Jump to content
Felipe Augusto de Godoy

[Resolvido] PC cheio de adwares de difícil remoção

Recommended Posts

Boa tarde,

Meu irmão vive instalando joguinhos e coisas no computador e sempre vêm algum adware junto, porém notei que não consigo mais acessar a BIOS do meu computador pois quando aperto DEL, F2, F12, ESC, qualquer tecla de entrada na BIOS, eu sou redirecionado para uma página de "gerenciador de inicialização do windows". A última vez que eu rodei o mais atualizado AdwCleaner, eu tive que fazer restauração do sistema, pois nenhum de meus navegadores conseguiam acessar a internet e, com isso, acabou voltando todos os adwares. Preciso de uma solução definitiva para remoção de todo malware, não só adwares, pois creio que há mais coisas aqui, e preciso voltar a ter acesso a BIOS do meu computador.

Share this post


Link to post
Share on other sites

// ^ Boa Tarde ^ Felipe Augusto de Godoy //

> Baixe: < FRST_Logo.jpg > ( ... by Farbar )

> O banner àcima,acessa a ferramenta para sistemas 32bits!

< Farbar Recovery Scan Tool 64-Bit >

> No link àcima,é para uso em sistemas 64bits!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Sim" >> "Examinar".

4y9giFrI.jpg

> Antes de clicar "Examinar",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Exame Opcional",deixe marcada as checkbox "Addition.txt" e "Arquivos 90 Dias".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
> Poste os relatórios! (FRST.txt + Addition.txt)

> Como os logs serão extensos,envie-os à Cjoint_Logo.jpg >

EUE4tdb.jpg

> Clique no botão Parcourir...
> Busque o relatório e clique no botão Abrir.
> Clique no botão "Créer le lien Cjoint".
> Copie o link que está ao lado de "Le lien a été créé" e poste-o em sua resposta.

acrVh6GY.jpg

> O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.

Copierlelien_zpsd51f499f.jpg

> Ou clique "Copier le lien (*)" e cole o link ao seu Post.
> Fique atento,pois teremos 2 links a serem postados!

A+

Share this post


Link to post
Share on other sites

/_ Boa Noite! Felipe Augusto de Godoy _\

Percentagem de memória em uso: 68%
--
--
> A percentagem de memória,em uso está muito alta.

> Desinstale: <2>

Duplicate Cleaner Free 3.2.7 <<

Lightshot-5.3.0.0 <<

> Copie estas informações que estão no spoiler,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto! ou Unicode.
> Salve-as no desktop! ( Área de trabalho ... )
> Mova a ferramenta FRST ao desktop,pois a mesma está em pasta incorreta. ( C:\Users\Usuario\Downloads )

start
CloseProcesses:
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Nenhum Arquivo
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Nenhum Arquivo
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Nenhum Arquivo
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Nenhum Arquivo
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{3be70705-7d50-43aa-b235-53b716b18995} <======= ATENÇÃO (Restrição - IP)
Winsock: Catalog5 09 pcapwsp.dll Nenhum Arquivo
Winsock: Catalog5-x64 09 pcapwsp.dll Nenhum Arquivo
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\S-1-5-21-1144292019-2563834070-1988740619-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nuesearch.com/?type=hp&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nuesearch.com/?type=hp&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&q={searchTerms}
HKU\S-1-5-21-1144292019-2563834070-1988740619-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&q={searchTerms}
HKU\S-1-5-21-1144292019-2563834070-1988740619-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
HKU\S-1-5-21-1144292019-2563834070-1988740619-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&q={searchTerms}
HKU\S-1-5-21-1144292019-2563834070-1988740619-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nuesearch.com/?type=hp&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
URLSearchHook: HKLM-x32 -> Padrão = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_31_wbf_anvsft_16_16&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuzyyE0D0EzztDtDtA0AtCyBtAtBtByDyDtN0D0Tzu0StCyCyByDtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByDtFtDtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0D0FyEyC0CtAyCtGyCyD0D0BtGzztD0F0AtGtByByEyCtGzy0C0CyCyEyByC0ByCzy0EtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtD0Czz0F0D0FtDtG0CtBzzyCtGyEzztDtDtG0A0D0B0AtGyCyCtD0D0B0DyBtDtD0D0FtB2QtN0A0LzutB%26cr%3D102304569%26a%3Dhdr_s_16_31_wbf_anvsft_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_anvsft_16_16&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzyyE0D0EzztDtDtA0AtCyBtAtBtByDyDtN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyEyCyCtByEyEyBtGtCyEyEzztG0FyDyB0EtGtBtAyD0DtG0ByCtCyByC0FyByE0A0CyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtD0Czz0F0D0FtDtG0CtBzzyCtGyEzztDtDtG0A0D0B0AtGyCyCtD0D0B0DyBtDtD0D0FtB2QtN0A0LzutB%26cr%3D1499515040%26a%3Dwbf_anvsft_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1144292019-2563834070-1988740619-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1144292019-2563834070-1988740619-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
FF NewTab: hxxp://www.trotux.com/?z=9d6c35350b6dc9bfb07e308g0z2qcb6g5o5o7t8z2g&from=isr&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&type=hp
FF DefaultSearchEngine: trotux
FF SelectedSearchEngine: trotux
FF Homepage: hxxp://www.trotux.com/?z=9d6c35350b6dc9bfb07e308g0z2qcb6g5o5o7t8z2g&from=isr&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&type=hp
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Nenhum Arquivo]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
OPR Extension: (Sem Nome) - C:\Users\Usuario\AppData\Roaming\Opera Software\Opera Stable\Extensions\fghlbjjfaimocdbincabjnngocjeiaij [2016-05-29]
S4 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
R3 gkernel; \??\C:\Users\Usuario\AppData\Local\Temp\gkernel.sys [X]
S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X] <==== ATENÇÃO
S3 npkcrypt; \??\C:\Program Files (x86)\Old Times + Ragnarok\npkcrypt.sys [X]
S3 npkycryp; \??\C:\Program Files (x86)\Old Times + Ragnarok\npkycryp.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S2 WiseFS; \??\C:\Program Files (x86)\Wise\Wise Folder Hider\WiseFs64.sys [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
S3 X6va031; \??\C:\Windows\SysWOW64\Drivers\X6va031 [X]
R3 X6va035; \??\C:\Windows\SysWOW64\Drivers\X6va035 [X]
2015-11-24 17:24 - 2015-11-24 17:39 - 6420480 _____ () C:\Program Files (x86)\GUTE88B.tmp
2013-09-11 20:01 - 2016-07-09 23:01 - 0010752 _____ () C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-28 19:38 - 2015-09-28 19:38 - 0000003 _____ () C:\Users\Usuario\AppData\Local\updater.log
2014-11-15 03:37 - 2014-11-15 03:37 - 0000165 _____ () C:\ProgramData\bc.ini
2015-08-01 12:46 - 2015-08-01 12:46 - 8096636 _____ () C:\ProgramData\ProgramData.rar
Task: {3FB8EDCA-DD99-48CF-90F7-BBE829647F0C} - System32\Tasks\JambenUpdateTaskMachineUA => C:\Program Files (x86)\Jamben\Update\JambenUpdate.exe [2016-08-25] () <==== ATENÇÃO
Task: {5533F8B6-513F-4F9D-9656-0437C38B8C4E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {D94D90FB-19CF-4408-93EA-2BFFE41D0AED} - \Coacuiedclernege Module -> Nenhum Arquivo <==== ATENÇÃO
Task: {E1A6180E-A4AF-440C-B514-BA0FEA047D51} - System32\Tasks\JambenUpdateTaskMachineCore => C:\Program Files (x86)\Jamben\Update\JambenUpdate.exe [2016-08-25] () <==== ATENÇÃO
Task: {F440B725-8BEC-473C-A411-8DB5D28A6141} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\TXQQBrowser\Update\3604D5A504178195C4026043A37F05BE\Update\BrowserUpdate.exe [2016-04-25] (Tencent) <==== ATENÇÃO
ShortcutWithArgument: C:\Users\Usuario\Desktop\Amnesia.lnk -> C:\Users\Usuario\Desktop\Amnesia - The Dark Descent\redist\Launcher.exe () -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Usuario\Desktop\PXG Client.lnk -> C:\Users\Usuario\AppData\Roaming\pxgclient\pxgclient\client\launcher.exe () -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Usuario\AppData\Local\prevuchnirolyghucult\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Usuario\AppData\Local\Jamben\User Data\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PXG Client.lnk -> C:\Users\Usuario\AppData\Roaming\pxgclient\pxgclient\client\launcher.exe () -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Jamben\Application\chrome.exe (Google Inc.) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Área de trabalho remota do Google Chrome.lnk -> C:\Program Files (x86)\Jamben\Application\chrome.exe (Google Inc.) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Jamben\Application\chrome.exe (Google Inc.) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Jamben\Application\chrome.exe (Google Inc.) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Starbound.lnk -> C:\Program Files (x86)\Starbound\Launcher.exe () -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\f87db369e2538ec5\Felipe Augusto de Godoy - Chrome.lnk -> C:\Program Files (x86)\Jamben\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Felipe Augusto de Godoy - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Jamben\Application\chrome.exe (Google Inc.) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Jamben\Application\chrome.exe (Google Inc.) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Jamben\Application\chrome.exe (Google Inc.) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Public\Desktop\Starbound.lnk -> C:\Program Files (x86)\Starbound\Launcher.exe () -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
AlternateDataStreams: C:\ProgramData\Temp:8EFFFE8D [304]
AlternateDataStreams: C:\ProgramData\Temp:B755D674 [134]
AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:8EFFFE8D [304]
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:B755D674 [134]
AlternateDataStreams: C:\Users\Usuario\Documents\TCC SENAI 2016 - ARTIGOS:com.dropbox.attributes [168]
FirewallRules: [{F43ACC1B-E7ED-4B29-BBC6-22BF582F3B05}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe
FirewallRules: [{D6F7C69B-A2DC-4DE7-893F-581BD89D1A8B}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe
FirewallRules: [{6076118A-CEBC-43CA-9B39-BA9F0B1FC715}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe
C:\Users\João\AppData\Local\Temp\bdfilters.dll
C:\Users\João\AppData\Local\Temp\libeay32.dll
C:\Users\João\AppData\Local\Temp\msvcr120.dll
C:\Users\João\AppData\Local\Temp\SkypeSetup.exe
C:\Users\João\AppData\Local\Temp\sqlite3.dll
C:\Users\João\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Usuario\AppData\Local\Temp\CPU-V.dll
C:\Users\Usuario\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Usuario\AppData\Local\Temp\jansi-32-git-Bukkit-1.7.9-R0.2-20-g0b2ed13-b3108jnks.dll
C:\Users\Usuario\AppData\Local\Temp\MPCSetup_4.exe
C:\Users\Usuario\AppData\Local\Temp\NGMDll.dll
C:\Users\Usuario\AppData\Local\Temp\NGMResource.dll
C:\Users\Usuario\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Usuario\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Usuario\AppData\Local\Temp\nvStInst.exe
C:\Users\Usuario\AppData\Local\Temp\s3.exe
C:\Users\Usuario\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Usuario\AppData\Local\Temp\sqlite3.dll
C:\Users\Usuario\AppData\Local\Temp\unicows.dll
C:\Users\Usuario\29CA0000A35C46F1B38DF23BDE433555.dat
C:\Users\Usuario\7A1920D61156ABC05A60135AEFE8BC67.dat
CreateRestorePoint:
EmptyTemp:
Reboot:
end


> Execute FRST/FRST64 >> Clique "Corrigir" << Aguarde!
> Na mensagem,clique Executar.
> Poste o relatório! (Fixlog.txt)
> Este e outros relatórios,podem ser encontrados na pasta: Disco Local (C:) > FRST > Logs

434264.gif
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! >

A+

Share this post


Link to post
Share on other sites

/_ Bom Dia! Felipe Augusto de Godoy _\

> Ps: Use outro computador para baixar as ferramentas,para um pendrive.

> Baixe: < Complete Internet Repair >
> Extraia o conteúdo e execute o arquivo "CIntRep.exe".

CIR_All_zps0d008afe.jpg

> Marque as checkbox:

Reset Internet Protocol (TCP/IP)
Repair Winsock (Reset Catalog)
Renew Internet Connections
Flush DNS Resolver Cache
Repair Internet Explorer 11.0.9600
Clear Windows Update History
Repair Windows / Automatic Updates
Repair SSL / HTTPS / Cryptography
Reset Windows Firewall Configuration
Restore the default hosts file
Repair Workgroup Computers view


> Clique "Go!".
> Ao concluir,reinicie o computador!
> À seguir,acesse a pasta "Complete Internet Repair" >> "Logging".
> Duplo-clique em "CIntRep.log".
> Poste o log resultante!

> Baixe: < AdwCleaner_Logo2_zps580bcd78.jpg > ( ... par Xplode )

> Ou daqui: < AdwCleaner >
> Ao acessar,clique em "Download Now".

> Salve-o no desktop!

< Executar_Administrador.jpg >

> Desabilite seu antivírus!
> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

BdWSVs5.jpg

> Abra a ferramenta e na guia "Opções",assinale todas as Restaurações.

AdwCleaner_Examinar_zps828ed634.jpg

> Ps: Dê início ao scan,clicando em "Verificar" ou "Examinar".

AdwCleaner_Limpar_zps06005ae9.jpg

> Ao concluir,clique "Limpar" ou "Cleaning" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatorio".
> Poste: < C:\AdwCleaner\AdwCleaner[C1].txt >

Abs!

Share this post


Link to post
Share on other sites

/_ Bom Dia! Felipe Augusto de Godoy _\

> Poste os relatórios destas verificações que efetuou.

> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto!
> Salve-as no desktop! ( Área de trabalho ... )

start
CloseProcesses:
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
CMD: netsh winsock reset catalog
CMD: netsh advfirewall set allprofiles state on
CMD: netsh interface ip delete arpcache
CMD: netsh advfirewall reset
CMD: bitsadmin /reset /allusers
CMD: netsh int ip reset all
CMD: nbtstat -RR
CMD: nbtstat -R
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: sfc /scannow
CMD: type C:\AVScanner.ini
SubSystems: [Windows] ==> ZeroAccess
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end


> Execute FRST/FRST64 >> Clique "Corrigir" << Aguarde!
> Na mensagem,clique Executar.
> Poste o relatório! (Fixlog.txt)
> Este e outros relatórios,podem ser encontrados na pasta: Disco Local (C:) > FRST > Logs

434264.gif
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! >

A+

Share this post


Link to post
Share on other sites

https://www.4shared.com/rar/8Tqyw6g5ba/Logs.html

Esses são os logs que obtive até agora, e essa foi a única maneira que eu consegui de enviar para ti. Você vai ver que tem 2 imagens nesse arquivo, elas são de um programa chamado namebench da Microsoft que achei para tentar solucionar o problema da internet. Eu não entendo muito bem, mas nos resultados diz que o google.com está hijacked, achei que poderia ser uma informação importante.

Share this post


Link to post
Share on other sites

https://www.4shared.com/office/88FL_8zJba/Fixlog.html

Esse é o log do último fixlist que me passou.

*internet ainda não funciona* creio que exista algum vírus super escondido rodando bloqueando ou modificando os resets, porque desde o primeiro uso desse frst o PC começou a demorar quase 5x mais para carregar o desktop depois da tela de logon.

Share this post


Link to post
Share on other sites

Ou alguma coisa do registro que foi junto com os adwares. Sei que da última vez que usei o AdwCleaner, tive que fazer restauração do sistema para voltar a funcionar a internet.

*Inclusive, quando eu digito qualquer site no IE e pressionou Enter, ele me dá um erro: não é possível abrir a página de pesquisa. Coisa que eu nunca vi antes, como se estivesse corrompido ou modificado.

Share this post


Link to post
Share on other sites

/_ Bom Dia Felipe Augusto de Godoy _\

> Hospede os relatórios em Hébergement de fichiers, Security-x.fr.

> Ao concluir,copie o link (endereço) e cole aqui em seu Post.

> Baixe: < ZHPCleaner_zps71d274df.jpg > ( 6LcRokv.jpg... de Nicolas Coolman )

> Ou |Aqui!| << Mirror!
> Estando na página,clique 7ukwnm8.jpg

> Salve-a no desktop! ( ZHPCleaner.exe )
> Desabilite seu antivírus e execute ZHPCleaner.exe <<

psizeTv.jpg

> Clique "Eu".

6MKUYyzn.jpg

> Clique Scanner.

ljOOETD.jpg

> Aguarde a conclusão!

9g2LW3p.jpg

> Ao concluir,clique Reparar.

CWxMrxRA.jpg

> Acesse as guias que estão assinaladas em vermelho.
> Clique Reparar.

fN86PG8.jpg

> Ao concluir,clique Relatório!
> Poste o log de reparo: ~ Type : Reparo

A+

Share this post


Link to post
Share on other sites

Nenhuma opera?Æo pode ser executada em VPN - VPN Client enquanto a
m¡dia estiver desconectada.

--

--

> Você usa VPN para camuflar seu IP?

<Felipe Augusto de Godoy> eu tô pelo celular, não tenho outro computador. Está bem difícil de upar log por log. Os que mandei em .rar você não viu?

> Não consegui ver...somente pelo up.security-x.fr o Fixlog que enviou.

> Poste o log da ZHPCleaner.

A+

Share this post


Link to post
Share on other sites

/_ Bom Dia! Felipe Augusto de Godoy _\

HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{3be70705-7d50-43aa-b235-53b716b18995}
--

--

> Abra o Editor do Registro e delete tudo que estiver em vermelho.

HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local

--

--

> Deixe deste modo e sem nenhum valor,salvando esta alteração.

> Poste novos logs da FRST. ( Frst.txt + Addition.txt )

A+

Share this post


Link to post
Share on other sites

/_ Bom Dia! Felipe Augusto de Godoy _\

> O nível de infecção foi bem reduzido.

> você desinstalou o Chrome?

> Baixe: < Report_CHKDSK.exe > ( ... de Laddy )

> Clique em Baixar. (283.3KB)
> Salve-a no desktop!

CHKDSK_Report.jpg

> Execute-a e aguarde sua conclusão.
> Poste: RapportCHK_dd-mm-aaaa.txt <<

> Baixe: < 2wZxkvW.jpg > ( ... by Malwarebytes.org )

> Ou aqui! < JRT.exe >
> Salve-o no desktop!
> Desabilite seu antivírus!
> Para Windows 7,clique direito em JRT.exe e execute-o ...

Executar_Administrador.jpg

> Tendo dificuldades,pode executá-lo em Modo de Segurança com Rede.

KRBKDhB8.jpg

> Aguarde a conclusão e poste o relatório. ( JRT.txt )

A+

Share this post


Link to post
Share on other sites

/_ Boa Tarde! Felipe Augusto de Godoy _\

> Copie estas informações que estão no spoiler,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto!
> Salve-as no desktop! ( Área de trabalho ... )

start
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=trotux
FF Keyword.URL: hxxp://www.trotux.com/search/?z=9d6c35350b6dc9bfb07e308g0z2qcb6g5o5o7t8z2g&from=isr&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&type=sp&q=
CHR HomePage: Profile 2 -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pt-br
CHR StartupUrls: Profile 2 -> "hxxps://www.google.com.br/"
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-09-01]
CHR Extension: (The Great Suspender) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2016-06-01]
CHR Extension: (Boomerang for Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2016-06-01]
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Apresentações) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-10]
CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-10]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-10]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-10]
CHR Extension: (Adblock Plus) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-25]
CHR Extension: (Tampermonkey) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-08-27]
CHR Extension: (Planilhas do Google) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-10]
CHR Extension: (Documentos Google off-line) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-25]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-10]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-10]
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]
CHR HKU\S-1-5-21-1144292019-2563834070-1988740619-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
S4 JambenU; "C:\Program Files (x86)\Jamben\Update\JambenUpdate.exe" [X]
R3 gkernel; \??\C:\Users\Usuario\AppData\Local\Temp\gkernel.sys [X]
2016-08-21 18:18 - 2013-04-26 03:50 - 00000000 ____D C:\Users\Usuario\AppData\Local\Google
2016-09-01 22:47 - 2016-09-01 22:43 - 01065376 ____N (Google Inc.) C:\Users\Usuario\Desktop\ChromeSetup.exe
2016-09-01 23:28 - 2016-09-01 23:22 - 05227019 ____N C:\Users\Usuario\Desktop\namebench-1.3.1-Windows.exe
2016-09-02 06:58 - 2016-09-02 06:58 - 00000066 _____ C:\Users\Usuario\Desktop\namebenchlog.txt
2016-09-02 07:54 - 2014-11-15 20:25 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-01 22:05 - 2014-06-03 23:14 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-01 21:07 - 2016-07-10 00:55 - 00000000 ____D C:\Users\Usuario\AppData\Local\prevuchnirolyghucult
2016-09-01 21:07 - 2015-12-19 18:10 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-09-01 21:07 - 2015-11-24 17:26 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome
2016-09-01 21:07 - 2015-11-24 17:24 - 00002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
Task: {E02C177E-0643-4BC3-8198-7EEA818DA150} - System32\Tasks\{B25A715E-FAA8-43B0-8B43-A4A709A07C23} => Chrome.exe hxxp://ui.skype.com/ui/0/7.22.0.109/pt/abandoninstall?page=tsProgressBar
Task: {FFFDB000-1F05-4662-BEAD-908A6C2C8C25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1144292019-2563834070-1988740619-1000Core.job => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1144292019-2563834070-1988740619-1000UA.job => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: netsh winsock reset catalog

CMD: netsh winsock reset

CMD: netsh int ip reset resetlog.txt
CMD: netsh int ip reset all

CMD: netsh winhttp reset proxy

CMD: netsh winhttp reset tracing

CMD: netsh interface reset all
CMD: nbtstat -RR
CMD: nbtstat -R
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: sfc /scannow
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end


> Execute FRST/FRST64 >> Clique "Corrigir" << Aguarde!
> Na mensagem,clique Executar.
> Poste o relatório! (Fixlog.txt)
> Este e outros relatórios,podem ser encontrados na pasta: Disco Local (C :) > FRST > Logs

434264.gif
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! >

A+

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×

Important Information

Ao usar o fórum, você concorda com nossos Terms of Use.