Re: Notebook Toshiba L675-S7133 - Trancando

por binalima Ter 16 Dez 2014, 17:07

continuação...

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest

User: HomeGroupUser$

User: Public

User: Sergio
->Temp folder emptied: 71600 bytes
->Temporary Internet Files folder emptied: 578080 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1879 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44556982 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 738 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 43.00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 12162014_151549

Files moved on Reboot...
C:\Users\Sergio\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Sergio\AppData\Local\Temp\~DF2F024347BA09CB60.TMP moved successfully.
C:\Users\Sergio\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\windows\temp\ZLT07eaf.TMP moved successfully.
File move failed. C:\windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BFILTER\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BFMON\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BNDEF\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECT\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECTEX\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\ scheduled to be deleted on reboot.

por **joram** Ter 16 Dez 2014, 18:03

Boa Tarde! binalima

> As ACL impostas pela Baidu,ao Registro,estão impedindo a remoção de algumas entradas.
> Mas...como está o Notebook? Os trancamentos ou congelamentos cessaram?

A+

por binalima Ter 16 Dez 2014, 18:40

Tenho impreesão que melhorou, levemente, porém os trancamentos continuam.
Mais alguma coisa a fazer?
Att.,

por **joram** Ter 16 Dez 2014, 18:55

binalima escreveu:Tenho impreesão que melhorou, levemente, porém os trancamentos continuam.
Mais alguma coisa a fazer?
Att.,

Boa Tarde! binalima

> Desinstale a Suite ZoneAlarm e a substitua pelo Avast.
> Ps: Não deixe no PC,nenhum engenho de proteção,além do Avast.

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de g3n-h@chm@n )

> Estando na página,clique:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
> Salve-o no desktop! ( AdsFix.exe )
> Desabilite seu antivírus e execute a ferramenta.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Clique em Nettoyer e aguarde a conclusão!
> Ps: Encontrando dificuldades em iniciar a ferramenta,vá em Options e clique WMI.
> Ps: Caso apareça a mensagem "Supprimer le proxy",pode confirmar se não o utiliza.
> Confirme,também,o reboot!
> Poste o relatório! ( C:\AdsFix_data_hora.txt )

A+

por binalima Ter 16 Dez 2014, 19:16

Vou tirar o ZoneAlarm, mas o Avast já usei e é trancador. Tem outra sugestão?

por **joram** Ter 16 Dez 2014, 19:37

binalima escreveu:Vou tirar o ZoneAlarm, mas o Avast já usei e é trancador. Tem outra sugestão?

Olá! binalima

> Como assim? Trancador...não entendi!
> Utilize proteção em segundo plano para remediar os "trancamentos".

A+

por binalima Ter 16 Dez 2014, 19:42

OK. Vou fazer.
Estou excluindo Panda Clouder também.

por **joram** Ter 16 Dez 2014, 19:47

binalima escreveu:OK. Vou fazer.
Estou excluindo Panda Clouder também.

Olá! binalima

> Pode excluir! isso aí!

A+

por binalima Qua 17 Dez 2014, 07:51

Foi tumultuado passar o ADS.
1o. ao chegar a 20% e pegar 3 infecções o sistema deu reboot sozinho e quando retornou começou com CheckingDisk, mas aparentemente salvou o relatório dessa parte.
Rodei novamente (como é demorado) e até os 20% não havia mais infecção. Essas surgiram a partir dos 35% (19 infecções).
Espero que os relatórios estejam OK.

A seguir, relatório da 1a. parte

¤¤¤¤¤¤¤¤¤¤ | AdsFix | g3n-h@ckm@n | 16.12.2014.2

¤¤¤¤¤ Vista | 7 | 8 | 8.1 - 32/64 bits ¤¤¤¤¤ - Start 20:39:14 - 16/12/2014

update on : 16/12/2014 | 10.45 by g3n-h@ckm@n™
Contact : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Assistance : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Feedbacks : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Boot: Normal boot
[Sergio (Administrator)] - [SERGIO-PC] - (Brazil [0409])
SID = S-1-5-21-4064657657-4253216823-4133322302-1000 || [53657267696f205e5e]
PC : TOSHIBA - NALAA - *
Bios : TOSHIBA - 08/02/11
System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
RAM memory = Total (MB) : 3984 | Free (MB) : 2250
Pagefile = Total (MB) : 12174 | Free (MB) : 10142
Virtual = Total (MB) : 4194 | Free (MB) : 4043

Registry saved, to restore : : C:\AdsFix\Save\Registry [16.12.2014 @ 20_39_06] (Click on Options & Restore the register)
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"

¤¤¤¤¤¤¤¤¤¤ | Windows Updates

No windows updates detected !!!

¤¤¤¤¤¤¤¤¤¤ | Browsers

IE : 11.0.9600.17496 (© Microsoft Corporation. All rights reserved.)
OP : 26.0.1656.32 (Copyright © Opera Software 2014)

¤¤¤¤¤¤¤¤¤¤ | Security (atcav : 0)

FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Order
AS: Windows Defender [Auto(2)] = Order
FW: Windows FireWall Service [Auto(2)] = Order

¤¤¤¤¤¤¤¤¤¤ | FlashPlayer

ActiveX : 15.0.0.239
Plugin : 15.0.0.239

¤¤¤¤¤¤¤¤¤¤ | Killed processes

1152 | [Owner : SYSTEM |Parent : 688] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.55) = C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
1192 | [Owner : SYSTEM |Parent : 1152] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.193) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1476 | [Owner : Sergio |Parent : 1468] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17567) = C:\Windows\explorer.exe
1604 | [Owner : SYSTEM |Parent : 688] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe
1612 | [Owner : Sergio |Parent : 688] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe
2308 | [Owner : SYSTEM |Parent : 688] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe
2440 | [Owner : NETWORK SERVICE |Parent : 688] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
2540 | [Owner : Sergio |Parent : 628] - (.Microsoft Corporation - Console Window Host.) - (6.1.7601.18229) = C:\Windows\System32\conhost.exe
2632 | [Owner : Sergio |Parent : 844] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.1.7600.16385) = C:\Windows\System32\wbem\unsecapp.exe
4756 | [Owner : SYSTEM |Parent : 688] - (.Microsoft Corporation - Microsoft® Volume Shadow Copy Service.) - (6.1.7601.17514) = C:\Windows\System32\VSSVC.exe
1192 | [Owner : SYSTEM |Parent : 1152] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.193) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1476 | [Owner : Sergio |Parent : 1468] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17567) = C:\Windows\explorer.exe
2440 | [Owner : NETWORK SERVICE |Parent : 688] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe

¤¤¤¤¤¤¤¤¤¤ | Tasks

Deleted successfully : Driver Booster SkipUAC (Sergio)

Deleted successfully : C:\windows\Tasks\TaskDisabled

¤¤¤¤¤¤¤¤¤¤ | Services

¤¤¤¤¤¤¤¤¤¤ | AppCertDlls | AppInit_DLLs

¤¤¤¤¤¤¤¤¤¤ | Hosts

Hosts : Ok

¤¤¤¤¤¤¤¤¤¤ | SafeBoot

¤¤¤¤¤¤¤¤¤¤ | Winsock

¤¤¤¤¤¤¤¤¤¤ | DNS

¤¤¤¤¤¤¤¤¤¤ | Register

Deleted successfully : HKU\S-1-5-21-4064657657-4253216823-4133322302-1000_Classes\softonic
¤¤¤¤¤¤¤¤¤¤ | AdsFix | g3n-h@ckm@n | 16.12.2014.2

¤¤¤¤¤ Vista | 7 | 8 | 8.1 - 32/64 bits ¤¤¤¤¤ - Start 20:59:37 - 16/12/2014

update on : 16/12/2014 | 10.45 by g3n-h@ckm@n™
Contact : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Assistance : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Feedbacks : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Boot: Normal boot
[Sergio (Administrator)] - [SERGIO-PC] - (Brazil [0409])
SID = S-1-5-21-4064657657-4253216823-4133322302-1000 || [53657267696f205e5e]
PC : TOSHIBA - NALAA - *
Bios : TOSHIBA - 08/02/11
System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
RAM memory = Total (MB) : 3984 | Free (MB) : 146
Pagefile = Total (MB) : 12174 | Free (MB) : 6993
Virtual = Total (MB) : 4194 | Free (MB) : 4034

Registry saved, to restore : : C:\AdsFix\Save\Registry [16.12.2014 @ 20_58_06] (Click on Options & Restore the register)
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"

¤¤¤¤¤¤¤¤¤¤ | Windows Updates

No windows updates detected !!!

¤¤¤¤¤¤¤¤¤¤ | Browsers

IE : 11.0.9600.17496 (© Microsoft Corporation. All rights reserved.)
OP : 26.0.1656.32 (Copyright © Opera Software 2014)

¤¤¤¤¤¤¤¤¤¤ | Security (atcav : 0)

FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Order
AS: Windows Defender [Auto(2)] = Order
FW: Windows FireWall Service [Auto(2)] = Order

¤¤¤¤¤¤¤¤¤¤ | FlashPlayer

ActiveX : 15.0.0.239
Plugin : 15.0.0.239

¤¤¤¤¤¤¤¤¤¤ | Killed processes

3692 | [Owner : SYSTEM |Parent : 688] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe
1232 | [Owner : NETWORK SERVICE |Parent : 688] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
1300 | [Owner : SYSTEM |Parent : 688] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe
3212 | [Owner : NETWORK SERVICE |Parent : 688] - (.Microsoft Corporation - Microsoft Software Protection Platform Service.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe
2012 | [Owner : Sergio |Parent : 4868] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17567) = C:\Windows\explorer.exe
¤¤¤¤¤¤¤¤¤¤ | AdsFix | g3n-h@ckm@n | 16.12.2014.2

¤¤¤¤¤ Vista | 7 | 8 | 8.1 - 32/64 bits ¤¤¤¤¤ - Start 21:03:14 - 16/12/2014

update on : 16/12/2014 | 10.45 by g3n-h@ckm@n™
Contact : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Assistance : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Feedbacks : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Boot: Normal boot
[Sergio (Administrator)] - [SERGIO-PC] - ( [0409])
SID = S-1-5-21-4064657657-4253216823-4133322302-1000 || [53657267696f205e5e]
PC : TOSHIBA - NALAA - *
Bios : TOSHIBA - 08/02/11
System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
RAM memory = Total (MB) : 3984 | Free (MB) : 2186
Pagefile = Total (MB) : 12174 | Free (MB) : 9962
Virtual = Total (MB) : 4194 | Free (MB) : 4040

¤¤¤¤¤¤¤¤¤¤ | Windows Updates

No windows updates detected !!!

¤¤¤¤¤¤¤¤¤¤ | Browsers

IE : 11.0.9600.17496 (© Microsoft Corporation. All rights reserved.)
OP : 26.0.1656.32 (Copyright © Opera Software 2014)

¤¤¤¤¤¤¤¤¤¤ | Security (atcav : 0)

FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Order
AS: Windows Defender [Auto(2)] = Order
FW: Windows FireWall Service [Auto(2)] = Order

¤¤¤¤¤¤¤¤¤¤ | FlashPlayer

ActiveX : 15.0.0.239
Plugin : 15.0.0.239

¤¤¤¤¤¤¤¤¤¤ | WMI

WMI : OK -> Service in functioning

¤¤¤¤¤¤¤¤¤¤ |EOF| ¤¤¤¤¤¤¤¤¤¤ | 21:03:14

por binalima Qua 17 Dez 2014, 07:52

Agora o relatório da 2a. passagem do Ads.

¤¤¤¤¤¤¤¤¤¤ | AdsFix | g3n-h@ckm@n | 16.12.2014.2

¤¤¤¤¤ Vista | 7 | 8 | 8.1 - 32/64 bits ¤¤¤¤¤ - Start 21:12:36 - 16/12/2014

update on : 16/12/2014 | 10.45 by g3n-h@ckm@n™
Contact : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Assistance : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Feedbacks : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Boot: Normal boot
[Sergio (Administrator)] - [SERGIO-PC] - (Brazil [0409])
SID = S-1-5-21-4064657657-4253216823-4133322302-1000 || [53657267696f205e5e]
PC : TOSHIBA - NALAA - *
Bios : TOSHIBA - 08/02/11
System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
RAM memory = Total (MB) : 3984 | Free (MB) : 2647
Pagefile = Total (MB) : 12174 | Free (MB) : 10818
Virtual = Total (MB) : 4194 | Free (MB) : 4034

Registry saved, to restore : : C:\AdsFix\Save\Registry [16.12.2014 @ 21_12_31] (Click on Options & Restore the register)
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"

¤¤¤¤¤¤¤¤¤¤ | Windows Updates

No windows updates detected !!!

¤¤¤¤¤¤¤¤¤¤ | Browsers

IE : 11.0.9600.17496 (© Microsoft Corporation. All rights reserved.)
OP : 26.0.1656.32 (Copyright © Opera Software 2014)

¤¤¤¤¤¤¤¤¤¤ | Security (atcav : 0)

FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Order
AS: Windows Defender [Auto(2)] = Order
FW: Windows FireWall Service [Auto(2)] = Order

¤¤¤¤¤¤¤¤¤¤ | FlashPlayer

ActiveX : 15.0.0.239
Plugin : 15.0.0.239

¤¤¤¤¤¤¤¤¤¤ | Killed processes

1172 | [Owner : SYSTEM |Parent : 788] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.55) = C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
1196 | [Owner : SYSTEM |Parent : 1172] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.193) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1656 | [Owner : Sergio |Parent : 1648] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17567) = C:\Windows\explorer.exe
1844 | [Owner : SYSTEM |Parent : 788] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe
1628 | [Owner : Sergio |Parent : 924] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.1.7600.16385) = C:\Windows\System32\wbem\unsecapp.exe
3092 | [Owner : Sergio |Parent : 1656] - (.Microsoft Corporation - Windows Media Player Network Sharing Service Configuration Application.) - (12.0.7600.16385) = C:\Program Files\Windows Media Player\wmpnscfg.exe
3136 | [Owner : Sergio |Parent : 1656] - (.Microsoft Corporation - Windows Media Player Network Sharing Service Configuration Application.) - (12.0.7600.16385) = C:\Program Files\Windows Media Player\wmpnscfg.exe
3380 | [Owner : NETWORK SERVICE |Parent : 788] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
3436 | [Owner : SYSTEM |Parent : 788] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe
3188 | [Owner : SYSTEM |Parent : 640] - (.Microsoft Corporation - Console Window Host.) - (6.1.7601.18229) = C:\Windows\System32\conhost.exe
3944 | [Owner : SYSTEM |Parent : 788] - (.Microsoft Corporation - Microsoft® Volume Shadow Copy Service.) - (6.1.7601.17514) = C:\Windows\System32\VSSVC.exe
3380 | [Owner : NETWORK SERVICE |Parent : 788] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe

¤¤¤¤¤¤¤¤¤¤ | Tasks

¤¤¤¤¤¤¤¤¤¤ | Services

¤¤¤¤¤¤¤¤¤¤ | AppCertDlls | AppInit_DLLs

¤¤¤¤¤¤¤¤¤¤ | Hosts

Hosts : Ok

¤¤¤¤¤¤¤¤¤¤ | SafeBoot

¤¤¤¤¤¤¤¤¤¤ | Winsock

¤¤¤¤¤¤¤¤¤¤ | DNS

¤¤¤¤¤¤¤¤¤¤ | Register

¤¤¤¤¤¤¤¤¤¤ | AdsFix | g3n-h@ckm@n | 16.12.2014.2

¤¤¤¤¤ Vista | 7 | 8 | 8.1 - 32/64 bits ¤¤¤¤¤ - Start 22:14:51 - 16/12/2014

update on : 16/12/2014 | 10.45 by g3n-h@ckm@n™
Contact : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Assistance : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Feedbacks : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Boot: Normal boot
[Sergio (Administrator)] - [SERGIO-PC] - (Brazil [0409])
SID = S-1-5-21-4064657657-4253216823-4133322302-1000 || [53657267696f205e5e]
PC : TOSHIBA - NALAA - *
Bios : TOSHIBA - 08/02/11
System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
RAM memory = Total (MB) : 3984 | Free (MB) : 2785
Pagefile = Total (MB) : 12174 | Free (MB) : 10897
Virtual = Total (MB) : 4194 | Free (MB) : 4038

Registry saved, to restore : : C:\AdsFix\Save\Registry [16.12.2014 @ 22_14_42] (Click on Options & Restore the register)
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"

¤¤¤¤¤¤¤¤¤¤ | Windows Updates

No windows updates detected !!!

¤¤¤¤¤¤¤¤¤¤ | Browsers

IE : 11.0.9600.17496 (© Microsoft Corporation. All rights reserved.)
OP : 26.0.1656.32 (Copyright © Opera Software 2014)

¤¤¤¤¤¤¤¤¤¤ | Security (atcav : 0)

FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Order
AS: Windows Defender [Auto(2)] = Order
FW: Windows FireWall Service [Auto(2)] = Order

¤¤¤¤¤¤¤¤¤¤ | FlashPlayer

ActiveX : 15.0.0.239
Plugin : 15.0.0.239

¤¤¤¤¤¤¤¤¤¤ | Killed processes

1176 | [Owner : SYSTEM |Parent : 772] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.55) = C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
1208 | [Owner : SYSTEM |Parent : 1176] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.193) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1640 | [Owner : Sergio |Parent : 1632] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17567) = C:\Windows\explorer.exe
1840 | [Owner : SYSTEM |Parent : 772] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe
1848 | [Owner : Sergio |Parent : 772] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe
464 | [Owner : SYSTEM |Parent : 772] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe
2440 | [Owner : SYSTEM |Parent : 464] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) = C:\Windows\System32\SearchProtocolHost.exe
1248 | [Owner : NETWORK SERVICE |Parent : 772] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
3160 | [Owner : Sergio |Parent : 908] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.1.7600.16385) = C:\Windows\System32\wbem\unsecapp.exe
3636 | [Owner : NETWORK SERVICE |Parent : 772] - (.Microsoft Corporation - Microsoft Software Protection Platform Service.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe
4024 | [Owner : SYSTEM |Parent : 772] - (.Microsoft Corporation - Microsoft® Volume Shadow Copy Service.) - (6.1.7601.17514) = C:\Windows\System32\VSSVC.exe
2664 | [Owner : LOCAL SERVICE |Parent : 772] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe
1808 | [Owner : SYSTEM |Parent : 464] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.7601.17610) = C:\Windows\System32\SearchFilterHost.exe
1248 | [Owner : NETWORK SERVICE |Parent : 772] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
3636 | [Owner : NETWORK SERVICE |Parent : 772] - (.Microsoft Corporation - Microsoft Software Protection Platform Service.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe
1808 | [Owner : SYSTEM |Parent : 464] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.7601.17610) = C:\Windows\System32\SearchFilterHost.exe

¤¤¤¤¤¤¤¤¤¤ | Tasks

¤¤¤¤¤¤¤¤¤¤ | Services

¤¤¤¤¤¤¤¤¤¤ | AppCertDlls | AppInit_DLLs

¤¤¤¤¤¤¤¤¤¤ | Hosts

Hosts : Ok

¤¤¤¤¤¤¤¤¤¤ | SafeBoot

¤¤¤¤¤¤¤¤¤¤ | Winsock

¤¤¤¤¤¤¤¤¤¤ | DNS

¤¤¤¤¤¤¤¤¤¤ | Register

Deleted successfully : HKLM64\SOFTWARE\Classes\Interface\{3856F531-CD1E-4B00-91C7-ED75EC8E7C18} : IOneTab
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{3856F531-CD1E-4B00-91C7-ED75EC8E7C18} : IOneTab
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{89A3A2ED-0546-4C60-8159-2D917245BCB3} : IBrowserSecurityManager
Deleted successfully : HKU\S-1-5-20\SOFTWARE\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} : /P////%%
Deleted successfully : HKU\S-1-5-18\SOFTWARE\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} : /P////%%
Deleted successfully : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} : QlAI/W6/JlA+/YV/c/Ay/Xt/axAu/YZ////%
Deleted successfully : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Deleted successfully : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} : ShopperReports.dll (String)
Deleted successfully : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} : ShoppingReport.dll (String)
Deleted successfully : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} : BabylonToolbar.dll (String)
Deleted successfully : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} : alot.dll;alot.dll (String)
Deleted successfully : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} : BabylonToolbar.dll (String)
Deleted successfully : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} : ShoppingReport.dll (String)
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (CLSID)
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} (CLSID)
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} (CLSID)
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} (CLSID)
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} (CLSID)
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (CLSID)
Deleted successfully : [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]~[C:\Program Files\Enigma Software Group\SpyHunter\]

¤¤¤¤¤¤¤¤¤¤ | Folders | Files

Deleted successfully : C:\Program Files\Enigma Software Group
Deleted successfully : C:\Users\Sergio\AppData\Roaming\PCFixKit
Deleted successfully : C:\Users\Sergio\Downloads\setup (1).exe (© tuneuppro.com.-.Tuneup Pro )
Deleted successfully : C:\ProgramData\Simply Super Software\Trojan Remover
Deleted successfully : C:\Users\Sergio\AppData\Roaming\sergiobinalima.sph (.-.)
Deleted successfully : C:\Users\Sergio\AppData\Roaming\unins000.dat (.-.)

¤¤¤¤¤¤¤¤¤¤ | .LNK

¤¤¤¤¤¤¤¤¤¤ | opening unknown extension

¤¤¤¤¤¤¤¤¤¤ | Proxy

¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main]~[Search Bar] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main]~[Start Default_Page_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\System32\blank.htm -> C:\windows\SysWOW64\blank.htm
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main]~[Default_Page_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchURL]~[Default] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main]~[CustomizeSearch] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main]~[SearchMigratedDefaultName] : -> google.com
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main]~[SearchMigratedDefaultURL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search]~[SearchAssistant] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search]~[Search Bar] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search]~[Start Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search]~[Start Default_Page_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search]~[Local Page] : -> C:\windows\SysWOW64\blank.htm
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search]~[Search Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search]~[Default_Search_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search]~[Default_Page_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search]~[CustomizeSearch] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search]~[SearchMigratedDefaultName] : -> google.com
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search]~[SearchMigratedDefaultURL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]~[Tabs] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]~[Start Default_Page_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]~[Default_Page_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchURL]~[Default] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]~[CustomizeSearch] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]~[SearchMigratedDefaultName] : -> google.com
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]~[SearchMigratedDefaultURL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]~[SearchAssistant] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]~[Search Bar] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]~[Start Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]~[Start Default_Page_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]~[Local Page] : -> C:\windows\SysWOW64\blank.htm
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]~[Search Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]~[Default_Page_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]~[CustomizeSearch] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]~[SearchMigratedDefaultName] : -> google.com
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]~[SearchMigratedDefaultURL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]~[Tabs] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKU\S-1-5-21-4064657657-4253216823-4133322302-1000\SOFTWARE\Microsoft\Internet Explorer\Main]~[Search Bar] : Preserve -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKU\S-1-5-21-4064657657-4253216823-4133322302-1000\SOFTWARE\Microsoft\Internet Explorer\Main]~[Start Default_Page_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKU\S-1-5-21-4064657657-4253216823-4133322302-1000\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : C:\windows\system32\blank.htm -> C:\windows\SysWOW64\blank.htm
Repaired : [HKU\S-1-5-21-4064657657-4253216823-4133322302-1000\SOFTWARE\Microsoft\Internet Explorer\Main]~[Default_Page_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKU\S-1-5-21-4064657657-4253216823-4133322302-1000\SOFTWARE\Microsoft\Internet Explorer\SearchURL]~[Default] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKU\S-1-5-21-4064657657-4253216823-4133322302-1000\SOFTWARE\Microsoft\Internet Explorer\Main]~[CustomizeSearch] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKU\S-1-5-21-4064657657-4253216823-4133322302-1000\SOFTWARE\Microsoft\Internet Explorer\Main]~[SearchMigratedDefaultName] : -> google.com
Repaired : [HKU\S-1-5-21-4064657657-4253216823-4133322302-1000\SOFTWARE\Microsoft\Internet Explorer\Main]~[SearchMigratedDefaultURL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKU\S-1-5-21-4064657657-4253216823-4133322302-1000\SOFTWARE\Microsoft\Internet Explorer\Search]~[SearchAssistant] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKU\S-1-5-21-4064657657-4253216823-4133322302-1000\SOFTWARE\Microsoft\Internet Explorer\Search]~[Search Bar] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKU\S-1-5-21-4064657657-4253216823-4133322302-1000\SOFTWARE\Microsoft\Internet Explorer\Search]~[Start Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKU\S-1-5-21-4064657657-4253216823-4133322302-1000\SOFTWARE\Microsoft\Internet Explorer\Search]~[Start Default_Page_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKU\S-1-5-21-4064657657-4253216823-4133322302-1000\SOFTWARE\Microsoft\Internet Explorer\Search]~[Local Page] : -> C:\windows\SysWOW64\blank.htm
Repaired : [HKU\S-1-5-21-4064657657-4253216823-4133322302-1000\SOFTWARE\Microsoft\Internet Explorer\Search]~[Search Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKU\S-1-5-21-4064657657-4253216823-4133322302-1000\SOFTWARE\Microsoft\Internet Explorer\Search]~[Default_Search_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKU\S-1-5-21-4064657657-4253216823-4133322302-1000\SOFTWARE\Microsoft\Internet Explorer\Search]~[Default_Page_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKU\S-1-5-21-4064657657-4253216823-4133322302-1000\SOFTWARE\Microsoft\Internet Explorer\Search]~[CustomizeSearch] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKU\S-1-5-21-4064657657-4253216823-4133322302-1000\SOFTWARE\Microsoft\Internet Explorer\Search]~[SearchMigratedDefaultName] : -> google.com
Repaired : [HKU\S-1-5-21-4064657657-4253216823-4133322302-1000\SOFTWARE\Microsoft\Internet Explorer\Search]~[SearchMigratedDefaultURL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKU\S-1-5-21-4064657657-4253216823-4133322302-1000\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]~[Tabs] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

¤¤¤¤¤¤¤¤¤¤ | Google Chrome

¤¤¤¤¤¤¤¤¤¤ | Chromium

¤¤¤¤¤¤¤¤¤¤ | Comodo Dragon

¤¤¤¤¤¤¤¤¤¤ | Firefox

[Sergio | extensions] Replaced : user_pref("browser.startup.homepage", "about:blank"); -> user_pref("browser.startup.homepage", "https://www.google.com");

¤¤¤¤¤¤¤¤¤¤ | SeaMonkey

¤¤¤¤¤¤¤¤¤¤ | Pale moon

¤¤¤¤¤¤¤¤¤¤ | Opera

¤¤¤¤¤¤¤¤¤¤ | Spark

¤¤¤¤¤¤¤¤¤¤ | StartMenuInternet

¤¤¤¤¤¤¤¤¤¤ | Javascript

¤¤¤¤¤¤¤¤¤¤ | Firewall

¤¤¤¤¤¤¤¤¤¤ | Temporary files

[Administrator] Temporary files deleted : 0 Ko
[All Users] Temporary files deleted : 0 Ko
[Default] Temporary files deleted : 0 Ko
[Default User] Temporary files deleted : 0 Ko
[Guest] Temporary files deleted : 0 Ko
[HomeGroupUser$] Temporary files deleted : 0 Ko
[Public] Temporary files deleted : 0 Ko
[Sergio] Temporary files deleted : 69 Ko
[C:\windows\Temp] Temporary files deleted : 0 Ko
[C:\Temp] Temporary files deleted : 18343 Ko

Other(s) report(s)

C:\AdsFix_16_12_2014_20_37_13.txt[1396 o]
C:\AdsFix_16_12_2014_21_03_14.txt[7889 o]

¤¤¤¤¤¤¤¤¤¤ | Listing

¤¤¤¤¤¤¤¤¤¤ | C:\Program Files (x86)

[07/02/2013 10:22:00] - |A| - C:\Program Files (x86)\AntiDust.exe
[21/11/2014 10:26:46] - |D| - C:\Program Files (x86)\ASUS
[14/07/2009 01:20:08] - |D| - C:\Program Files (x86)\Common Files
[14/07/2009 02:54:24] - |N| - C:\Program Files (x86)\desktop.ini
[25/02/2014 23:31:28] - |D| - C:\Program Files (x86)\DirectVobSub
[25/02/2014 23:31:23] - |D| - C:\Program Files (x86)\DSP-worx
[26/02/2014 10:27:25] - |D| - C:\Program Files (x86)\Everything
[19/02/2014 18:07:34] - |D| - C:\Program Files (x86)\Foxit Software
[07/07/2014 20:12:37] - |D| - C:\Program Files (x86)\GbPlugin
[27/10/2010 01:28:22] - |D| - C:\Program Files (x86)\Google
[08/10/2014 11:19:14] - |D| - C:\Program Files (x86)\Hewlett-Packard
[25/11/2013 15:25:44] - |D| - C:\Program Files (x86)\HP
[29/04/2014 12:38:47] - |D| - C:\Program Files (x86)\InstallJammer Registry
[27/10/2010 01:22:27] - |D| - C:\Program Files (x86)\InstallShield Installation Information
[27/10/2010 01:18:26] - |D| - C:\Program Files (x86)\Intel
[14/07/2009 01:20:08] - |D| - C:\Program Files (x86)\Internet Explorer
[03/12/2014 13:42:58] - |D| - C:\Program Files (x86)\Java
[16/11/2013 20:12:53] - |D| - C:\Program Files (x86)\Legendas-2.31
[15/05/2014 18:50:16] - |D| - C:\Program Files (x86)\Legendas-2.32
[25/11/2013 15:29:35] - |D| - C:\Program Files (x86)\Microsoft
[20/06/2013 17:11:18] - |D| - C:\Program Files (x86)\Microsoft Office
[18/10/2013 12:32:04] - |D| - C:\Program Files (x86)\Microsoft Silverlight
[20/06/2013 17:15:26] - |D| - C:\Program Files (x86)\Microsoft Visual Studio
[20/06/2013 17:15:40] - |D| - C:\Program Files (x86)\Microsoft Works
[20/06/2013 17:15:06] - |D| - C:\Program Files (x86)\Microsoft.NET
[14/07/2009 03:32:38] - |D| - C:\Program Files (x86)\MSBuild
[27/10/2010 00:51:41] - |D| - C:\Program Files (x86)\MSXML 4.0
[19/09/2014 19:28:02] - |D| - C:\Program Files (x86)\NKProds
[25/11/2013 15:22:29] - |D| - C:\Program Files (x86)\OJJ3600_Full_14
[15/12/2014 19:17:37] - |D| - C:\Program Files (x86)\Opera
[25/08/2014 09:57:29] - |D| - C:\Program Files (x86)\Panda Security
[27/10/2010 01:29:03] - |D| - C:\Program Files (x86)\PlayReady
[29/04/2014 12:39:15] - |D| - C:\Program Files (x86)\Programas RFB
[20/06/2013 19:15:13] - |D| - C:\Program Files (x86)\Realtek
[20/06/2013 19:18:48] - |D| - C:\Program Files (x86)\Realtek WLAN Driver
[14/07/2009 03:32:38] - |D| - C:\Program Files (x86)\Reference Assemblies
[18/10/2013 12:29:57] - |D| - C:\Program Files (x86)\SAM CoDeC Pack
[20/06/2013 16:55:32] - |RD| - C:\Program Files (x86)\Skype
[13/12/2014 10:33:55] - |D| - C:\Program Files (x86)\System Explorer
[06/06/2014 11:24:39] - |D| - C:\Program Files (x86)\SystemRequirementsLab
[20/06/2013 19:15:13] - |D| - C:\Program Files (x86)\Temp
[27/10/2010 01:22:54] - |D| - C:\Program Files (x86)\TOSHIBA
[20/06/2013 19:31:09] - |D| - C:\Program Files (x86)\TOSHIBA Games
[01/07/2013 20:13:22] - |D| - C:\Program Files (x86)\UEFI WinFlash
[14/07/2009 02:57:06] - |D| - C:\Program Files (x86)\Uninstall Information
[28/06/2013 05:33:09] - |D| - C:\Program Files (x86)\Webteh
[14/07/2009 03:32:38] - |D| - C:\Program Files (x86)\Windows Defender
[14/07/2009 01:20:08] - |D| - C:\Program Files (x86)\Windows Mail
[14/07/2009 03:32:38] - |D| - C:\Program Files (x86)\Windows Media Player
[14/07/2009 01:20:08] - |D| - C:\Program Files (x86)\Windows NT
[14/07/2009 03:32:38] - |D| - C:\Program Files (x86)\Windows Photo Viewer
[14/07/2009 03:32:38] - |D| - C:\Program Files (x86)\Windows Portable Devices
[14/07/2009 03:32:38] - |D| - C:\Program Files (x86)\Windows Sidebar
[20/06/2013 17:01:39] - |D| - C:\Program Files (x86)\WinRAR
[15/12/2014 20:12:09] - |D| - C:\Program Files (x86)\ZHPDiag

¤¤¤¤¤¤¤¤¤¤ | C:\Program Files

[16/12/2014 20:11:48] - |D| - C:\Program Files\AVAST Software
[14/07/2009 01:20:08] - |D| - C:\Program Files\Common Files
[14/07/2009 03:32:38] - |D| - C:\Program Files\DVD Maker
[14/07/2009 01:20:08] - |D| - C:\Program Files\Internet Explorer
[03/12/2014 13:44:38] - |D| - C:\Program Files\Java
[14/07/2009 03:32:38] - |D| - C:\Program Files\Microsoft Games
[20/06/2013 17:11:55] - |D| - C:\Program Files\Microsoft Office
[18/10/2013 12:32:04] - |D| - C:\Program Files\Microsoft Silverlight
[14/07/2009 03:32:38] - |D| - C:\Program Files\MSBuild
[19/04/2014 12:45:01] - |D| - C:\Program Files\Realtek
[14/07/2009 03:32:38] - |D| - C:\Program Files\Reference Assemblies
[20/06/2013 19:17:18] - |D| - C:\Program Files\Synaptics
[27/10/2010 01:22:21] - |D| - C:\Program Files\TOSHIBA
[14/07/2009 03:09:26] - |HD| - C:\Program Files\Uninstall Information
[14/07/2009 03:32:38] - |D| - C:\Program Files\Windows Defender
[14/07/2009 05:45:58] - |D| - C:\Program Files\Windows Journal
[14/07/2009 01:20:08] - |D| - C:\Program Files\Windows Mail
[14/07/2009 03:32:38] - |D| - C:\Program Files\Windows Media Player
[14/07/2009 01:20:08] - |D| - C:\Program Files\Windows NT
[14/07/2009 03:32:38] - |D| - C:\Program Files\Windows Photo Viewer
[14/07/2009 03:32:38] - |D| - C:\Program Files\Windows Portable Devices
[14/07/2009 03:32:38] - |D| - C:\Program Files\Windows Sidebar
[07/08/2014 10:54:53] - |D| - C:\Program Files\WinRAR

¤¤¤¤¤¤¤¤¤¤ | C:\Program Files (x86)\Common Files

[16/08/2014 14:21:22] - |D| - C:\Program Files (x86)\Common Files\DESIGNER
[25/11/2013 15:27:00] - |D| - C:\Program Files (x86)\Common Files\Hewlett-Packard
[25/11/2013 15:27:02] - |D| - C:\Program Files (x86)\Common Files\HP
[27/10/2010 01:29:10] - |D| - C:\Program Files (x86)\Common Files\InstallShield
[03/12/2014 09:10:03] - |D| - C:\Program Files (x86)\Common Files\IObit
[03/12/2014 13:43:32] - |D| - C:\Program Files (x86)\Common Files\Java
[14/07/2009 01:20:08] - |D| - C:\Program Files (x86)\Common Files\microsoft shared
[20/06/2013 19:09:50] - |D| - C:\Program Files (x86)\Common Files\postureAgent
[14/07/2009 01:20:08] - |D| - C:\Program Files (x86)\Common Files\Services
[25/09/2014 14:10:21] - |D| - C:\Program Files (x86)\Common Files\Skype
[14/07/2009 01:20:08] - |D| - C:\Program Files (x86)\Common Files\SpeechEngines
[14/07/2009 01:20:08] - |D| - C:\Program Files (x86)\Common Files\System
[27/10/2010 01:31:36] - |D| - C:\Program Files (x86)\Common Files\Windows Live
[24/08/2014 15:41:37] - |D| - C:\Program Files (x86)\Common Files\Wise Installation Wizard

¤¤¤¤¤¤¤¤¤¤ | C:\Program Files\Common Files

[14/07/2009 01:20:08] - |D| - C:\Program Files\Common Files\Microsoft Shared
[14/07/2009 01:20:08] - |D| - C:\Program Files\Common Files\Services
[14/07/2009 01:20:08] - |D| - C:\Program Files\Common Files\SpeechEngines
[14/07/2009 01:20:08] - |D| - C:\Program Files\Common Files\System

¤¤¤¤¤¤¤¤¤¤ | C:\Users\Sergio\AppData\Roaming

[20/06/2013 16:58:45] - |D| - C:\Users\Sergio\AppData\Roaming\Adobe
[09/12/2013 18:59:14] - |D| - C:\Users\Sergio\AppData\Roaming\AdobeUpdates
[11/12/2013 11:10:35] - |D| - C:\Users\Sergio\AppData\Roaming\Apple Computer
[16/12/2014 20:16:41] - |D| - C:\Users\Sergio\AppData\Roaming\AVAST Software
[28/06/2013 05:33:10] - |D| - C:\Users\Sergio\AppData\Roaming\BSplayer
[28/06/2013 05:33:10] - |D| - C:\Users\Sergio\AppData\Roaming\BSplayer Pro
[25/02/2014 23:31:26] - |D| - C:\Users\Sergio\AppData\Roaming\CDXReader
[23/04/2014 02:01:59] - |D| - C:\Users\Sergio\AppData\Roaming\dghdfg867udf7864n86f4b68fg74j68d7h86sd7fg86s181234000003CC1BDFF346
[19/04/2014 10:13:55] - |D| - C:\Users\Sergio\AppData\Roaming\Easeware
[02/09/2013 18:32:06] - |D| - C:\Users\Sergio\AppData\Roaming\Foxit Software
[25/11/2013 15:31:40] - |D| - C:\Users\Sergio\AppData\Roaming\HP
[20/06/2013 15:49:52] - |D| - C:\Users\Sergio\AppData\Roaming\Identities
[01/07/2013 20:11:49] - |D| - C:\Users\Sergio\AppData\Roaming\InstallShield
[30/09/2014 12:35:50] - |D| - C:\Users\Sergio\AppData\Roaming\IObit
[25/02/2014 23:31:26] - |D| - C:\Users\Sergio\AppData\Roaming\LavFilters
[20/06/2013 17:12:08] - |D| - C:\Users\Sergio\AppData\Roaming\Macromedia
[31/10/2013 10:09:01] - |D| - C:\Users\Sergio\AppData\Roaming\Malwarebytes
[20/06/2013 15:48:36] - |D| - C:\Users\Sergio\AppData\Roaming\Media Center Programs
[20/06/2013 15:48:36] - |SD| - C:\Users\Sergio\AppData\Roaming\Microsoft
[17/08/2013 10:19:50] - |D| - C:\Users\Sergio\AppData\Roaming\Mozilla
[20/06/2013 17:32:09] - |D| - C:\Users\Sergio\AppData\Roaming\Nero
[21/06/2013 18:23:59] - |D| - C:\Users\Sergio\AppData\Roaming\Opera
[15/12/2014 19:20:54] - |D| - C:\Users\Sergio\AppData\Roaming\Opera Software
[30/09/2014 12:41:07] - |D| - C:\Users\Sergio\AppData\Roaming\ProductData
[20/06/2013 16:55:36] - |D| - C:\Users\Sergio\AppData\Roaming\Skype
[06/06/2014 11:24:25] - |D| - C:\Users\Sergio\AppData\Roaming\SystemRequirementsLab
[20/06/2013 16:34:40] - |D| - C:\Users\Sergio\AppData\Roaming\Tific
[20/06/2013 16:01:43] - |D| - C:\Users\Sergio\AppData\Roaming\Toshiba
[16/08/2013 10:18:41] - |D| - C:\Users\Sergio\AppData\Roaming\TuneUp Software
[21/06/2013 19:27:07] - |D| - C:\Users\Sergio\AppData\Roaming\uTorrent
[20/06/2013 15:49:08] - |D| - C:\Users\Sergio\AppData\Roaming\WinBatch
[09/08/2014 13:01:27] - |D| - C:\Users\Sergio\AppData\Roaming\WinRAR
[02/09/2014 14:55:48] - |D| - C:\Users\Sergio\AppData\Roaming\WiseUpdate
[15/12/2014 20:12:09] - |D| - C:\Users\Sergio\AppData\Roaming\ZHP

¤¤¤¤¤¤¤¤¤¤ | C:\Users\Sergio\AppData\Local

[11/12/2013 11:09:55] - |D| - C:\Users\Sergio\AppData\Local\Apple
[11/12/2013 11:10:35] - |D| - C:\Users\Sergio\AppData\Local\Apple Computer
[20/06/2013 15:48:37] - |SHD| - C:\Users\Sergio\AppData\Local\Application Data
[13/09/2013 08:42:57] - |D| - C:\Users\Sergio\AppData\Local\CrashDumps
[02/07/2013 00:45:51] - |D| - C:\Users\Sergio\AppData\Local\Diagnostics
[21/06/2013 12:52:38] - |D| - C:\Users\Sergio\AppData\Local\ElevatedDiagnostics
[24/11/2014 13:45:14] - |SHD| - C:\Users\Sergio\AppData\Local\EmieBrowserModeList
[24/11/2014 13:45:14] - |SHD| - C:\Users\Sergio\AppData\Local\EmieSiteList
[24/11/2014 13:45:14] - |SHD| - C:\Users\Sergio\AppData\Local\EmieUserList
[07/07/2014 20:13:37] - |D| - C:\Users\Sergio\AppData\Local\GAS Tecnologia
[13/12/2014 09:07:13] - |A| - C:\Users\Sergio\AppData\Local\GDIPFONTCACHEV1.DAT
[20/06/2013 16:11:48] - |D| - C:\Users\Sergio\AppData\Local\Google
[20/06/2013 15:48:37] - |SHD| - C:\Users\Sergio\AppData\Local\History
[25/11/2013 15:31:39] - |D| - C:\Users\Sergio\AppData\Local\HP
[15/12/2014 07:07:41] - |AH| - C:\Users\Sergio\AppData\Local\IconCache.db
[28/06/2014 18:05:44] - |D| - C:\Users\Sergio\AppData\Local\Mega Limited
[28/06/2014 18:05:13] - |D| - C:\Users\Sergio\AppData\Local\MEGAsync
[16/08/2013 10:12:45] - |D| - C:\Users\Sergio\AppData\Local\MFAData
[20/06/2013 15:48:36] - |D| - C:\Users\Sergio\AppData\Local\Microsoft
[21/06/2013 18:16:39] - |D| - C:\Users\Sergio\AppData\Local\Microsoft Games
[20/06/2013 17:11:21] - |D| - C:\Users\Sergio\AppData\Local\Microsoft Help
[14/05/2014 09:29:10] - |D| - C:\Users\Sergio\AppData\Local\Mozilla
[21/06/2013 18:23:59] - |D| - C:\Users\Sergio\AppData\Local\Opera
[15/12/2014 19:21:03] - |D| - C:\Users\Sergio\AppData\Local\Opera Software
[05/08/2013 09:41:04] - |D| - C:\Users\Sergio\AppData\Local\Programs
[10/04/2014 12:45:00] - |D| - C:\Users\Sergio\AppData\Local\Skype
[21/11/2014 16:06:34] - |D| - C:\Users\Sergio\AppData\Local\SlimWare Utilities Inc
[25/02/2014 20:02:32] - |D| - C:\Users\Sergio\AppData\Local\Spark
[16/12/2014 09:02:59] - |D| - C:\Users\Sergio\AppData\Local\Temp
[20/06/2013 15:48:37] - |SHD| - C:\Users\Sergio\AppData\Local\Temporary Internet Files
[20/06/2013 16:34:40] - |D| - C:\Users\Sergio\AppData\Local\Tific
[20/06/2013 15:50:37] - |D| - C:\Users\Sergio\AppData\Local\Toshiba
[20/06/2013 16:01:42] - |D| - C:\Users\Sergio\AppData\Local\TOSHIBA_Corporation
[12/04/2014 18:21:21] - |D| - C:\Users\Sergio\AppData\Local\TuneUp Software
[20/06/2013 15:49:48] - |D| - C:\Users\Sergio\AppData\Local\VirtualStore
[30/06/2013 11:51:29] - |D| - C:\Users\Sergio\AppData\Local\WindowsUpdate

¤¤¤¤¤¤¤¤¤¤ | C:\ProgramData

[16/08/2014 10:51:42] - |SHD| - C:\ProgramData\360Quarant
[27/10/2010 01:36:21] - |D| - C:\ProgramData\Adobe
[11/12/2013 11:09:53] - |D| - C:\ProgramData\Apple
[11/12/2013 11:10:15] - |D| - C:\ProgramData\Apple Computer
[14/07/2009 03:08:56] - |SHD| - C:\ProgramData\Application Data
[20/06/2013 17:04:33] - |D| - C:\ProgramData\AVAST Software
[16/08/2013 10:45:38] - |D| - C:\ProgramData\AVG
[16/08/2013 10:18:15] - |D| - C:\ProgramData\AVG2013
[27/10/2010 01:28:56] - |D| - C:\ProgramData\Blio
[02/11/2014 09:18:11] - |D| - C:\ProgramData\CheckPoint
[16/08/2013 10:12:45] - |HD| - C:\ProgramData\Common Files
[06/09/2013 09:33:03] - |D| - C:\ProgramData\DatacardService
[14/07/2009 03:08:56] - |SHD| - C:\ProgramData\Desktop
[14/07/2009 03:08:56] - |SHD| - C:\ProgramData\Documents
[14/07/2009 03:08:56] - |SHD| - C:\ProgramData\Favorites
[07/07/2014 20:12:25] - |D| - C:\ProgramData\GAS Tecnologia
[07/07/2014 20:12:37] - |D| - C:\ProgramData\GbPlugin
[27/10/2010 01:28:22] - |D| - C:\ProgramData\Google
[03/07/2013 10:29:01] - |D| - C:\ProgramData\Hewlett-Packard
[25/11/2013 13:54:31] - |D| - C:\ProgramData\HP
[25/11/2013 15:27:57] - |D| - C:\ProgramData\HP Product Assistant
[25/11/2013 13:16:15] - |A| - C:\ProgramData\hpzinstall.log
[24/08/2014 21:39:51] - |D| - C:\ProgramData\Licenses
[31/10/2013 10:08:50] - |D| - C:\ProgramData\Malwarebytes
[28/04/2014 10:04:54] - |D| - C:\ProgramData\McAfee
[16/08/2013 10:12:45] - |D| - C:\ProgramData\MFAData
[14/07/2009 01:20:08] - |SD| - C:\ProgramData\Microsoft
[20/06/2013 17:11:18] - |D| - C:\ProgramData\Microsoft Help
[20/06/2013 17:25:41] - |D| - C:\ProgramData\Nero
[20/06/2013 19:29:04] - |D| - C:\ProgramData\Norton
[20/06/2013 19:28:49] - |D| - C:\ProgramData\NortonInstaller
[18/04/2014 10:44:49] - |RASH| - C:\ProgramData\ntuser.pol
[25/08/2014 09:54:37] - |D| - C:\ProgramData\Panda Security
[24/08/2014 21:27:51] - |D| - C:\ProgramData\Simply Super Software
[20/06/2013 16:55:19] - |D| - C:\ProgramData\Skype
[14/07/2009 03:08:56] - |SHD| - C:\ProgramData\Start Menu
[08/07/2013 11:02:00] - |D| - C:\ProgramData\Sun
[01/03/2014 11:15:45] - |D| - C:\ProgramData\Synaptics
[13/12/2014 10:34:00] - |D| - C:\ProgramData\SystemExplorer
[18/04/2014 10:31:57] - |AD| - C:\ProgramData\TEMP
[14/07/2009 03:08:56] - |SHD| - C:\ProgramData\Templates
[27/10/2010 01:28:21] - |D| - C:\ProgramData\Toshiba
[20/06/2013 19:21:08] - |D| - C:\ProgramData\vista32
[20/06/2013 19:21:08] - |D| - C:\ProgramData\vista64
[25/11/2013 15:34:09] - |D| - C:\ProgramData\WEBREG
[20/06/2013 19:31:09] - |D| - C:\ProgramData\WildTangent
[20/06/2013 19:21:08] - |D| - C:\ProgramData\win7_32
[20/06/2013 19:21:08] - |D| - C:\ProgramData\win7_64
[20/06/2013 19:21:08] - |D| - C:\ProgramData\xp

¤¤¤¤¤¤¤¤¤¤ | C:\windows\Tasks

[16/08/2014 10:48:14] - |D| - C:\windows\Tasks\360Disabled
[11/10/2014 11:38:21] - |A| - C:\windows\Tasks\Adobe Flash Player Updater.job
[09/10/2014 16:09:20] - |D| - C:\windows\Tasks\ImCleanDisabled
[14/07/2009 03:08:49] - |AH| - C:\windows\Tasks\SA.DAT
[14/07/2009 03:08:49] - |A| - C:\windows\Tasks\SCHEDLGU.TXT

¤¤¤¤¤¤¤¤¤¤ | C:\windows\System32\Tasks

[14/07/2009 01:20:14] - |D| - C:\windows\System32\Tasks\Microsoft

[X] : [21723 Ko]

Analyzed : 184095 | Modified : 58 | Infected : 29

¤¤¤¤¤¤¤¤¤¤ |EOF| ¤¤¤¤¤¤¤¤¤¤ | 01:08:27 | [36 Ko]

por binalima Qua 17 Dez 2014, 07:53

Já estou sentindo melhoras no desempenho do note.
Grato.

por **joram** Qua 17 Dez 2014, 08:42

binalima escreveu:Já estou sentindo melhoras no desempenho do note.
Grato.

/!\ Bom Dia! binalima /!\

> A ferramenta AdsFix é mesmo demorada. Normalmente,as ferramentas que mais demoram,em seu scan,são mais eficientes.
> Ps: Como houve a instalação de muitos softwares duvidosos,torna-se fundamental o scan da ferramenta RogueKiller.

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Adlice Software ) ( 32 bits version )

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Adlice Software ) ( 64 bits version )

> Salve-o no desktop! [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Feche aplicativos que estejam abertos!
> Execute RogueKiller.exe e aceite a Eula,caso solicite!
> Se o "Filtro SmartScreen" bloquear o anti-malware,clique em "Mais informações" >> "Executar de qualquer maneira"

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Aguarde a finalização de seu Pre-scan,que se inicia automáticamente.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Dê início ao diagnóstico,clicando no botão "Verificar".
> Poste o relatório ao concluir: RKreport[1].txt

A+

por binalima Qua 17 Dez 2014, 09:36

A seguir RKreport...

RogueKiller V10.1.0.0 (x64) [Dec 11 2014] por Adlice Software
mail : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Feedback : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Blog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciou : Modo normal
Usuário : Sergio [Administrador]
Modo : Escanear -- Data : 12/17/2014 09:32:17

¤¤¤ Processos : 0 ¤¤¤

¤¤¤ Registro : 21 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msahci (system32\drivers\msahci.sys) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 189.7.8.34 189.7.8.39 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][BRAZIL (BR)] -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.1.1.1 [(Private Address) (XX)] -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 189.7.8.34 189.7.8.39 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][BRAZIL (BR)] -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 189.7.8.34 189.7.8.39 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][BRAZIL (BR)] -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A4A98000-5D54-4764-AF70-9E2FFC29E3DB} | DhcpNameServer : 189.7.8.34 189.7.8.39 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][BRAZIL (BR)] -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A4A98000-5D54-4764-AF70-9E2FFC29E3DB} | DhcpNameServer : 10.1.1.1 [(Private Address) (XX)] -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A4A98000-5D54-4764-AF70-9E2FFC29E3DB} | DhcpNameServer : 189.7.8.34 189.7.8.39 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][BRAZIL (BR)] -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{A4A98000-5D54-4764-AF70-9E2FFC29E3DB} | DhcpNameServer : 189.7.8.34 189.7.8.39 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][BRAZIL (BR)] -> Encontrado
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Encontrado
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Encontrado
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4064657657-4253216823-4133322302-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Encontrado
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4064657657-4253216823-4133322302-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Encontrado
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4064657657-4253216823-4133322302-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Encontrado
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4064657657-4253216823-4133322302-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Encontrado
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Encontrado
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Encontrado
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Encontrado
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Encontrado
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4064657657-4253216823-4133322302-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Encontrado
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4064657657-4253216823-4133322302-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Encontrado

¤¤¤ Tarefas : 0 ¤¤¤

¤¤¤ Arquivos : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

¤¤¤ Navegadores : 0 ¤¤¤

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5065GSXN SCSI Disk Device +++++
--- User ---
[MBR] 65098791fc3e26e6b265c8ff00dd4e62
[BSP] 0931b3c9541e1bc3c924250f1e38c3b3 : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 463568 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 952453120 | Size: 11880 MB
User = LL1 ... OK
Error reading LL2 MBR! ([18] The program issued a command but the command length is incorrect. )

por **joram** Qua 17 Dez 2014, 10:05

/!\ Bom Dia! binalima /!\

¤¤¤¤¤¤¤¤¤¤ | C:\Program Files (x86)

[07/02/2013 10:22:00] - |A| - C:\Program Files (x86)\AntiDust.exe <<
[21/11/2014 10:26:46] - |D| - C:\Program Files (x86)\ASUS
[14/07/2009 01:20:08] - |D| - C:\Program Files (x86)\Common Files
[14/07/2009 02:54:24] - |N| - C:\Program Files (x86)\desktop.ini
----
----
> Este arquivo que destaquei,já foi analizado há 6 Meses,em [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e portava a infecção Sality.
> Acredito que não se aplica ao seu caso,pois o mesmo foi instalado em seu Note,em Fevereiro de 2013. Isso perfaz uns 22 Meses,onde a presença do Sality teria inutilizado sua máquina.
> Mas...caso queira,pode enviá-lo ao VT,para análise detalhada e atualizada.

> Acesse este site: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Faça a análise deste arquivo: C:\Program Files (x86)\AntiDust.exe

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Se já ocorreu,anteriormente,uma análise da amostra,clique em: "Reanalyse file now"

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Ao concluir,poste o link ao relatório.

> Abra,novamente,a ferramenta RogueKiller.
> Clique em Verificar.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Clique na guia "Registro".

[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msahci (system32\drivers\msahci.sys) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 189.7.8.34 189.7.8.39 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][BRAZIL (BR)] -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.1.1.1 [(Private Address) (XX)] -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 189.7.8.34 189.7.8.39 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][BRAZIL (BR)] -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 189.7.8.34 189.7.8.39 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][BRAZIL (BR)] -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A4A98000-5D54-4764-AF70-9E2FFC29E3DB} | DhcpNameServer : 189.7.8.34 189.7.8.39 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][BRAZIL (BR)] -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A4A98000-5D54-4764-AF70-9E2FFC29E3DB} | DhcpNameServer : 10.1.1.1 [(Private Address) (XX)] -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A4A98000-5D54-4764-AF70-9E2FFC29E3DB} | DhcpNameServer : 189.7.8.34 189.7.8.39 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][BRAZIL (BR)] -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{A4A98000-5D54-4764-AF70-9E2FFC29E3DB} | DhcpNameServer : 189.7.8.34 189.7.8.39 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][BRAZIL (BR)] -> Encontrado
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Encontrado
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Encontrado
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4064657657-4253216823-4133322302-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Encontrado
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4064657657-4253216823-4133322302-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Encontrado
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4064657657-4253216823-4133322302-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Encontrado
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4064657657-4253216823-4133322302-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Encontrado
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Encontrado
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Encontrado
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Encontrado
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Encontrado
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4064657657-4253216823-4133322302-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Encontrado
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4064657657-4253216823-4133322302-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Encontrado

> Marque todas checkbox ( Caixinhas ) destas entradas!
> Clique "Deletar" e aguarde a conclusão!
> Poste o relatório!

A+

por binalima Qua 17 Dez 2014, 10:18

Virus Total

VirusTotal
SHA256: 5690f3d97e0c2b4831df4aa4238eaef5be3992e3ff8e26b60bba00bf587e3783
File name: AntiDust.exe
Detection ratio: 1 / 54
Analysis date: 2014-12-17 12:12:42 UTC ( 1 minute ago )
32 37
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Analysis
File detail
Additional information
Comments
Votes
Antivirus Result Update
Rising PE:Trojan.Win32.Generic.14C24DAA!348278186 20141216
ALYac 20141217
AVG 20141217
AVware 20141217
Ad-Aware 20141217
AegisLab 20141217
Agnitum 20141216
AhnLab-V3 20141217
Antiy-AVL 20141217
Avast 20141217
Avira 20141217
Baidu-International 20141217
BitDefender 20141217
Bkav 20141217
ByteHero 20141217
CAT-QuickHeal 20141216
CMC 20141215
ClamAV 20141217
Comodo 20141217
Cyren 20141217
DrWeb 20141217
ESET-NOD32 20141217
Emsisoft 20141217
F-Prot 20141215
F-Secure 20141217
Fortinet 20141217
GData 20141217
Ikarus 20141217
Jiangmin 20141216
K7AntiVirus 20141216
K7GW 20141217
Kaspersky 20141217
Kingsoft 20141217
Malwarebytes 20141217
McAfee 20141217
McAfee-GW-Edition 20141217
MicroWorld-eScan 20141217
Microsoft 20141217
NANO-Antivirus 20141217
Norman 20141217
Panda 20141217
Qihoo-360 20141217
SUPERAntiSpyware 20141217
Sophos 20141217
Symantec 20141217
Tencent 20141217
TheHacker 20141216
TotalDefense 20141217
TrendMicro 20141217
TrendMicro-HouseCall 20141217
VBA32 20141217
VIPRE 20141217
ViRobot 20141217
Zillya 20141216
Zoner 20141216
nProtect 20141217

por binalima Qua 17 Dez 2014, 10:19

Developer metadata
Copyrightsimplix
Product [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
File version Be Happy Smile

Description AntiDust Tool
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-05 22:50:52
Entry Point 0x000030FA
Number of sections 5
PE sections
Name Virtual address Virtual size Raw size Entropy MD5
.text 4096 23628 24064 6.44 856b32eb77dfd6fb67f21d6543272da5
.rdata 28672 4764 5120 5.05 dc77f8a1e6985a4361c55642680ddb4f
.data 36864 154712 1024 4.80 7922d4ce117d7d5b3ac2cffe4b0b5e4f
.ndata 192512 36864 0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 229376 11065 11264 3.63 866eb3b5b42b6752293c6d746cab394a
PE imports
[+] ADVAPI32.dll
[+] COMCTL32.dll
[+] GDI32.dll
[+] KERNEL32.dll
[+] SHELL32.dll
[+] USER32.dll
[+] VERSION.dll
[+] ole32.dll
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
NEUTRAL 1
ExifTool file metadata
SubsystemVersion4.0
LinkerVersion6.0
ImageVersion6.0
FileSubtype0
FileVersionNumber1.0.0.0
UninitializedDataSize1024
LanguageCodeNeutral
FileFlagsMask0x0000
CharacterSetWindows, Latin1
InitializedDataSize163840
MIMETypeapplication/octet-stream
LegalCopyrightsimplix
FileVersionBe Happy Smile

TimeStamp2009:12:05 23:50:52+01:00
FileTypeWin32 EXE
PETypePE32
FileAccessDate2014:12:17 13:12:54+01:00
ProductVersion1.0
FileDescriptionAntiDust Tool
OSVersion4.0
FileCreateDate2014:12:17 13:12:54+01:00
FileOSWin32
SubsystemWindows GUI
MachineTypeIntel 386 or later, and compatibles
CodeSize24064
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
ProductVersionNumber1.0.0.0
EntryPoint0x30fa
ObjectFileTypeExecutable application

por binalima Qua 17 Dez 2014, 10:19

File identification
MD5 fb9da1dd951232244203558a96e8ff66
SHA1 1613b9c3567536ca57b1e5355154a751908ef12d
SHA256 5690f3d97e0c2b4831df4aa4238eaef5be3992e3ff8e26b60bba00bf587e3783
ssdeep1536:QpgpHzb9dZVX9fHMvG0D3XJbNS2aLTDL6x9:mgXdZt9P6D3XJxSHvD2x9
authentihash b14e17eaf3d17f72bf921d882277d8f7ea7627815ed51bdf9ac3114ec32a328a
imphash 7fa974366048f9c551ef45714595665e
File size 49.2 KB ( 50330 bytes )
File type Win32 EXE
Magic literalPE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tagsnsis peexe
VirusTotal metadata
First submission 2012-07-18 04:27:20 UTC ( 2 years, 5 months ago )
Last submission 2014-12-17 12:12:42 UTC ( 6 minutes ago )
File names AntiDust.ex
1613b9c3567536ca57b1e5355154a751908ef12d
file-4294292_exe
AntiDust.exe
AntiDust1.exe
AntiDust.ex_
AntiDust для быстрой очистки системы от навязчивых сервисов и других легальных троянов.exe
AntiDust (1).exe
antidust.exe
AntiDust.exe
2014.10.09 19-48-45 AntiDust.exe5353.Карантин
AntiDust.exe
AntiDust.exe
AntiDust (3).exe
AntiDust.exe
AntiDust (2).exe
AntiDust.exe

por binalima Qua 17 Dez 2014, 10:23

Relatório Rogue Killer

RogueKiller V10.1.0.0 (x64) [Dec 11 2014] por Adlice Software
mail : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Feedback : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Blog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciou : Modo normal
Usuário : Sergio [Administrador]
Modo : Deletar -- Data : 12/17/2014 10:20:46

¤¤¤ Processos : 0 ¤¤¤

¤¤¤ Registro : 21 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msahci -> Deletado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 189.7.8.34 189.7.8.39 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][BRAZIL (BR)] -> Substituído ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.1.1.1 [(Private Address) (XX)] -> Substituído ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 189.7.8.34 189.7.8.39 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][BRAZIL (BR)] -> Substituído ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 189.7.8.34 189.7.8.39 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][BRAZIL (BR)] -> Substituído ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A4A98000-5D54-4764-AF70-9E2FFC29E3DB} | DhcpNameServer : 189.7.8.34 189.7.8.39 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][BRAZIL (BR)] -> Substituído ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A4A98000-5D54-4764-AF70-9E2FFC29E3DB} | DhcpNameServer : 10.1.1.1 [(Private Address) (XX)] -> Substituído ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A4A98000-5D54-4764-AF70-9E2FFC29E3DB} | DhcpNameServer : 189.7.8.34 189.7.8.39 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][BRAZIL (BR)] -> Substituído ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{A4A98000-5D54-4764-AF70-9E2FFC29E3DB} | DhcpNameServer : 189.7.8.34 189.7.8.39 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][BRAZIL (BR)] -> Substituído ()
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Substituído (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Substituído (2)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4064657657-4253216823-4133322302-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Substituído (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4064657657-4253216823-4133322302-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Substituído (1)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4064657657-4253216823-4133322302-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Substituído (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4064657657-4253216823-4133322302-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Substituído (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Substituído (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Substituído (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Substituído (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Substituído (0)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4064657657-4253216823-4133322302-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Substituído (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4064657657-4253216823-4133322302-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Substituído (0)

¤¤¤ Tarefas : 0 ¤¤¤

¤¤¤ Arquivos : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

¤¤¤ Navegadores : 0 ¤¤¤

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5065GSXN SCSI Disk Device +++++
--- User ---
[MBR] 65098791fc3e26e6b265c8ff00dd4e62
[BSP] 0931b3c9541e1bc3c924250f1e38c3b3 : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 463568 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 952453120 | Size: 11880 MB
User = LL1 ... OK
Error reading LL2 MBR! ([18] The program issued a command but the command length is incorrect. )

============================================
RKreport_SCN_12172014_093217.log

por **joram** Qua 17 Dez 2014, 11:02

Bom Dia! binalima

> Como está o Note? Houve melhoras? isso aí!

A+

por binalima Qua 17 Dez 2014, 11:12

Sim. De ontem para cá melhorou muito.
Mais alguma coisa para fazer?
Grato

por **joram** Qua 17 Dez 2014, 11:20

binalima escreveu:Sim. De ontem para cá melhorou muito.
Mais alguma coisa para fazer?
Grato

Olá! binalima

> Limpe seus Pontos de Restauração com a DelFix.

> Caso não haja mais problemas,remova as ferramentas que foram utilizadas na desinfecção!

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Xplode )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Estando na página,clique em Download Now.
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Remover ferramentas de desinfecção
> Criar backup do registro
> Limpar pontos da restauração do sistema

> Com estas caixinhas marcadas,clique Executar!
> Reinicie o computador ao concluir!
> Tudo Ok?

A+

por binalima Qua 17 Dez 2014, 11:38

OK.
Dúvidas...

- Quando preciso, por qualquer motivo acessar Restauração do Sistema, não existem pontos de Restauração.
- Como faço para o Avast rodar em 2o. Plano. Não encontrei essa configuração.
- Não devo utilizar mais qualquer programa de otimização como CCleaner, TuneUp, etc..

A seguir relatório do DelFix

# DelFix v10.8 - Logfile created 17/12/2014 at 11:25:10
# Updated 29/07/2014 by Xplode
# Username : Sergio - SERGIO-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTM
Deleted : C:\_OTS
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdsFix
Deleted : C:\Users\Sergio\AppData\Roaming\ZHP
Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Deleted : C:\Program Files (x86)\ZHPDiag
Deleted : C:\AdsFix_16_12_2014_20_37_13.txt
Deleted : C:\AdsFix_16_12_2014_21_03_14.txt
Deleted : C:\AdsFix_17_12_2014_01_08_30.txt
Deleted : C:\PhysicalDisk0_MBR.bin
Deleted : C:\zoek-results.log
Deleted : C:\Users\Sergio\Desktop\Addition.txt
Deleted : C:\Users\Sergio\Desktop\AdsFix.exe
Deleted : C:\Users\Sergio\Desktop\AdsFix_16_12_2014_21_03_140.txt
Deleted : C:\Users\Sergio\Desktop\AdsFix_17_12_2014_01_08_30.txt
Deleted : C:\Users\Sergio\Desktop\Fixlog.txt
Deleted : C:\Users\Sergio\Desktop\FRST.txt
Deleted : C:\Users\Sergio\Desktop\FRST64.exe
Deleted : C:\Users\Sergio\Desktop\OTS.exe
Deleted : C:\Users\Sergio\Desktop\OTS.Txt
Deleted : C:\Users\Sergio\Desktop\OTS2.Txt
Deleted : C:\Users\Sergio\Desktop\OTM.exe
Deleted : C:\Users\Sergio\Desktop\RKreport_DEL_12172014_102044.log
Deleted : C:\Users\Sergio\Desktop\RKreport_SCN_12172014_093217.log
Deleted : C:\Users\Sergio\Desktop\RogueKillerX64.exe
Deleted : C:\Users\Sergio\Desktop\ZHPDiag.lnk
Deleted : C:\Users\Sergio\Desktop\ZHPDiag.txt
Deleted : C:\Users\Sergio\Desktop\ZHPFix.lnk
Deleted : C:\Users\Sergio\Desktop\ZHPFixReport.txt
Deleted : C:\Users\Sergio\Desktop\ZHPFix[R2].txt
Deleted : C:\Users\Sergio\Desktop\zoek (1).exe
Deleted : C:\Users\Sergio\Desktop\zoek-results.txt
Deleted : HKCU\Software\AdsFix
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdsFix
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #227 [Windows Update | 12/12/2014 13:42:32]
Deleted : RP #228 [Driver Booster : Adobe Flash Player ActiveX | 12/13/2014 11:09:59]
Deleted : RP #229 [Installed TOSHIBA System Driver. | 12/13/2014 11:25:35]
Deleted : RP #230 [Windows Update | 12/13/2014 12:46:19]
Deleted : RP #231 [Windows Update | 12/14/2014 10:17:40]
Deleted : RP #232 [zoek.exe restore point | 12/14/2014 13:21:24]
Deleted : RP #233 [OTS Restore Point | 12/15/2014 14:49:13]
Deleted : RP #234 [Removed TuneUp Utilities 2014 | 12/15/2014 19:58:26]
Deleted : RP #235 [Removido TuneUp Utilities 2014 (pt-BR) | 12/15/2014 20:08:30]
Deleted : RP #236 [zoek.exe restore point | 12/16/2014 10:35:27]
Deleted : RP #237 [avast! antivirus system restore point | 12/16/2014 22:10:45]

New restore point created !

########## - EOF - ##########

por **joram** Qua 17 Dez 2014, 15:31

Boa Tarde! binalima

binalima escreveu:- Quando preciso, por qualquer motivo acessar Restauração do Sistema, não existem pontos de Restauração.
- Como faço para o Avast rodar em 2o. Plano. Não encontrei essa configuração.
- Não devo utilizar mais qualquer programa de otimização como CCleaner, TuneUp, etc..

> A ferramenta DelFix estabeleceu um Ponto de Restauração...ele existe! Não o encontrou?
> Somente em 1° Plano para a função antivírus e 2° Plano para a função Internet Security.
> Pode utilizar o CCleaner!

A+

por binalima Qua 17 Dez 2014, 17:12

Encontrei o Ponto de Restauração sim.
Obrigado por tudo e desculpe a trabalheira que dei.
Abraço.
Att., binalima

por **joram** Qua 17 Dez 2014, 17:42

Caso Resolvido

Necessitando novo auxílio para este computador,basta abrir "Novo Tópico" e relatar o problema.

por Conteúdo patrocinado

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31