1WUZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LCMJRS8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5FZRJ0Z0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JXEHXC2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6E64UERI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6PBYC8O3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6U6ZNVDQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RM5N3AA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WYT3MUM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHD65M15 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AOXJY2IA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BCWOQTA7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C0TPM4QW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDPLTYHR (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EY7ODGQ4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F11QI7DX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FANZVW9B (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4R33DJM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GVFRFTZH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H27XUR7H (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6IEBVL0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HFD1SZ8Q (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHPOZBIF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNMM02RB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNTNGGXA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX6W1KJZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I2XTUER0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I47IW812 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I75CSWMO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ILRUXCKE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZUODK5Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6EIRHFZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J90IDSZ0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K4KNPI52 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6GNJ4ZQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MVWL07DT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHP8JDY5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NMUXWKLT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NQB1LU4P (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O37888JF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O5W0KY77 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OCRWSKTM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OZJKMPDC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1CTY26N (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P47FB2LY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJ5TN89Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PQQ3PRUH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QBLV6F8T (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R85ZUQL7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB57V273 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RET51DT8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJZCE8C2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S4CRDSVW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SO1WCUHC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8QEZ595 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TL1XZ069 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCHGT021 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UG74PZL1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5EGUFV (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W0GPXBMI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7I0MTLL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W8VV0XSH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVIJTE1A (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBUZOF71 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XKSLDLXY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y2M86H7G (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZHQ3VJF8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZRFLQSM7 (Temporary Internet Files Folder) 

Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/09/2016 at 16:12:48,84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Log ZHPCleaner:

 

~ ZHPCleaner v2016.9.25.146 by Nicolas Coolman (2016/09/25)
~ Run by Admin (Administrator)  (26/09/2016 16:23:30)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Users\Admin\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Admin\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)


---\\  Serviços (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Navegadores de Internet (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Arquivo hosts (1)
~ O arquivo hosts é legítimo (30)


---\\  Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Explorer ( Arquivos, Pastas) (12)
MOVIDO pasta: C:\ProgramData\InstallMate\{90D0616C-B3AE-4246-A0AD-FB8C4B33439A}\Setup.exe [Tarma Software Research Pty Ltd - InstallMate® Setup]  =>.Superfluous.Tarma
MOVIDO pasta: C:\ProgramData\InstallMate\{90D0616C-B3AE-4246-A0AD-FB8C4B33439A}\TsuDll.dll [Tarma Software Research Pty Ltd - InstallMate® Setup Library]  =>.Superfluous.Tarma
MOVIDO pasta: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ol.at.atwola.com_0.localstorage    =>.Superfluous.Atwola
MOVIDO pasta: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ol.at.atwola.com_0.localstorage-journal    =>.Superfluous.Atwola
MOVIDO pasta: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage    =>PUP.Optional.Chatango
MOVIDO pasta: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage-journal    =>PUP.Optional.Chatango
MOVIDO arquivo: C:\ProgramData\InstallMate  =>.Superfluous.Tarma
MOVIDO arquivo: C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}  =>PUP.Optional.Generic
MOVIDO arquivo: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashRpt  =>.Superfluous.CrashReports
MOVIDO arquivo: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\mixvideoplayer  =>.Superfluous.Softforce
MOVIDO arquivo: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SunnyDay7  =>PUP.Optional.CrossRider
MOVIDO arquivo: C:\Windows\Installer\MSI68B4.tmp-  =>Empty


---\\  Registro ( Chaves, Valores, Dados ) (2)
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\soundplus-installer_RASAPI32 []  =>Adware.Kazy
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\soundplus-installer_RASMANCS []  =>Adware.Kazy


---\\  Resumo dos elementos encontrados na sua estação de trabalho (8)
https://www.nicolascoolman.com/fr/pup-tarma/  =>.Superfluous.Tarma
https://www.anti-malware.top/2016/07/21/superfluous-atwola/  =>.Superfluous.Atwola
https://www.nicolascoolman.com/fr/repaquetage-et_infections/  =>PUP.Optional.Chatango
https://www.anti-malware.top/2016/05/01/definition-dun-logiciel-pup-lpi/  =>PUP.Optional.Generic
https://www.nicolascoolman.com/fr/logiciels-superflus  =>.Superfluous.CrashReports
https://www.nicolascoolman.com/forum/post33257.html#p33257  =>.Superfluous.Softforce
https://www.anti-malware.top/2016/04/30/pup-optional-crossrider/  =>PUP.Optional.CrossRider
https://www.anti-malware.top/2016/08/09/adware-kazy/  =>Adware.Kazy


---\\  Dodatkowe oczyszczenie. (14)
~ Chave de registro Tracing Supprimido (14)
~ Remover os relatórios antigos ZHPCleaner. (0)


---\\ Resultado de reparação
Reparação efectuada com sucesso


---\\ Estatísticas
~ Items scan : 612
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 14


~ End of clean in 00h00mn11s
~====================
ZHPCleaner-[R]-26092016-16_23_41.txt
ZHPCleaner--26092016-16_23_04.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @hesoyam123

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop).


32 bit (x86) ou 64 bit (x64)

 

  • Clique duas vezes para executar a ferramenta.
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
  • Marque a caixa Arquivos 90 dias,  e clique no botão Examinar.
  • Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop).
  • Selecione, copie e cole o conteúdo do log  FRST.txt em sua próxima resposta.
  • Anexe o log Addition.txt

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log FRST.txt :

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 25-09-2016
Executado por Admin (administrador) em ADMIN-PC (27-09-2016 13:35:17)
Executando a partir de C:\Users\Admin\Desktop
Perfis Carregados: Admin (Perfis Disponíveis: Admin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-18] (AVAST Software)
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\...\MountPoints2: {23800e85-cc57-11e5-b044-902b34fbf139} - D:\LG_PC_Programs.exe
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\...\MountPoints2: {6c903630-bab5-11e3-9770-902b34fbf139} - D:\Startme.exe
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\...\MountPoints2: {76932079-be50-11e1-a954-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2013-09-15] (Microsoft Corporation) <==== ATENÇÃO
HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-18] (AVAST Software)
BootExecute: autocheck autochk * sh4native Sh4Removal

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 200.216.254.198 8.8.8.8
Tcpip\..\Interfaces\{E9CF0284-5C17-47EA-BF6F-1271A54BEA45}: [DhcpNameServer] 200.216.254.198 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.br.msn.com/
SearchScopes: HKLM-x32 -> DefaultScope valor está ausente
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1132872757-4150991084-3909540283-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-03] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-03] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fyleza5s.default
FF NetworkProxy: "type", 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-14] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-03] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-14] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-07-28] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-18]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-18]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com.br/"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2016-09-27]
CHR Extension: (Avast SafePrice) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-19]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-20]
CHR Extension: (Avast Online Security) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-09-19]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-18] (AVAST Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-09-15] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-18] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-18] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-09-18] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-09-18] (AVAST Software)
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3341904 2012-03-26] (Broadcom Corporation)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-05-17] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-08-15] (Anchorfree Inc.)
S3 Baidu PC Faster FileShredder; \??\C:\Users\Admin\AppData\Local\Temp\_@DC89.tmp\FileKill_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-09-27 13:35 - 2016-09-27 13:36 - 00012461 _____ C:\Users\Admin\Desktop\FRST.txt
2016-09-27 13:34 - 2016-09-27 13:35 - 00000000 ____D C:\FRST
2016-09-27 13:31 - 2016-09-27 13:31 - 02403328 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2016-09-26 16:16 - 2016-09-26 16:23 - 00000000 ____D C:\Users\Admin\AppData\Roaming\ZHP
2016-09-26 15:43 - 2016-09-26 15:48 - 00000000 ____D C:\AdwCleaner
2016-09-22 21:20 - 2016-09-22 21:19 - 00016254 _____ C:\ZA-Scan.txt
2016-09-22 16:30 - 2016-09-22 16:30 - 00000000 ____D C:\Users\Admin\Documents\League of Legends
2016-09-22 16:25 - 2016-09-22 16:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\LolClient
2016-09-22 16:24 - 2016-09-22 16:25 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-09-22 16:22 - 2016-09-27 10:53 - 00000000 ____D C:\Program Files (x86)\League of Legends
2016-09-22 16:22 - 2016-09-22 16:22 - 00000000 ____D C:\Users\Admin\Documents\My Games
2016-09-22 15:16 - 2016-09-22 15:16 - 00020010 _____ C:\Users\Admin\Downloads\ZA-Scan (3).txt
2016-09-22 14:49 - 2016-09-22 14:49 - 00016121 _____ C:\Users\Admin\Downloads\ZA-Scan (2).txt
2016-09-22 14:29 - 2016-09-22 14:29 - 00217088 _____ C:\Users\Admin\Downloads\BONIFICAÇÃO DE MEDICAMENTOS DE OUTUBRO A DEZEMBRO_2016.pdf
2016-09-22 11:30 - 2016-09-22 11:30 - 00016121 _____ C:\Users\Admin\Downloads\ZA-Scan (1).txt
2016-09-22 11:18 - 2016-09-22 11:18 - 00016121 _____ C:\Users\Admin\Downloads\ZA-Scan.txt
2016-09-22 10:56 - 2016-09-22 10:56 - 00000000 ____D C:\zoek_backup
2016-09-21 22:08 - 2016-09-21 22:09 - 01370112 _____ C:\Users\Admin\Desktop\ZA-Scan.exe
2016-09-20 15:01 - 2016-09-20 15:01 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-09-20 15:01 - 2016-09-20 15:01 - 00000782 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-09-20 15:01 - 2016-09-20 15:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-09-20 15:01 - 2016-09-20 15:01 - 00000000 ____D C:\Program Files\CCleaner
2016-09-20 14:30 - 2016-09-20 14:30 - 00000000 ____D C:\Users\Admin\AppData\Roaming\WinTools
2016-09-20 14:29 - 2016-09-20 14:29 - 00000000 ____D C:\Program Files (x86)\WinTools Software
2016-09-20 11:57 - 2016-09-20 11:57 - 00003272 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-09-20 11:57 - 2015-12-17 15:24 - 00025984 ____R C:\Windows\SysWOW64\sh4native.exe
2016-09-20 11:55 - 2016-09-20 13:18 - 00000000 ___HD C:\qW3WaoIU6ns4uwUD
2016-09-19 22:16 - 2016-09-20 13:14 - 00052113 _____ C:\spyhunter.fix
2016-09-19 22:16 - 2016-09-19 22:16 - 00000000 ___HD C:\bwgjckbZv6Oqu4Fb
2016-09-19 19:42 - 2016-09-19 21:33 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-18 12:27 - 2016-09-19 18:05 - 00003896 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1474212430
2016-09-18 12:27 - 2016-09-18 12:27 - 00001003 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-09-18 12:27 - 2016-09-18 12:27 - 00001003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-09-18 12:26 - 2016-09-18 12:25 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-09-18 12:00 - 2016-09-18 12:00 - 00000000 ____D C:\Users\Admin\AppData\Roaming\AVAST Software
2016-09-18 11:59 - 2016-09-19 19:50 - 00000000 ____D C:\Program Files\Common Files\AV
2016-09-18 11:59 - 2016-09-18 11:59 - 00001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-09-18 11:59 - 2016-09-18 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-09-18 11:58 - 2016-09-18 11:59 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-09-18 11:58 - 2016-09-18 11:58 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-09-18 11:58 - 2016-09-18 11:58 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-09-18 11:58 - 2016-09-18 11:58 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-09-18 11:58 - 2016-09-18 11:58 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-09-18 11:58 - 2016-09-18 11:58 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-09-18 11:58 - 2016-09-18 11:58 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-09-18 11:58 - 2016-09-18 11:58 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-09-18 11:58 - 2016-09-18 11:58 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-09-18 11:58 - 2016-09-18 11:58 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-09-18 11:58 - 2016-09-18 11:58 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-09-18 11:58 - 2016-09-18 11:58 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-09-18 11:58 - 2016-09-18 11:58 - 00000350 ____H C:\Windows\Tasks\avast! Emergency Update.job
2016-09-18 11:43 - 2016-09-20 16:29 - 00273208 _____ C:\Windows\ntbtlog.txt
2016-09-17 15:25 - 2016-09-17 15:25 - 00000826 _____ C:\Users\Public\Desktop\Counter Strike Clean.lnk
2016-09-17 15:25 - 2016-09-17 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter Strike Clean
2016-09-17 15:23 - 2016-09-17 15:23 - 00000000 ____D C:\Games
2016-09-15 08:08 - 2016-09-15 08:08 - 00000029 _____ C:\Users\Admin\Desktop\rondelli.txt
2016-09-14 18:20 - 2016-09-17 15:21 - 00000000 ____D C:\Program Files (x86)\Valve
2016-08-27 14:52 - 2016-08-27 14:52 - 00000000 ____D C:\Users\Todos os Usuários\Riot Games
2016-08-27 14:52 - 2016-08-27 14:52 - 00000000 ____D C:\ProgramData\Riot Games
2016-08-15 11:40 - 2016-08-15 11:40 - 00042064 _____ (Anchorfree Inc.) C:\Windows\system32\Drivers\taphss6.sys
2016-08-14 23:35 - 2016-08-14 23:35 - 00002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActiveX Inspector.lnk
2016-08-14 23:35 - 2016-08-14 23:35 - 00000000 ____D C:\Program Files (x86)\oakland software
2016-08-14 22:58 - 2016-08-14 22:58 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\Adobe
2016-08-14 22:52 - 2016-09-15 11:05 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-08-14 22:52 - 2016-08-15 15:26 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-14 22:52 - 2016-08-14 22:52 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-08-14 19:01 - 2016-09-24 22:26 - 00000964 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-08-14 19:01 - 2016-08-14 19:01 - 00003958 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-08-14 18:50 - 2016-08-14 18:50 - 00000000 ____D C:\Users\Admin\AppData\Local\Macromedia
2016-08-14 18:41 - 2016-08-14 19:01 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-08-14 18:41 - 2016-08-14 19:01 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-08-14 17:35 - 2016-08-14 17:35 - 00000000 ____D C:\Users\Admin\Tracing
2016-08-14 17:33 - 2016-09-18 12:40 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-14 17:33 - 2016-08-14 17:33 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2016-08-14 17:33 - 2016-08-14 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-08-14 13:00 - 2016-09-16 22:29 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-14 13:00 - 2016-09-16 22:29 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-14 12:51 - 2016-09-27 13:16 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-14 12:51 - 2016-09-27 12:02 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-14 12:51 - 2016-08-14 13:57 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-14 12:51 - 2016-08-14 13:57 - 00003814 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-18 16:51 - 2016-07-18 16:51 - 00000000 ____D C:\Users\Admin\AppData\Roaming\cYo
2016-07-18 16:51 - 2016-07-18 16:51 - 00000000 ____D C:\Users\Admin\AppData\Local\cYo
2016-07-18 16:48 - 2016-07-18 16:50 - 00000000 ____D C:\Program Files\ComicRack
2016-07-18 16:48 - 2016-07-18 16:48 - 00000800 _____ C:\Users\Public\Desktop\ComicRack.lnk
2016-07-18 16:48 - 2016-07-18 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ComicRack
2016-07-08 22:22 - 2016-07-08 22:22 - 00109296 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-08 14:59 - 2016-07-08 14:59 - 00916816 _____ C:\Users\Admin\AppData\Roaming\wxSB.zip
2016-07-08 14:58 - 2016-07-08 14:58 - 00000000 ____D C:\Users\Admin\AppData\Local\WX Smart Bar
2016-07-08 14:54 - 2016-07-08 14:55 - 00000000 ____D C:\Users\Admin\Documents\Bandicam
2016-07-08 14:54 - 2016-07-08 14:54 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BANDISOFT
2016-07-02 16:48 - 2016-07-07 15:14 - 00006144 ____H C:\Users\Admin\Desktop\photothumb.db
2016-07-02 13:37 - 2016-07-02 13:37 - 00001035 _____ C:\Users\Admin\Desktop\PhotoScape.lnk
2016-07-02 13:37 - 2016-07-02 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-09-27 13:23 - 2009-07-14 01:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-27 13:23 - 2009-07-14 01:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-27 13:15 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-26 18:05 - 2015-08-02 16:59 - 00000000 ____D C:\Program Files (x86)\Opera
2016-09-26 16:09 - 2015-10-13 15:58 - 00000000 ____D C:\Users\Admin\AppData\Local\Innovative Solutions
2016-09-26 15:48 - 2014-09-26 11:15 - 00000008 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-09-26 15:48 - 2014-09-26 11:15 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-09-25 11:43 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2016-09-23 22:08 - 2015-09-18 18:04 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2016-09-23 17:07 - 2014-01-23 17:20 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2016-09-23 17:03 - 2014-01-23 16:03 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-09-23 17:03 - 2014-01-23 16:03 - 00000000 ____D C:\ProgramData\Skype
2016-09-23 14:04 - 2016-06-27 18:17 - 00003852 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1467062234
2016-09-22 16:24 - 2013-10-06 21:09 - 00705798 _____ C:\Windows\system32\prfh0416.dat
2016-09-22 16:24 - 2013-10-06 21:09 - 00147638 _____ C:\Windows\system32\prfc0416.dat
2016-09-22 16:24 - 2009-07-14 02:13 - 01635826 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-22 16:24 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-09-21 13:44 - 2009-07-14 02:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-09-20 12:01 - 2015-10-26 15:10 - 00000742 _____ C:\Users\Admin\Desktop\Start Tor Browser.lnk
2016-09-20 12:01 - 2015-08-28 14:08 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-09-20 12:01 - 2015-08-28 14:08 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-09-20 11:54 - 2015-10-13 16:00 - 00000000 ____D C:\Users\Admin\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}
2016-09-20 11:54 - 2014-05-03 17:37 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\{D7AFFFBE-CDC1-63D7-BC66-3CD2CBA784DB}
2016-09-19 21:13 - 2014-03-07 18:11 - 00000000 ____D C:\Users\Todos os Usuários\Spybot - Search & Destroy
2016-09-19 21:13 - 2014-03-07 18:11 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-09-18 16:14 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\Cursors
2016-09-18 12:25 - 2016-01-14 14:43 - 00000000 ____D C:\Program Files\AVAST Software
2016-09-18 12:25 - 2014-01-23 16:09 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2016-09-18 12:25 - 2014-01-23 16:09 - 00000000 ____D C:\ProgramData\AVAST Software
2016-09-14 18:20 - 2014-01-23 16:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-09-13 11:03 - 2014-01-23 16:01 - 00000000 ____D C:\Users\Admin\Desktop\Meus documentos
2016-09-01 19:19 - 2016-03-15 13:49 - 00000000 ____D C:\Users\Admin\Desktop\agar.io
2016-08-29 16:56 - 2014-09-02 10:46 - 00000000 ____D C:\Users\Admin\AppData\Roaming\TS3Client
2016-08-28 22:44 - 2015-10-03 13:32 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client

==================== Arquivos na raiz de alguns diretórios =======

2015-08-16 13:58 - 2015-08-16 13:58 - 0004819 _____ () C:\Program Files (x86)\images.jpg
2005-04-27 03:47 - 2014-01-28 20:45 - 0039435 ____H () C:\Users\Admin\AppData\Roaming\Adminv1.18.0 - Trial versionlog.dat
2014-04-06 14:59 - 2015-03-14 16:35 - 0045270 _____ () C:\Users\Admin\AppData\Roaming\room_v3.dat
2014-03-22 19:23 - 2014-03-22 19:23 - 0000044 _____ () C:\Users\Admin\AppData\Roaming\twow_sysprepdt.dat
2014-02-17 09:56 - 2014-07-19 09:16 - 0000111 _____ () C:\Users\Admin\AppData\Roaming\WB.CFG
2016-07-08 14:59 - 2016-07-08 14:59 - 0916816 _____ () C:\Users\Admin\AppData\Roaming\wxSB.zip
2014-04-30 17:39 - 2014-04-30 17:50 - 0003584 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-13 18:34 - 2015-09-13 18:34 - 0000036 _____ () C:\Users\Admin\AppData\Local\housecall.guid.cache
2016-06-14 21:39 - 2016-06-14 21:39 - 0000000 _____ () C:\Users\Admin\AppData\Local\PACKED.pig
2014-01-23 19:23 - 2014-01-23 19:23 - 0007618 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2015-11-22 15:08 - 2015-11-22 15:08 - 0000000 _____ () C:\Users\Admin\AppData\Local\{425B975D-5A20-4535-A15F-349372C76002}
2015-06-04 20:37 - 2015-06-04 20:37 - 0000000 _____ () C:\Users\Admin\AppData\Local\{893FA9B2-6555-4374-9F7F-ECD413FA335D}

Alguns arquivos em TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\libeay32.dll
C:\Users\Admin\AppData\Local\Temp\msvcr120.dll
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-09-20 13:14

==================== Fim de FRST.txt ============================

 

Log Addition.txt :

 

Addition.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @hesoyam123

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está abaixo:

 

Citação

CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\...\MountPoints2: {23800e85-cc57-11e5-b044-902b34fbf139} - D:\LG_PC_Programs.exe
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\...\MountPoints2: {6c903630-bab5-11e3-9770-902b34fbf139} - D:\Startme.exe
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\...\MountPoints2: {76932079-be50-11e1-a954-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2013-09-15] (Microsoft Corporation) <==== ATENÇÃO
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.br.msn.com/
SearchScopes: HKLM-x32 -> DefaultScope valor está ausente
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1132872757-4150991084-3909540283-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S3 Baidu PC Faster FileShredder; \??\C:\Users\Admin\AppData\Local\Temp\_@DC89.tmp\FileKill_x64.sys [X]
C:\Users\Admin\AppData\Local\Temp\_@DC89.tmp\FileKill_x64.sys
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {9AE11AF5-973F-4DC4-8EB0-3BDDAA436E71} - System32\Tasks\SpyHunter4Startup => C:\Users\Admin\Desktop\SpyHunterPortable\App\SpyHunter\SpyHunter4.exe
C:\Users\Admin\Desktop\SpyHunterPortable\App\SpyHunter\SpyHunter4.exe
C:\Windows\System32\Tasks\SpyHunter4Startup
Hosts:

CMD:ipconfig /flushdns
EmptyTemp:

 

  • Salve este arquivo na Área de Trabalho (Desktop) como fixlist.txt
  • Execute novamente o FRST e clique no botão Corrigir;
  • Aguarde... ao final será gerado o log Fixlog.txt em sua Área de Trabalho (Desktop).
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log Fixlog.txt :

 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 28-09-2016
Executado por Admin (28-09-2016 14:09:41) Run:1
Executando a partir de C:\Users\Admin\Desktop
Perfis Carregados: Admin (Perfis Disponíveis: Admin)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
 
CMD:ipconfig /flushdns
EmptyTemp:
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.

========= ipconfig /flushdns =========


Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21938762 B
Java, Flash, Steam htmlcache => 34360802 B
Windows/system/drivers => 83204666 B
Edge => 0 B
Chrome => 576235991 B
Firefox => 8518714 B
Opera => 19972260 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 43029 B
systemprofile32 => 23897089 B
LocalService => 0 B
NetworkService => 37920 B
Admin => 124990553 B

RecycleBin => 0 B
EmptyTemp: => 859.8 MB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 14:11:50 ====

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log Fixlog.txt :

 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 28-09-2016
Executado por Admin (28-09-2016 15:04:49) Run:2
Executando a partir de C:\Users\Admin\Desktop
Perfis Carregados: Admin (Perfis Disponíveis: Admin)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\...\MountPoints2: {23800e85-cc57-11e5-b044-902b34fbf139} - D:\LG_PC_Programs.exe
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\...\MountPoints2: {6c903630-bab5-11e3-9770-902b34fbf139} - D:\Startme.exe
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\...\MountPoints2: {76932079-be50-11e1-a954-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2013-09-15] (Microsoft Corporation) <==== ATENÇÃO
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.br.msn.com/
SearchScopes: HKLM-x32 -> DefaultScope valor está ausente
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1132872757-4150991084-3909540283-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S3 Baidu PC Faster FileShredder; \??\C:\Users\Admin\AppData\Local\Temp\_@DC89.tmp\FileKill_x64.sys [X]
C:\Users\Admin\AppData\Local\Temp\_@DC89.tmp\FileKill_x64.sys
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {9AE11AF5-973F-4DC4-8EB0-3BDDAA436E71} - System32\Tasks\SpyHunter4Startup => C:\Users\Admin\Desktop\SpyHunterPortable\App\SpyHunter\SpyHunter4.exe
C:\Users\Admin\Desktop\SpyHunterPortable\App\SpyHunter\SpyHunter4.exe
C:\Windows\System32\Tasks\SpyHunter4Startup
Hosts:
CMD:ipconfig /flushdns
EmptyTemp:
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => valor removido (a) com sucesso.
"HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23800e85-cc57-11e5-b044-902b34fbf139}" => chave removido (a) com sucesso.
HKCR\CLSID\{23800e85-cc57-11e5-b044-902b34fbf139} => chave não encontrado (a). 
"HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c903630-bab5-11e3-9770-902b34fbf139}" => chave removido (a) com sucesso.
HKCR\CLSID\{6c903630-bab5-11e3-9770-902b34fbf139} => chave não encontrado (a). 
"HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76932079-be50-11e1-a954-806e6f6e6963}" => chave removido (a) com sucesso.
HKCR\CLSID\{76932079-be50-11e1-a954-806e6f6e6963} => chave não encontrado (a). 
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => valor removido (a) com sucesso.
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => valor removido (a) com sucesso.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} => chave não encontrado (a). 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
HKU\S-1-5-21-1132872757-4150991084-3909540283-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
Baidu PC Faster FileShredder => serviço removido (a) com sucesso.
"C:\Users\Admin\AppData\Local\Temp\_@DC89.tmp\FileKill_x64.sys" => não encontrado (a).
gdrv => serviço removido (a) com sucesso.
GGSAFERDriver => serviço removido (a) com sucesso.
taphss => serviço removido (a) com sucesso.
VGPU => serviço removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9AE11AF5-973F-4DC4-8EB0-3BDDAA436E71}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AE11AF5-973F-4DC4-8EB0-3BDDAA436E71}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\SpyHunter4Startup => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => chave removido (a) com sucesso.
"C:\Users\Admin\Desktop\SpyHunterPortable\App\SpyHunter\SpyHunter4.exe" => não encontrado (a).
"C:\Windows\System32\Tasks\SpyHunter4Startup" => não encontrado (a).
C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.

========= ipconfig /flushdns =========


Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6180409 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 224 B
Edge => 0 B
Chrome => 23183892 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Admin => 24598 B

RecycleBin => 0 B
EmptyTemp: => 36 MB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 15:05:28 ====

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @hesoyam123

 

Baixe a Malwarebytes Anti-Malware (MBAM).
 
Clique duas vezes no mbam-setup.exe para instalar o programa.

  • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas..
  • Clique em Configurações, clique em Detecção e proteção, marque Verificar por Rootkits.
  • Volte ao Painel e por fim clique em Verificar agora.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Registros do aplicativo na janela principal do programa.
  • Clique duas vezes no log (Registro de verificação). Utilize o formato .txt para exportar o log.
  • O log de Proteção é desnecessário para a análise, exporte sempre o log correto.
  • Selecione, copie e cole o conteúdo deste log em sua próxima resposta.

 

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log Malwarebytes Anti-Malware :

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Data da verificação: 30/09/2016
Hora da verificação: 12:07
Arquivo de registro: log MBAM.txt
Administrador: Sim

Versão: 2.2.1.1043
Banco de dados de malware: v2016.09.30.09
Banco de dados de rootkit: v2016.09.26.02
Licença: Gratuita
Proteção contra malware: Desabilitado
Proteção contra website malicioso: Desabilitado
Autoproteção: Desabilitado

Sistema operacional: Windows 7 Service Pack 1
CPU: x64
Sistema de arquivos: NTFS
Usuário: Admin

Tipo de verificação: Verificação da ameaça
Resultado: Concluído
Objetos verificados: 327453
Tempo decorrido: 19 min, 35 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

Processos: 0
(Nenhum item malicioso detectado)

Módulos: 0
(Nenhum item malicioso detectado)

Chaves de registro: 0
(Nenhum item malicioso detectado)

Valores de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Pastas: 0
(Nenhum item malicioso detectado)

Arquivos: 0
(Nenhum item malicioso detectado)

Setores físicos: 0
(Nenhum item malicioso detectado)


(end)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @hesoyam123

 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Stinger e salve em sua Área de trabalho (Desktop).
32 bit (x86) ou 64 bit (x64)

  • Execute o arquivo Stinger.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
  • Clique no botão “I Accept”


Stinger%20a.png

Na nova janela clique em “Advanced” e depois “Settings”

Stinger%20b.png

Na janela configurações deixe conforme imagem abaixo e clique no botão “Save”

9hnsyu.png

Clique em “Customize my Scan”

Stinger%20f.png

Selecione as unidades do sistema e em seguida clique no botão “Scan”

Stinger%20g.png

Ao final clique em “View log”, será aberto uma janela com o log em seu navegador.
Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log Stinger:

 

McAfee Stinger Scan Results

McAfee® Labs Stinger™ Version 12.1.0.2132 built on Sep 30 2016 at 12:48:19

Copyright© 2015, McAfee, Inc. All Rights Reserved.

 

AV Engine version v5800.7501 for Windows.

Virus data file v1000.0 created on Sep 30, 2016

Ready to scan for 9909 viruses, trojans and variants.

 

Custom scan initiated on domingo, outubro 02, 2016 14:15:10 Rootkit scan result : Clean.

 

C:\Users\Admin\AppData\Local\VirtualStore\Program Files (x86)\Valve\trash.bak

[MD5:be7a7d7b502eac18b83be2bb882fa07e] is infected with Artemis!BE7A7D7B502E C:\Users\Admin\AppData\Local\VirtualStore\Program Files (x86)\Valve\trash.bak has been Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Setup Wizard\c8051ef6-f6f4-4a06-91ec-7d9142b2009e\mystarttb_5.5.0.2_samba.exe\696.nsis is infected with Artemis!3D9A1DECAB09 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Setup Wizard\c8051ef6-f6f4-4a06-91ec-7d9142b2009e\mystarttb_5.5.0.2_samba.exe\696.nsis has been Deleted

 

Summary Report on C:

File(s)

TotalFiles: ............ 363416

Clean: ................. 171607

Not Scanned: ........... 191807

Possibly Infected: ..... 2

 

Time: 02:06:54

 

Scan completed on domingo, outubro 02, 2016 16:22:04

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @hesoyam123

 

Baixe Security Check, by glax24 e salve em sua Área de trabalho (Desktop).

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • Aguarde enquanto a ferramenta faz o exame.
  • Ao final salve log como SecurityCheck.html
  • Abra o arquivo com o bloco de notas;
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log SecurityCheck:

 

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 03.10.2016 12:27:03
Path starting: C:\Users\Admin\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Admin
VersionXML: 3.40is-01.10.2016
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x64) Ultimate Lang: Portuguese(0416)
Installation date OS: 23.01.2014 17:27:57
LicenseStatus: Windows(R) 7, Ultimate edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [74.4 Gb] Used: [47.7 Gb] Free: [26.7 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.17207 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled
The elevation prompt for administrators disabled
^It is recommended to enable: Win+R typing UserAccountControlSettings and Enter^
Never check for updates
Date install updates: 2014-07-22 21:18:08
Windows Update (wuauserv) - The service has stopped
Central de Segurança (wscsvc) - The service has stopped
Registro remoto (RemoteRegistry) - The service has stopped
Descoberta SSDP (SSDPSRV) - The service is running
Serviços de Área de Trabalho Remota (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2007 v.12.0.6612.1000
--------------------------- [ FirewallWindows ] ---------------------------
Firewall do Windows (MpsSvc) - The service is running
Disabled the public profile of Windows Firewall
Disabled the standard profile for Windows Firewall
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and out of date)
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.10 (64-bit) v.5.10.0 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.28 v.7.28.101
-------------------------------- [ Java ] ---------------------------------
Java 7 Update 67 (64-bit) v.7.0.670 Warning! This software is no longer supported. Please uninstall it and use Java SE 8 (jre-8u102-windows-x64.exe).
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 22 NPAPI v.22.0.0.209 Warning! Download Update
Adobe Flash Player 22 PPAPI v.22.0.0.209 Warning! Download Update
Adobe Acrobat Reader DC - Português v.15.017.20053
------------------------------- [ Browser ] -------------------------------
Google Chrome v.53.0.2785.116 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.53.0.2785.116
------------------ [ AntivirusFirewallProcessServices ] -------------------
McAfee Validation Trust Protection Service (mfevtp) - The service is running
C:\Windows\System32\mfevtps.exe
Windows Defender (WinDefend) - The service has stopped
----------------------------- [ End of Log ] ------------------------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @hesoyam123

 

Como está seu Windows?

 

# Etapa nº 1 #

 

Baixe o Delfix by Xplode e salve na sua área de trabalho.

 

Clique duas vezes no delfix.exe para executá-lo. Marque as caixas conforme imagem.

 

** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo delfix.exe, depois clique em execadmin.png.

 

2mez6ld.png

 

Clique no botão Executar.

 

Ao final será gerado um log, mas não é necessário postar.
 
# Etapa nº 2 #
 
imageproxy.php?img=http%3A%2F%2Fi65.tiny Versões antigas de programas têm vulnerabilidades que alguns malwares podem usar para infectar o seu sistema.
 
Por isso, é recomendável atualizar os programas que o Security Check apontou como desatualizados (os updates opcionais ficam ao seu critério).
 
Basta clicar no Download Update de cada aviso (post acima), que irá para o site do desenvolvedor.

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

 

# Etapa nº 3 #

 

O Ccleaner é um excelente utilitário de limpeza para o computador.

 

Faça o download dele aqui Ccleaner

 

  • Após a instalação vá até o local onde o programa foi instalado, geralmente em C:\Arquivos de programas\CCleaner.
  • Clique duas vezes nesta pasta;
  • Numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta;
  • Coloque o nome de backups.
  • Abra o programa e clique em Executar Limpeza;
  • Clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
  • Observação: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×