Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Felipe Augusto de Godoy

[Resolvido] PC cheio de adwares de difícil remoção

Recommended Posts

Boa tarde,

Meu irmão vive instalando joguinhos e coisas no computador e sempre vêm algum adware junto, porém notei que não consigo mais acessar a BIOS do meu computador pois quando aperto DEL, F2, F12, ESC, qualquer tecla de entrada na BIOS, eu sou redirecionado para uma página de "gerenciador de inicialização do windows". A última vez que eu rodei o mais atualizado AdwCleaner, eu tive que fazer restauração do sistema, pois nenhum de meus navegadores conseguiam acessar a internet e, com isso, acabou voltando todos os adwares. Preciso de uma solução definitiva para remoção de todo malware, não só adwares, pois creio que há mais coisas aqui, e preciso voltar a ter acesso a BIOS do meu computador.

Compartilhar este post


Link para o post
Compartilhar em outros sites

// ^ Boa Tarde ^ Felipe Augusto de Godoy //

> Baixe: < FRST_Logo.jpg > ( ... by Farbar )

> O banner àcima,acessa a ferramenta para sistemas 32bits!

< Farbar Recovery Scan Tool 64-Bit >

> No link àcima,é para uso em sistemas 64bits!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Sim" >> "Examinar".

4y9giFrI.jpg

> Antes de clicar "Examinar",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Exame Opcional",deixe marcada as checkbox "Addition.txt" e "Arquivos 90 Dias".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
> Poste os relatórios! (FRST.txt + Addition.txt)

> Como os logs serão extensos,envie-os à Cjoint_Logo.jpg >

EUE4tdb.jpg

> Clique no botão Parcourir...
> Busque o relatório e clique no botão Abrir.
> Clique no botão "Créer le lien Cjoint".
> Copie o link que está ao lado de "Le lien a été créé" e poste-o em sua resposta.

acrVh6GY.jpg

> O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.

Copierlelien_zpsd51f499f.jpg

> Ou clique "Copier le lien (*)" e cole o link ao seu Post.
> Fique atento,pois teremos 2 links a serem postados!

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Boa Noite! Felipe Augusto de Godoy _\

Percentagem de memória em uso: 68%
--
--
> A percentagem de memória,em uso está muito alta.

> Desinstale: <2>

Duplicate Cleaner Free 3.2.7 <<

Lightshot-5.3.0.0 <<

> Copie estas informações que estão no spoiler,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto! ou Unicode.
> Salve-as no desktop! ( Área de trabalho ... )
> Mova a ferramenta FRST ao desktop,pois a mesma está em pasta incorreta. ( C:\Users\Usuario\Downloads )

start
CloseProcesses:
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Nenhum Arquivo
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Nenhum Arquivo
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Nenhum Arquivo
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Nenhum Arquivo
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{3be70705-7d50-43aa-b235-53b716b18995} <======= ATENÇÃO (Restrição - IP)
Winsock: Catalog5 09 pcapwsp.dll Nenhum Arquivo
Winsock: Catalog5-x64 09 pcapwsp.dll Nenhum Arquivo
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\S-1-5-21-1144292019-2563834070-1988740619-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nuesearch.com/?type=hp&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nuesearch.com/?type=hp&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&q={searchTerms}
HKU\S-1-5-21-1144292019-2563834070-1988740619-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&q={searchTerms}
HKU\S-1-5-21-1144292019-2563834070-1988740619-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
HKU\S-1-5-21-1144292019-2563834070-1988740619-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&q={searchTerms}
HKU\S-1-5-21-1144292019-2563834070-1988740619-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nuesearch.com/?type=hp&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
URLSearchHook: HKLM-x32 -> Padrão = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_31_wbf_anvsft_16_16&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuzyyE0D0EzztDtDtA0AtCyBtAtBtByDyDtN0D0Tzu0StCyCyByDtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByDtFtDtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0D0FyEyC0CtAyCtGyCyD0D0BtGzztD0F0AtGtByByEyCtGzy0C0CyCyEyByC0ByCzy0EtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtD0Czz0F0D0FtDtG0CtBzzyCtGyEzztDtDtG0A0D0B0AtGyCyCtD0D0B0DyBtDtD0D0FtB2QtN0A0LzutB%26cr%3D102304569%26a%3Dhdr_s_16_31_wbf_anvsft_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_anvsft_16_16&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzyyE0D0EzztDtDtA0AtCyBtAtBtByDyDtN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyEyCyCtByEyEyBtGtCyEyEzztG0FyDyB0EtGtBtAyD0DtG0ByCtCyByC0FyByE0A0CyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtD0Czz0F0D0FtDtG0CtBzzyCtGyEzztDtDtG0A0D0B0AtGyCyCtD0D0B0DyBtDtD0D0FtB2QtN0A0LzutB%26cr%3D1499515040%26a%3Dwbf_anvsft_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1144292019-2563834070-1988740619-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1144292019-2563834070-1988740619-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
FF NewTab: hxxp://www.trotux.com/?z=9d6c35350b6dc9bfb07e308g0z2qcb6g5o5o7t8z2g&from=isr&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&type=hp
FF DefaultSearchEngine: trotux
FF SelectedSearchEngine: trotux
FF Homepage: hxxp://www.trotux.com/?z=9d6c35350b6dc9bfb07e308g0z2qcb6g5o5o7t8z2g&from=isr&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&type=hp
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Nenhum Arquivo]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
OPR Extension: (Sem Nome) - C:\Users\Usuario\AppData\Roaming\Opera Software\Opera Stable\Extensions\fghlbjjfaimocdbincabjnngocjeiaij [2016-05-29]
S4 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
R3 gkernel; \??\C:\Users\Usuario\AppData\Local\Temp\gkernel.sys [X]
S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X] <==== ATENÇÃO
S3 npkcrypt; \??\C:\Program Files (x86)\Old Times + Ragnarok\npkcrypt.sys [X]
S3 npkycryp; \??\C:\Program Files (x86)\Old Times + Ragnarok\npkycryp.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S2 WiseFS; \??\C:\Program Files (x86)\Wise\Wise Folder Hider\WiseFs64.sys [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
S3 X6va031; \??\C:\Windows\SysWOW64\Drivers\X6va031 [X]
R3 X6va035; \??\C:\Windows\SysWOW64\Drivers\X6va035 [X]
2015-11-24 17:24 - 2015-11-24 17:39 - 6420480 _____ () C:\Program Files (x86)\GUTE88B.tmp
2013-09-11 20:01 - 2016-07-09 23:01 - 0010752 _____ () C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-28 19:38 - 2015-09-28 19:38 - 0000003 _____ () C:\Users\Usuario\AppData\Local\updater.log
2014-11-15 03:37 - 2014-11-15 03:37 - 0000165 _____ () C:\ProgramData\bc.ini
2015-08-01 12:46 - 2015-08-01 12:46 - 8096636 _____ () C:\ProgramData\ProgramData.rar
Task: {3FB8EDCA-DD99-48CF-90F7-BBE829647F0C} - System32\Tasks\JambenUpdateTaskMachineUA => C:\Program Files (x86)\Jamben\Update\JambenUpdate.exe [2016-08-25] () <==== ATENÇÃO
Task: {5533F8B6-513F-4F9D-9656-0437C38B8C4E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {D94D90FB-19CF-4408-93EA-2BFFE41D0AED} - \Coacuiedclernege Module -> Nenhum Arquivo <==== ATENÇÃO
Task: {E1A6180E-A4AF-440C-B514-BA0FEA047D51} - System32\Tasks\JambenUpdateTaskMachineCore => C:\Program Files (x86)\Jamben\Update\JambenUpdate.exe [2016-08-25] () <==== ATENÇÃO
Task: {F440B725-8BEC-473C-A411-8DB5D28A6141} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\TXQQBrowser\Update\3604D5A504178195C4026043A37F05BE\Update\BrowserUpdate.exe [2016-04-25] (Tencent) <==== ATENÇÃO
ShortcutWithArgument: C:\Users\Usuario\Desktop\Amnesia.lnk -> C:\Users\Usuario\Desktop\Amnesia - The Dark Descent\redist\Launcher.exe () -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Usuario\Desktop\PXG Client.lnk -> C:\Users\Usuario\AppData\Roaming\pxgclient\pxgclient\client\launcher.exe () -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Usuario\AppData\Local\prevuchnirolyghucult\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Usuario\AppData\Local\Jamben\User Data\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PXG Client.lnk -> C:\Users\Usuario\AppData\Roaming\pxgclient\pxgclient\client\launcher.exe () -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Jamben\Application\chrome.exe (Google Inc.) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Área de trabalho remota do Google Chrome.lnk -> C:\Program Files (x86)\Jamben\Application\chrome.exe (Google Inc.) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Jamben\Application\chrome.exe (Google Inc.) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Jamben\Application\chrome.exe (Google Inc.) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Starbound.lnk -> C:\Program Files (x86)\Starbound\Launcher.exe () -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\f87db369e2538ec5\Felipe Augusto de Godoy - Chrome.lnk -> C:\Program Files (x86)\Jamben\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Felipe Augusto de Godoy - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Jamben\Application\chrome.exe (Google Inc.) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Jamben\Application\chrome.exe (Google Inc.) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Jamben\Application\chrome.exe (Google Inc.) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
ShortcutWithArgument: C:\Users\Public\Desktop\Starbound.lnk -> C:\Program Files (x86)\Starbound\Launcher.exe () -> hxxp://www.nuesearch.com/?type=sc&ts=1472474748&z=af694038805e63a34c3f6a5g1z1m8oezcmczcm9w9b&from=wpm0829&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C
AlternateDataStreams: C:\ProgramData\Temp:8EFFFE8D [304]
AlternateDataStreams: C:\ProgramData\Temp:B755D674 [134]
AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:8EFFFE8D [304]
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:B755D674 [134]
AlternateDataStreams: C:\Users\Usuario\Documents\TCC SENAI 2016 - ARTIGOS:com.dropbox.attributes [168]
FirewallRules: [{F43ACC1B-E7ED-4B29-BBC6-22BF582F3B05}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe
FirewallRules: [{D6F7C69B-A2DC-4DE7-893F-581BD89D1A8B}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe
FirewallRules: [{6076118A-CEBC-43CA-9B39-BA9F0B1FC715}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe
C:\Users\João\AppData\Local\Temp\bdfilters.dll
C:\Users\João\AppData\Local\Temp\libeay32.dll
C:\Users\João\AppData\Local\Temp\msvcr120.dll
C:\Users\João\AppData\Local\Temp\SkypeSetup.exe
C:\Users\João\AppData\Local\Temp\sqlite3.dll
C:\Users\João\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Usuario\AppData\Local\Temp\CPU-V.dll
C:\Users\Usuario\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Usuario\AppData\Local\Temp\jansi-32-git-Bukkit-1.7.9-R0.2-20-g0b2ed13-b3108jnks.dll
C:\Users\Usuario\AppData\Local\Temp\MPCSetup_4.exe
C:\Users\Usuario\AppData\Local\Temp\NGMDll.dll
C:\Users\Usuario\AppData\Local\Temp\NGMResource.dll
C:\Users\Usuario\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Usuario\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Usuario\AppData\Local\Temp\nvStInst.exe
C:\Users\Usuario\AppData\Local\Temp\s3.exe
C:\Users\Usuario\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Usuario\AppData\Local\Temp\sqlite3.dll
C:\Users\Usuario\AppData\Local\Temp\unicows.dll
C:\Users\Usuario\29CA0000A35C46F1B38DF23BDE433555.dat
C:\Users\Usuario\7A1920D61156ABC05A60135AEFE8BC67.dat
CreateRestorePoint:
EmptyTemp:
Reboot:
end


> Execute FRST/FRST64 >> Clique "Corrigir" << Aguarde!
> Na mensagem,clique Executar.
> Poste o relatório! (Fixlog.txt)
> Este e outros relatórios,podem ser encontrados na pasta: Disco Local (C:) > FRST > Logs

434264.gif
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! >

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Bom Dia! Felipe Augusto de Godoy _\

> Ps: Use outro computador para baixar as ferramentas,para um pendrive.

> Baixe: < Complete Internet Repair >
> Extraia o conteúdo e execute o arquivo "CIntRep.exe".

CIR_All_zps0d008afe.jpg

> Marque as checkbox:

Reset Internet Protocol (TCP/IP)
Repair Winsock (Reset Catalog)
Renew Internet Connections
Flush DNS Resolver Cache
Repair Internet Explorer 11.0.9600
Clear Windows Update History
Repair Windows / Automatic Updates
Repair SSL / HTTPS / Cryptography
Reset Windows Firewall Configuration
Restore the default hosts file
Repair Workgroup Computers view


> Clique "Go!".
> Ao concluir,reinicie o computador!
> À seguir,acesse a pasta "Complete Internet Repair" >> "Logging".
> Duplo-clique em "CIntRep.log".
> Poste o log resultante!

> Baixe: < AdwCleaner_Logo2_zps580bcd78.jpg > ( ... par Xplode )

> Ou daqui: < AdwCleaner >
> Ao acessar,clique em "Download Now".

> Salve-o no desktop!

< Executar_Administrador.jpg >

> Desabilite seu antivírus!
> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

BdWSVs5.jpg

> Abra a ferramenta e na guia "Opções",assinale todas as Restaurações.

AdwCleaner_Examinar_zps828ed634.jpg

> Ps: Dê início ao scan,clicando em "Verificar" ou "Examinar".

AdwCleaner_Limpar_zps06005ae9.jpg

> Ao concluir,clique "Limpar" ou "Cleaning" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatorio".
> Poste: < C:\AdwCleaner\AdwCleaner[C1].txt >

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Bom Dia! Felipe Augusto de Godoy _\

> Poste os relatórios destas verificações que efetuou.

> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto!
> Salve-as no desktop! ( Área de trabalho ... )

start
CloseProcesses:
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
CMD: netsh winsock reset catalog
CMD: netsh advfirewall set allprofiles state on
CMD: netsh interface ip delete arpcache
CMD: netsh advfirewall reset
CMD: bitsadmin /reset /allusers
CMD: netsh int ip reset all
CMD: nbtstat -RR
CMD: nbtstat -R
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: sfc /scannow
CMD: type C:\AVScanner.ini
SubSystems: [Windows] ==> ZeroAccess
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end


> Execute FRST/FRST64 >> Clique "Corrigir" << Aguarde!
> Na mensagem,clique Executar.
> Poste o relatório! (Fixlog.txt)
> Este e outros relatórios,podem ser encontrados na pasta: Disco Local (C:) > FRST > Logs

434264.gif
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! >

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

https://www.4shared.com/rar/8Tqyw6g5ba/Logs.html

Esses são os logs que obtive até agora, e essa foi a única maneira que eu consegui de enviar para ti. Você vai ver que tem 2 imagens nesse arquivo, elas são de um programa chamado namebench da Microsoft que achei para tentar solucionar o problema da internet. Eu não entendo muito bem, mas nos resultados diz que o google.com está hijacked, achei que poderia ser uma informação importante.

Compartilhar este post


Link para o post
Compartilhar em outros sites

https://www.4shared.com/office/88FL_8zJba/Fixlog.html

Esse é o log do último fixlist que me passou.

*internet ainda não funciona* creio que exista algum vírus super escondido rodando bloqueando ou modificando os resets, porque desde o primeiro uso desse frst o PC começou a demorar quase 5x mais para carregar o desktop depois da tela de logon.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ou alguma coisa do registro que foi junto com os adwares. Sei que da última vez que usei o AdwCleaner, tive que fazer restauração do sistema para voltar a funcionar a internet.

*Inclusive, quando eu digito qualquer site no IE e pressionou Enter, ele me dá um erro: não é possível abrir a página de pesquisa. Coisa que eu nunca vi antes, como se estivesse corrompido ou modificado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Bom Dia Felipe Augusto de Godoy _\

> Hospede os relatórios em Hébergement de fichiers, Security-x.fr.

> Ao concluir,copie o link (endereço) e cole aqui em seu Post.

> Baixe: < ZHPCleaner_zps71d274df.jpg > ( 6LcRokv.jpg... de Nicolas Coolman )

> Ou |Aqui!| << Mirror!
> Estando na página,clique 7ukwnm8.jpg

> Salve-a no desktop! ( ZHPCleaner.exe )
> Desabilite seu antivírus e execute ZHPCleaner.exe <<

psizeTv.jpg

> Clique "Eu".

6MKUYyzn.jpg

> Clique Scanner.

ljOOETD.jpg

> Aguarde a conclusão!

9g2LW3p.jpg

> Ao concluir,clique Reparar.

CWxMrxRA.jpg

> Acesse as guias que estão assinaladas em vermelho.
> Clique Reparar.

fN86PG8.jpg

> Ao concluir,clique Relatório!
> Poste o log de reparo: ~ Type : Reparo

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Nenhuma opera?Æo pode ser executada em VPN - VPN Client enquanto a
m¡dia estiver desconectada.

--

--

> Você usa VPN para camuflar seu IP?

<Felipe Augusto de Godoy> eu tô pelo celular, não tenho outro computador. Está bem difícil de upar log por log. Os que mandei em .rar você não viu?

> Não consegui ver...somente pelo up.security-x.fr o Fixlog que enviou.

> Poste o log da ZHPCleaner.

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Bom Dia! Felipe Augusto de Godoy _\

HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{3be70705-7d50-43aa-b235-53b716b18995}
--

--

> Abra o Editor do Registro e delete tudo que estiver em vermelho.

HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local

--

--

> Deixe deste modo e sem nenhum valor,salvando esta alteração.

> Poste novos logs da FRST. ( Frst.txt + Addition.txt )

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Bom Dia! Felipe Augusto de Godoy _\

> O nível de infecção foi bem reduzido.

> você desinstalou o Chrome?

> Baixe: < Report_CHKDSK.exe > ( ... de Laddy )

> Clique em Baixar. (283.3KB)
> Salve-a no desktop!

CHKDSK_Report.jpg

> Execute-a e aguarde sua conclusão.
> Poste: RapportCHK_dd-mm-aaaa.txt <<

> Baixe: < 2wZxkvW.jpg > ( ... by Malwarebytes.org )

> Ou aqui! < JRT.exe >
> Salve-o no desktop!
> Desabilite seu antivírus!
> Para Windows 7,clique direito em JRT.exe e execute-o ...

Executar_Administrador.jpg

> Tendo dificuldades,pode executá-lo em Modo de Segurança com Rede.

KRBKDhB8.jpg

> Aguarde a conclusão e poste o relatório. ( JRT.txt )

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sim, desinstalei porque não era mais o Chrome, e sim um clone dele porque tava instalado em uma pasta chamada Jamben e não mais Google.

https://up.security-x.fr/file.php?h=R8d46795c7332bf8a0911dd5be9ed8b21

https://up.security-x.fr/file.php?h=Rcc3ec922eea461411cf8349df74b809c

*PS: a internet ainda não funciona

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Boa Tarde! Felipe Augusto de Godoy _\

> Copie estas informações que estão no spoiler,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto!
> Salve-as no desktop! ( Área de trabalho ... )

start
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=trotux
FF Keyword.URL: hxxp://www.trotux.com/search/?z=9d6c35350b6dc9bfb07e308g0z2qcb6g5o5o7t8z2g&from=isr&uid=ST500DM002-1BD142_Z3TDJS1CXXXXZ3TDJS1C&type=sp&q=
CHR HomePage: Profile 2 -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pt-br
CHR StartupUrls: Profile 2 -> "hxxps://www.google.com.br/"
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-09-01]
CHR Extension: (The Great Suspender) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2016-06-01]
CHR Extension: (Boomerang for Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2016-06-01]
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Apresentações) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-10]
CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-10]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-10]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-10]
CHR Extension: (Adblock Plus) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-25]
CHR Extension: (Tampermonkey) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-08-27]
CHR Extension: (Planilhas do Google) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-10]
CHR Extension: (Documentos Google off-line) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-25]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-10]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-10]
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]
CHR HKU\S-1-5-21-1144292019-2563834070-1988740619-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
S4 JambenU; "C:\Program Files (x86)\Jamben\Update\JambenUpdate.exe" [X]
R3 gkernel; \??\C:\Users\Usuario\AppData\Local\Temp\gkernel.sys [X]
2016-08-21 18:18 - 2013-04-26 03:50 - 00000000 ____D C:\Users\Usuario\AppData\Local\Google
2016-09-01 22:47 - 2016-09-01 22:43 - 01065376 ____N (Google Inc.) C:\Users\Usuario\Desktop\ChromeSetup.exe
2016-09-01 23:28 - 2016-09-01 23:22 - 05227019 ____N C:\Users\Usuario\Desktop\namebench-1.3.1-Windows.exe
2016-09-02 06:58 - 2016-09-02 06:58 - 00000066 _____ C:\Users\Usuario\Desktop\namebenchlog.txt
2016-09-02 07:54 - 2014-11-15 20:25 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-01 22:05 - 2014-06-03 23:14 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-01 21:07 - 2016-07-10 00:55 - 00000000 ____D C:\Users\Usuario\AppData\Local\prevuchnirolyghucult
2016-09-01 21:07 - 2015-12-19 18:10 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-09-01 21:07 - 2015-11-24 17:26 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome
2016-09-01 21:07 - 2015-11-24 17:24 - 00002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
Task: {E02C177E-0643-4BC3-8198-7EEA818DA150} - System32\Tasks\{B25A715E-FAA8-43B0-8B43-A4A709A07C23} => Chrome.exe hxxp://ui.skype.com/ui/0/7.22.0.109/pt/abandoninstall?page=tsProgressBar
Task: {FFFDB000-1F05-4662-BEAD-908A6C2C8C25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1144292019-2563834070-1988740619-1000Core.job => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1144292019-2563834070-1988740619-1000UA.job => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: netsh winsock reset catalog

CMD: netsh winsock reset

CMD: netsh int ip reset resetlog.txt
CMD: netsh int ip reset all

CMD: netsh winhttp reset proxy

CMD: netsh winhttp reset tracing

CMD: netsh interface reset all
CMD: nbtstat -RR
CMD: nbtstat -R
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: sfc /scannow
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end


> Execute FRST/FRST64 >> Clique "Corrigir" << Aguarde!
> Na mensagem,clique Executar.
> Poste o relatório! (Fixlog.txt)
> Este e outros relatórios,podem ser encontrados na pasta: Disco Local (C :) > FRST > Logs

434264.gif
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! >

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.