Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Moacir Moraes Costa

[Resolvido] Problemas no PC de trabalho

Recommended Posts

Bom dia.

Preciso da ajuda dos senhores.

A algum tempo atrás eu havia criado um tópico aqui “pedindo socorro” por estar com problemas de vírus em meu PC. Fui muito bem atendido e o problema foi solucionado.

Agora, temo eu estar passando por problemas parecidos novamente.

Trabalho com jornalismo/fotografias e uso muito o PC para isso, mesmo assim sou praticamente um leigo em relação a informática.

Meu PC estava funcionando perfeitamente e atendendo a contento minhas necessidades de trabalho.

Daí de uma semana (ou um pouco mais) pra cá começaram os problemas, primeiro, sem que nada fosse mudado por mim, minhas entradas livres de USB deixaram de reconhecer qualquer coisa plugada nelas, pen drive (que uso muito) ou qualquer outro dispositivo. Vale lembrar que meu teclado, mouse e som são ligados em portas USB e continuam funcionando bem.

Quanto plugo um pen drive (por exemplo) recebo uma mensagem que o dispositivo não pode ser reconhecido e diz ser um “erro 43”.

Praticamente junto a isso, notei que meu PC ficou bem lento, trabalhar com edição de fotos nele esta um parto, a internet idem, ficou bem mais lenta que o normal.

E desde ontem comecei a ter problemas em receber e-mail vindos de mailing’s. E-mail’s pessoais chegam normal, mas vindo de mailing’s não e eu praticamente só recebia e-mail assim vindos de assessorias de imprensa com press releases.

Mantenho ativos aqui o Avast! e o Malwarebytes Anti-Malware ambos sempre atualizados, mas nenhum acusa nada de anormal quando faz a procura.

Será que os senhores poderiam me ajudar? Tô começando a ficar maluco aqui por não poder trabalhar direito.

Grato


Segue dados solicitados:



Logfile of HijackThis v1.99.1

Scan saved at 13:02:04, on 03/03/2015

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v11.0 (11.00.9600.17631)


Running processes:

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Alwil Software\Avast5\avastui.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Magro\Desktop\SPY\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui

O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O17 - HKLM\System\CCS\Services\Tcpip\..\{26C2A8A2-CDA2-420A-8EAF-83DE807676E1}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{26C2A8A2-CDA2-420A-8EAF-83DE807676E1}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{26C2A8A2-CDA2-420A-8EAF-83DE807676E1}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)


Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde Moacir,

  • Baixe: <adwcleaner_zps702dd724.png> (...par Xplode)
  • Ou aqui >>AdwCleaner<<
  • Salve-a na sua Desktop (área de trabalho).
  • Feche todos os programas e navegadores de internet abertos.
  • Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo AdwCleaner.exe,depois clique em:
    Administrador_zpsd2d1d317.jpg

    AdwCleanerexaminar_zpsd5f3cfb4.jpg
  • Clique em Examinar, para iniciar o escaneamento!

    AdwCleanerlimpar_zpsec0cb5a1.jpg
  • Ao término, clique em limpar
  • Copie o log ou clique "Relatório".
  • Poste: >>C:\AdwCleaner\AdwCleaner [s0].txt<<

 

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde caedurodrigues, obrigado pela presteza.

 

Feito, segue o texto:

 

# AdwCleaner v4.111 - Logfile created 03/03/2015 at 13:27:35
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.3 [server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Magro - MAGRO-PC
# Running from : C:\Users\Magro\Desktop\AdwCleaner.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ammjbfijeglcdlnlnhlkdhgjnlgmpehe
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17631
-\\ Google Chrome v40.0.2214.115
[C:\Users\Magro\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://br.ask.com/web?q={searchTerms}
-\\ Chromium v
[C:\Users\Magro\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://br.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [988 bytes] - [03/03/2015 13:24:44]
AdwCleaner[s0].txt - [1061 bytes] - [03/03/2015 13:27:35]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1120 bytes] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde Moacir,

  • Baixe: <ZHPDiag ><Nicolas_zpsd607e812.jpg> ( ...Nicolas Coolman)
  • Salve-o no Disco local (C ou D).
  • Desabilite seu antivírus, e execute ZHPDiag.exe para instalar.

    Pergaminho_zps6bd9016e.jpg
  • Execute o ícone do pergaminho!

    ZHPDiag_zpsbfd2086c.jpg
  • Clique na opção "COMPLETA" e aguarde a conclusão.
  • Clique OK e,ao concluir, poste o relatório! ( ZHPDiag.txt )
  • Obs: O relatório por ser extenso deve ser postado em um desses sites:
  • Acesse: <cjoint_zpse4622b2d.jpg>
  • Ou acesse:<logo_zps572d7597_1.gif>

Um grande abraço.

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde Moacir,
  • Execute este script na ferramenta ZHPFix.
  • Copie estas informações que estão abaixo de Script ZHPFix até ShortcutFix para o Bloco de notas.
  • Com o Bloco de notas aberto, faça: ctrl+a >> ctrl+c.
  • À seguir, minimize o Bloco de notas.
Script ZHPFix
SysRestore
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com
O2 - BHO: (no name) [64Bits] - {3049C3E9-B461-4BC5-8870-4C09146192CA} Chave orfã
O3 - Toolbar: avast! WebRep - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (...) -- (.not file.)
[HKCU\Software\Baixaki]
[HKLM\Software\EnigmaSoftwareGroup] =>PUP.EnigmaSoftware
O43 - CFD: 08/08/2013 - 20:11:16 - [] ----D C:\Users\Magro\AppData\Local\Apps
[HKLM\Software\EnigmaSoftwareGroup] =>PUP.EnigmaSoftware^
EmptyClsid
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
ShortcutFix
  • Abra a ferramenta ZHPFix. <ZHPFix_zps88a4bb81.jpg>
  • Clique em IMPORTAÇÃO > OK
  • Clique "GO".
  • Poste o Relatório!
Um grande abraço.
434264.gif
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Feito!

 

Relatório:

 

Rapport de ZHPFix 2015.2.17.3 par Nicolas Coolman, Update du 17/02/2015
Fichier d'export Registre :
Run by Magro at 03/03/2015 15:53:53
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 03s)
Prefetcher vazio
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ: CLSID BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA}
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
ELIMINÉ: HKCU\Software\Baixaki
ELIMINÉ:* HKLM\Software\EnigmaSoftwareGroup
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
========== Elementos dos dados do Registo ==========
ELIMINÉ: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
ELIMINÉ: R0 - Main,Start Page = KLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (17)
ELIMINÉ Flash Cookies (0)
========== Ficheiros ==========
ELIMINÉ Temporários windows (66) (92.808.032 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde Moacir,

 

Baixe:<Zoek_zps111f1cf5.pngzoek.exe><(...by Smeenk)>
Salve na sua área de trabalho!
Execute o arquivo Zoek.exe.
Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo Zoek.exe, depois clique em
run_as_adm1_zps9c608e64.png
Selecione as linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar!
quickscan;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
emptyfolderscheck;delete
Clique com o direito em qualquer parte branca do Zoek e escolha a opção colar.
Clique Run Script!
Aguarde o scan. Ao final abrirá o bloco de notas com o relatório.
Uma cópia também será salva no seu disco local com o nome zoek-results.txt.
Anexe o zoek-results.txt na sua próxima resposta.

Um grande abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tive problemas pra baixar o programa... Consegui desativar o anti virus e baixei...vou fazer...

 

Abraços.


Feito!

Texto do zoek-results.log

 

Zoek.exe v5.0.0.0 Updated 01-March-2015
Tool run by Magro on 03/03/2015 at 16:39:50,42.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Magro\Desktop\zoek.exe [scan all users] [script inserted]
==== System Restore Info ======================
03/03/2015 16:42:05 Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~3\CorelDRAW Graphics Suite X7 deleted successfully
C:\Users\Magro\AppData\Roaming\Malwarebytes deleted successfully

Compartilhar este post


Link para o post
Compartilhar em outros sites

Op's achei que era aquele ...

É esse então eu acho

Zoek.exe v5.0.0.0 Updated 01-March-2015
Tool run by Magro on 03/03/2015 at 16:39:50,42.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Magro\Desktop\zoek.exe [scan all users] [script inserted]
===== Runcheck 16:41:38,74 =====
--- Create Environment Variables 16:41:40,82
--- Create System Restore Point 16:41:48,65
--- Checking Input 16:42:08,14
--- AU AppData Check 16:42:44,93
--- Remove From Windows Installer 16:42:49,36
--- Empty Folders Check 16:44:48,41
--- Registry HKLM Software Check 16:44:48,43
--- Quick Launch Shortcut Check 16:45:16,84
--- IE Startpage Check 16:45:25,78
--- Program Files DB Check 16:45:56,69
--- C:\Users\Default\AppData\Roaming DB Check 16:46:59,80
--- C:\Users\Default User\AppData\Roaming DB Check 16:46:59,80
--- C:\Users\Magro\AppData\Roaming DB Check 16:46:59,80
--- C:\Users\USURIO~1\AppData\Roaming DB Check 16:46:59,80
--- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 16:46:59,80
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 16:46:59,80
--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 16:46:59,80
--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 16:46:59,80
--- C:\Users\Magro DB Check 16:53:42,12
--- C:\PROGRA~3 DB Check 16:54:32,26
--- C:\Users\Default\AppData\Local DB Check 16:54:44,00
--- C:\Users\Default User\AppData\Local DB Check 16:54:44,00
--- C:\Users\Magro\AppData\Local DB Check 16:54:44,00
--- C:\Users\USURIO~1\AppData\Local DB Check 16:54:44,00
--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 16:54:44,00
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 16:54:44,00
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 16:54:44,00
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 16:54:44,00
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 16:58:57,63
--- C:\Users\Magro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 16:59:19,49
--- Tasks DB Check 16:59:34,59
--- Downloads DB Check 16:59:43,80
--- C:\Users\Magro\AppData\LocalLow DB Check 16:59:54,29
--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 16:59:54,29
--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 16:59:54,29
--- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 16:59:54,29
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 16:59:54,29
--- Tasks2 DB Check 17:02:08,91

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpe...

 

Deve ser esse então:

 

Zoek.exe v5.0.0.0 Updated 01-March-2015
Tool run by Magro on 03/03/2015 at 16:39:50,42.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Magro\Desktop\zoek.exe [scan all users] [script inserted]
==== System Restore Info ======================
03/03/2015 16:42:05 Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~3\CorelDRAW Graphics Suite X7 deleted successfully
C:\Users\Magro\AppData\Roaming\Malwarebytes deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Malwarebytes' Anti-Malware not found
C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\Tasks\avast! Emergency Update deleted
C:\Users\Magro\AppData\LocalLow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com deleted
C:\Windows\wininit.ini deleted
C:\Users\Magro\AppData\Roaming\unins000.exe deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Magro\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-02-25 19:27:28 3B9E2AB1F3ABC53D4A423E699EB625C8 419936 ----a-w- C:\Windows\SysWOW64\locale.nls
2015-02-25 18:37:07 DDE994E9159497D0D5AB2CDF66D1EAD6 76800 ----a-w- C:\Windows\SysWOW64\wdi.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-03-03 16:29:12 2FF17F0F36880A77EF1731C93AC284C8 5156240 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT
2015-02-25 19:27:28 3B9E2AB1F3ABC53D4A423E699EB625C8 419936 ----a-w- C:\Windows\Sysnative\locale.nls
2015-02-25 18:37:08 D713D6446DDBB474D801F361B4B186EA 950272 ----a-w- C:\Windows\Sysnative\perftrack.dll
2015-02-25 18:37:08 AA7079AD52B8BFBAE94167D54C32F84F 29696 ----a-w- C:\Windows\Sysnative\powertracker.dll
2015-02-25 18:37:07 C6F7473B55510F0B93961DA03D8E3B38 91136 ----a-w- C:\Windows\Sysnative\wdi.dll
====== C:\Windows\Sysnative\drivers =====
2015-02-11 10:59:29 E45CDE1C8340DFEDF1D6724263F39E5B 458824 ----a-w- C:\Windows\Sysnative\drivers\cng.sys
2015-02-11 10:59:28 C60C6B9A2E50B0404F6789C62B428C03 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
2015-02-11 10:59:28 78D152A9FD5747FF6AA89C79F0346F62 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-03-03 17:02:25 -------- d-----w- C:\PROGRA~2\ZHPDiag
======= C: =====
2015-03-03 17:06:06 3F2F238334D2433653B19BCA80667759 512 ----a-w- C:\PhysicalDisk0_MBR.bin
====== C:\Users\Magro\AppData\Roaming ======
2015-03-03 18:17:41 8C943B76F426879FB214799311F4E603 147752 ----a-w- C:\Users\Magro\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-03 17:02:25 -------- d-----w- C:\Users\Magro\AppData\Roaming\ZHP
====== C:\Users\Magro ======
2015-03-03 17:02:28 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
====== C: exe-files ==
2015-03-03 18:53:50 A6F8D4FBC12177A75AB4C06D059229B6 784664 ----a-w- C:\Users\Magro\AppData\Roaming\ZHP\Quarantine\Apps.DIR\2.0\E8EEEM65.KYL\P14DN8TK.73N\inst...app_4fe91ede9f9bdca3_0001.0003_7f9ba78fa05bcf4a\GoogleUpdateSetup.exe
2015-03-03 18:53:49 A6F8D4FBC12177A75AB4C06D059229B6 784664 ----a-w- C:\Users\Magro\AppData\Roaming\ZHP\Quarantine\Apps.DIR\2.0\E8EEEM65.KYL\P14DN8TK.73N\clic...exe_4fe91ede9f9bdca3_0001.0003_none_81523f7b64d98436\GoogleUpdateSetup.exe
2015-03-03 18:53:49 2D479A35439E0DFBDBF2FDB6DEE8D49B 10120 ----a-w- C:\Users\Magro\AppData\Roaming\ZHP\Quarantine\Apps.DIR\2.0\E8EEEM65.KYL\P14DN8TK.73N\inst...app_4fe91ede9f9bdca3_0001.0003_7f9ba78fa05bcf4a\clickonce_bootstrap.exe
2015-03-03 17:02:28 F3A37421DBD1AAA36558C97572C91C5A 147456 ----a-w- C:\Program Files (x86)\ZHPDiag\catchme.exe
2015-03-03 17:02:28 CB2D120A4B72422A8141192831B1F500 80384 ----a-w- C:\Program Files (x86)\ZHPDiag\mbrcheck.exe
2015-03-03 17:02:28 5DAF7081A4BB112FA3F1915819330A3E 61440 ----a-w- C:\Program Files (x86)\ZHPDiag\pv.exe
2015-03-03 17:02:28 53CDBB093B0AEE9FD6CF1CBD25A95077 290304 ----a-w- C:\Program Files (x86)\ZHPDiag\subinacl.exe
2015-03-03 17:02:28 2312A38B8B003330DB919FA818C48449 231048 ----a-w- C:\Program Files (x86)\ZHPDiag\sigcheck.exe
2015-03-03 17:02:27 C155A13687144076286989EF078112C2 1917440 ----a-w- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe
2015-03-03 17:02:27 9DAA7218961710008D7385B01BD3F386 89088 ----a-w- C:\Program Files (x86)\ZHPDiag\mbr.exe
2015-03-03 17:02:27 6B8AF3A2A3D9059008B55C444461CA00 61952 ----a-w- C:\Program Files (x86)\ZHPDiag\Lads.exe
2015-03-03 17:02:27 451AE03D3C92777F09840CA56F08AB62 454056 ----a-w- C:\Program Files (x86)\ZHPDiag\setacl32.exe
2015-03-03 17:02:27 3E350EB5DF15C06DEC400A39DD1C6F29 559528 ----a-w- C:\Program Files (x86)\ZHPDiag\setacl64.exe
2015-03-03 17:02:26 F2AB2950DE07EF6B27544323DBAE4B64 3060224 ----a-w- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPFix.exe
2015-03-03 17:02:26 1ADAB4A9071A474CAC06509EB901E820 8182784 ----a-w- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe
2015-03-03 17:02:25 C155A13687144076286989EF078112C2 1917440 ----a-w- C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
2015-03-03 17:02:25 8AE13B97BFCAD6C7D3B8C8A1C298EFB4 694736 ----a-w- C:\Program Files (x86)\ZHPDiag\unins000.exe
2015-03-03 17:00:46 5C3298754CEF6CF3786FBA2542A43D92 6876249 ----a-w- C:\Users\Magro\Desktop\LIMP\ZHPDiag2.exe
2015-03-03 16:23:41 4DB5909D450AE68CC11DC865B9B84F71 2126848 ----a-w- C:\Users\Magro\Desktop\LIMP\AdwCleaner.exe
=== C: other files ==
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-30200656-900127220-2125167270-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
"AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin"
"TkBellExe"="C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe -osboot"
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"AvastUI.exe"="C:\Program Files\Alwil Software\Avast5\AvastUI.exe /nogui"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"ACPW06EN"="C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe /pid ACPW06EN"
==== Task Scheduler Jobs ======================
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/08/2013 20:11]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:.6C:\ProgramC:FilesC:x86\Google\Update\GoogleUpdate.exe []
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Magro-PC-Magro" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-30200656-900127220-2125167270-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-30200656-900127220-2125167270-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\{34C69C9E-3AC8-45C1-8B2A-8E1BFDA71D0C}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]
"C:\Windows\SysNative\tasks\{AD46E02B-BB7A-4B7A-B426-426E2370D54D}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [27/01/2015 06:46]
==== Chromium Look ======================
Google Chrome Version: 40.0.2214.115 (Up to date, latest Stable version: 40.0.2214.115)
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[24/11/2014 08:59]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Magro\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[09/09/2013 13:39]
Invite All (for Facebook) - Magro\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopekjehpibhfpjjcokfmhcaeiclddih
FF Inviter - Magro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fojfflomljfbdfdcfmiihnijjfnnakdn
AdBlock - Magro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Hide Facebook Ticker (by SachinKRaj) - Magro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lolhnoeoiodallohbibmelifpmiiokgi
F.B. Purity - Magro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl
Google Wallet - Magro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Banco do Brasil - Magro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Deleting Registry Keys ======================
HKEY_CURRENT_USER\Software\Policies\Google deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Magro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Magro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Magro\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=51 folders=71 5577635 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Magro\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Magro\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 03/03/2015 at 17:23:40,26 ======================

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa noite Moacir,






  • Baixe:<FRST_zpsc32f1d93.gif> (...by Farbar)



  • Salve-a na Área de trabalho !


  • Execute a ferramenta ! Clique "Yes" >> "Scan".


FRST_Addition_Scan_zpse941caa3.jpg


  • Verifique se as caixinhas em "Whitelist" estão assinaladas.


  • Em "Optional Scan",deixe marcada a checkbox "Addition.txt".


  • Será gerado o relatório! (FRST.txt)


  • Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.


  • Acesse: <cjoint_zpse4622b2d.jpg>


  • Ou acesse:<logo_zps572d7597_1.gif>


  • Maiores informações:<Link> << Hospedagem !


Um grande abraço. :thumbsup:

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa noite Moacir, após esse procedimento nos diga como está o PC.


  • Copie estas informações que estão em vermelho,para o Bloco de Notas.


  • Salve-a com o nome fixlist.txt


  • Salve-a no mesmo local em que se encontra a FRST.

start

CloseProcesses:

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-30200656-900127220-2125167270-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

2015-03-03 17:22 - 2015-03-03 17:22 - 00001324 _____ () C:\Windows\PFRO.log

2015-03-03 13:29 - 2015-03-03 17:23 - 00000112 _____ () C:\Windows\setupact.log

2015-03-03 13:29 - 2015-03-03 13:29 - 00000000 _____ () C:\Windows\setuperr.log

Task: {EF949603-C44E-4D57-8300-ACF257D39B1D} - \avast! Emergency Update No Task File <==== ATTENTION

HOSTS:

CMD: bitsadmin /reset /allusers

CMD: ipconfig /flushdns

emptytemp:

end


  • Execute FRST/FRST64 >> Clique "Fix". << Aguarde!


  • Poste o relatório! (Fixlog.txt)


Um grande abraço. :thumbsup:


434264.gif

< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia caedurodrigues.

O PC aparentemente voltou ao que era e parou com a lentidão. Não sei se foi coincidência, mas recebi ontem a noite e hoje alguns releases vindo de mailing’s.

As portas USB continuam sem “funcionar” continua a mensagem de dispositivo não reconhecido – erro 43. Talvez seja problema de hardware?

Hoje de manhã quando liguei o PC ele deu o boot bem rapidinho (como fazia antes) e entrou bem. Depois que fiz esse último procedimento do FRST64 / FIX, ele ressetou sozinho e não entrava mais... Esperei um bom tempo (perto de 10 minutos) e nada. Desliguei o PC e ele depois de um algum tempo completou o boot.

 

Segue o relatório:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2015

Ran by Magro at 2015-03-04 07:55:20 Run:1

Running from C:\Users\Magro\Desktop\LIMP

Loaded Profiles: Magro (Available profiles: Magro)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

CloseProcesses:

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-30200656-900127220-2125167270-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...q={searchTerms}

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

2015-03-03 17:22 - 2015-03-03 17:22 - 00001324 _____ () C:\Windows\PFRO.log

2015-03-03 13:29 - 2015-03-03 17:23 - 00000112 _____ () C:\Windows\setupact.log

2015-03-03 13:29 - 2015-03-03 13:29 - 00000000 _____ () C:\Windows\setuperr.log

Task: {EF949603-C44E-4D57-8300-ACF257D39B1D} - \avast! Emergency Update No Task File <==== ATTENTION

HOSTS:

CMD: bitsadmin /reset /allusers

CMD: ipconfig /flushdns

emptytemp:

end

*****************

 

Processes closed successfully.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.

HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.

HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.

HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.

HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found.

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

"HKU\S-1-5-21-30200656-900127220-2125167270-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.

HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => Key not found.

Chrome DefaultSuggestURL deleted successfully.

BprotectEx => Service deleted successfully.

esgiguard => Service deleted successfully.

C:\Windows\PFRO.log => Moved successfully.

C:\Windows\setupact.log => Moved successfully.

C:\Windows\setuperr.log => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EF949603-C44E-4D57-8300-ACF257D39B1D}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF949603-C44E-4D57-8300-ACF257D39B1D}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update" => Key deleted successfully.

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

 

========= bitsadmin /reset /allusers =========

 

 

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.

 

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

 

Unable to cancel {0DF7B0D5-2921-466C-9A48-B8C482F835A9}.

{D0E1CA34-F588-4B1D-9828-A7381D42DC49} canceled.

1 out of 2 jobs canceled.

 

========= End of CMD: =========

 

 

========= ipconfig /flushdns =========

 

 

Configura��o de IP do Windows

 

Libera��o do Cache do DNS Resolver bem-sucedida.

 

========= End of CMD: =========

 

EmptyTemp: => Removed 143.9 MB temporary data.

 

 

The system needed a reboot.

 

==== End of Fixlog 07:55:27 ====

 

Abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.