Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 20:54:56, on 12/07/2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal
Running processes:
C:\Users\rocha\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Users\rocha\AppData\Local\Microsoft\OneDrive\18.091.0506.0007\FileCoAuth.exe
C:\Users\rocha\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\rocha\AppData\Roaming\uTorrent\updates\3.5.3_44396\utorrentie.exe
C:\Users\rocha\AppData\Roaming\uTorrent\updates\3.5.3_44396\utorrentie.exe
C:\Users\rocha\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O4 - HKCU\..\Run: [OneDrive] "C:\Users\rocha\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_55291E691241D99943A34E14F28004C6] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [iCloud] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
--
End of file - 9009 bytes
O meu mouse as vezes fica travando. Eu não sei o motivo, e não tem nada que esteja claramente consumindo muito recursos.
Oi DigRam, seguem os logs
/_ Boa Noite! William Bruno _\
> Desinstale: <2>
CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - ) <==== ATENÇÃO
Malwarebytes versão 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto ou Unicode,caso solicite!
> Salve-as ao desktop! ( Área de trabalho ... )
start::
CloseProcesses:
2018-04-18 08:28 - 2018-04-18 08:29 - 000000000 ____D C:\AdwCleaner
2018-04-18 08:28 - 2018-04-18 08:28 - 007256272 _____ (Malwarebytes) C:\Users\rocha\Downloads\AdwCleaner.exe
2018-04-18 08:25 - 2018-04-18 08:25 - 001790024 _____ (Malwarebytes) C:\Users\rocha\Downloads\JRT.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Nenhum Arquivo
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> Nenhum Arquivo
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
Task: {CB6465DC-304B-4ADF-B283-8B20E661EF77} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-04-12] (Piriform Ltd)
ShortcutWithArgument: C:\Users\rocha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Postman.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop
AlternateDataStreams: C:\Users\rocha\OneDrive\Documentos\Modelos Personalizados do Office:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
Emptytemp:
end::
/applications/core/interface/imageproxy/imageproxy.php?img=https://imgur.com/IsRtnte.jpg&key=e02edae083edace15c6933c009d0a904d47de872b8951907e93617b0282d936c" class="ipsImage" alt="IsRtnte.jpg" data-imageproxy-source="https://imgur.com/IsRtnte.jpg" />
> Execute **FRST/FRST64** >> Clique "**Corrigir**" << *Aguarde!*
> Poste o **relatório** "*Resultado da Correção pela Farbar Recovery Scan Tool*" (**Fixlog.txt**)
> **Este** e **outros relatórios**,podem ser encontrados **na pasta**: Disco Local (**C**) > FRST > ***Logs***
[]sBom dia DigRam!
Segue o Fixlog.txt
>
Quote
Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 15.07.2018
Executado por rocha (18-07-2018 06:28:56) Run:1
Executando a partir de C:\Users\rocha\Desktop
Perfis Carregados: rocha (Perfis Disponíveis: rocha & jucam)
Modo da Inicialização: Normal
==============================================
fixlist Conteúdo:
*****************
CloseProcesses:
2018-04-18 08:28 - 2018-04-18 08:29 - 000000000 ____D C:\AdwCleaner
2018-04-18 08:28 - 2018-04-18 08:28 - 007256272 _____ (Malwarebytes) C:\Users\rocha\Downloads\AdwCleaner.exe
2018-04-18 08:25 - 2018-04-18 08:25 - 001790024 _____ (Malwarebytes) C:\Users\rocha\Downloads\JRT.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Nenhum Arquivo
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> Nenhum Arquivo
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
Task: {CB6465DC-304B-4ADF-B283-8B20E661EF77} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-04-12] (Piriform Ltd)
ShortcutWithArgument: C:\Users\rocha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Postman.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop
AlternateDataStreams: C:\Users\rocha\OneDrive\Documentos\Modelos Personalizados do Office:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
Emptytemp:
*****************
Processos fechados com sucesso.
C:\AdwCleaner => movido com sucesso
C:\Users\rocha\Downloads\AdwCleaner.exe => movido com sucesso
C:\Users\rocha\Downloads\JRT.exe => movido com sucesso
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => não encontrado (a)
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => não encontrado (a)
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => não encontrado (a)
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxDTCM" => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{9B5F5829-A529-4B12-814A-E81BCB8D93FC} => não encontrado (a)
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MBAMShlExt => não encontrado (a)
HKLM\Software\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => não encontrado (a)
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\MBAMShlExt => não encontrado (a)
HKLM\Software\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => não encontrado (a)
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{CB6465DC-304B-4ADF-B283-8B20E661EF77}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB6465DC-304B-4ADF-B283-8B20E661EF77}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\CCleaner Update => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner Update" => removido (a) com sucesso.
C:\Users\rocha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Postman.lnk => Atalho argumento removido (a) com sucesso.
C:\Users\rocha\OneDrive\Documentos\Modelos Personalizados do Office => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService" => removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MBAMService" => removido (a) com sucesso.
=========== EmptyTemp: ==========
BITS transfer queue => 8151040 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 88983698 B
Java, Flash, Steam htmlcache => 346181238 B
Windows/system/drivers => 3112426 B
Edge => 39188730 B
Chrome => 442481179 B
Firefox => 0 B
Opera => 176682 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 57254 B
NetworkService => 0 B
rocha => 53077749 B
jucam => 0 B
RecycleBin => 1862114 B
EmptyTemp: => 937.7 MB de dados temporários Removidos.
================================
O sistema precisou ser reiniciado.
==== Fim de Fixlog 06:29:26 ====/_ Bom Dia! William Bruno _\
Não vi malwares nos relatórios! Seu computador é limpo.
> Baixe: < ZHPCleaner > < /applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/6LcRokv.jpg&key=4684c965737c18f7476fe10aa0d12f9a5f0279583460e462d3bcad9875ed3ea0" class="ipsImage" alt="6LcRokv.jpg" data-imageproxy-source="http://i.imgur.com/6LcRokv.jpg" /> ... de Nicolas Coolman >
> Ou |Aqui!| << Mirror!
>
https://www.youtube.com/watch?v=8olWT8u5RYQ
> Caso tenha algum impedimento ao download,assista este tutorial que foi postado no YouTube,para desativar o Windows SmartScreen.
> Estando na página,clique /applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/7ukwnm8.jpg&key=411680a7552ecf5560e81caa8178fc7cb71e09190a8cbd96b9b9f256cdfd3139" class="ipsImage" alt="7ukwnm8.jpg" data-imageproxy-source="http://i.imgur.com/7ukwnm8.jpg" />
> Salve-a ao desktop! ( ZHPCleaner.exe )
> Desabilite seu antivírus e execute ZHPCleaner.exe <<
/applications/core/interface/imageproxy/imageproxy.php?img=https://imgur.com/nDQ00tR.jpg&key=5a7684e4ed599a69b7680762ec1e2092f2d6d3e0149cc28a4fbaede09240d2f7" class="ipsImage" alt="nDQ00tR.jpg" data-imageproxy-source="https://imgur.com/nDQ00tR.jpg" />
> Ao **abrir** esta tela,**evite** clicar em **Update** ou **Atualização**,para não ser **direcionado** ao **ZHPBrowser**.
> Ps: **Feche** a **mensagem** ao clicar no** [**"**X**"**]**.
[/applications/core/interface/imageproxy/imageproxy.php?img=http://7.t.imgbox.com/6MKUYyzn.jpg&key=8f3fd1595941bd85ca77864e608c9a5cb5b4cb9870e031caf9d8839bddf0baed" class="ipsImage" alt="6MKUYyzn.jpg" data-imageproxy-source="http://7.t.imgbox.com/6MKUYyzn.jpg" />](http://imgbox.com/6MKUYyzn)
> Com a **ferramenta aberta**,clique em **Scanner**.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/ljOOETD.jpg&key=17f616a66a0ac1f98d58b7ad72fc71eb684f7e9613c302777e420d4af6d64274" class="ipsImage" alt="ljOOETD.jpg" data-imageproxy-source="http://i.imgur.com/ljOOETD.jpg" />
> Aguarde a **conclusão!**
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/9g2LW3p.jpg&key=0e1bebfae36cbb4c260bebf282446e492aa1234bbb6cdf835ba00e03c61990c3" class="ipsImage" alt="9g2LW3p.jpg" data-imageproxy-source="http://i.imgur.com/9g2LW3p.jpg" />
> Ao concluir,clique **Repair**.
/applications/core/interface/imageproxy/imageproxy.php?img=https://imgur.com/88z05Yv.jpg&key=cf7e167afcb455fcd466b03d0e05ddf3a78efd594e8e4e5680a40e1a10f74511" class="ipsImage" alt="88z05Yv.jpg" data-imageproxy-source="https://imgur.com/88z05Yv.jpg" />
> Ps: Ignore **possíveis alertas** quanto à sua **configuração de rede**. (**DNS**)
> Clique **Sim** >> **Sim!**
[/applications/core/interface/imageproxy/imageproxy.php?img=http://7.t.imgbox.com/CWxMrxRA.jpg&key=0766b1401c7f2a3c0d7d2272860c2b83abcae35df2605b9ebf777fd9dec628f7" class="ipsImage" alt="CWxMrxRA.jpg" data-imageproxy-source="http://7.t.imgbox.com/CWxMrxRA.jpg" />](http://imgbox.com/CWxMrxRA)
> Surgirão **guias** que estarão em **vermelho**,indicando **problemas a serem reparados**.
> Clique **Repair**.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/fN86PG8.jpg&key=0627b2d6ba9a8d38506700f60ee02989c4346b5b8c2a5f812deb142e1dc5d4dd" class="ipsImage" alt="fN86PG8.jpg" data-imageproxy-source="http://i.imgur.com/fN86PG8.jpg" />
> Ao **concluir**,clique **Report**.
> Poste o **log** de **reparo**: **~ Type : Reparo**>
file:///C:/Users/xxx../AppData/Roaming/ZHP/ZHPCleaner.html
Ps: Ao clicar "Report",você obterá o relatório,dentre outras informações,em formato HTML.
file:///C:/Users/xxx.../AppData/Roaming/ZHP/ZHPCleaner.txt
Este será seu relatório direto,obtido ao modificar na barra de endereços,de (.html) para (.txt).
Basta selecionar (ctrl + A),copiar (ctrl + C) e colar ao seu Post ou Bloco de Notas. (ctrl + V)
/applications/core/interface/imageproxy/imageproxy.php?img=https://imgur.com/dcE3kmT.jpg&key=6927a8e39f6822c8d13a6aa591b0ac9dc793f8e5d162632c795e53618d6572c6" class="ipsImage" alt="dcE3kmT.jpg" data-imageproxy-source="https://imgur.com/dcE3kmT.jpg" />
Disponibilize o relatório em Cjoint.com ou utilize spoiler,cuja instrução está ao final daquela página.
Outra opção,é hospedar o relatório em Hébergement de fichiers, Security-x.fr.
[Abs]
Segue
Então deve ser driver, ou o mouse que está ruim.. haha vlw!!
>
Quote
~ ZHPCleaner v2018.7.15.149 by Nicolas Coolman (2018/07/15)
~ Run by rocha (Administrator) (20/07/2018 08:11:59)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\rocha\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\rocha\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit (Build 17134)
---\\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.
---\\ Services (0)
~ No malicious or unnecessary items found.
---\\ Browser internet (0)
~ No malicious or unnecessary items found.
---\\ Hosts file (1)
~ The hosts file is legitimate (21)
---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
---\\ Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.
---\\ Registry ( Key, Value, Data) (1)
DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_55291E691241D99943A34E14F28004C6 ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5] =>PUP.Optional.MyBrowser
---\\ Summary of the elements found (1)
https://nicolascoolman.eu/2017/11/01/adware-mybrowser/ =>PUP.Optional.MyBrowser
---\\ Other deletions. (8)
~ Registry Keys Tracing deleted (8)
~ Remove the old reports ZHPCleaner. (0)
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
---\\ Statistics
~ Items scanned : 2240
~ Items found : 0
~ Items cancelled : 0
~ Items options : 0/7
~ Space saving (bytes) : 0
~ End of clean in 00h00mn03s
---\\ Reports (4)
ZHPCleaner-[R]-18072018-07_22_59.txt
ZHPCleaner-[S]-18072018-07_21_00.txt
ZHPCleaner-[S]-20072018-08_11_18.txt
ZHPCleaner-[R]-20072018-08_12_02.txt
/_ William Bruno _\
A ZHPCleaner veio com o log limpo!
Tente a substituição do Mouse e verifique se houve mudanças.
[]s
Tópico Arquivado Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.
/_ Boa Noite! William Bruno _\
> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=https://imgur.com/IASCZft.jpg&key=40414ec89238097230bb8b5e39db14e241e6e364fad206dd376412a3f2504ee7" />Farbar Recovery Scan Tool >
>
Citar
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
> No link àcima,temos a ferramenta para sistemas 32bits!
>
Citar
https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
> No link àcima,temos o download para sistemas 64bits! (FRST64.exe)
> Salve-a ao desktop! (Área de trabalho ...)
> Execute a ferramenta!
> Clique "Sim" >> "Examinar".
/applications/core/interface/imageproxy/imageproxy.php?img=http://4.t.imgbox.com/4y9giFrI.jpg&key=e139a576677427cef459662f3742a19b4656d7f6e9c77c567cce8c5cae3c9197" />
> Antes de clicar "Examinar",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Exame Opcional",deixe marcada as checkbox "Addition.txt" e "Arquivos 90 Dias".
> Ps: Será gerado,também,o relatório "Addition.txt".
> Poste os relatórios! (FRST.txt + Addition.txt)
>
Citar
http://www.cjoint.com/
> Como os logs serão extensos,envie-os à cjoint.com.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/EUE4tdb.jpg&key=a1493902e025170e24c1db9b5cbad8c87dbfb6dcd8089f17bcd66f77da7e54c1" />
> Clique no botão Parcourir...
> Busque o relatório e clique no botão Abrir.
> Clique no botão "Créer le lien Cjoint".
> Copie o link que está ao lado de "Le lien a été créé" e poste-o em sua resposta.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Copierlelien_zpsd51f499f.jpg&key=660428e74964025a431cba1b51ee2132f7bbee4aaf74172bd3f0a3be25c5b2b1" />
> Ou clique "**Copier le lien (*)" e cole o link ao seu Post**.
> Outra opção,é hospedar os relatórios em Hébergement de fichiers, Security-x.fr.
>
Citar
http://dl.free.fr
> Ou ainda,em dl.free.fr.
> Fique atento,pois teremos 2 links a serem postados!
A+