Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

William Bruno

[Arquivado] Análise de log hijackthis

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 20:54:56, on 12/07/2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)


Boot mode: Normal

Running processes:
C:\Users\rocha\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Users\rocha\AppData\Local\Microsoft\OneDrive\18.091.0506.0007\FileCoAuth.exe
C:\Users\rocha\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\rocha\AppData\Roaming\uTorrent\updates\3.5.3_44396\utorrentie.exe
C:\Users\rocha\AppData\Roaming\uTorrent\updates\3.5.3_44396\utorrentie.exe
C:\Users\rocha\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=
O4 - HKCU\..\Run: [OneDrive] "C:\Users\rocha\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_55291E691241D99943A34E14F28004C6] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [iCloud] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 9009 bytes

O meu mouse as vezes fica travando. Eu não sei o motivo, e não tem nada que esteja claramente consumindo muito recursos.

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Boa Noite! William Bruno _\

 

> Baixe: < IASCZft.jpgFarbar Recovery Scan Tool >

Citar

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/


> No link àcima,temos a ferramenta para sistemas 32bits!

 

Citar


> No link àcima,temos o download para sistemas 64bits! (FRST64.exe)
> Salve-a ao desktop! (Área de trabalho ...)
> Execute a ferramenta!
> Clique "Sim" >> "Examinar".

 

4y9giFrI.jpg

 

> Antes de clicar "Examinar",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Exame Opcional",deixe marcada as checkbox "Addition.txt" e "Arquivos 90 Dias".
> Ps: Será gerado,também,o relatório "Addition.txt".
> Poste os relatórios! (FRST.txt + Addition.txt)

 

Citar

http://www.cjoint.com/


> Como os logs serão extensos,envie-os à cjoint.com.

 

EUE4tdb.jpg

 

> Clique no botão Parcourir...
> Busque o relatório e clique no botão Abrir.
> Clique no botão "Créer le lien Cjoint".
> Copie o link que está ao lado de "Le lien a été créé" e poste-o em sua resposta.

 

Copierlelien_zpsd51f499f.jpg

 

> Ou clique "Copier le lien (*)" e cole o link ao seu Post.
> Outra opçãohospedar os relatórios em Hébergement de fichiers, Security-x.fr.

 

Citar

http://dl.free.fr


> Ou ainda,em dl.free.fr.
> Fique atento,pois teremos 2 links a serem postados!

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Boa Noite! William Bruno _\

 

> Desinstale: <2>

 

CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - ) <==== ATENÇÃO
Malwarebytes versão 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)

 

> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto ou Unicode,caso solicite!
> Salve-as ao desktop! ( Área de trabalho ... )
 

start::
CloseProcesses:
2018-04-18 08:28 - 2018-04-18 08:29 - 000000000 ____D C:\AdwCleaner
2018-04-18 08:28 - 2018-04-18 08:28 - 007256272 _____ (Malwarebytes) C:\Users\rocha\Downloads\AdwCleaner.exe
2018-04-18 08:25 - 2018-04-18 08:25 - 001790024 _____ (Malwarebytes) C:\Users\rocha\Downloads\JRT.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Nenhum Arquivo
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> Nenhum Arquivo
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
Task: {CB6465DC-304B-4ADF-B283-8B20E661EF77} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-04-12] (Piriform Ltd)
ShortcutWithArgument: C:\Users\rocha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Postman.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop
AlternateDataStreams: C:\Users\rocha\OneDrive\Documentos\Modelos Personalizados do Office:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
Emptytemp:
end::

 

IsRtnte.jpg

 

> Execute FRST/FRST64 >> Clique "Corrigir" << Aguarde!
> Poste o relatório "Resultado da Correção pela Farbar Recovery Scan Tool" (Fixlog.txt)
> Este e outros relatórios,podem ser encontrados na pasta: Disco Local (C) > FRST > Logs

 

[]s

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia DigRam!

Segue o Fixlog.txt
 

Quote


Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 15.07.2018
Executado por rocha (18-07-2018 06:28:56) Run:1
Executando a partir de C:\Users\rocha\Desktop
Perfis Carregados: rocha (Perfis Disponíveis: rocha & jucam)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CloseProcesses:
2018-04-18 08:28 - 2018-04-18 08:29 - 000000000 ____D C:\AdwCleaner
2018-04-18 08:28 - 2018-04-18 08:28 - 007256272 _____ (Malwarebytes) C:\Users\rocha\Downloads\AdwCleaner.exe
2018-04-18 08:25 - 2018-04-18 08:25 - 001790024 _____ (Malwarebytes) C:\Users\rocha\Downloads\JRT.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Nenhum Arquivo
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> Nenhum Arquivo
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
Task: {CB6465DC-304B-4ADF-B283-8B20E661EF77} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-04-12] (Piriform Ltd)
ShortcutWithArgument: C:\Users\rocha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Postman.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop
AlternateDataStreams: C:\Users\rocha\OneDrive\Documentos\Modelos Personalizados do Office:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
Emptytemp:

*****************

Processos fechados com sucesso.
C:\AdwCleaner => movido com sucesso
C:\Users\rocha\Downloads\AdwCleaner.exe => movido com sucesso
C:\Users\rocha\Downloads\JRT.exe => movido com sucesso
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => não encontrado (a)
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => não encontrado (a)
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => não encontrado (a)
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxDTCM" => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{9B5F5829-A529-4B12-814A-E81BCB8D93FC} => não encontrado (a)
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MBAMShlExt => não encontrado (a)
HKLM\Software\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => não encontrado (a)
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\MBAMShlExt => não encontrado (a)
HKLM\Software\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => não encontrado (a)
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{CB6465DC-304B-4ADF-B283-8B20E661EF77}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB6465DC-304B-4ADF-B283-8B20E661EF77}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\CCleaner Update => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner Update" => removido (a) com sucesso.
C:\Users\rocha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Postman.lnk => Atalho argumento removido (a) com sucesso.
C:\Users\rocha\OneDrive\Documentos\Modelos Personalizados do Office => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService" => removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MBAMService" => removido (a) com sucesso.

=========== EmptyTemp: ==========

BITS transfer queue => 8151040 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 88983698 B
Java, Flash, Steam htmlcache => 346181238 B
Windows/system/drivers => 3112426 B
Edge => 39188730 B
Chrome => 442481179 B
Firefox => 0 B
Opera => 176682 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 57254 B
NetworkService => 0 B
rocha => 53077749 B
jucam => 0 B

RecycleBin => 1862114 B
EmptyTemp: => 937.7 MB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 06:29:26 ====

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ Bom Dia! William Bruno _\

 

Não vi malwares nos relatórios! Seu computador é limpo.

 

> Baixe: < ZHPCleaner > < 6LcRokv.jpg ... de Nicolas Coolman >

> Ou |Aqui!| << Mirror!

https://www.youtube.com/watch?v=8olWT8u5RYQ


> Caso tenha algum impedimento ao download,assista este tutorial que foi postado no YouTube,para desativar o Windows SmartScreen.

> Estando na página,clique 7ukwnm8.jpg

> Salve-a ao desktop! ( ZHPCleaner.exe )
> Desabilite seu antivírus e execute ZHPCleaner.exe <<

 

nDQ00tR.jpg

 

> Ao abrir esta tela,evite clicar em Update ou Atualização,para não ser direcionado ao ZHPBrowser.
> Ps: Feche a mensagem ao clicar no ["X"].

 

6MKUYyzn.jpg

 

> Com a ferramenta aberta,clique em Scanner.

 

ljOOETD.jpg

 

> Aguarde a conclusão!

 

9g2LW3p.jpg

 

> Ao concluir,clique Repair.

 

88z05Yv.jpg

 

> Ps: Ignore possíveis alertas quanto à sua configuração de rede. (DNS)
> Clique Sim >> Sim!

 

CWxMrxRA.jpg

 

> Surgirão guias que estarão em vermelho,indicando problemas a serem reparados.
> Clique Repair.

 

fN86PG8.jpg

 

> Ao concluir,clique Report.
> Poste o log de reparo: ~ Type : Reparo

file:///C:/Users/xxx../AppData/Roaming/ZHP/ZHPCleaner.html


Ps: Ao clicar "Report",você obterá o relatório,dentre outras informações,em formato HTML.
file:///C:/Users/xxx.../AppData/Roaming/ZHP/ZHPCleaner.txt


Este será seu relatório direto,obtido ao modificar na barra de endereços,de (.html) para (.txt).
Basta selecionar (ctrl + A),copiar (ctrl + C) e colar ao seu Post ou Bloco de Notas. (ctrl + V)

 

dcE3kmT.jpg

 

Disponibilize o relatório em Cjoint.com ou utilize spoiler,cuja instrução está ao final daquela página.
Outra opçãohospedar o relatório em Hébergement de fichiers, Security-x.fr.

 

[Abs]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue

 

Então deve ser driver, ou o mouse que está ruim.. haha vlw!!

Quote



~ ZHPCleaner v2018.7.15.149 by Nicolas Coolman (2018/07/15)
~ Run by rocha (Administrator)  (20/07/2018 08:11:59)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\rocha\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\rocha\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 17134)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.


---\\  Registry ( Key, Value, Data) (1)
DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_55291E691241D99943A34E14F28004C6 ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5]  =>PUP.Optional.MyBrowser


---\\  Summary of the elements found (1)
https://nicolascoolman.eu/2017/11/01/adware-mybrowser/  =>PUP.Optional.MyBrowser


---\\  Other deletions. (8)
~ Registry Keys Tracing deleted (8)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)


---\\ Statistics
~ Items scanned : 2240
~ Items found : 0
~ Items cancelled : 0
~ Items options : 0/7
~ Space saving (bytes) : 0


~ End of clean in 00h00mn03s

---\\  Reports (4)
ZHPCleaner-[R]-18072018-07_22_59.txt
ZHPCleaner-[S]-18072018-07_21_00.txt
ZHPCleaner-[S]-20072018-08_11_18.txt
ZHPCleaner-[R]-20072018-08_12_02.txt

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

/_ William Bruno _\

 

A ZHPCleaner veio com o log limpo!

Tente a substituição do Mouse e verifique se houve mudanças.

 

[]s

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.