[Arquivado] PC super lento após Windows 10. N sei se há relação&#

[1sefirot1 0]

Bom, estou usando o W10 a alguns dias. Gostei muito das novidades do SO, mas o computador está muito lento de maneira geral. Principalmente nos navegadores. A CPU sempre está em alta.

 

Não sei se pode ser algum malware, ou é culpa do W10. Segue meu log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:56:45, on 14/09/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10240.16412)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Gustavo\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Users\Gustavo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Users\Gustavo\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - (no file)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\daemon\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Gustavo\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [VDownloader] "C:\Program Files\VDownloader\VDownloader4.exe" /silent
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Gustavo\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Gustavo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
O4 - Startup: Dropbox.lnk = Gustavo\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: http://*.webcompanion.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll (file missing)
O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11000 bytes

[1sefirot1 0]

Desculpem. Estava dando erro SQL no site quando tentei criar o topico, e observei que foram criados 3 dos meus topicos iguais. Porfavor desconsiderem os outros 2 e vamos nos focar nesse aqui! Valeu!

[DigRam 144]

/!\ Boa Noite! Gsbad /!\

 

> Baixe: < > ( ... by Farbar )

> No banner àcima,é para sistemas 32bits!

< Farbar Recovery Scan Tool 64-Bit >

> No link àcima,é para sistemas 64bits!

> Salve-o no desktop! (Área de trabalho ...)

> Execute a ferramenta! Clique "Yes" >> "Scan".

> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.

> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".

> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.

> Poste os relatórios! (FRST.txt + Addition.txt)

> Como o log será extenso,envie-o à >

> Clique no botão Parcourir...

> Busque o relatório e clique no botão Abrir.

> Clique no botão "Créer le lien Cjoint".

> Copie o link que está ao lado de "Le lien a été créé" e poste-o em sua resposta.

> O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.

> Ou clique "Copier le lien (*)" e cole o link ao seu Post.

A+

[1sefirot1 0]

Boa noite!

 

Addition.txt:
http://www.cjoint.com/c/EIuwXESQ1XP

 

FRST.txt:

http://www.cjoint.com/c/EIuwYBwkDhP

[DigRam 144]

/!\ Boa Noite! Gsbad /!\

> Copie estas informações que estão em vermelho,para o Bloco de Notas.

> Salve-as com o nome fixlist. << Texto!

> Salve-as na pasta Downloads! -/- C:\Users\Gustavo\Downloads <<

start

CloseProcesses:

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

() C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.580.0.0_x86__kgqvnymyfvs32\candycrushsaga.exe

HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)

Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll [X]

Winlogon\Notify\ GbPluginCef-x32: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [X]

ShellExecuteHooks-x32: - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - No File [ ]

ShellExecuteHooks-x32: - {E37CB5F0-51F5-4395-A808-5FA49E399003} - No File [ ]

ShellIconOverlayIdentifiers: [ExplorerEx] -> {E056AFDD-03E9-4D73-8D33-8FCCBCA73438} => No File

BHO-x32: No Name -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> No File

BHO-x32: No Name -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> No File

CHR dev: Chrome dev build detected! <======= ATTENTION

R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)

R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] ()

S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

Task: {11C9082C-31DD-45C6-AB80-B449158AD489} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

Task: {20F25DEF-EC4B-419D-9161-701576149825} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {27A2513A-83E9-4C8F-9609-751CFA30367F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {2EA9ACD5-2593-4476-A8D9-0DFE8FDEBBB1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {35092354-56E8-45D1-A81B-BA20844092CD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: {8DAD4F05-9638-425C-801F-D9E8AA215080} - \060184C3-9766-46a0-B258-F4518A0B2633 -> No File <==== ATTENTION

Task: {9FD770B6-2684-46BA-A1E2-917477CB37EE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {C2FFC3A1-F524-41DB-8A9D-9E0364D19BD1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {C9655D9F-A21D-4D17-B723-E7130C25D3F0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {D7A5FE58-938C-4889-B4FB-7A510F582A0E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {E16C854B-765F-4306-9BB4-37696A3C5C64} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {ECB6E91C-5430-4D9C-8918-567049435D57} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {F0ECE623-5A84-4618-89ED-03804975EB68} - \Driver Booster SkipUAC (Gustavo) -> No File <==== ATTENTION

Task: {F1A36DBD-CBCC-45C9-BAB1-959851957E0A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

2015-09-14 15:17 - 2015-09-14 15:17 - 00098816 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32api.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00110080 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pywintypes27.dll

2015-09-14 15:17 - 2015-09-14 15:17 - 00364544 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pythoncom27.dll

2015-09-14 15:17 - 2015-09-14 15:17 - 00045568 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_socket.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 01161216 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_ssl.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00320512 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32com.shell.shell.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00713216 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_hashlib.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 01176576 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._core_.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00806400 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._gdi_.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00816128 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._windows_.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 01067008 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._controls_.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00733184 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._misc_.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00682496 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pysqlite2._sqlite.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00087552 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_ctypes.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00119808 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32file.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00108544 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32security.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00007168 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\hashobjs_ext.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00068096 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\usb_ext.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00167936 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32gui.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00018432 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32event.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00128512 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_elementtree.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00127488 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pyexpat.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00013824 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\common.time34.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00036864 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_psutil_windows.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00038912 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32inet.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00011264 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32crypt.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00077312 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._html2.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00027136 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_multiprocessing.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00020480 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_yappi.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00035840 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32process.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00686080 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\unicodedata.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00123392 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._wizard.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00024064 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32pipe.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00010240 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\select.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00025600 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32pdh.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00525640 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\windows._lib_cacheinvalidation.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00017408 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32profile.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00022528 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32ts.pyd

2015-09-14 15:17 - 2015-09-14 15:17 - 00078848 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._animate.pyd

2015-09-14 14:11 - 2015-09-14 14:11 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit

2015-09-09 18:07 - 2015-09-09 17:35 - 00024064 _____ C:\WINDOWS\zoek-delete.exe

2015-09-09 17:39 - 2015-07-21 15:56 - 00002774 _____ C:\zoek-results2015-07-21-185626.log

2015-09-14 14:14 - 2014-10-29 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit

2015-09-09 18:19 - 2015-01-21 23:15 - 00009868 _____ C:\zoek-results.log

2015-09-09 17:56 - 2015-01-21 22:36 - 00000000 ____D C:\zoek_backup

2015-09-09 17:17 - 2015-01-05 18:19 - 00000000 ____D C:\AdwCleaner

2015-08-24 23:11 - 2014-10-29 20:54 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit

2015-08-24 23:11 - 2014-10-29 20:54 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit

C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job

C:\Users\Gustavo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbp2kmc.dll

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm

AlternateDataStreams: C:\ProgramData\Temp:56E2E879

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

AlternateDataStreams: C:\Users\Gustavo\OneDrive:ms-properties

AlternateDataStreams: C:\Users\Todos os Usuários\Reprise:wupeogjxldtlfudivq`qsp`26hfm

AlternateDataStreams: C:\Users\Todos os Usuários\Temp:56E2E879

AlternateDataStreams: C:\Users\Todos os Usuários\Temp:5C321E34

CreateRestorePoint:

EmptyTemp:

Reboot:

Hosts:

end

> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!

> Na mensagem,clique Executar.

> Poste o relatório! (Fixlog.txt)

< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! >

A+

[1sefirot1 0]

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Gustavo (2015-09-21 13:25:19) Run:1
Running from C:\Users\Gustavo\Downloads
Loaded Profiles: Gustavo (Available Profiles: Gustavo)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
() C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.580.0.0_x86__kgqvnymyfvs32\candycrushsaga.exe
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)
Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll [X]
Winlogon\Notify\ GbPluginCef-x32: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [X]
ShellExecuteHooks-x32: - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - No File [ ]
ShellExecuteHooks-x32: - {E37CB5F0-51F5-4395-A808-5FA49E399003} - No File [ ]
ShellIconOverlayIdentifiers: [ExplorerEx] -> {E056AFDD-03E9-4D73-8D33-8FCCBCA73438} => No File
BHO-x32: No Name -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> No File
BHO-x32: No Name -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> No File
CHR dev: Chrome dev build detected! <======= ATTENTION
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] ()
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
Task: {11C9082C-31DD-45C6-AB80-B449158AD489} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {20F25DEF-EC4B-419D-9161-701576149825} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {27A2513A-83E9-4C8F-9609-751CFA30367F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2EA9ACD5-2593-4476-A8D9-0DFE8FDEBBB1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {35092354-56E8-45D1-A81B-BA20844092CD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8DAD4F05-9638-425C-801F-D9E8AA215080} - \060184C3-9766-46a0-B258-F4518A0B2633 -> No File <==== ATTENTION
Task: {9FD770B6-2684-46BA-A1E2-917477CB37EE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C2FFC3A1-F524-41DB-8A9D-9E0364D19BD1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C9655D9F-A21D-4D17-B723-E7130C25D3F0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D7A5FE58-938C-4889-B4FB-7A510F582A0E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E16C854B-765F-4306-9BB4-37696A3C5C64} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {ECB6E91C-5430-4D9C-8918-567049435D57} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F0ECE623-5A84-4618-89ED-03804975EB68} - \Driver Booster SkipUAC (Gustavo) -> No File <==== ATTENTION
Task: {F1A36DBD-CBCC-45C9-BAB1-959851957E0A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
2015-09-14 15:17 - 2015-09-14 15:17 - 00098816 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32api.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00110080 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pywintypes27.dll
2015-09-14 15:17 - 2015-09-14 15:17 - 00364544 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pythoncom27.dll
2015-09-14 15:17 - 2015-09-14 15:17 - 00045568 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_socket.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 01161216 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_ssl.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00320512 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32com.shell.shell.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00713216 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_hashlib.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 01176576 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._core_.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00806400 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._gdi_.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00816128 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._windows_.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 01067008 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._controls_.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00733184 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._misc_.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00682496 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pysqlite2._sqlite.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00087552 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_ctypes.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00119808 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32file.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00108544 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32security.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00007168 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\hashobjs_ext.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00068096 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\usb_ext.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00167936 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32gui.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00018432 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32event.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00128512 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_elementtree.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00127488 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pyexpat.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00013824 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\common.time34.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00036864 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_psutil_windows.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00038912 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32inet.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00011264 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32crypt.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00077312 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._html2.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00027136 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_multiprocessing.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00020480 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_yappi.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00035840 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32process.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00686080 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\unicodedata.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00123392 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._wizard.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00024064 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32pipe.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00010240 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\select.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00025600 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32pdh.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00525640 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\windows._lib_cacheinvalidation.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00017408 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32profile.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00022528 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32ts.pyd
2015-09-14 15:17 - 2015-09-14 15:17 - 00078848 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._animate.pyd
2015-09-14 14:11 - 2015-09-14 14:11 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2015-09-09 18:07 - 2015-09-09 17:35 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-09-09 17:39 - 2015-07-21 15:56 - 00002774 _____ C:\zoek-results2015-07-21-185626.log
2015-09-14 14:14 - 2014-10-29 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-09-09 18:19 - 2015-01-21 23:15 - 00009868 _____ C:\zoek-results.log
2015-09-09 17:56 - 2015-01-21 22:36 - 00000000 ____D C:\zoek_backup
2015-09-09 17:17 - 2015-01-05 18:19 - 00000000 ____D C:\AdwCleaner
2015-08-24 23:11 - 2014-10-29 20:54 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit
2015-08-24 23:11 - 2014-10-29 20:54 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job
C:\Users\Gustavo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbp2kmc.dll
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Gustavo\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Todos os Usuários\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:56E2E879
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:5C321E34
CreateRestorePoint:
EmptyTemp:
Reboot:
Hosts:
end

*****************

Processes closed successfully.
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe => No running process found
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe => No running process found
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe => No running process found
C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.580.0.0_x86__kgqvnymyfvs32\candycrushsaga.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Exploit => value removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399F83} => value removed successfully
HKCR\Wow6432Node\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399F83} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399003} => value removed successfully
HKCR\Wow6432Node\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399003} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ExplorerEx" => key removed successfully
HKCR\CLSID\{E056AFDD-03E9-4D73-8D33-8FCCBCA73438} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}" => key removed successfully
HKCR\Wow6432Node\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540000} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540003}" => key removed successfully
HKCR\Wow6432Node\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540003} => key not found.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
MbaeSvc => service removed successfully
ESProtectionDriver => Unable to stop service.
ESProtectionDriver => service removed successfully
wfpcapture => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11C9082C-31DD-45C6-AB80-B449158AD489}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11C9082C-31DD-45C6-AB80-B449158AD489}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20F25DEF-EC4B-419D-9161-701576149825}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20F25DEF-EC4B-419D-9161-701576149825}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27A2513A-83E9-4C8F-9609-751CFA30367F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27A2513A-83E9-4C8F-9609-751CFA30367F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2EA9ACD5-2593-4476-A8D9-0DFE8FDEBBB1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EA9ACD5-2593-4476-A8D9-0DFE8FDEBBB1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35092354-56E8-45D1-A81B-BA20844092CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35092354-56E8-45D1-A81B-BA20844092CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8DAD4F05-9638-425C-801F-D9E8AA215080}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DAD4F05-9638-425C-801F-D9E8AA215080}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9FD770B6-2684-46BA-A1E2-917477CB37EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FD770B6-2684-46BA-A1E2-917477CB37EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2FFC3A1-F524-41DB-8A9D-9E0364D19BD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2FFC3A1-F524-41DB-8A9D-9E0364D19BD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9655D9F-A21D-4D17-B723-E7130C25D3F0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9655D9F-A21D-4D17-B723-E7130C25D3F0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D7A5FE58-938C-4889-B4FB-7A510F582A0E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7A5FE58-938C-4889-B4FB-7A510F582A0E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E16C854B-765F-4306-9BB4-37696A3C5C64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E16C854B-765F-4306-9BB4-37696A3C5C64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECB6E91C-5430-4D9C-8918-567049435D57}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECB6E91C-5430-4D9C-8918-567049435D57}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0ECE623-5A84-4618-89ED-03804975EB68}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0ECE623-5A84-4618-89ED-03804975EB68}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Gustavo)" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F1A36DBD-CBCC-45C9-BAB1-959851957E0A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1A36DBD-CBCC-45C9-BAB1-959851957E0A}" => key removed successfully
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => key removed successfully
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32api.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pywintypes27.dll" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pythoncom27.dll" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_socket.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_ssl.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32com.shell.shell.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_hashlib.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._core_.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._gdi_.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._windows_.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._controls_.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._misc_.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pysqlite2._sqlite.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_ctypes.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32file.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32security.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\hashobjs_ext.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\usb_ext.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32gui.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32event.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_elementtree.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pyexpat.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\common.time34.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_psutil_windows.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32inet.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32crypt.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._html2.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_multiprocessing.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_yappi.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32process.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\unicodedata.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._wizard.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32pipe.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\select.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32pdh.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\windows._lib_cacheinvalidation.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32profile.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32ts.pyd" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._animate.pyd" => File/Folder not found.
C:\Users\Default\AppData\Roaming\IObit => moved successfully
C:\WINDOWS\zoek-delete.exe => moved successfully
C:\zoek-results2015-07-21-185626.log => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit => moved successfully
C:\zoek-results.log => moved successfully
C:\zoek_backup => moved successfully
C:\AdwCleaner => moved successfully
C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit => moved successfully
"C:\ProgramData\Malwarebytes Anti-Exploit" => File/Folder not found.
C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => moved successfully
"C:\Users\Gustavo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbp2kmc.dll" => File/Folder not found.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
"C:\Users\Gustavo\OneDrive" => ":ms-properties" ADS not found.
"C:\Users\Todos os Usuários\Reprise" => ":wupeogjxldtlfudivq`qsp`26hfm" ADS not found.
"C:\Users\Todos os Usuários\Temp" => ":56E2E879" ADS not found.
"C:\Users\Todos os Usuários\Temp" => ":5C321E34" ADS not found.
Restore point was successfully created.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 530.6 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 13:32:30 ====

[DigRam 144]

/!\ Boa Tarde! Gsbad /!\

 

> Baixe: < > ( ... de Nicolas Coolman )

> Ou |Aqui!| << Mirror!

> Estando na página,clique

> Salve-a no desktop! ( ZHPCleaner.exe )

> Execute ZHPCleaner.exe <<

> Clique "Eu".

> Clique Scanner.

> Aguarde a conclusão!

> Ao concluir,clique Reparar.

> Acesse as guias que estão assinaladas em vermelho.

> Clique Reparar ou desmarque algum ítem que seja Falso Positivo.

> Clique Relatório!

> Poste o log de reparo: ~ Type : Reparo

A+

[DigRam 144]

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.