Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Bom, estou usando o W10 a alguns dias. Gostei muito das novidades do SO, mas o computador está muito lento de maneira geral. Principalmente nos navegadores. A CPU sempre está em alta.
Não sei se pode ser algum malware, ou é culpa do W10. Segue meu log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:56:45, on 14/09/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10240.16412)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Gustavo\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Users\Gustavo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Users\Gustavo\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - (no file)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\daemon\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Gustavo\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [VDownloader] "C:\Program Files\VDownloader\VDownloader4.exe" /silent
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Gustavo\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Gustavo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
O4 - Startup: Dropbox.lnk = Gustavo\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: http://.webcompanion.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll (file missing)
O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll (file missing)O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11000 bytes
/!\ Boa Noite! Gsbad /!\
Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/FRST_Logo.jpg&key=c15718bb8dd09587f9609594b5c08ed5e52c3c9d1c882702f6697f6f447d11bc" alt="FRST_Logo.jpg" /> > ( ... by Farbar )
No banner àcima,é para sistemas 32bits!
< Farbar Recovery Scan Tool 64-Bit >
No link àcima,é para sistemas 64bits!
Salve-o no desktop! (Área de trabalho ...)
Execute a ferramenta! Clique "Yes" >> "Scan".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/FRST_Addition_Scan_zpsa9fe21c8.jpg&key=57413e2cacfcda8498eac29552ca9f75b4e4f153241a12d409a31b0737393661" alt="FRST_Addition_Scan_zpsa9fe21c8.jpg" />
Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
Poste os relatórios! (FRST.txt + Addition.txt)
Como o log será extenso,envie-o à /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" /> >
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/EUE4tdb.jpg&key=a1493902e025170e24c1db9b5cbad8c87dbfb6dcd8089f17bcd66f77da7e54c1" alt="EUE4tdb.jpg" />
Clique no botão Parcourir...
Busque o relatório e clique no botão Abrir.
Clique no botão "Créer le lien Cjoint".
Copie o link que está ao lado de "Le lien a été créé" e poste-o em sua resposta.
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acrVh6GY.jpg&key=a98031df11d71116e6fc6fe6586a03c4ab49a7be484751ed5881cb409d37ce42" alt="acrVh6GY.jpg" />
O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Copierlelien_zpsd51f499f.jpg&key=660428e74964025a431cba1b51ee2132f7bbee4aaf74172bd3f0a3be25c5b2b1" alt="Copierlelien_zpsd51f499f.jpg" />
Ou clique "**Copier le lien (*)" e cole o link ao seu Post**.
A+
/!\ Boa Noite! Gsbad /!\
Copie estas informações que estão em vermelho,para o Bloco de Notas.
Salve-as com o nome fixlist. << Texto!
Salve-as na pasta Downloads! -/- C:\Users\Gustavo\Downloads <<
start
CloseProcesses:
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
() C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.580.0.0_x86__kgqvnymyfvs32\candycrushsaga.exe
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)
Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll [X]
Winlogon\Notify\ GbPluginCef-x32: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [X]
ShellExecuteHooks-x32: - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - No File [ ]
ShellExecuteHooks-x32: - {E37CB5F0-51F5-4395-A808-5FA49E399003} - No File [ ]
ShellIconOverlayIdentifiers: [ExplorerEx] -> {E056AFDD-03E9-4D73-8D33-8FCCBCA73438} => No File
BHO-x32: No Name -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> No File
BHO-x32: No Name -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> No File
CHR dev: Chrome dev build detected! <======= ATTENTION
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] ()
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
Task: {11C9082C-31DD-45C6-AB80-B449158AD489} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {20F25DEF-EC4B-419D-9161-701576149825} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {27A2513A-83E9-4C8F-9609-751CFA30367F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2EA9ACD5-2593-4476-A8D9-0DFE8FDEBBB1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {35092354-56E8-45D1-A81B-BA20844092CD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8DAD4F05-9638-425C-801F-D9E8AA215080} - \060184C3-9766-46a0-B258-F4518A0B2633 -> No File <==== ATTENTION
Task: {9FD770B6-2684-46BA-A1E2-917477CB37EE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C2FFC3A1-F524-41DB-8A9D-9E0364D19BD1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C9655D9F-A21D-4D17-B723-E7130C25D3F0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D7A5FE58-938C-4889-B4FB-7A510F582A0E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E16C854B-765F-4306-9BB4-37696A3C5C64} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {ECB6E91C-5430-4D9C-8918-567049435D57} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F0ECE623-5A84-4618-89ED-03804975EB68} - \Driver Booster SkipUAC (Gustavo) -> No File <==== ATTENTION
Task: {F1A36DBD-CBCC-45C9-BAB1-959851957E0A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
2015-09-14 15:17 - 2015-09-14 15:17 - 00098816 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32api.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00110080 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pywintypes27.dll
2015-09-14 15:17 - 2015-09-14 15:17 - 00364544 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pythoncom27.dll
2015-09-14 15:17 - 2015-09-14 15:17 - 00045568 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_socket.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 01161216 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_ssl.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00320512 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32com.shell.shell.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00713216 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_hashlib.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 01176576 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._core_.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00806400 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._gdi_.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00816128 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._windows_.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 01067008 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._controls_.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00733184 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._misc_.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00682496 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pysqlite2._sqlite.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00087552 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_ctypes.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00119808 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32file.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00108544 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32security.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00007168 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\hashobjs_ext.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00068096 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\usb_ext.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00167936 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32gui.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00018432 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32event.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00128512 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_elementtree.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00127488 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pyexpat.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00013824 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\common.time34.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00036864 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_psutil_windows.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00038912 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32inet.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00011264 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32crypt.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00077312 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._html2.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00027136 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_multiprocessing.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00020480 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_yappi.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00035840 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32process.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00686080 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\unicodedata.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00123392 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._wizard.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00024064 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32pipe.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00010240 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\select.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00025600 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32pdh.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00525640 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\windows._lib_cacheinvalidation.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00017408 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32profile.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00022528 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32ts.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00078848 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._animate.pyd
2015-09-14 14:11 - 2015-09-14 14:11 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2015-09-09 18:07 - 2015-09-09 17:35 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-09-09 17:39 - 2015-07-21 15:56 - 00002774 _____ C:\zoek-results2015-07-21-185626.log
2015-09-14 14:14 - 2014-10-29 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-09-09 18:19 - 2015-01-21 23:15 - 00009868 _____ C:\zoek-results.log
2015-09-09 17:56 - 2015-01-21 22:36 - 00000000 ____D C:\zoek_backup
2015-09-09 17:17 - 2015-01-05 18:19 - 00000000 ____D C:\AdwCleaner
2015-08-24 23:11 - 2014-10-29 20:54 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit
2015-08-24 23:11 - 2014-10-29 20:54 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job
C:\Users\Gustavo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbp2kmc.dll
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivqqsp26hfm
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Gustavo\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Todos os Usuários\Reprise:wupeogjxldtlfudivqqsp26hfm
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:56E2E879
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:5C321E34
CreateRestorePoint:
EmptyTemp:
Reboot:
Hosts:
end
Execute FRST/FRST64 >> Clique "Fix" << Aguarde!
Na mensagem,clique Executar.
Poste o relatório! (Fixlog.txt)
/applications/core/interface/imageproxy/imageproxy.php?img=http://r17.imgfast.net/users/1712/29/07/67/smiles/434264.gif&key=8b580fd8c41338fe0925cd84ba4dbbb4293b15fe6a04cbd03d242b4e86624720" alt="434264.gif" />
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! >
A+
Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Gustavo (2015-09-21 13:25:19) Run:1
Running from C:\Users\Gustavo\Downloads
Loaded Profiles: Gustavo (Available Profiles: Gustavo)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
() C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.580.0.0_x86__kgqvnymyfvs32\candycrushsaga.exe
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)
Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll [X]
Winlogon\Notify\ GbPluginCef-x32: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [X]
ShellExecuteHooks-x32: - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - No File [ ]
ShellExecuteHooks-x32: - {E37CB5F0-51F5-4395-A808-5FA49E399003} - No File [ ]
ShellIconOverlayIdentifiers: [ExplorerEx] -> {E056AFDD-03E9-4D73-8D33-8FCCBCA73438} => No File
BHO-x32: No Name -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> No File
BHO-x32: No Name -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> No File
CHR dev: Chrome dev build detected! <======= ATTENTION
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] ()
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
Task: {11C9082C-31DD-45C6-AB80-B449158AD489} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {20F25DEF-EC4B-419D-9161-701576149825} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {27A2513A-83E9-4C8F-9609-751CFA30367F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2EA9ACD5-2593-4476-A8D9-0DFE8FDEBBB1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {35092354-56E8-45D1-A81B-BA20844092CD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8DAD4F05-9638-425C-801F-D9E8AA215080} - \060184C3-9766-46a0-B258-F4518A0B2633 -> No File <==== ATTENTION
Task: {9FD770B6-2684-46BA-A1E2-917477CB37EE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C2FFC3A1-F524-41DB-8A9D-9E0364D19BD1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C9655D9F-A21D-4D17-B723-E7130C25D3F0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D7A5FE58-938C-4889-B4FB-7A510F582A0E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E16C854B-765F-4306-9BB4-37696A3C5C64} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {ECB6E91C-5430-4D9C-8918-567049435D57} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F0ECE623-5A84-4618-89ED-03804975EB68} - \Driver Booster SkipUAC (Gustavo) -> No File <==== ATTENTION
Task: {F1A36DBD-CBCC-45C9-BAB1-959851957E0A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
2015-09-14 15:17 - 2015-09-14 15:17 - 00098816 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32api.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00110080 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pywintypes27.dll
2015-09-14 15:17 - 2015-09-14 15:17 - 00364544 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pythoncom27.dll
2015-09-14 15:17 - 2015-09-14 15:17 - 00045568 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_socket.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 01161216 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_ssl.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00320512 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32com.shell.shell.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00713216 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_hashlib.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 01176576 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._core_.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00806400 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._gdi_.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00816128 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._windows_.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 01067008 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._controls_.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00733184 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._misc_.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00682496 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pysqlite2._sqlite.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00087552 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_ctypes.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00119808 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32file.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00108544 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32security.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00007168 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\hashobjs_ext.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00068096 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\usb_ext.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00167936 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32gui.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00018432 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32event.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00128512 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_elementtree.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00127488 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pyexpat.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00013824 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\common.time34.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00036864 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_psutil_windows.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00038912 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32inet.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00011264 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32crypt.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00077312 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._html2.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00027136 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_multiprocessing.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00020480 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_yappi.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00035840 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32process.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00686080 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\unicodedata.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00123392 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._wizard.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00024064 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32pipe.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00010240 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\select.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00025600 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32pdh.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00525640 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\windows._lib_cacheinvalidation.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00017408 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32profile.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00022528 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32ts.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00078848 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._animate.pyd
2015-09-14 14:11 - 2015-09-14 14:11 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2015-09-09 18:07 - 2015-09-09 17:35 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-09-09 17:39 - 2015-07-21 15:56 - 00002774 _____ C:\zoek-results2015-07-21-185626.log
2015-09-14 14:14 - 2014-10-29 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-09-09 18:19 - 2015-01-21 23:15 - 00009868 _____ C:\zoek-results.log
2015-09-09 17:56 - 2015-01-21 22:36 - 00000000 ____D C:\zoek_backup
2015-09-09 17:17 - 2015-01-05 18:19 - 00000000 ____D C:\AdwCleaner
2015-08-24 23:11 - 2014-10-29 20:54 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit
2015-08-24 23:11 - 2014-10-29 20:54 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job
C:\Users\Gustavo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbp2kmc.dll
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivqqsp26hfm
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Gustavo\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Todos os Usuários\Reprise:wupeogjxldtlfudivqqsp26hfm
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:56E2E879
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:5C321E34
CreateRestorePoint:
EmptyTemp:
Reboot:
Hosts:
end
*****************
Processes closed successfully.
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe => No running process found
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe => No running process found
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe => No running process found
C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.580.0.0_x86__kgqvnymyfvs32\candycrushsaga.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Exploit => value removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399F83} => value removed successfully
HKCR\Wow6432Node\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399F83} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399003} => value removed successfully
HKCR\Wow6432Node\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399003} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ExplorerEx" => key removed successfully
HKCR\CLSID\{E056AFDD-03E9-4D73-8D33-8FCCBCA73438} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}" => key removed successfully
HKCR\Wow6432Node\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540000} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540003}" => key removed successfully
HKCR\Wow6432Node\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540003} => key not found.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
MbaeSvc => service removed successfully
ESProtectionDriver => Unable to stop service.
ESProtectionDriver => service removed successfully
wfpcapture => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11C9082C-31DD-45C6-AB80-B449158AD489}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11C9082C-31DD-45C6-AB80-B449158AD489}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20F25DEF-EC4B-419D-9161-701576149825}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20F25DEF-EC4B-419D-9161-701576149825}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27A2513A-83E9-4C8F-9609-751CFA30367F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27A2513A-83E9-4C8F-9609-751CFA30367F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2EA9ACD5-2593-4476-A8D9-0DFE8FDEBBB1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EA9ACD5-2593-4476-A8D9-0DFE8FDEBBB1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35092354-56E8-45D1-A81B-BA20844092CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35092354-56E8-45D1-A81B-BA20844092CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8DAD4F05-9638-425C-801F-D9E8AA215080}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DAD4F05-9638-425C-801F-D9E8AA215080}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9FD770B6-2684-46BA-A1E2-917477CB37EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FD770B6-2684-46BA-A1E2-917477CB37EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2FFC3A1-F524-41DB-8A9D-9E0364D19BD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2FFC3A1-F524-41DB-8A9D-9E0364D19BD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9655D9F-A21D-4D17-B723-E7130C25D3F0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9655D9F-A21D-4D17-B723-E7130C25D3F0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D7A5FE58-938C-4889-B4FB-7A510F582A0E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7A5FE58-938C-4889-B4FB-7A510F582A0E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E16C854B-765F-4306-9BB4-37696A3C5C64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E16C854B-765F-4306-9BB4-37696A3C5C64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECB6E91C-5430-4D9C-8918-567049435D57}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECB6E91C-5430-4D9C-8918-567049435D57}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0ECE623-5A84-4618-89ED-03804975EB68}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0ECE623-5A84-4618-89ED-03804975EB68}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Gustavo)" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F1A36DBD-CBCC-45C9-BAB1-959851957E0A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1A36DBD-CBCC-45C9-BAB1-959851957E0A}" => key removed successfully
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => key removed successfully
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32api.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pywintypes27.dll" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pythoncom27.dll" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_socket.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_ssl.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32com.shell.shell.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_hashlib.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._core_.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._gdi_.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._windows_.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._controls_.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._misc_.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pysqlite2._sqlite.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_ctypes.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32file.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32security.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\hashobjs_ext.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\usb_ext.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32gui.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32event.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_elementtree.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pyexpat.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\common.time34.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_psutil_windows.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32inet.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32crypt.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._html2.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_multiprocessing.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_yappi.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32process.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\unicodedata.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._wizard.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32pipe.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\select.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32pdh.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\windows._lib_cacheinvalidation.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32profile.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32ts.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._animate.pyd" => File/Folder not found.
C:\Users\Default\AppData\Roaming\IObit => moved successfully
C:\WINDOWS\zoek-delete.exe => moved successfully
C:\zoek-results2015-07-21-185626.log => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit => moved successfully
C:\zoek-results.log => moved successfully
C:\zoek_backup => moved successfully
C:\AdwCleaner => moved successfully
C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit => moved successfully
"C:\ProgramData\Malwarebytes Anti-Exploit" => File/Folder not found.
C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => moved successfully
"C:\Users\Gustavo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbp2kmc.dll" => File/Folder not found.qsp26hfm" ADS removed successfully.qsp26hfm" ADS not found.The system needed a reboot..
==== End of Fixlog 13:32:30 ====
/!\ Boa Tarde! Gsbad /!\
Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHPCleaner_zps71d274df.jpg&key=dfc2cbaf1226075546950032c506270c0439c57203ca7c527f7221c835e7cf3f" alt="ZHPCleaner_zps71d274df.jpg" /> > ( ... de Nicolas Coolman )
Ou |Aqui!| << Mirror!
Estando na página,clique /applications/core/interface/imageproxy/imageproxy.php?img=http://www.nicolascoolman.fr/wp-content/plugins/wpdm-download-button/images/53cb8e11d3f80.jpg&key=f22e14f8b88ac073f4ac557679cbd6389de0f76ac82b2205e2eabc90b05b4280" alt="53cb8e11d3f80.jpg" />
Salve-a no desktop! ( ZHPCleaner.exe )
Execute ZHPCleaner.exe <<
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/psizeTv.jpg&key=1c335172bd8813ee2a17270ffc592714466fd22e6a0d02e01289ff5a950048d6" alt="psizeTv.jpg" />
Clique "Eu".
Clique Scanner.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/ljOOETD.jpg&key=17f616a66a0ac1f98d58b7ad72fc71eb684f7e9613c302777e420d4af6d64274" alt="ljOOETD.jpg" />
Aguarde a conclusão!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/9g2LW3p.jpg&key=0e1bebfae36cbb4c260bebf282446e492aa1234bbb6cdf835ba00e03c61990c3" alt="9g2LW3p.jpg" />
Ao concluir,clique Reparar.
Acesse as guias que estão assinaladas em vermelho.
Clique Reparar ou desmarque algum ítem que seja Falso Positivo.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/fN86PG8.jpg&key=0627b2d6ba9a8d38506700f60ee02989c4346b5b8c2a5f812deb142e1dc5d4dd" alt="fN86PG8.jpg" />
Clique Relatório!
Poste o log de reparo: ~ Type : Reparo
A+
Tópico Arquivado
Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.
Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.
Desculpem. Estava dando erro SQL no site quando tentei criar o topico, e observei que foram criados 3 dos meus topicos iguais. Porfavor desconsiderem os outros 2 e vamos nos focar nesse aqui! Valeu!