[Resolvido] Máquina infectada com um cavalo de tróia

[Annluciap 0]

O antivirus detectou mas não limpou. Deixei na quarentena o trojan.

Segue log do Hijack.

Obrigada.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:56:43, on 06/09/2016

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v11.0 (11.00.10586.0545)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe

C:\Program Files (x86)\Claro 3G\UIMain.exe

C:\Program Files (x86)\Claro 3G\CMUpdater.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Ivan\Desktop\Backup ivan\ivansc\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://safesearch.avira.com/#web/result?source=art&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://safesearch.avira.com/#web/result?source=art&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://safesearch.avira.com/#web/result?source=art&q=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=

O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Avira SystrayStartTrigger] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

O4 - HKCU\..\Run: [MySQL Notifier] C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySqlNotifier.exe

O4 - HKCU\..\Run: [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background

O4 - Startup: PalTalk.lnk = C:\Program Files (x86)\Paltalk Messenger\paltalk.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXE/3000

O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://www.bancoreal.com.br

O15 - Trusted Zone: http://www.bancosantander.com.br

O15 - Trusted Zone: imagem.caixa.gov.br

O15 - Trusted Zone: internetbanking.caixa.gov.br

O15 - Trusted Zone: internetbankingpf.caixa.gov.br

O15 - Trusted Zone: www.caixa.gov.br

O15 - Trusted Zone: http://www.caixa.gov.br

O15 - Trusted Zone: www.santander.com.br

O15 - Trusted Zone: http://www.santander.com.br

O15 - Trusted Zone: www.santanderempresarial.com.br

O15 - Trusted Zone: http://www.santanderempresarial.com.br

O15 - Trusted Zone: www.santandernet.com.br

O15 - Trusted Zone: wwws.santandernet.com.br

O15 - Trusted Zone: wwws2.santandernet.com.br

O15 - Trusted Zone: www.santandernetibe.com.br

O17 - HKLM\System\CCS\Services\Tcpip\..\{BF684491-4F85-499F-BB7E-4C63E139817F}: NameServer = 200.169.117.221 200.169.117.222

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll

O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll

O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)

O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe

O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe

O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)

O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)

O23 - Service: MySQL56 - Unknown owner - C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)

O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe

O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)

O23 - Service: Unchecky - RaMMicHaeL - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: @oem17.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\WINDOWS\system32\viakaraokesrv.exe (file missing)

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\SYSWOW64\VMNETDHCP.EXE

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\SYSWOW64\VMNAT.EXE

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 12647 bytes

[DigRam 144]

/_ Boa Noite ^ Annluciap ^ _\

> Baixe: < > ( ... by Farbar )

> O banner àcima,acessa a ferramenta para sistemas 32bits!

< Farbar Recovery Scan Tool 64-Bit >

> No link àcima,é para uso em sistemas 64bits!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Sim" >> "Examinar".



> Antes de clicar "Examinar",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Exame Opcional",deixe marcada as checkbox "Addition.txt" e "Arquivos 90 Dias".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
> Poste os relatórios! (FRST.txt + Addition.txt)

> Como os logs serão extensos,envie-os à >



> Clique no botão Parcourir...
> Busque o relatório e clique no botão Abrir.
> Clique no botão "Créer le lien Cjoint".
> Copie o link que está ao lado de "Le lien a été créé" e poste-o em sua resposta.



> O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.



> Ou clique "Copier le lien (*)" e cole o link ao seu Post.
> Outra opção,é hospedar os relatórios em Hébergement de fichiers, Security-x.fr.
> Fique atento,pois teremos 2 links a serem postados!

A+

[Annluciap 0]

Olá,

seguem os links dos logs.

Novamente obrigada.

http://www.cjoint.com/c/FIhcKPSGNkP

http://www.cjoint.com/c/FIhcM63YApP

[DigRam 144]

/_ Bom Dia ^ Annluciap ^ _\

> Copie estas informações que estão no spoiler,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto!
> Salve-as no desktop! ( Área de trabalho ... )

start
CloseProcesses:
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {a3b3cddc-429a-11e4-a996-00248cd00264} - "G:\Windows/AutoRun.exe"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
SearchScopes: HKU\User-7 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HomePage: Profile 6 -> hxxp://www.netvibes.com/ivansc
CHR StartupUrls: Profile 6 -> "hxxp://www.netvibes.com/ivansc","hxxp://app.webinspector.com/public/tasks/7510752#","hxxp://help.comodo.com/topic-120-1-279-2573-enabling-disabling-the-translate-bar.html"
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
U3 idsvc; não ImagePath
U3 wpcsvc; não ImagePath
Task: {1AD5D07F-C685-46B7-9BEE-9B4C2CC0FCBA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO
Task: {5796F8F3-07C5-4AEC-A827-972B8C26D94A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {7A17D296-A89B-4001-930B-DA6F48D6101E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {8A63A62D-6AE1-4C2F-B429-6B64A95EEA33} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO
Task: {8B305C2B-E3C7-4E33-A073-056157D35FBC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO
Task: {914B79C5-0A34-4B16-B476-6BCA78790BFA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Nenhum Arquivo <==== ATENÇÃO
Task: {A67B39FE-7A95-4F3A-A9DE-2B1524264471} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {B21BE69D-B70C-4B49-91C9-946EF67E1F71} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {C518C286-2630-4166-A47B-D6D58D7B902A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO
Task: {D64E77D4-FC21-4E8F-9505-09C015DE279F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {DB27A538-4B02-4950-A7A4-0E67F316E0AE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {F8D3449A-7DFA-47A9-8127-34ACE6DF7983} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Nenhum Arquivo <==== ATENÇÃO
ShortcutWithArgument: C:\Users\Ivan\Desktop\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 6"
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1434]
C:\Users\adm_isc\AppData\Local\Temp\avgnt.exe
C:\Users\Ana\AppData\Local\Temp\avgnt.exe
C:\Users\Ivan\AppData\Local\Temp\avgnt.exe
CreateRestorePoint:
EmptyTemp:
Reboot:
Hosts:
end

> Execute FRST/FRST64 >> Clique "Corrigir" << Aguarde!
> Na mensagem,clique Executar.
> Poste o relatório! (Fixlog.txt)
> Este e outros relatórios,podem ser encontrados na pasta: Disco Local (C) > FRST > Logs


< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! >

A+

[Annluciap 0]

Boa tarde,

segue mais um log. :)

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 31-08-2016

Executado por Ivan (07-09-2016 17:05:39) Run:1

Executando a partir de C:\Users\Ivan\Desktop

Perfis Carregados: Ivan (Perfis Disponíveis: Ivan & Ana & Classic .NET AppPool)

Modo da Inicialização: Normal

==============================================

fixlist Conteúdo:

*****************

start

CloseProcesses:

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {a3b3cddc-429a-11e4-a996-00248cd00264} - "G:\Windows/AutoRun.exe"

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=

SearchScopes: HKU\User-7 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

CHR HomePage: Profile 6 -> hxxp://www.netvibes.com/ivansc

CHR StartupUrls: Profile 6 -> "hxxp://www.netvibes.com/ivansc","hxxp://app.webinspector.com/public/tasks/7510752#","hxxp://help.comodo.com/topic-120-1-279-2573-enabling-disabling-the-translate-bar.html"

S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]

U3 idsvc; não ImagePath

U3 wpcsvc; não ImagePath

Task: {1AD5D07F-C685-46B7-9BEE-9B4C2CC0FCBA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO

Task: {5796F8F3-07C5-4AEC-A827-972B8C26D94A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Nenhum Arquivo <==== ATENÇÃO

Task: {7A17D296-A89B-4001-930B-DA6F48D6101E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Nenhum Arquivo <==== ATENÇÃO

Task: {8A63A62D-6AE1-4C2F-B429-6B64A95EEA33} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO

Task: {8B305C2B-E3C7-4E33-A073-056157D35FBC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO

Task: {914B79C5-0A34-4B16-B476-6BCA78790BFA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Nenhum Arquivo <==== ATENÇÃO

Task: {A67B39FE-7A95-4F3A-A9DE-2B1524264471} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)

Task: {B21BE69D-B70C-4B49-91C9-946EF67E1F71} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Nenhum Arquivo <==== ATENÇÃO

Task: {C518C286-2630-4166-A47B-D6D58D7B902A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO

Task: {D64E77D4-FC21-4E8F-9505-09C015DE279F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Nenhum Arquivo <==== ATENÇÃO

Task: {DB27A538-4B02-4950-A7A4-0E67F316E0AE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Nenhum Arquivo <==== ATENÇÃO

Task: {F8D3449A-7DFA-47A9-8127-34ACE6DF7983} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Nenhum Arquivo <==== ATENÇÃO

ShortcutWithArgument: C:\Users\Ivan\Desktop\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list

ShortcutWithArgument: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list

ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list

ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list

ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 6"

AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]

AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]

AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1434]

C:\Users\adm_isc\AppData\Local\Temp\avgnt.exe

C:\Users\Ana\AppData\Local\Temp\avgnt.exe

C:\Users\Ivan\AppData\Local\Temp\avgnt.exe

CreateRestorePoint:

EmptyTemp:

Reboot:

Hosts:

end

*****************

Processos fechados com sucesso.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3b3cddc-429a-11e4-a996-00248cd00264}" => chave removido (a) com sucesso.

HKCR\CLSID\{a3b3cddc-429a-11e4-a996-00248cd00264} => chave não encontrado (a).

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso

HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => valor restaurado com sucesso

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => valor restaurado com sucesso

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso

HKU\User-7\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.

Chrome HomePage => removido (a) com sucesso.

Chrome StartupUrls => removido (a) com sucesso.

gbpddfac => serviço removido (a) com sucesso.

idsvc => serviço removido (a) com sucesso.

wpcsvc => serviço removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1AD5D07F-C685-46B7-9BEE-9B4C2CC0FCBA}" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AD5D07F-C685-46B7-9BEE-9B4C2CC0FCBA}" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5796F8F3-07C5-4AEC-A827-972B8C26D94A}" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5796F8F3-07C5-4AEC-A827-972B8C26D94A}" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7A17D296-A89B-4001-930B-DA6F48D6101E}" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A17D296-A89B-4001-930B-DA6F48D6101E}" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A63A62D-6AE1-4C2F-B429-6B64A95EEA33}" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A63A62D-6AE1-4C2F-B429-6B64A95EEA33}" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B305C2B-E3C7-4E33-A073-056157D35FBC}" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B305C2B-E3C7-4E33-A073-056157D35FBC}" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{914B79C5-0A34-4B16-B476-6BCA78790BFA}" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{914B79C5-0A34-4B16-B476-6BCA78790BFA}" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A67B39FE-7A95-4F3A-A9DE-2B1524264471}" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A67B39FE-7A95-4F3A-A9DE-2B1524264471}" => chave removido (a) com sucesso.

C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B21BE69D-B70C-4B49-91C9-946EF67E1F71}" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B21BE69D-B70C-4B49-91C9-946EF67E1F71}" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C518C286-2630-4166-A47B-D6D58D7B902A}" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C518C286-2630-4166-A47B-D6D58D7B902A}" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D64E77D4-FC21-4E8F-9505-09C015DE279F}" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D64E77D4-FC21-4E8F-9505-09C015DE279F}" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB27A538-4B02-4950-A7A4-0E67F316E0AE}" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB27A538-4B02-4950-A7A4-0E67F316E0AE}" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8D3449A-7DFA-47A9-8127-34ACE6DF7983}" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8D3449A-7DFA-47A9-8127-34ACE6DF7983}" => chave removido (a) com sucesso.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => chave removido (a) com sucesso.

C:\Users\Ivan\Desktop\Inicializador de aplicativos do Google Chrome.lnk => Atalho argumento removido (a) com sucesso..

C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk => Atalho argumento removido (a) com sucesso..

C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk => Atalho argumento removido (a) com sucesso..

C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Inicializador de aplicativos do Google Chrome.lnk => Atalho argumento removido (a) com sucesso..

C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk => Atalho argumento removido (a) com sucesso..

C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Google Chrome.lnk => Atalho argumento removido (a) com sucesso..

C:\Program Files (x86)\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removido (a) com sucesso..

C:\Program Files (x86)\GbPlugin => ":u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==" ADS removido (a) com sucesso..

C:\WINDOWS\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso..

C:\Users\adm_isc\AppData\Local\Temp\avgnt.exe => movido com sucesso

C:\Users\Ana\AppData\Local\Temp\avgnt.exe => movido com sucesso

C:\Users\Ivan\AppData\Local\Temp\avgnt.exe => movido com sucesso

Ponto de Restauração criado com sucesso.

"C:\Windows\System32\Drivers\etc\hosts" => Não pode ser movido.

Não foi possível restaurar Hosts.

=========== EmptyTemp: ==========

BITS transfer queue => 2496412 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 51880650 B

Java, Flash, Steam htmlcache => 806 B

Windows/system/drivers => 57516477 B

Edge => 122675671 B

Chrome => 854361116 B

Firefox => 59786740 B

Opera => 0 B

Temp, IE cache, history, cookies, recent:

Default => 0 B

ProgramData => 0 B

Public => 0 B

systemprofile => 128 B

systemprofile32 => 128 B

LocalService => 14366 B

NetworkService => 0 B

Ivan => 224247658 B

adm_isc => 13940038 B

Ana => 159137292 B

Classic .NET AppPool => 0 B

DefaultAppPool => 0 B

RecycleBin => 1748058 B

EmptyTemp: => 1.4 GB de dados temporários Removidos.

================================

O sistema precisou ser reiniciado.

==== Fim de Fixlog 17:13:58 ====

[DigRam 144]

/_ Boa Noite ^Annluciap^ _\

> Baixe: < > ( ... de Nicolas Coolman )

> Ou |Aqui!| << Mirror!
> Estando na página,clique

> Salve-a no desktop! ( ZHPCleaner.exe )
> Desabilite seu antivírus e execute ZHPCleaner.exe <<



> Clique "Eu".



> Clique Scanner.



> Aguarde a conclusão!



> Ao concluir,clique Reparar.



> Acesse as guias que estão assinaladas em vermelho.
> Clique Reparar.



> Ao concluir,clique Relatório!
> Poste o log de reparo: ~ Type : Reparo

Abs

[Annluciap 0]

Olá, segue relatório.

Obrigada. :)

~ ZHPCleaner v2016.9.8.126 by Nicolas Coolman (2016/09/08)

~ Run by Ivan (Administrator) (09/09/2016 23:38:05)

~ Web: https://www.nicolascoolman.com

~ Blog: https://www.anti-malware.top

~ Facebook : https://www.facebook.com/nicolascoolman1

~ State version :

~ Type : Scanner

~ Report : C:\Users\Ivan\Desktop\ZHPCleaner.txt

~ Quarantine : C:\Users\Ivan\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt

~ UAC : Activate

~ Boot Mode : Normal (Normal boot)

Windows 10 Home, 64-bit (Build 10586)

---\\ Serviços (0)

~ Nenhum ítem malicioso o desnecessários foi encontrado.

---\\ Navegadores de Internet (0)

~ Nenhum ítem malicioso o desnecessários foi encontrado.

---\\ Arquivo hosts (1)

~ O arquivo hosts é legítimo (59)

---\\ Tarefas automáticas agendadas. (0)

~ Nenhum ítem malicioso o desnecessários foi encontrado.

---\\ Explorer ( Arquivos, Pastas) (0)

~ Nenhum ítem malicioso o desnecessários foi encontrado.

---\\ Registro ( Chaves, Valores, Dados ) (0)

~ Nenhum ítem malicioso o desnecessários foi encontrado.

---\\ Resultado de reparação

~ Eventuais reparações feita

~ Este navegador está faltando ! (Google Chrome)

~ Este navegador está faltando ! (Opera Software)

---\\ Estatísticas

~ Items scan : 94118

~ Items encontrado : 0

~ items cancelados : 0

~ Items réparo : 0

~ End of search in 00h09mn50s

~====================

ZHPCleaner-[R]-09092016-23_37_31.txt

ZHPCleaner-[R]-10072015-21_07_25.txt

ZHPCleaner--09092016-23_36_13.txt

ZHPCleaner--09092016-23_47_55.txt

[DigRam 144]

/_ Bom Dia ^ Annluciap ^ _\

> Seu antivírus ainda detecta o malware?

> Não havendo mais problemas,remova as ferramentas que foram utilizadas na desinfecção.

> Baixe: < > ( ... de Xplode )



> Estando na página,clique em Download Now.
> Salve-a em um local conveniente. ( desktop! )
> Feche aplicativos que estejam abertos.



> Remover ferramentas de desinfecção
> Criar backup do registro
> Limpar pontos da restauração do sistema
> Redefinir as configurações do sistema

> Com estas caixinhas marcadas,clique Executar!
> Reinicie o computador ao concluir!

[Abs]

[Annluciap 0]

Olá,

o antivirus não detectou mais o malware.

Vou baixar o Delfix e seguir as instruções, ok?

Muito obrigada. :)

[DigRam 144]

PROBLEMA RESOLVIDO<br /><br />Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.