Annluciap 0 Denunciar post Postado Janeiro 7, 2017 Olá, o micro está lento, provavelmente, por causa de malwares. Seguem os links para os logs do FRST. http://www.cjoint.com/c/GAhanA7OtTZ http://www.cjoint.com/c/GAhapBrE1kZ Obrigada. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 7, 2017 /_ Bom Dia! Annluciap _\ > Desinstale: <2> ByteFence Anti-Malware << Booking.com version 1.1.0.5019 << --- --- > Copie estas informações que estão em vermelho,para o Bloco de Notas. > Salve-as com o nome fixlist. << Texto! > Salve-as no desktop! ( Área de trabalho ... ) start CloseProcesses: Task: {08FD459A-C931-4610-B4B9-C1AEA096EF1F} - \SPDriver -> Nenhum Arquivo <==== ATENÇÃO Task: {0C750A8C-92C2-4623-AF80-78E1629FD192} - System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => C:\Users\Lucimar\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe [2015-05-15] () <==== ATENÇÃO Task: {1B3DD710-38E2-4E05-ACBE-B3F6F73F10B0} - \WSE_Vosteran -> Nenhum Arquivo <==== ATENÇÃO Task: {424336A4-F0EF-4F41-8E92-9AD6D9B7CC22} - \Run_Bobby_Browser -> Nenhum Arquivo <==== ATENÇÃO Task: {44D16CCC-9D61-4F5F-A76E-31A9FDEDED30} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2015-06-01] (YTDownloader) <==== ATENÇÃO Task: {464A631C-65FF-4B81-BD30-D95EA1232E0F} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2016-08-27] (Byte Technologies LLC) <==== ATENÇÃO Task: {4A74678F-F73E-4F03-B9A3-42A265529AA0} - \SPBIW_UpdateTask_Time_323031363839313439342d34784145552a2a3423326c57 -> Nenhum Arquivo <==== ATENÇÃO Task: {4DA1F0FB-638A-4B38-9E8E-7A02C3974B4C} - System32\Tasks\Yahoo! Powered nosar => Wscript.exe "C:\ProgramData\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993}\tomi.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b45334241323644392d363946382d414331462d454633452d3332354437353743423939337d5c726964616665" "433a5c50726f6772616d446174615c7b45334241323644392d363946382d414331462d454633 (a entrada de dados tem 78 mais caracteres). Task: {63D662ED-C65D-493F-83FB-48BB20B69954} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATENÇÃO Task: {81023610-D0C0-4F64-AC87-44C5CC0CCA2E} - \ShopperPro -> Nenhum Arquivo <==== ATENÇÃO Task: {8416AF03-2C01-45D7-9212-33244A3F7726} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2016-08-27] (Byte Technologies LLC) <==== ATENÇÃO Task: {9BC5C81B-C8EF-47E0-8ECE-97A79C373A9E} - \Vosteran caco -> Nenhum Arquivo <==== ATENÇÃO Task: {A3442B28-79C1-4B33-BEC7-42540A227994} - System32\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89} => C:\Users\Lucimar\AppData\Roaming\{8AA5B~1\UPDATE~1.EXE [2016-12-05] () <==== ATENÇÃO Task: {DAFD8B6D-8E44-4860-9D7E-78E70A4F6D0B} - System32\Tasks\Gnorujsepe => C:\ProgramData\Gnorujsepe\1.0.1.0\onioluog.exe <==== ATENÇÃO Task: {DCE77CD0-231A-49F3-9781-D3ABA7375031} - \SPBIW_UpdateTask_Time_323031363839313439342d785b233457414a45415a506c -> Nenhum Arquivo <==== ATENÇÃO Task: {E6CDCEAF-FD51-4FA0-A71E-962A96F6DC95} - \ShopperProJSUpd -> Nenhum Arquivo <==== ATENÇÃO Task: {ECDDEC66-68DB-4BB9-90B6-F05AED0D4F8F} - System32\Tasks\PostPoneInstall => C:\Users\Lucimar\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ATENÇÃO Task: {FB98754A-A3E9-476A-9648-C965E27BC77A} - \{3B7FD029-D932-411b-AF15-C96CF8EF0C18}{19F8DB95-4D78-4ddb-AC71-C610654FE37F} -> Nenhum Arquivo <==== ATENÇÃO Task: C:\Windows\Tasks\Yahoo! Powered nosar.job => Wscript.exe C:\ProgramData\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993}\tomi.txt <==== ATENÇÃO Task: C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => C:\Users\Lucimar\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe�œ-RunCheckUpdate C:\Users\Lucimar\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe <==== ATENÇÃO Task: C:\Windows\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89}.job => C:\Users\Lucimar\AppData\Roaming\{8AA5B~1\UPDATE~1.EXE <==== ATENÇÃO ShortcutWithArgument: C:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678 ShortcutWithArgument: C:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678 ShortcutWithArgument: C:\Users\Lucimar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678 2015-01-23 18:42 - 2015-01-23 18:42 - 0005632 _____ () C:\Users\Lucimar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-06-01 07:22 - 2015-06-01 07:22 - 00112560 _____ () C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe 2015-08-13 09:50 - 2015-07-08 22:26 - 00173088 _____ () C:\Users\Lucimar\AppData\Roaming\NetService\netservice.exe 2016-09-21 13:53 - 2016-10-01 15:40 - 00254280 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe 2016-01-03 02:47 - 2015-12-16 06:21 - 04845408 _____ () C:\Users\Lucimar\AppData\Roaming\WinNetSvc\WinNetSvc.exe 2016-09-21 13:53 - 2016-10-01 15:40 - 00565064 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe 2016-01-03 02:47 - 2015-11-28 06:45 - 00083456 _____ () C:\Users\Lucimar\AppData\Roaming\WinNetSvc\Interface.dll 2015-03-30 06:51 - 2015-03-30 06:51 - 00141856 _____ () C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5841\zlib1.dll 2017-01-06 20:35 - 2016-03-21 12:07 - 00000000 ____D C:\Users\Lucimar\AppData\Roaming\WMPNetworkAcSvc 2017-01-06 19:01 - 2016-09-21 13:40 - 00000000 ____D C:\Program Files\ByteFence 2017-01-06 18:44 - 2016-05-12 15:03 - 00000000 ____D C:\Program Files (x86)\SkypeUpdateEx 2017-01-06 19:45 - 2016-09-21 13:45 - 00000982 _____ C:\Windows\Tasks\Yahoo! Powered nosar.job 2017-01-06 19:45 - 2016-09-21 13:45 - 00000000 ____D C:\Users\Todos os Usuários\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993} 2017-01-06 19:45 - 2016-09-21 13:45 - 00000000 ____D C:\ProgramData\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993} HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\MountPoints2: {4fb45597-585b-11e4-a5dd-80ee736463d6} - E:\AutoRun.exe "motorola.html" HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\MountPoints2: {e3628e6e-9927-11e6-bc86-ea3791124264} - F:\Autorun.exe HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\MountPoints2: {f2bcf658-cdb8-11e4-a88c-80ee736463d6} - E:\MotorolaDeviceManagerSetup.exe -a HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678 HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms} HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.baixaki.com.br/portal/?utm_source=newportalhomesl&utm_medium=partners HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678 SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKLM -> {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_installcore_01&type=p&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> DefaultScope {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> {CCC6687C-7692-41F4-B214-4C5B42BC8148} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Nenhum Arquivo Toolbar: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> Sem Nome - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Nenhum Arquivo GroupPolicy: Restrição - Chrome <======= ATENÇÃO CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ProxyServer: [.DEFAULT] => http=127.0.0.1:52165;https=127.0.0.1:52165 R2 BASSVC; C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5841\bassvc.exe [208928 2015-03-30] (Baidu, Inc.) R2 BrsHelper; C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe [112560 2015-06-01] () <==== ATENÇÃO R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [254280 2016-10-01] () R2 WinNetSvc; C:\Users\Lucimar\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] () R2 WMPNetworkAcSvc; C:\Users\Lucimar\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [5098760 2016-07-11] () R2 YSearchUtilSvc; C:\Program Files (x86)\Yahoo!\yset\{C92645F5-E8F2-9A45-B1EC-D047E33BCDC1}\YSearchUtilSvc.exe [160536 2015-10-19] (Yahoo Inc.) R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58528 2015-06-01] (YTDownloader) S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] S1 gbpddfac; system32\drivers\gbpddfac64.sys [X] S0 gbpddreg; system32\drivers\gbpddreg64.sys [X] S3 JME; system32\DRIVERS\JME.sys [X] S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32] AlternateDataStreams: C:\Windows\System32:F13278F6_Abn.gbp [2] AlternateDataStreams: C:\Windows\System32:F13278F6_Bb.gbp [2] AlternateDataStreams: C:\Windows\System32:F13278F6_Cef.gbp [2] AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1198] AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10] AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10] C:\Users\Lucimar\AppData\Roaming\WinNetSvc\WinNetSvc.exe C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe C:\Users\Lucimar\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe C:\Program Files (x86)\Yahoo!\yset\{C92645F5-E8F2-9A45-B1EC-D047E33BCDC1}\YSearchUtilSVC.exe C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job C:\Windows\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89}.job C:\Users\Lucimar\AppData\Local\Temp\jre-8u111-windows-au.exe C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe C:\Program Files\ByteFence\ByteFence.exe C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5841\bastray.exe C:\Program Files (x86)\SkypeUpdateEx CMD: sfc /scannow CreateRestorePoint: RemoveProxy: EmptyTemp: Reboot: Hosts: end > Execute FRST/FRST64 >> Clique "Corrigir" << Aguarde! > Na mensagem,clique Executar. > Poste o relatório! (Fixlog.txt) > Este e outros relatórios,podem ser encontrados na pasta: Disco Local (C) > FRST > Logs < Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! > [Abs] Compartilhar este post Link para o post Compartilhar em outros sites
Annluciap 0 Denunciar post Postado Janeiro 7, 2017 Boa noite, segue log. Obrigada. Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 07-01-2017Executado por Lucimar (07-01-2017 19:34:16) Run:1Executando a partir de C:\Users\Lucimar\DesktopPerfis Carregados: Lucimar (Perfis Disponíveis: Lucimar)Modo da Inicialização: Normal==============================================fixlist Conteúdo:*****************startCloseProcesses:Task: {08FD459A-C931-4610-B4B9-C1AEA096EF1F} - \SPDriver -> Nenhum Arquivo <==== ATENÇÃOTask: {0C750A8C-92C2-4623-AF80-78E1629FD192} - System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => C:\Users\Lucimar\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe [2015-05-15] () <==== ATENÇÃOTask: {1B3DD710-38E2-4E05-ACBE-B3F6F73F10B0} - \WSE_Vosteran -> Nenhum Arquivo <==== ATENÇÃOTask: {424336A4-F0EF-4F41-8E92-9AD6D9B7CC22} - \Run_Bobby_Browser -> Nenhum Arquivo <==== ATENÇÃOTask: {44D16CCC-9D61-4F5F-A76E-31A9FDEDED30} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2015-06-01] (YTDownloader) <==== ATENÇÃOTask: {464A631C-65FF-4B81-BD30-D95EA1232E0F} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2016-08-27] (Byte Technologies LLC) <==== ATENÇÃOTask: {4A74678F-F73E-4F03-B9A3-42A265529AA0} - \SPBIW_UpdateTask_Time_323031363839313439342d34784145552a2a3423326c57 -> Nenhum Arquivo <==== ATENÇÃOTask: {4DA1F0FB-638A-4B38-9E8E-7A02C3974B4C} - System32\Tasks\Yahoo! Powered nosar => Wscript.exe "C:\ProgramData\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993}\tomi.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b45334241323644392d363946382d414331462d454633452d3332354437353743423939337d5c726964616665" "433a5c50726f6772616d446174615c7b45334241323644392d363946382d414331462d454633 (a entrada de dados tem 78 mais caracteres).Task: {63D662ED-C65D-493F-83FB-48BB20B69954} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATENÇÃOTask: {81023610-D0C0-4F64-AC87-44C5CC0CCA2E} - \ShopperPro -> Nenhum Arquivo <==== ATENÇÃOTask: {8416AF03-2C01-45D7-9212-33244A3F7726} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2016-08-27] (Byte Technologies LLC) <==== ATENÇÃOTask: {9BC5C81B-C8EF-47E0-8ECE-97A79C373A9E} - \Vosteran caco -> Nenhum Arquivo <==== ATENÇÃOTask: {A3442B28-79C1-4B33-BEC7-42540A227994} - System32\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89} => C:\Users\Lucimar\AppData\Roaming\{8AA5B~1\UPDATE~1.EXE [2016-12-05] () <==== ATENÇÃOTask: {DAFD8B6D-8E44-4860-9D7E-78E70A4F6D0B} - System32\Tasks\Gnorujsepe => C:\ProgramData\Gnorujsepe\1.0.1.0\onioluog.exe <==== ATENÇÃOTask: {DCE77CD0-231A-49F3-9781-D3ABA7375031} - \SPBIW_UpdateTask_Time_323031363839313439342d785b233457414a45415a506c -> Nenhum Arquivo <==== ATENÇÃOTask: {E6CDCEAF-FD51-4FA0-A71E-962A96F6DC95} - \ShopperProJSUpd -> Nenhum Arquivo <==== ATENÇÃOTask: {ECDDEC66-68DB-4BB9-90B6-F05AED0D4F8F} - System32\Tasks\PostPoneInstall => C:\Users\Lucimar\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ATENÇÃOTask: {FB98754A-A3E9-476A-9648-C965E27BC77A} - \{3B7FD029-D932-411b-AF15-C96CF8EF0C18}{19F8DB95-4D78-4ddb-AC71-C610654FE37F} -> Nenhum Arquivo <==== ATENÇÃOTask: C:\Windows\Tasks\Yahoo! Powered nosar.job => Wscript.exe C:\ProgramData\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993}\tomi.txt <==== ATENÇÃOTask: C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => C:\Users\Lucimar\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe?œ-RunCheckUpdate C:\Users\Lucimar\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe <==== ATENÇÃOTask: C:\Windows\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89}.job => C:\Users\Lucimar\AppData\Roaming\{8AA5B~1\UPDATE~1.EXE <==== ATENÇÃOShortcutWithArgument: C:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678ShortcutWithArgument: C:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678ShortcutWithArgument: C:\Users\Lucimar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=14394716782015-01-23 18:42 - 2015-01-23 18:42 - 0005632 _____ () C:\Users\Lucimar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2015-06-01 07:22 - 2015-06-01 07:22 - 00112560 _____ () C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe2015-08-13 09:50 - 2015-07-08 22:26 - 00173088 _____ () C:\Users\Lucimar\AppData\Roaming\NetService\netservice.exe2016-09-21 13:53 - 2016-10-01 15:40 - 00254280 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe2016-01-03 02:47 - 2015-12-16 06:21 - 04845408 _____ () C:\Users\Lucimar\AppData\Roaming\WinNetSvc\WinNetSvc.exe2016-09-21 13:53 - 2016-10-01 15:40 - 00565064 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe2016-01-03 02:47 - 2015-11-28 06:45 - 00083456 _____ () C:\Users\Lucimar\AppData\Roaming\WinNetSvc\Interface.dll2015-03-30 06:51 - 2015-03-30 06:51 - 00141856 _____ () C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5841\zlib1.dll2017-01-06 20:35 - 2016-03-21 12:07 - 00000000 ____D C:\Users\Lucimar\AppData\Roaming\WMPNetworkAcSvc2017-01-06 19:01 - 2016-09-21 13:40 - 00000000 ____D C:\Program Files\ByteFence2017-01-06 18:44 - 2016-05-12 15:03 - 00000000 ____D C:\Program Files (x86)\SkypeUpdateEx2017-01-06 19:45 - 2016-09-21 13:45 - 00000982 _____ C:\Windows\Tasks\Yahoo! Powered nosar.job2017-01-06 19:45 - 2016-09-21 13:45 - 00000000 ____D C:\Users\Todos os Usuários\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993}2017-01-06 19:45 - 2016-09-21 13:45 - 00000000 ____D C:\ProgramData\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993}HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\MountPoints2: {4fb45597-585b-11e4-a5dd-80ee736463d6} - E:\AutoRun.exe "motorola.html"HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\MountPoints2: {e3628e6e-9927-11e6-bc86-ea3791124264} - F:\Autorun.exeHKU\S-1-5-21-2705312239-909248705-17524377-1000\...\MountPoints2: {f2bcf658-cdb8-11e4-a88c-80ee736463d6} - E:\MotorolaDeviceManagerSetup.exe -aHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimateHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimateHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms}HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimateHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.baixaki.com.br/portal/?utm_source=newportalhomesl&utm_medium=partnersHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}SearchScopes: HKLM -> {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_installcore_01&type=p&p={searchTerms}SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}SearchScopes: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> DefaultScope {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}SearchScopes: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}SearchScopes: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> {CCC6687C-7692-41F4-B214-4C5B42BC8148} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_defaultSearchScopes: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Nenhum ArquivoToolbar: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> Sem Nome - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Nenhum ArquivoGroupPolicy: Restrição - Chrome <======= ATENÇÃOCHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃOProxyServer: [.DEFAULT] => http=127.0.0.1:52165;https=127.0.0.1:52165R2 BASSVC; C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5841\bassvc.exe [208928 2015-03-30] (Baidu, Inc.)R2 BrsHelper; C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe [112560 2015-06-01] () <==== ATENÇÃOR2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [254280 2016-10-01] ()R2 WinNetSvc; C:\Users\Lucimar\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] ()R2 WMPNetworkAcSvc; C:\Users\Lucimar\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [5098760 2016-07-11] ()R2 YSearchUtilSvc; C:\Program Files (x86)\Yahoo!\yset\{C92645F5-E8F2-9A45-B1EC-D047E33BCDC1}\YSearchUtilSvc.exe [160536 2015-10-19] (Yahoo Inc.)R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58528 2015-06-01] (YTDownloader)S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]S3 JME; system32\DRIVERS\JME.sys [X]S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]S3 tsusbhub; system32\drivers\tsusbhub.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X]AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]AlternateDataStreams: C:\Windows\System32:F13278F6_Abn.gbp [2]AlternateDataStreams: C:\Windows\System32:F13278F6_Bb.gbp [2]AlternateDataStreams: C:\Windows\System32:F13278F6_Cef.gbp [2]AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1198]AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10]C:\Users\Lucimar\AppData\Roaming\WinNetSvc\WinNetSvc.exeC:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exeC:\Program Files\ByteFence\rtop\bin\rtop_svc.exeC:\Users\Lucimar\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exeC:\Program Files (x86)\Yahoo!\yset\{C92645F5-E8F2-9A45-B1EC-D047E33BCDC1}\YSearchUtilSVC.exeC:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.jobC:\Windows\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89}.jobC:\Users\Lucimar\AppData\Local\Temp\jre-8u111-windows-au.exeC:\Program Files\ByteFence\rtop\bin\rtop_bg.exeC:\Program Files\ByteFence\ByteFence.exeC:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5841\bastray.exeC:\Program Files (x86)\SkypeUpdateExCMD: sfc /scannowCreateRestorePoint:RemoveProxy:EmptyTemp:Reboot:Hosts:end*****************Processos fechados com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{08FD459A-C931-4610-B4B9-C1AEA096EF1F} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08FD459A-C931-4610-B4B9-C1AEA096EF1F} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPDriver => chave não encontrado (a).HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C750A8C-92C2-4623-AF80-78E1629FD192} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C750A8C-92C2-4623-AF80-78E1629FD192} => chave removido (a) com sucesso.C:\Windows\System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => movido com sucessoHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B3DD710-38E2-4E05-ACBE-B3F6F73F10B0} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B3DD710-38E2-4E05-ACBE-B3F6F73F10B0} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Vosteran => chave não encontrado (a).HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{424336A4-F0EF-4F41-8E92-9AD6D9B7CC22} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{424336A4-F0EF-4F41-8E92-9AD6D9B7CC22} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_Bobby_Browser => chave não encontrado (a).HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{44D16CCC-9D61-4F5F-A76E-31A9FDEDED30} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44D16CCC-9D61-4F5F-A76E-31A9FDEDED30} => chave removido (a) com sucesso.C:\Windows\System32\Tasks\YTDownloader => movido com sucessoHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{464A631C-65FF-4B81-BD30-D95EA1232E0F} => chave não encontrado (a).C:\Windows\System32\Tasks\ByteFence => não encontrado (a).HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence => chave não encontrado (a).HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A74678F-F73E-4F03-B9A3-42A265529AA0} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A74678F-F73E-4F03-B9A3-42A265529AA0} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_323031363839313439342d34784145552a2a3423326c57 => chave não encontrado (a).HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DA1F0FB-638A-4B38-9E8E-7A02C3974B4C} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DA1F0FB-638A-4B38-9E8E-7A02C3974B4C} => chave removido (a) com sucesso.C:\Windows\System32\Tasks\Yahoo! Powered nosar => movido com sucessoHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Powered nosar => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63D662ED-C65D-493F-83FB-48BB20B69954} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63D662ED-C65D-493F-83FB-48BB20B69954} => chave removido (a) com sucesso.C:\Windows\System32\Tasks\LaunchApp => movido com sucessoHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{81023610-D0C0-4F64-AC87-44C5CC0CCA2E} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81023610-D0C0-4F64-AC87-44C5CC0CCA2E} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperPro => chave não encontrado (a).HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8416AF03-2C01-45D7-9212-33244A3F7726} => chave não encontrado (a).C:\Windows\System32\Tasks\ByteFence Scan => não encontrado (a).HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence Scan => chave não encontrado (a).HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BC5C81B-C8EF-47E0-8ECE-97A79C373A9E} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BC5C81B-C8EF-47E0-8ECE-97A79C373A9E} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Vosteran caco => chave não encontrado (a).HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3442B28-79C1-4B33-BEC7-42540A227994} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3442B28-79C1-4B33-BEC7-42540A227994} => chave removido (a) com sucesso.C:\Windows\System32\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89} => movido com sucessoHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{950C9674-03B5-4ADF-9770-1491444BAC89} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{DAFD8B6D-8E44-4860-9D7E-78E70A4F6D0B} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAFD8B6D-8E44-4860-9D7E-78E70A4F6D0B} => chave removido (a) com sucesso.C:\Windows\System32\Tasks\Gnorujsepe => movido com sucessoHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Gnorujsepe => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCE77CD0-231A-49F3-9781-D3ABA7375031} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCE77CD0-231A-49F3-9781-D3ABA7375031} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_323031363839313439342d785b233457414a45415a506c => chave não encontrado (a).HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E6CDCEAF-FD51-4FA0-A71E-962A96F6DC95} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6CDCEAF-FD51-4FA0-A71E-962A96F6DC95} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd => chave não encontrado (a).HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECDDEC66-68DB-4BB9-90B6-F05AED0D4F8F} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECDDEC66-68DB-4BB9-90B6-F05AED0D4F8F} => chave removido (a) com sucesso.C:\Windows\System32\Tasks\PostPoneInstall => movido com sucessoHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PostPoneInstall => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB98754A-A3E9-476A-9648-C965E27BC77A} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB98754A-A3E9-476A-9648-C965E27BC77A} => chave removido (a) com sucesso.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3B7FD029-D932-411b-AF15-C96CF8EF0C18}{19F8DB95-4D78-4ddb-AC71-C610654FE37F} => chave não encontrado (a).C:\Windows\Tasks\Yahoo! Powered nosar.job => movido com sucessoC:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => movido com sucessoC:\Windows\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89}.job => movido com sucessoC:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Atalho argumento removido (a) com sucesso..C:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Atalho argumento restaurado com sucessoC:\Users\Lucimar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Atalho argumento removido (a) com sucesso..C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Atalho argumento removido (a) com sucesso..C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Atalho argumento removido (a) com sucesso..C:\Users\Lucimar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => movido com sucessoC:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe => movido com sucessoC:\Users\Lucimar\AppData\Roaming\NetService\netservice.exe => movido com sucesso"C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe" => não encontrado (a).C:\Users\Lucimar\AppData\Roaming\WinNetSvc\WinNetSvc.exe => movido com sucesso"C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe" => não encontrado (a).C:\Users\Lucimar\AppData\Roaming\WinNetSvc\Interface.dll => movido com sucessoC:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5841\zlib1.dll => movido com sucessoC:\Users\Lucimar\AppData\Roaming\WMPNetworkAcSvc => movido com sucessoC:\Program Files\ByteFence => movido com sucessoC:\Program Files (x86)\SkypeUpdateEx => movido com sucesso"C:\Windows\Tasks\Yahoo! Powered nosar.job" => não encontrado (a).C:\Users\Todos os Usuários\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993} => movido com sucesso"C:\ProgramData\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993}" => não encontrado (a).HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fb45597-585b-11e4-a5dd-80ee736463d6} => chave removido (a) com sucesso.HKCR\CLSID\{4fb45597-585b-11e4-a5dd-80ee736463d6} => chave não encontrado (a).HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3628e6e-9927-11e6-bc86-ea3791124264} => chave removido (a) com sucesso.HKCR\CLSID\{e3628e6e-9927-11e6-bc86-ea3791124264} => chave não encontrado (a).HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2bcf658-cdb8-11e4-a88c-80ee736463d6} => chave removido (a) com sucesso.HKCR\CLSID\{f2bcf658-cdb8-11e4-a88c-80ee736463d6} => chave não encontrado (a).HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucessoHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucessoHKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucessoHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucessoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucessoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucessoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => valor removido (a) com sucesso.HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucessoHKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucessoHKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => chave removido (a) com sucesso.HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => chave não encontrado (a).HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => chave removido (a) com sucesso.HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => chave não encontrado (a).HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => chave removido (a) com sucesso.HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => chave não encontrado (a).HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} => chave removido (a) com sucesso.HKCR\CLSID\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} => chave não encontrado (a).HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucessoHKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => chave removido (a) com sucesso.HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => chave não encontrado (a).HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => chave removido (a) com sucesso.HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => chave não encontrado (a).HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC6687C-7692-41F4-B214-4C5B42BC8148} => chave removido (a) com sucesso.HKCR\CLSID\{CCC6687C-7692-41F4-B214-4C5B42BC8148} => chave não encontrado (a).HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => chave removido (a) com sucesso.HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => chave não encontrado (a).HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => valor removido (a) com sucesso.HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => chave não encontrado (a).HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => valor removido (a) com sucesso.HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => chave não encontrado (a).C:\Windows\system32\GroupPolicy\Machine => movido com sucessoC:\Windows\system32\GroupPolicy\GPT.ini => movido com sucessoC:\Windows\SysWOW64\GroupPolicy\GPT.ini => movido com sucessoHKLM\SOFTWARE\Policies\Google => chave removido (a) com sucesso.HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => valor removido (a) com sucesso.HKLM\System\CurrentControlSet\Services\BASSVC => chave removido (a) com sucesso.BASSVC => serviço removido (a) com sucesso.HKLM\System\CurrentControlSet\Services\BrsHelper => chave removido (a) com sucesso.BrsHelper => serviço removido (a) com sucesso.rtop => serviço não encontrado (a).HKLM\System\CurrentControlSet\Services\WinNetSvc => chave removido (a) com sucesso.WinNetSvc => serviço removido (a) com sucesso.HKLM\System\CurrentControlSet\Services\WMPNetworkAcSvc => chave removido (a) com sucesso.WMPNetworkAcSvc => serviço removido (a) com sucesso.HKLM\System\CurrentControlSet\Services\YSearchUtilSvc => chave removido (a) com sucesso.YSearchUtilSvc => serviço removido (a) com sucesso.sbmntr => Serviço finalizado com sucesso.HKLM\System\CurrentControlSet\Services\sbmntr => chave removido (a) com sucesso.sbmntr => serviço removido (a) com sucesso.HKLM\System\CurrentControlSet\Services\wsddfac => chave removido (a) com sucesso.wsddfac => serviço removido (a) com sucesso.HKLM\System\CurrentControlSet\Services\BprotectEx => chave removido (a) com sucesso.BprotectEx => serviço removido (a) com sucesso.HKLM\System\CurrentControlSet\Services\gbpddfac => chave removido (a) com sucesso.gbpddfac => serviço removido (a) com sucesso.HKLM\System\CurrentControlSet\Services\gbpddreg => chave removido (a) com sucesso.gbpddreg => serviço removido (a) com sucesso.HKLM\System\CurrentControlSet\Services\JME => chave removido (a) com sucesso.JME => serviço removido (a) com sucesso.HKLM\System\CurrentControlSet\Services\PCFApiUtil => chave removido (a) com sucesso.PCFApiUtil => serviço removido (a) com sucesso.HKLM\System\CurrentControlSet\Services\Synth3dVsc => chave removido (a) com sucesso.Synth3dVsc => serviço removido (a) com sucesso.HKLM\System\CurrentControlSet\Services\tsusbhub => chave removido (a) com sucesso.tsusbhub => serviço removido (a) com sucesso.HKLM\System\CurrentControlSet\Services\VGPU => chave removido (a) com sucesso.VGPU => serviço removido (a) com sucesso.C:\Program Files (x86)\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removido (a) com sucesso..C:\Program Files (x86)\GbPlugin => ":u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==" ADS removido (a) com sucesso..C:\Windows\System32 => ":F13278F6_Abn.gbp" ADS removido (a) com sucesso..C:\Windows\System32 => ":F13278F6_Bb.gbp" ADS removido (a) com sucesso..C:\Windows\System32 => ":F13278F6_Cef.gbp" ADS removido (a) com sucesso..C:\Windows\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso..C:\ProgramData\GbPlugin => ":IncompleteStartGbprcm.cnt" ADS removido (a) com sucesso.."C:\Users\Todos os Usuários\GbPlugin" => ":IncompleteStartGbprcm.cnt" ADS não encontrado (a)."C:\Users\Lucimar\AppData\Roaming\WinNetSvc\WinNetSvc.exe" => não encontrado (a)."C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe" => não encontrado (a)."C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe" => não encontrado (a)."C:\Users\Lucimar\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe" => não encontrado (a).C:\Program Files (x86)\Yahoo!\yset\{C92645F5-E8F2-9A45-B1EC-D047E33BCDC1}\YSearchUtilSVC.exe => movido com sucesso"C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job" => não encontrado (a)."C:\Windows\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89}.job" => não encontrado (a).C:\Users\Lucimar\AppData\Local\Temp\jre-8u111-windows-au.exe => movido com sucesso"C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe" => não encontrado (a)."C:\Program Files\ByteFence\ByteFence.exe" => não encontrado (a).C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5841\bastray.exe => movido com sucesso"C:\Program Files (x86)\SkypeUpdateEx" => não encontrado (a).========= sfc /scannow =========Iniciando verifica‡Æo de arquivos. O processo levar alguns minutos para ser conclu¡do.Iniciando fase de verifica‡Æo de verifica‡Æo do sistema.Verifica‡Æo 0% conclu¡da.Verifica‡Æo 1% conclu¡da.Verifica‡Æo 1% conclu¡da.Verifica‡Æo 2% conclu¡da.Verifica‡Æo 2% conclu¡da.Verifica‡Æo 3% conclu¡da.Verifica‡Æo 3% conclu¡da.Verifica‡Æo 4% conclu¡da.Verifica‡Æo 4% conclu¡da.Verifica‡Æo 5% conclu¡da.Verifica‡Æo 5% conclu¡da.Verifica‡Æo 6% conclu¡da.Verifica‡Æo 6% conclu¡da.Verifica‡Æo 7% conclu¡da.Verifica‡Æo 7% conclu¡da.Verifica‡Æo 8% conclu¡da.Verifica‡Æo 8% conclu¡da.Verifica‡Æo 9% conclu¡da.Verifica‡Æo 9% conclu¡da.Verifica‡Æo 10% conclu¡da.Verifica‡Æo 11% conclu¡da.Verifica‡Æo 11% conclu¡da.Verifica‡Æo 12% conclu¡da.Verifica‡Æo 12% conclu¡da.Verifica‡Æo 13% conclu¡da.Verifica‡Æo 13% conclu¡da.Verifica‡Æo 14% conclu¡da.Verifica‡Æo 14% conclu¡da.Verifica‡Æo 15% conclu¡da.Verifica‡Æo 15% conclu¡da.Verifica‡Æo 16% conclu¡da.Verifica‡Æo 16% conclu¡da.Verifica‡Æo 17% conclu¡da.Verifica‡Æo 17% conclu¡da.Verifica‡Æo 18% conclu¡da.Verifica‡Æo 18% conclu¡da.Verifica‡Æo 19% conclu¡da.Verifica‡Æo 19% conclu¡da.Verifica‡Æo 20% conclu¡da.Verifica‡Æo 20% conclu¡da.Verifica‡Æo 21% conclu¡da.Verifica‡Æo 22% conclu¡da.Verifica‡Æo 22% conclu¡da.Verifica‡Æo 23% conclu¡da.Verifica‡Æo 23% conclu¡da.Verifica‡Æo 24% conclu¡da.Verifica‡Æo 24% conclu¡da.Verifica‡Æo 25% conclu¡da.Verifica‡Æo 25% conclu¡da.Verifica‡Æo 26% conclu¡da.Verifica‡Æo 26% conclu¡da.Verifica‡Æo 27% conclu¡da.Verifica‡Æo 27% conclu¡da.Verifica‡Æo 28% conclu¡da.Verifica‡Æo 28% conclu¡da.Verifica‡Æo 29% conclu¡da.Verifica‡Æo 29% conclu¡da.Verifica‡Æo 30% conclu¡da.Verifica‡Æo 30% conclu¡da.Verifica‡Æo 31% conclu¡da.Verifica‡Æo 31% conclu¡da.Verifica‡Æo 32% conclu¡da.Verifica‡Æo 33% conclu¡da.Verifica‡Æo 33% conclu¡da.Verifica‡Æo 34% conclu¡da.Verifica‡Æo 34% conclu¡da.Verifica‡Æo 35% conclu¡da.Verifica‡Æo 35% conclu¡da.Verifica‡Æo 36% conclu¡da.Verifica‡Æo 36% conclu¡da.Verifica‡Æo 37% conclu¡da.Verifica‡Æo 37% conclu¡da.Verifica‡Æo 38% conclu¡da.Verifica‡Æo 38% conclu¡da.Verifica‡Æo 39% conclu¡da.Verifica‡Æo 39% conclu¡da.Verifica‡Æo 40% conclu¡da.Verifica‡Æo 40% conclu¡da.Verifica‡Æo 41% conclu¡da.Verifica‡Æo 41% conclu¡da.Verifica‡Æo 42% conclu¡da.Verifica‡Æo 42% conclu¡da.Verifica‡Æo 43% conclu¡da.Verifica‡Æo 44% conclu¡da.Verifica‡Æo 44% conclu¡da.Verifica‡Æo 45% conclu¡da.Verifica‡Æo 45% conclu¡da.Verifica‡Æo 46% conclu¡da.Verifica‡Æo 46% conclu¡da.Verifica‡Æo 47% conclu¡da.Verifica‡Æo 47% conclu¡da.Verifica‡Æo 48% conclu¡da.Verifica‡Æo 48% conclu¡da.Verifica‡Æo 49% conclu¡da.Verifica‡Æo 49% conclu¡da.Verifica‡Æo 50% conclu¡da.Verifica‡Æo 50% conclu¡da.Verifica‡Æo 51% conclu¡da.Verifica‡Æo 51% conclu¡da.Verifica‡Æo 52% conclu¡da.Verifica‡Æo 52% conclu¡da.Verifica‡Æo 53% conclu¡da.Verifica‡Æo 53% conclu¡da.Verifica‡Æo 54% conclu¡da.Verifica‡Æo 55% conclu¡da.Verifica‡Æo 55% conclu¡da.Verifica‡Æo 56% conclu¡da.Verifica‡Æo 56% conclu¡da.Verifica‡Æo 57% conclu¡da.Verifica‡Æo 57% conclu¡da.Verifica‡Æo 58% conclu¡da.Verifica‡Æo 58% conclu¡da.Verifica‡Æo 59% conclu¡da.Verifica‡Æo 59% conclu¡da.Verifica‡Æo 60% conclu¡da.Verifica‡Æo 60% conclu¡da.Verifica‡Æo 61% conclu¡da.Verifica‡Æo 61% conclu¡da.Verifica‡Æo 62% conclu¡da.Verifica‡Æo 62% conclu¡da.Verifica‡Æo 63% conclu¡da.Verifica‡Æo 63% conclu¡da.Verifica‡Æo 64% conclu¡da.Verifica‡Æo 64% conclu¡da.Verifica‡Æo 65% conclu¡da.Verifica‡Æo 66% conclu¡da.Verifica‡Æo 66% conclu¡da.Verifica‡Æo 67% conclu¡da.Verifica‡Æo 67% conclu¡da.Verifica‡Æo 68% conclu¡da.Verifica‡Æo 68% conclu¡da.Verifica‡Æo 69% conclu¡da.Verifica‡Æo 69% conclu¡da.Verifica‡Æo 70% conclu¡da.Verifica‡Æo 70% conclu¡da.Verifica‡Æo 71% conclu¡da.Verifica‡Æo 71% conclu¡da.Verifica‡Æo 72% conclu¡da.Verifica‡Æo 72% conclu¡da.Verifica‡Æo 73% conclu¡da.Verifica‡Æo 73% conclu¡da.Verifica‡Æo 74% conclu¡da.Verifica‡Æo 74% conclu¡da.Verifica‡Æo 75% conclu¡da.Verifica‡Æo 75% conclu¡da.Verifica‡Æo 76% conclu¡da.Verifica‡Æo 77% conclu¡da.Verifica‡Æo 77% conclu¡da.Verifica‡Æo 78% conclu¡da.Verifica‡Æo 78% conclu¡da.Verifica‡Æo 79% conclu¡da.Verifica‡Æo 79% conclu¡da.Verifica‡Æo 80% conclu¡da.Verifica‡Æo 80% conclu¡da.Verifica‡Æo 81% conclu¡da.Verifica‡Æo 81% conclu¡da.Verifica‡Æo 82% conclu¡da.Verifica‡Æo 82% conclu¡da.Verifica‡Æo 83% conclu¡da.Verifica‡Æo 83% conclu¡da.Verifica‡Æo 84% conclu¡da.Verifica‡Æo 84% conclu¡da.Verifica‡Æo 85% conclu¡da.Verifica‡Æo 85% conclu¡da.Verifica‡Æo 86% conclu¡da.Verifica‡Æo 87% conclu¡da.Verifica‡Æo 87% conclu¡da.Verifica‡Æo 88% conclu¡da.Verifica‡Æo 88% conclu¡da.Verifica‡Æo 89% conclu¡da.Verifica‡Æo 89% conclu¡da.Verifica‡Æo 90% conclu¡da.Verifica‡Æo 90% conclu¡da.Verifica‡Æo 91% conclu¡da.Verifica‡Æo 91% conclu¡da.Verifica‡Æo 92% conclu¡da.Verifica‡Æo 92% conclu¡da.Verifica‡Æo 93% conclu¡da.Verifica‡Æo 93% conclu¡da.Verifica‡Æo 94% conclu¡da.Verifica‡Æo 94% conclu¡da.Verifica‡Æo 95% conclu¡da.Verifica‡Æo 95% conclu¡da.Verifica‡Æo 96% conclu¡da.Verifica‡Æo 96% conclu¡da.Verifica‡Æo 97% conclu¡da.Verifica‡Æo 98% conclu¡da.Verifica‡Æo 98% conclu¡da.Verifica‡Æo 99% conclu¡da.Verifica‡Æo 99% conclu¡da.Verifica‡Æo 100% conclu¡da.A Prote‡Æo de Recursos do Windows nÆo encontrou nenhuma viola‡Æo de integridade.========= Fim de CMD: =========Ponto de Restauração criado com sucesso.========= RemoveProxy: =========HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => valor removido (a) com sucesso.HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.========= Fim de RemoveProxy: =========C:\Windows\System32\Drivers\etc\hosts => movido com sucessoHosts restaurado com sucesso.=========== EmptyTemp: ==========BITS transfer queue => 8388608 BDOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5229177 BJava, Flash, Steam htmlcache => 492 BWindows/system/drivers => 57635464 BEdge => 0 BChrome => 80994869 BFirefox => 47008686 BOpera => 5682176 BTemp, IE cache, history, cookies, recent:Users => 0 BDefault => 66228 BPublic => 0 BProgramData => 0 Bsystemprofile => 56382883 Bsystemprofile32 => 172501 BLocalService => 0 BNetworkService => 0 BLucimar => 115493429 BRecycleBin => 0 BEmptyTemp: => 359.6 MB de dados temporários Removidos.================================O sistema precisou ser reiniciado.==== Fim de Fixlog 20:10:10 ==== Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 7, 2017 /_ Boa Noite! Annluciap _\ > Baixe: < > ( ... par Xplode ) > Ou daqui: < AdwCleaner > << Link! > Ao acessar,clique em "Download Now". > Salve-o no desktop! > Desabilite seu antivírus! < > > Clique direito em adwcleaner.exe,e escolha sua execução como administrador. > Clique "Ferramentas" >> "Opções". > Estando em "Opções",deixe as configurações conforme este banner. > Clique "Ok". > Ps: Dê início ao scan,clicando em "Verificar". > Ao concluir,clique "Limpar" ou "Cleaning" >> Ok >> Ok >> Ok. > Copie o log ou clique "Relatorio". > Poste: < C:\AdwCleaner\AdwCleaner[C0].txt > [Abs] Compartilhar este post Link para o post Compartilhar em outros sites
Annluciap 0 Denunciar post Postado Janeiro 8, 2017 Boa tarde, segue relatório. Obrigada. # AdwCleaner v6.042 - Relatório criado 08/01/2017 às 12:42:54# *Updated on 06/01/2017 by Malwarebytes# Banco de dados : 2017-01-06.1 [servidor]# Sistema operacional : Windows 7 Ultimate Service Pack 1 (X64)# Usuário : Lucimar - LUCIMAR-PC# Executando de : C:\Users\Lucimar\Desktop\adwcleaner_6.042.exe# Limpar# Apoio : https://www.malwarebytes.com/support***** [ Serviços ] *****[-] Políticas do IE excluídasswdumon[-] Políticas do IE excluídasNETTCPHANDLER***** [ Pastas ] *****[-] RestauradoC:\ProgramData\{1005F8C6-4087-2940-F101-59C221838A4C}[#] *Folder deleted on reboot: C:\ProgramData\Application Data\{1005F8C6-4087-2940-F101-59C221838A4C}[-] RestauradoC:\Users\Lucimar\AppData\Local\BrowserHelper[-] RestauradoC:\Users\Lucimar\AppData\Local\slimware utilities inc[-] RestauradoC:\Users\Lucimar\AppData\Local\wincheck[-] RestauradoC:\Users\Lucimar\AppData\Local\YSearchUtil[#] *Folder deleted on reboot: C:\Users\Lucimar\AppData\Local\SlimWare Utilities Inc[-] RestauradoC:\Users\Lucimar\AppData\Roaming\Elex-tech[-] RestauradoC:\Users\Lucimar\AppData\Roaming\GoldenGate[-] RestauradoC:\Users\Lucimar\AppData\Roaming\NetService[-] RestauradoC:\Users\Lucimar\AppData\Roaming\RunDir[-] RestauradoC:\Users\Lucimar\AppData\Roaming\shortCutStore[-] RestauradoC:\Users\Lucimar\AppData\Roaming\WinNetSvc[-] RestauradoC:\Users\Lucimar\AppData\Roaming\Booking_helper[-] RestauradoC:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence[-] RestauradoC:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oTweak Software[-] RestauradoC:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader[-] RestauradoC:\ProgramData\apn[-] RestauradoC:\ProgramData\SlimWare Utilities, Inc[#] *Folder deleted on reboot: C:\ProgramData\Application Data\apn[#] *Folder deleted on reboot: C:\ProgramData\Application Data\SlimWare Utilities, Inc[-] RestauradoC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com[-] RestauradoC:\Users\Public\Documents\Guid[-] RestauradoC:\Users\Public\Documents\pc faster[-] RestauradoC:\Users\Public\Documents\Downloaded Installers[-] RestauradoC:\Program Files (x86)\Elex-tech[-] RestauradoC:\Program Files (x86)\oTweak[-] RestauradoC:\Program Files (x86)\predm[-] RestauradoC:\Program Files (x86)\YTDownloader[-] RestauradoC:\Program Files (x86)\Booking.com[-] RestauradoC:\Program Files (x86)\Yahoo!\yset[-] RestauradoC:\Program Files (x86)\Common Files\Umbrella[-] RestauradoC:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\ntsvc[-] RestauradoC:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\WeatherTool[-] RestauradoC:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil[-] RestauradoC:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk[-] RestauradoC:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej***** [ Arquivos ] *****[-] RestauradoC:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url[-] RestauradoC:\Users\Lucimar\Desktop\Play Games Online.url[-] RestauradoC:\Windows\SysNative\drivers\swdumon.sys[-] RestauradoC:\END[-] RestauradoC:\Users\Public\Desktop\simpliclean.lnk[-] RestauradoC:\Users\Public\Desktop\Booking.com.lnk[-] RestauradoC:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk[-] RestauradoC:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml[#] RestauradoC:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml[#] RestauradoC:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml***** [ DLL ] ********** [ WMI ] ********** [ Atalhos ] ********** [ Tarefas agendadas ] *****[-] Chaves %sTracing%s excluídas{1005F8C6-4087-2940-F101-59C221838A4C}[-] Chaves %sTracing%s excluídas{D11EAD46-8D5B-4C3C-B5F5-E67B4B3C7841}***** [ Registro ] *****[-] RestauradoHKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\NETTCPHANDLER[#] *Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\NETTCPHANDLER[-] RestauradoHKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF[-] RestauradoHKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg[-] RestauradoHKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1[-] RestauradoHKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2[-] RestauradoHKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1[-] RestauradoHKLM\SOFTWARE\Classes\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}[-] RestauradoHKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}[-] RestauradoHKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}][-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}][-] RestauradoHKU\.DEFAULT\Software\PennyBee[-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\GoldenGate[-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\oTweak[-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\PRODUCTSETUP[-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\SlimWare Utilities Inc[-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\WeatherTool[-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Booking.com[-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\csastats[-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\YTDownloader[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2705312239-909248705-17524377-1000\Software\ShopperPro[#] *Key deleted on reboot: HKU\S-1-5-18\Software\PennyBee[#] *Key deleted on reboot: HKCU\Software\GoldenGate[#] *Key deleted on reboot: HKCU\Software\oTweak[#] *Key deleted on reboot: HKCU\Software\PRODUCTSETUP[#] *Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc[#] *Key deleted on reboot: HKCU\Software\WeatherTool[#] *Key deleted on reboot: HKCU\Software\Booking.com[#] *Key deleted on reboot: HKCU\Software\csastats[#] *Key deleted on reboot: HKCU\Software\YTDownloader[-] RestauradoHKLM\SOFTWARE\SLIMWARE UTILITIES, INC.[-] RestauradoHKLM\SOFTWARE\Clara[-] RestauradoHKLM\SOFTWARE\NetTcpHandler[-] RestauradoHKLM\SOFTWARE\NtSvcHandler[-] RestauradoHKLM\SOFTWARE\searchult[-] RestauradoHKLM\SOFTWARE\SlimWare Utilities Inc[-] RestauradoHKLM\SOFTWARE\WaInternetEn[-] RestauradoHKLM\SOFTWARE\SkypeUpdateEx[-] RestauradoHKLM\SOFTWARE\MaxPower[-] RestauradoHKLM\SOFTWARE\WMPNetworkAcSvc[-] RestauradoHKLM\SOFTWARE\YTDownloader[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B552B283-6EBC-457E-8187-01682C83F26C}_is1[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winsearch[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2705312239-909248705-17524377-1000\Software\ShopperPro[#] *Key deleted on reboot: [x64] HKCU\Software\GoldenGate[#] *Key deleted on reboot: [x64] HKCU\Software\oTweak[#] *Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP[#] *Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc[#] *Key deleted on reboot: [x64] HKCU\Software\WeatherTool[#] *Key deleted on reboot: [x64] HKCU\Software\Booking.com[#] *Key deleted on reboot: [x64] HKCU\Software\csastats[#] *Key deleted on reboot: [x64] HKCU\Software\YTDownloader[-] Restaurado[x64] HKLM\SOFTWARE\im-dosearch[-] Restaurado[x64] HKLM\SOFTWARE\navegaki[-] Restaurado[x64] HKLM\SOFTWARE\WaInternetEn[-] Restaurado[x64] HKLM\SOFTWARE\DtsEncodeTools[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\adserver.iminent.com[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\iminent.com[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\webssearches.com[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adserver.iminent.com[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\binkiland.com[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\iminent.com[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istart.webssearches.com[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\start.iminent.com[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\adserver.iminent.com[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\iminent.com[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\webssearches.com[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adserver.iminent.com[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\binkiland.com[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\iminent.com[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istart.webssearches.com[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\start.iminent.com[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\3D BubbleSound[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\DriverUpdaterPro[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\SPDriver[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\YTDownloader[-] RestauradoHKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}[-] RestauradoHKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}[-] RestauradoHKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}[-] RestauradoHKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}[-] RestauradoHKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}[-] RestauradoHKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}[-] RestauradoHKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}[-] RestauradoHKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}[-] RestauradoHKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}[-] RestauradoHKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}[-] RestauradoHKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}[-] RestauradoHKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}[-] RestauradoHKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}[-] RestauradoHKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [browserWeb.exe][-] RestauradoHKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}[-] RestauradoHKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}[#] *Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E[-] RestauradoHKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej[-] RestauradoHKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej[#] *Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej[-] Restaurado[x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej***** [ Verificando navegadores ... ] *****[-] [C:\Users\Lucimar\AppData\Local\Chromium\User Data\Default\Web data] [search Provider] Excluídosearch provided by yahoo[-] [C:\Users\Lucimar\AppData\Local\Chromium\User Data\Default] [extension] Excluídoelggllhppljlljkgfeokjpehmdamkejk[-] [C:\Users\Lucimar\AppData\Local\Chromium\User Data\Default] [homepage] Excluídohxxp://br.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxi01_15_27¶m1=1¶m2=f%3D1%26b%3DIS Browser%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCtByBtBtN1L2XzutAtFtCtDtFtCtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0DyD0CtCzz0DyEtGyC0F0BtAtGzy0D0F0CtGyD0D0B0EtGyE0F0AtDyB0E0DtB0DyEtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtDtB0AyDyCyCyCtGtA0AyEtDtGyE0CtCtAtGzyzyyDtCtGtAtCzytAyByCtCzztC0C0F0F2QtN0A0LzuyE%26cr%3D2012913086%26a%3Dwncy_bxi01_15_27%26os%3DWindows 7 Ultimate%26uref%3Dchmm[-] [C:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Excluídobr.ask.com[-] [C:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídoelggllhppljlljkgfeokjpehmdamkejk[-] [C:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídojcgcoifbkbphhjnekfkmohklfaimhikk[-] [C:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídonbljechdpodpbchbmjcoamidppmpnmlc[-] [C:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídooilkkkefbalmbfppgjmgjoefbclebkce[-] [C:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídopilplloabdedfmialnfchjomjmpjcoej*************************:: Chaves "Tracing" excluídas:: Configurações Winsock restauradas:: Configurações Proxy restauradas:: Políticas do IE excluídas:: Políticas do Chrome excluídas:: Chrome preferences resetC:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default:: *Hosts file cleared*************************C:\AdwCleaner\AdwCleaner[C0].txt - [16774 *Bytes] - [08/01/2017 12:42:54]C:\AdwCleaner\AdwCleaner[s0].txt - [15266 *Bytes] - [08/01/2017 12:31:31]########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [16924 *Bytes] ########## Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 8, 2017 /_ Boa Noite! Annluciap _\ > Siga,na ordem proposta,estes dois procedimentos! > Baixe: < > ( ... by Malwarebytes.org ) > Ou aqui! < JRT.exe > > Salve-o no desktop! > Desabilite seu antivírus! > Para Windows 7,clique direito em JRT.exe e execute-o ... > Tendo dificuldades,pode executá-lo em Modo de Segurança com Rede. > Aguarde a conclusão e poste o relatório. ( JRT.txt ) > Baixe: < > ( ... de Nicolas Coolman ) > Ou |Aqui!| << Mirror! > Estando na página,clique > Salve-a no desktop! ( ZHPCleaner.exe ) > Desabilite seu antivírus e execute ZHPCleaner.exe << > Clique "Eu". > Clique Scanner. > Aguarde a conclusão! > Ao concluir,clique Reparar. < http://7.t.imgbox.com/CWxMrxRA.jpg > << Link! > Acesse as guias que estão assinaladas em vermelho. > Clique Reparar. < http://i.imgur.com/fN86PG8.jpg > << Link! > Ao concluir,clique Relatório! > Poste o log de reparo: ~ Type : Reparo [Abs] Compartilhar este post Link para o post Compartilhar em outros sites
Annluciap 0 Denunciar post Postado Janeiro 10, 2017 Boa tarde, seguem logs conforme solicitado. Obrigada. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 8.1.0 (12.05.2016)Operating System: Windows 7 Ultimate x64Ran by Lucimar (Limited) on 10/01/2017 at 13:01:30,02~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~File System: 0Registry: 0~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 10/01/2017 at 13:05:18,15End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~ ZHPCleaner v2017.1.7.4 by Nicolas Coolman (2017/01/07)~ Run by Lucimar (Administrator) (10/01/2017 14:21:27)~ Web: https://www.nicolascoolman.com~ Blog: https://www.anti-malware.top~ Facebook : https://www.facebook.com/nicolascoolman1~ State version :~ Type : Reparo~ Report : C:\Users\Lucimar\Desktop\ZHPCleaner.txt~ Quarantine : C:\Users\Lucimar\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt~ UAC : Activate~ Boot Mode : Normal (Normal boot)Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)---\\ Serviços (0)~ Nenhum ítem malicioso o desnecessários foi encontrado.---\\ Navegadores de Internet (0)~ Nenhum ítem malicioso o desnecessários foi encontrado.---\\ Arquivo hosts (1)~ O arquivo hosts é legítimo (21)---\\ Tarefas automáticas agendadas. (0)~ Nenhum ítem malicioso o desnecessários foi encontrado.---\\ Explorer ( Arquivos, Pastas) (60)MOVIDO pasta: C:\Users\Public\Desktop\1-click optimization.lnk [bad : C:\Program Files (x86)\simplitec\simpliclean\PowerSuiteStart.exe](.simplitec GmbH.) =>.Superfluous.SimpliCleanMOVIDO pasta: C:\Users\Lucimar\AppData\Roaming\unins001.exe [ - Setup/Uninstall] =>PUP.Optional.PirritMOVIDO pasta: C:\Users\Lucimar\AppData\Roaming\unins002.exe [ - Setup/Uninstall] =>PUP.Optional.PirritMOVIDO pasta: C:\Windows\Prefetch\YTDOWNLOADER.EXE-16291FE1.pf =>PUP.Optional.YTDownloaderMOVIDO arquivo: C:\Users\Lucimar\AppData\Local\Temp\scoped_dir_292_23992 =>.Superfluous.Temporary.SteamMOVIDO arquivo: C:\Program Files (x86)\simplitec\simpliclean =>.Superfluous.SimpliCleanMOVIDO arquivo: C:\Windows\Installer\MSI110F.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI1748.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI1A58.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI1C79.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI1E28.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI22.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI2800.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI3052.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI32A4.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI3737.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI37AA.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI388.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI38BD.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI3A.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI3BAB.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI3C68.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI404D.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI41F3.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI437D.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI4619.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI48F5.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI4D1F.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI50B3.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI5216.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI583D.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI5948.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI5E96.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI5F3F.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI678C.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI6F79.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSI97B1.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSIA16D.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSIA38F.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSIB99F.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSIC522.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSIC838.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSICB99.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSICF9F.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSICFAF.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSID30A.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSID645.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSID73F.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSID75.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSIDB17.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSIE32D.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSIE653.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSIE81C.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSIEFEA.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSIF355.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSIF7C9.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSIFB91.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSIFDC3.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSIFEAD.tmp- =>.Superfluous.EmptyMOVIDO arquivo: C:\Windows\Installer\MSIFFE4.tmp- =>.Superfluous.Empty---\\ Registro ( Chaves, Valores, Dados ) (32)SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Ammyy [] =>.Superfluous.AmmyySUPRIMIDO chave: HKCU\Software\Ammyy [] =>.Superfluous.AmmyySUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net [188] =>.Superfluous.AkamaiHDSUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\api.smarterpowerunite.com [172147] =>PUP.Optional.SmarterPowerSUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdncache-a.akamaihd.net [464] =>.Superfluous.AkamaiHDSUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\d15vtg97aygy3q.cloudfront.net [10] =>.Superfluous.CloudfrontNetSUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hdapp1008-a.akamaihd.net [8] =>.Superfluous.AkamaiHDSUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mixvideoplayer.com [] =>.Superfluous.SoftforceSUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\smarterpowerunite.com [153385] =>PUP.Optional.SmarterPowerSUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\vitruvianleads.com [] =>Adware.VitruvianSUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.vitruvianleads.com [25] =>Adware.VitruvianSUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net [] =>.Superfluous.AkamaiHDSUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\browsepulse-a.akamaihd.net [95848] =>PUP.Optional.BrowsePulseSUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cdncache-a.akamaihd.net [308] =>.Superfluous.AkamaiHDSUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d15vtg97aygy3q.cloudfront.net [28] =>.Superfluous.CloudfrontNetSUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hdapp1008-a.akamaihd.net [8] =>.Superfluous.AkamaiHDSUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\vitruvianleads.com [] =>Adware.VitruvianSUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.vitruvianleads.com [25] =>Adware.VitruvianSUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Primary Color [] =>PUP.Optional.PrimaryColorSUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Primary Color [] =>PUP.Optional.PrimaryColorSUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Sakura [] =>PUP.Optional.GameGogleSUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32 [] =>.Superfluous.ByteFenceSUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS [] =>.Superfluous.ByteFenceSUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\MixVideoPlayer_RASAPI32 [] =>.Superfluous.SoftforceSUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\MixVideoPlayer_RASMANCS [] =>.Superfluous.SoftforceSUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASAPI32 [] =>PUP.Optional.MyPCBackupSUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASMANCS [] =>PUP.Optional.MyPCBackupSUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\SmarterPower_RASAPI32 [] =>PUP.Optional.SmarterPowerSUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\SmarterPower_RASMANCS [] =>PUP.Optional.SmarterPowerSUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Sakura [] =>PUP.Optional.GameGogleSUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\simplitec POWER SUITE_is1 [simplitec GmbH] =>.Superfluous.SimpliCleanSUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect---\\ Resumo dos elementos encontrados na sua estação de trabalho (17) =>.Superfluous.SimpliClean =>PUP.Optional.Pirrit =>PUP.Optional.YTDownloader =>.Superfluous.Temporary.Steam =>.Superfluous.Empty =>.Superfluous.Ammyy =>.Superfluous.AkamaiHD =>PUP.Optional.SmarterPower =>.Superfluous.CloudfrontNet =>.Superfluous.Softforce =>Adware.Vitruvian =>PUP.Optional.BrowsePulse =>PUP.Optional.PrimaryColor =>PUP.Optional.GameGogle =>.Superfluous.ByteFence =>PUP.Optional.MyPCBackup https://www.anti-malware.top/2016/04/22/heuristic-suspect/%C2'> =>Heuristic.Suspect ---\\ Dodatkowe oczyszczenie. (37)~ Chave de registro Tracing Supprimido (37)~ Remover os relatórios antigos ZHPCleaner. (0)---\\ Resultado de reparaçãoReparação efectuada com sucesso---\\ Estatísticas~ Items scan : 3698~ Items encontrado : 0~ items cancelados : 0~ Items réparo : 92~ End of clean in 00h02mn29s~====================ZHPCleaner-[R]-10012017-14_23_56.txtZHPCleaner--10012017-14_10_33.txt Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 10, 2017 /_ Boa Noite! Annluciap _\ > Baixe: 9-Lab Malware Removal Tool http://9-lab.com/download_dist/rmtool-setup-x86.exe > Aqui,para sistemas x86. http://9-lab.com/download_dist/rmtool-setup-x64.exe > Aqui,para sistemas x64. > Atualize o engenho! > Preliminarmente,escolha o escaneamento Quick scan ou Rápido. > Caso queira,configure o 9-lab malware removal tool para Português-Brasil. > Para deletar suas detecções,clique em "Remover". > Poste o relatório! (9lab-log-2017-mês-dia ***.txt) [Abs] Compartilhar este post Link para o post Compartilhar em outros sites
Annluciap 0 Denunciar post Postado Janeiro 11, 2017 Boa noite, Como o relatório é longo envio o link para acessá-lo. http://www.cjoint.com/c/GAlapoKchA5 Obrigada. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 11, 2017 /_ Boa Noite! Annluciap _\ > Removeu as detecções do antimalware? > Vamos remover as ferramentas utilizadas na desinfecção! > Baixe: < > ( ... de Xplode ) > Ou Aqui > << Link opcional > Estando na página,clique em Download Now. > Salve-o em um local conveniente! ( desktop! ) > Feche aplicativos que estejam abertos. > Remover ferramentas de desinfecção > Criar backup do registro > Limpar pontos da restauração do sistema > Com estas caixinhas marcadas,clique Executar! > Ps: Desejando manter as ferramentas,marque somente estas caixinhas! > Reinicie o computador! > Tudo Ok? A+ Compartilhar este post Link para o post Compartilhar em outros sites
Annluciap 0 Denunciar post Postado Janeiro 12, 2017 Boa noite, sim, removi as detecções. Agora está tudo ok com o note. Muito obrigada pela ajuda. :) Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 12, 2017 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
