Possíveis Malwares

por Guilherme Bastos Seg 06 Abr 2015, 11:24

Bom dia pessoal tudo bom ?
Desculpe o incômodo, mas fiquei meio preocupado hoje com meu notebook.
O que aconteceu foi que a principio ele ligou normalmente, na hora de digitar a senha de entrada o teclado estava desconfigurado e algumas teclas sequer davam sinal de terem sido digitadas, prossegui com o teclado virtual, consegui entrar normalmente e tive a ideia de fazer a restauração do sistema para recuperar pelo menos a configuração do teclado. Mas quando ele reiniciou para fazer a restauração ele não dava sinal na tela de que estava ligado, porém o cooler rodava e os leds estavam acesos, então achei que poderia ser algum malware e vim recorrer a ajuda de vocês.
Segue em anexo o log do zhpdiag

Anexos

: ZHPDiag.txt Você não tem permissão para fazer download dos arquivos anexados.(161 Kb) Baixado 6 vez(es)

por **joram** Seg 06 Abr 2015, 16:22

/!\ Boa Tarde! Guilherme Bastos /!\

> Não vejo malwares,em potencial,no PC.
> A listagem de Cracks é alta...?? Computador voltado à jogos e comprometido com estes softwares...

--\\ Listagem dos ficheiros Crack & Keygen (CKF) (O82)
C:\Users\asus\Documents\Arq Uteis\EWB10_multisim\Ni Electronics Workbench Circuit Design Suite v10.0 Keygen\CRACK\KeyGen.exe =>.Crack,Keygen
C:\Users\asus\Documents\Arq Uteis\EWB10_multisim\Ni Electronics Workbench Circuit Design Suite v10.0 Keygen\CRACK\Multisim_MCU_PKG_100000-lucasp7@yahoo.com,Ivan-PC1.lic =>.Crack,Keygen
C:\Users\asus\Documents\Arq Uteis\EWB10_multisim\Ni Electronics Workbench Circuit Design Suite v10.0 Keygen\CRACK\Multisim_ProPower_PKG_100000-lucasp7@yahoo.com,Ivan-PC1.lic =>.Crack,Keygen
C:\Users\asus\Documents\Arq Uteis\EWB10_multisim\Ni Electronics Workbench Circuit Design Suite v10.0 Keygen\CRACK\Ultiboard_ProPower_PKG_100000-lucasp7@yahoo.com,Ivan-PC1.lic =>.Crack,Keygen
C:\Users\asus\Documents\Arq Uteis\EWB10_multisim\Ni Electronics Workbench Circuit Design Suite v10.0 Keygen\fscommand\cdsinst.exe =>.Crack,Keygen
C:\Users\asus\Documents\Arq Uteis\EWB10_multisim\Ni Electronics Workbench Circuit Design Suite v10.0 Keygen\fscommand\runexplorer.exe =>.Crack,Keygen
C:\Users\asus\Documents\Arq Uteis\EWB10_multisim\Ni Electronics Workbench Circuit Design Suite v10.0 Keygen\fscommand\showreadme.exe =>.Crack,Keygen
C:\Users\asus\Documents\Arq Uteis\EWB10_multisim\Ni Electronics Workbench Circuit Design Suite v10.0 Keygen\Parts\CVIRTE\CVIRTE.msi =>.Crack,Keygen
C:\Users\asus\Documents\Arq Uteis\EWB10_multisim\Ni Electronics Workbench Circuit Design Suite v10.0 Keygen\Parts\CVIRTE\CVIRTE.msi_chs.mst =>.Crack,Keygen
C:\Users\asus\Documents\Arq Uteis\EWB10_multisim\Ni Electronics Workbench Circuit Design Suite v10.0 Keygen\Parts\CVIRTE\CVIRTE.msi_cht.mst =>.Crack,Keygen
C:\Users\asus\Documents\Arq Uteis\EWB10_multisim\Ni Electronics Workbench Circuit Design Suite v10.0 Keygen\Parts\CVIRTE\CVIRTE.msi_deu.mst =>.Crack,Keygen
C:\Users\asus\Documents\Arq Uteis\EWB10_multisim\Ni Electronics Workbench Circuit Design Suite v10.0 Keygen\Parts\CVIRTE\CVIRTE.msi_fra.mst =>.Crack,Keygen
C:\Users\asus\Documents\Arq Uteis\EWB10_multisim\Ni Electronics Workbench Circuit Design Suite v10.0 Keygen\Parts\CVIRTE\CVIRTE.msi_jpn.mst =>.Crack,Keygen
C:\Users\asus\Documents\Arq Uteis\EWB10_multisim\Ni Electronics Workbench Circuit Design Suite v10.0 Keygen\Parts\CVIRTE\CVIRTE.msi_kor.mst =>.Crack,Keygen
--
--

> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
HiddenFix
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-4249470998-23894073-617930920-1000Core] (.Facebook Inc..) -- C:\Users\asus\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-4249470998-23894073-617930920-1000UA] (.Facebook Inc..) -- C:\Users\asus\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-4249470998-23894073-617930920-1000Core - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4249470998-23894073-617930920-1000Core.job [902]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-4249470998-23894073-617930920-1000Core - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4249470998-23894073-617930920-1000Core [902]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-4249470998-23894073-617930920-1000UA - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4249470998-23894073-617930920-1000UA.job [924]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-4249470998-23894073-617930920-1000UA - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4249470998-23894073-617930920-1000UA [924]
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32]
C:\ProgramData\Microsoft Toolkit
C:\Users\asus\AppData\Local\Apps
sysrestore

> Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >

A+

por Guilherme Bastos Seg 06 Abr 2015, 20:35

Pior que essa pasta era do multisim e eu nem consegui usar kkk
Valeu pela ajuda, segue o log

Rapport de ZHPFix 2015.3.18.4 par Nicolas Coolman, Update du 18/03/2015
Fichier d'export Registre :
Run by asus at 06/04/2015 20:33:42
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 28s)
Prefetcher vazio

========== Chaves do Registo ==========
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (Public) : TCP Query User{942A9E5B-1F59-4200-BC60-159C9714E912}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe
ELIMINÉ: FirewallRaz (Public) : UDP Query User{8BD355BF-C424-4D25-A693-68B3150B171D}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe
ELIMINÉ: FirewallRaz (Public) : {A3753120-D3B1-4EDC-A94C-9390C35E478E}
ELIMINÉ: FirewallRaz (Public) : {67A70564-39FB-4206-BC15-4C121A85459A}
ELIMINÉ: FirewallRaz (Public) : {ACEF882B-56C7-4C79-A551-5BD252D7F3E5}
ELIMINÉ: FirewallRaz (Public) : {1DF29F36-92C9-4DC6-9569-BA4E21865F01}
ELIMINÉ: FirewallRaz (Public) : {C0848BB1-1691-4884-B008-BE1FEA463AAC}
ELIMINÉ: FirewallRaz (Public) : {0566DC73-741F-4BD9-A279-757B25148832}
ELIMINÉ: FirewallRaz (Public) : {F71A1316-4004-4A02-8637-14D4BC6C4A55}
ELIMINÉ: FirewallRaz (Public) : {8157A442-F8A4-442B-BFF9-B95BB9F89F64}
ELIMINÉ: FirewallRaz (Public) : {F76EA282-0340-49C5-8151-65EE5EDE0516}
ELIMINÉ: FirewallRaz (Public) : {BC36B696-20AE-4DF7-A17C-CCDEF17655E1}
ELIMINÉ: FirewallRaz (Public) : {7F7599C6-C645-4B1D-8FE2-C0E5C5E94970}
ELIMINÉ: FirewallRaz (Public) : {62F7B292-C016-4A73-BCB9-35555FE0DFF8}
ELIMINÉ: FirewallRaz (Public) : {3C0B1324-095E-41B7-A313-615BCD541BEE}
ELIMINÉ: FirewallRaz (Public) : {D7F22E28-AFCB-46B3-8865-3499566F4E01}
ELIMINÉ: FirewallRaz (Public) : {ADFC9358-E91B-4FE1-A29C-B6809916EADF}
ELIMINÉ: FirewallRaz (Public) : {05326806-48F0-43B7-9066-0AC7FE538442}
ELIMINÉ: FirewallRaz (Public) : {1C80E6D3-FA2C-452F-9B23-686B7C6B6C9C}
ELIMINÉ: FirewallRaz (Public) : {1A7D1E92-CE89-48BE-9EBC-9F4569B400FA}

========== Pastas ==========
ELIMINÉ Temporários windows (119)
ELIMINÉ Flash Cookies (0)
ELIMINÉ: c:\programdata\microsoft toolkit
ELIMINÉ: c:\users\asus\appdata\local\apps

========== Ficheiros ==========
ELIMINÉ Temporários windows (206) (1.717.415.837 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: FacebookUpdateTaskUserS-1-5-21-4249470998-23894073-617930920-1000Core
ELIMINÉ: FacebookUpdateTaskUserS-1-5-21-4249470998-23894073-617930920-1000UA

========== Pastas/Ficheiros ocultos restaurados ==========
Mes images (My Pictures) : 2 restaurados com sucesso
Ma musique (My Music) : 92 restaurados com sucesso
Ma Video (My Video) : 1 restaurados com sucesso
Mes Favoris (My Favorites) : 2 restaurados com sucesso
Mes Documents (My Documents) : 72 restaurados com sucesso
Mon Bureau (My Desktop) : 4 restaurados com sucesso
Menu demarrer (Programs) : 9 restaurados com sucesso
Dossier utilisateur (AppData) : 45 restaurados com sucesso
Programmes (Program Files) : 24 restaurados com sucesso

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
1 : Chaves do Registo
22 : Valores do Registo
4 : Pastas
2 : Ficheiros
2 : Tarefa planificada
251 : Pastas/Ficheiros ocultos restaurados
1 : Restauração Sistema

End of clean in 03mn 26s

========== Caminho do ficheiro do relatório ==========
C:\Users\asus\AppData\Roaming\ZHP\ZHPFix[R1].txt - 02/07/2014 12:57:32 [1431]
C:\Users\asus\AppData\Roaming\ZHP\ZHPFix[R2].txt - 06/04/2015 20:34:11 [3780]

por **joram** Ter 07 Abr 2015, 02:37

/!\ Bom Dia! Guilherme Bastos /!\

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Oleg N. Scherbakov )

> Salve-o no desktop!
> Desabilite seu antivírus!
> Para Windows 7,clique direito em JRT.exe e execute-o como administrador.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Aguarde a conclusão e poste o relatório. ( JRT.txt )

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... par Xplode )
>
> Ou daqui: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ao acessar,clique em "Download Now".
>
> Salve-o no desktop!

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >

> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ps: Dê início ao scan,clicando em "Examinar".

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ao concluir,clique "Limpar" ou "Cleaning" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatório".
> Poste: < C:\AdwCleaner\AdwCleaner[S0].txt >

A+

por Guilherme Bastos Qui 09 Abr 2015, 13:08

Segue os logs:
JRT~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 7 Home Basic x64
Ran by asus on 09/04/2015 at 12:57:12,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\asus\appdata\local\{160B5D27-952E-458F-984A-ECB33141A1DE}
Successfully deleted: [Empty Folder] C:\Users\asus\appdata\local\{16E249A7-72E3-4720-B4E0-D5A70829FAD1}
Successfully deleted: [Empty Folder] C:\Users\asus\appdata\local\{20BAA755-245C-46DA-A1F9-B0B912D8E50A}
Successfully deleted: [Empty Folder] C:\Users\asus\appdata\local\{46FC5F6B-1F76-41B3-A2E4-D751CF234CCA}
Successfully deleted: [Empty Folder] C:\Users\asus\appdata\local\{4B9AEA5E-A419-4988-8301-4ED1B456B21A}
Successfully deleted: [Empty Folder] C:\Users\asus\appdata\local\{60C148A7-0293-4CBD-8212-692ACE41B00B}
Successfully deleted: [Empty Folder] C:\Users\asus\appdata\local\{E879DAC3-578E-484A-AA92-60DEC665A64B}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/04/2015 at 12:59:41,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ADW
# AdwCleaner v4.201 - Relatório criado 09/04/2015 às 13:02:15
# Atualizado 08/04/2015 por Xplode
# Base de dados : 2015-04-08.1 [Servidor]
# Sistema operacional : Windows 7 Home Basic Service Pack 1 (x64)
# Usuário : asus - ASUS-PC
# Executando de : C:\Users\asus\Downloads\adwcleaner_4.201.exe
# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

***** [ Tarefas agendadas ] *****

***** [ Atalhos ] *****

***** [ Registro ] *****

Dados Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] -

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17689

-\\ Google Chrome v41.0.2272.118

-\\ Chromium v

*************************

AdwCleaner[R0].txt - [900 bytes] - [09/04/2015 13:01:31]
AdwCleaner[S0].txt - [816 bytes] - [09/04/2015 13:02:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [874 bytes] ##########

por **joram** Qui 09 Abr 2015, 13:45

/!\ Boa Tarde! Guilherme Bastos /!\

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Swearware )
> Salve-o no desktop! ( Área de trabalho! )
> Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! )
> Feche algum programa/arquivo que esteja aberto.
> Feche,também,seu navegador! ( IE,Firefox,Opera ou Google Chrome )
> Ps: Esteja conectado(a) à Internet. << Importante!
> É preciso estar logado no sistema com privilégios de administrador.
> Execute ComboFix.exe,com um duplo clique.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Surgindo alguma mensagem de erro,execute ComboFix.exe em Modo de Segurança com rede.
> Ou execute a ferramenta da seguinte forma: Tecle ( Windows + R )
> Digite no campo: ComboFix /nombr >> Enter!
> O ComboFix será executado e iniciará seu scan.
> Abrir-se-á a janela Auto Scan.
> Aguarde a finalização de todas as Etapas.
> Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador.
> Durante o scan,evite utilizar o mouse ou teclado!
> Concluindo,poste: C:\ComboFix.txt

"Tentativa de operaçao ilegal em uma chave do Registro marcada para exclusão."

> Ao ocorrer este erro,basta reiniciar o computador!

> "ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão de analistas de segurança."

A+

por Guilherme Bastos Qui 09 Abr 2015, 19:19

Boa noite joram, segue o log
ComboFix 15-04-09.01 - asus 09/04/2015 15:42:54.1.4 - x64
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.6023.4220 [GMT -3:00]
Executando de: c:\users\asus\Downloads\ComboFix.exe
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Outdated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Outdated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\programdata\USBSecurity\svighost.dll
c:\windows\msvcr71.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2015-03-09 to 2015-04-09 ))))))))))))))))))))))))))))
.
.
2015-04-09 18:48 . 2015-04-09 18:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-06 14:20 . 2015-04-06 14:20 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2015-03-31 16:13 . 2015-03-31 16:13 -------- d-sh--w- c:\users\asus\AppData\Local\EmieBrowserModeList
2015-03-24 18:40 . 2015-03-11 04:06 677888 ----a-w- c:\windows\system32\generaltel.dll
2015-03-24 18:40 . 2015-03-11 04:06 760832 ----a-w- c:\windows\system32\invagent.dll
2015-03-24 18:40 . 2015-03-11 04:06 414720 ----a-w- c:\windows\system32\devinv.dll
2015-03-24 18:40 . 2015-03-11 04:05 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-24 18:40 . 2015-03-11 04:05 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-24 18:40 . 2015-03-11 04:05 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-24 18:40 . 2015-03-11 04:02 1107456 ----a-w- c:\windows\system32\aeinv.dll
2015-03-21 13:20 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2015-03-21 13:20 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2015-03-21 13:20 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2015-03-21 13:20 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2015-03-21 13:20 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2015-03-21 13:20 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2015-03-21 13:20 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2015-03-21 12:59 . 2015-03-25 05:02 -------- d-----w- c:\windows\system32\appraiser
2015-03-20 20:27 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-03-20 20:27 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2015-03-20 20:21 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2015-03-20 20:21 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2015-03-20 20:21 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-03-20 20:21 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-03-20 20:21 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2015-03-20 20:21 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-03-20 20:21 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-03-20 20:21 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-03-20 09:31 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-03-20 09:31 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll
2015-03-20 09:31 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll
2015-03-20 09:31 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll
2015-03-20 09:31 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
2015-03-20 09:31 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
2015-03-20 09:31 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2015-03-20 09:30 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
2015-03-20 09:28 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2015-03-20 09:25 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2015-03-20 09:25 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-03-20 09:22 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-20 09:22 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-03-20 09:22 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2015-03-20 09:22 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-09 16:03 . 2013-11-08 12:47 387 ----a-w- c:\users\asus\AppData\Roaming\sp_data.sys
2015-04-06 13:28 . 2014-07-03 12:18 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-17 18:30 . 2015-02-17 18:30 1691808 ----a-w- c:\windows\system32\FM20.DLL
2015-02-05 02:26 . 2014-06-05 22:06 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 02:26 . 2014-06-05 22:06 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 18:05 1729744 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 18:05 1729744 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 18:05 1729744 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-04-08 2889408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-01-23 31090272]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"Akamai NetSession Interface"="c:\users\asus\AppData\Local\Akamai\netsession_win.exe" [2014-10-30 4673432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-03-09 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-27 291608]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-23 318080]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"Diebold - Warsaw"="c:\program files (x86)\Diebold\Warsaw\core.exe" [2014-07-12 518968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-3-9 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files (x86)\GbPlugin\gbiehuni.dll" [2014-08-12 1760312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2014-08-12 17:19 1760312 ----a-w- c:\program files (x86)\GbPlugin\gbiehuni.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 npkycryp;npkycryp;c:\users\asus\Desktop\RagnarokOnline\npkycryp.sys;c:\users\asus\Desktop\RagnarokOnline\npkycryp.sys [x]
R3 Origin Client Service;Origin Client Service;d:\games\Origin\OriginClientService.exe;d:\games\Origin\OriginClientService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 X6va015;X6va015;c:\windows\SysWOW64\Drivers\X6va015;c:\windows\SysWOW64\Drivers\X6va015 [x]
R3 X6va016;X6va016;c:\windows\SysWOW64\Drivers\X6va016;c:\windows\SysWOW64\Drivers\X6va016 [x]
R3 X6va017;X6va017;c:\windows\SysWOW64\Drivers\X6va017;c:\windows\SysWOW64\Drivers\X6va017 [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Cortex\RzKLService.exe;c:\program files (x86)\Razer\Razer Cortex\RzKLService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Warsaw Technology;Warsaw Technology;c:\program files (x86)\Diebold\Warsaw\core.exe;c:\program files (x86)\Diebold\Warsaw\core.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys;c:\windows\SYSNATIVE\DRIVERS\AsusVBus.sys [x]
S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys;c:\windows\SYSNATIVE\DRIVERS\AsusVTouch.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Áudio Intel(R) para telas;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Driver para hub Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-06 19:48 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2015-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-05 02:26]
.
2015-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 04:03]
.
2015-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 04:03]
.
2015-04-09 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2015-04-08 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 18:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 18:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 18:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-12-18 1304296]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
Trusted Zone: itau.com.br
Trusted Zone: itau.com.br\bankline
Trusted Zone: itau.com.br\clickbanking
Trusted Zone: itau.com.br\guardiao
Trusted Zone: itau.com.br\www
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va015]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va015"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va016]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va016"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va017]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va017"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2015-04-09 15:49:31
ComboFix-quarantined-files.txt 2015-04-09 18:49
.
Pré-execução: 61.806.845.952 bytes disponíveis
Pós execução: 61.720.637.440 bytes disponíveis
.
- - End Of File - - A4BB7C46B7A3515130AF18A559683521

por **joram** Qui 09 Abr 2015, 19:35

/!\ Boa Noite! Guilherme Bastos /!\

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Farbar )

> No banner àcima,é para sistemas 32bits!

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> No link àcima,é para sistemas 64bits!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
> Poste os relatórios! (FRST.txt + Addition.txt)

> Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ou clique "Copier le lien (*)" e cole o link ao seu Post.

A+

por Guilherme Bastos Ter 14 Abr 2015, 19:07

Boa noite !
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] log do FRST
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] log addition

por **joram** Ter 14 Abr 2015, 19:48

/!\ Boa Noite! Guilherme Bastos /!\

> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto!
> Salve-as na pasta Downloads! /!\ C:\Users\asus\Downloads /!\

start
CloseProcesses:
emptytemp:
Winlogon\Notify\igfxcui: igfxdev.dll [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4249470998-23894073-617930920-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 npkcrypt; \??\C:\Users\asus\Desktop\RagnarokOnline\npkcrypt.sys [X]
S3 npkycryp; \??\C:\Users\asus\Desktop\RagnarokOnline\npkycryp.sys [X]
S3 X6va015; \??\C:\windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va017; \??\C:\windows\SysWOW64\Drivers\X6va017 [X]
2015-04-09 15:49 - 2015-04-09 15:49 - 00024997 _____ () C:\ComboFix.txt
2015-04-09 15:41 - 2015-04-09 15:49 - 00000000 ____D () C:\Qoobox
2015-04-09 15:41 - 2015-04-09 15:48 - 00000000 ____D () C:\windows\erdnt
2015-04-09 15:41 - 2011-06-26 03:45 - 00256000 _____ () C:\windows\PEV.exe
2015-04-09 15:41 - 2010-11-07 14:20 - 00208896 _____ () C:\windows\MBR.exe
2015-04-09 15:41 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-04-09 15:41 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-04-09 15:41 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-04-09 15:41 - 2000-08-30 21:00 - 00098816 _____ () C:\windows\sed.exe
2015-04-09 15:41 - 2000-08-30 21:00 - 00080412 _____ () C:\windows\grep.exe
2015-04-09 15:41 - 2000-08-30 21:00 - 00068096 _____ () C:\windows\zip.exe
2015-04-09 15:14 - 2015-04-09 15:16 - 05617275 ____R (Swearware) C:\Users\asus\Downloads\ComboFix.exe
2015-04-09 13:01 - 2015-04-09 13:02 - 00000000 ____D () C:\AdwCleaner
2015-04-09 13:00 - 2015-04-09 13:01 - 02217984 _____ () C:\Users\asus\Downloads\adwcleaner_4.201.exe
2015-04-09 12:59 - 2015-04-09 12:59 - 00001359 _____ () C:\Users\asus\Desktop\JRT.txt
2015-04-06 20:34 - 2015-04-06 20:34 - 00003859 _____ () C:\Users\asus\Desktop\ZHPFixReport.txt
2015-04-06 11:20 - 2015-04-06 11:20 - 00164524 _____ () C:\Users\asus\Desktop\ZHPDiag.txt
2015-04-06 11:14 - 2015-04-06 11:14 - 00001945 _____ () C:\Users\asus\Desktop\ZHPFix.lnk
2015-04-06 11:14 - 2015-04-06 11:14 - 00001818 _____ () C:\Users\asus\Desktop\ZHPDiag.lnk
2015-04-06 10:34 - 2015-04-06 10:35 - 06879410 _____ (Nicolas Coolman ) C:\Users\asus\Downloads\ZHPDiag2.exe
2015-04-06 20:34 - 2014-07-02 09:48 - 00000000 ____D () C:\Users\asus\AppData\Roaming\ZHP
2015-04-06 11:14 - 2014-07-02 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2015-04-06 11:14 - 2014-07-02 09:48 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
Task: {45F7BC45-466C-4F83-B79C-C5F5E8D8E984} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js" <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:77846FFE
AlternateDataStreams: C:\ProgramData\Temp:FEF919E6
CreateRestorePoint:
Hosts:
Reboot:
end

> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!
> Na mensagem,clique Executar.
> Poste o relatório! (Fixlog.txt)

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >

A+

por Guilherme Bastos Ter 14 Abr 2015, 22:05

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-04-2015
Ran by asus at 2015-04-14 21:57:45 Run:1
Running from C:\Users\asus\Downloads
Loaded Profiles: asus (Available profiles: asus)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
emptytemp:
Winlogon\Notify\igfxcui: igfxdev.dll [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4249470998-23894073-617930920-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 npkcrypt; \??\C:\Users\asus\Desktop\RagnarokOnline\npkcrypt.sys [X]
S3 npkycryp; \??\C:\Users\asus\Desktop\RagnarokOnline\npkycryp.sys [X]
S3 X6va015; \??\C:\windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va017; \??\C:\windows\SysWOW64\Drivers\X6va017 [X]
2015-04-09 15:49 - 2015-04-09 15:49 - 00024997 _____ () C:\ComboFix.txt
2015-04-09 15:41 - 2015-04-09 15:49 - 00000000 ____D () C:\Qoobox
2015-04-09 15:41 - 2015-04-09 15:48 - 00000000 ____D () C:\windows\erdnt
2015-04-09 15:41 - 2011-06-26 03:45 - 00256000 _____ () C:\windows\PEV.exe
2015-04-09 15:41 - 2010-11-07 14:20 - 00208896 _____ () C:\windows\MBR.exe
2015-04-09 15:41 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-04-09 15:41 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-04-09 15:41 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-04-09 15:41 - 2000-08-30 21:00 - 00098816 _____ () C:\windows\sed.exe
2015-04-09 15:41 - 2000-08-30 21:00 - 00080412 _____ () C:\windows\grep.exe
2015-04-09 15:41 - 2000-08-30 21:00 - 00068096 _____ () C:\windows\zip.exe
2015-04-09 15:14 - 2015-04-09 15:16 - 05617275 ____R (Swearware) C:\Users\asus\Downloads\ComboFix.exe
2015-04-09 13:01 - 2015-04-09 13:02 - 00000000 ____D () C:\AdwCleaner
2015-04-09 13:00 - 2015-04-09 13:01 - 02217984 _____ () C:\Users\asus\Downloads\adwcleaner_4.201.exe
2015-04-09 12:59 - 2015-04-09 12:59 - 00001359 _____ () C:\Users\asus\Desktop\JRT.txt
2015-04-06 20:34 - 2015-04-06 20:34 - 00003859 _____ () C:\Users\asus\Desktop\ZHPFixReport.txt
2015-04-06 11:20 - 2015-04-06 11:20 - 00164524 _____ () C:\Users\asus\Desktop\ZHPDiag.txt
2015-04-06 11:14 - 2015-04-06 11:14 - 00001945 _____ () C:\Users\asus\Desktop\ZHPFix.lnk
2015-04-06 11:14 - 2015-04-06 11:14 - 00001818 _____ () C:\Users\asus\Desktop\ZHPDiag.lnk
2015-04-06 10:34 - 2015-04-06 10:35 - 06879410 _____ (Nicolas Coolman ) C:\Users\asus\Downloads\ZHPDiag2.exe
2015-04-06 20:34 - 2014-07-02 09:48 - 00000000 ____D () C:\Users\asus\AppData\Roaming\ZHP
2015-04-06 11:14 - 2014-07-02 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2015-04-06 11:14 - 2014-07-02 09:48 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
Task: {45F7BC45-466C-4F83-B79C-C5F5E8D8E984} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js" <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:77846FFE
AlternateDataStreams: C:\ProgramData\Temp:FEF919E6
CreateRestorePoint:
Hosts:
Reboot:
end

*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-4249470998-23894073-617930920-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
Amsp => Unable to stop service
Amsp => Error deleting Service
catchme => Service deleted successfully.
npkcrypt => Service deleted successfully.
npkycryp => Service deleted successfully.
X6va015 => Service deleted successfully.
X6va016 => Service deleted successfully.
X6va017 => Service deleted successfully.
C:\ComboFix.txt => Moved successfully.
C:\Qoobox => Moved successfully.
C:\windows\erdnt => Moved successfully.
C:\windows\PEV.exe => Moved successfully.
C:\windows\MBR.exe => Moved successfully.
C:\windows\NIRCMD.exe => Moved successfully.
C:\windows\SWREG.exe => Moved successfully.
C:\windows\SWSC.exe => Moved successfully.
C:\windows\sed.exe => Moved successfully.
C:\windows\grep.exe => Moved successfully.
C:\windows\zip.exe => Moved successfully.
C:\Users\asus\Downloads\ComboFix.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\asus\Downloads\adwcleaner_4.201.exe => Moved successfully.
C:\Users\asus\Desktop\JRT.txt => Moved successfully.
C:\Users\asus\Desktop\ZHPFixReport.txt => Moved successfully.
C:\Users\asus\Desktop\ZHPDiag.txt => Moved successfully.
C:\Users\asus\Desktop\ZHPFix.lnk => Moved successfully.
C:\Users\asus\Desktop\ZHPDiag.lnk => Moved successfully.
C:\Users\asus\Downloads\ZHPDiag2.exe => Moved successfully.
C:\Users\asus\AppData\Roaming\ZHP => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP => Moved successfully.
C:\Program Files (x86)\ZHPDiag => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{45F7BC45-466C-4F83-B79C-C5F5E8D8E984}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45F7BC45-466C-4F83-B79C-C5F5E8D8E984}" => Key deleted successfully.
C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => Key deleted successfully.
C:\ProgramData\Temp => ":77846FFE" ADS removed successfully.
C:\ProgramData\Temp => ":FEF919E6" ADS removed successfully.
Restore point was successfully created.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1.4 GB temporary data.

The system needed a reboot.

==== End of Fixlog 21:59:28 ====

por **joram** Ter 14 Abr 2015, 23:19

/!\ Boa Noite! Guilherme Bastos /!\

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Ou aqui: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Descompacte-o para o seu pendrive!
> Abra a pasta "Tweaking.com - Windows Repair",que foi criada,e execute "Repair_Windows.exe".

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Ps: Estabeleça backups,antes de executar a ferramenta!
> Clique: Step 4 >> Create >> Backup. << Nessa ordem!

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Remove Policies Set By Infections
Remove Temp Files
Repair File Associations
Set Windows Services To Default Startup

> Clique: < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Para correções básicas,marque somente as opções logo àcima.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Para correções mais abrangentes,todas as checkbox podem ser marcadas.
> Mas...o risco de travamentos é alto!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Mantenha estas marcações e Clique Start.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Haverá reboot! << Aguarde!
> Informe ao concluir!

Abs!

por Guilherme Bastos Qua 15 Abr 2015, 13:26

Boa tarde joram,
Fiz o que pediu mas não achei relatório, tem algum nome específico ou não tem mesmo ?

por **joram** Qua 15 Abr 2015, 16:23

Guilherme Bastos escreveu:Boa tarde joram,
Fiz o que pediu mas não achei relatório, tem algum nome específico ou não tem mesmo ?

/!\ Olá! Guilherme Bastos /!\

> Não há necessidade do envio do relatório!

> Diga-me se após o uso da ferramenta,o Windows não apresenta mais erros.

A+

por Guilherme Bastos Qua 15 Abr 2015, 17:50

O erro que eu descrevi inicialmente parou, deu uma melhorada na velocidade do notebook.
Só to achando estranho que toda vez que abre o desktop ele abre um bloco de notas (inclusive agora eu vejo ele na area de trabalho com o nome desktop.ini) com a seguinte mensagem:

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

Ai não sei o que é

por **joram** Qua 15 Abr 2015, 18:18

/!\ Boa Noite! Guilherme Bastos /!\

> Faça uma limpeza com o SFTGC.

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Pierre13 )
> Salve-o no desktop!
> Para Windows Vista e 7,execute "SFTGC.exe" como administrador!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Execute-o e clique "Go".
> Aguarde seu término,que é rápido.
> Poste o relatório! ( SFT.txt )
> Ps: De acordo com o tamanho do relatório,não poste-o diretamente!

> Acesse,para esta tarefa! < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Informe se a mensagem aparece!

A+

por Guilherme Bastos Qua 15 Abr 2015, 18:56

SFTGC relatório (Pierre13) de quarta-feira 15 abril 2015 à 18:24:00 version : 2.2.0.1
Atualizado 25/11/2014
Ferramenta lançada em modo Normal e Como um administrador
Windows 7 Home Basic Service Pack 1 64 bits

Tool start in C:\Users\asus\Downloads

265 Itens Excluídos => 16.69 Mo liberado. (41 s)

C:\Users\asus\AppData\Local\Temp\.challenge_plain
C:\Users\asus\AppData\Local\Temp\AdobeARM.log
C:\Users\asus\AppData\Local\Temp\qtsingleapp-EAABFC-151a-1-lockfile
C:\Users\asus\AppData\Local\Temp\Skype
C:\Users\asus\AppData\Local\Temp\Trend Micro
C:\Users\asus\AppData\Local\Temp\WPDNSE
C:\Users\asus\AppData\Local\Temp\_ir_sf_temp_0
C:\Users\asus\AppData\Local\Temp\~DF7D06957E0E754539.TMP
C:\Users\asus\AppData\Local\Temp\Trend Micro\UniClient
C:\Users\asus\AppData\Local\Temp\Trend Micro\UniClient\Debug
C:\Users\asus\AppData\Local\Temp\Trend Micro\UniClient\Debug\Amsp_Event.log
C:\Users\asus\AppData\Local\Temp\Skype\DbTemp
C:\Users\asus\AppData\LocalLow\Adobe
C:\Users\asus\AppData\LocalLow\EmieBrowserModeList
C:\Users\asus\AppData\LocalLow\EmieSiteList
C:\Users\asus\AppData\LocalLow\EmieUserList
C:\Users\asus\AppData\LocalLow\Heroes and Generals
C:\Users\asus\AppData\LocalLow\PlayReady
C:\Users\asus\AppData\LocalLow\raidcall
C:\Users\asus\AppData\LocalLow\RCTW
C:\Users\asus\AppData\LocalLow\Sun
C:\Users\asus\AppData\LocalLow\Temp
C:\Users\asus\AppData\LocalLow\Unity
C:\Users\asus\AppData\Local\Microsoft\Windows\History\desktop.ini
C:\Users\asus\AppData\Local\Microsoft\Windows\History\History.IE5
C:\Users\asus\AppData\Local\Microsoft\Windows\History\Low
C:\Users\asus\AppData\Local\Microsoft\Windows\History\Low\History.IE5
C:\Users\asus\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012013112520131202
C:\Users\asus\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012013120220131209
C:\Users\asus\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012013120920131210
C:\Users\asus\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
C:\Users\asus\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012015032320150330
C:\Users\asus\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012015033020150406
C:\Users\asus\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012015040620150413
C:\Users\asus\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012015041320150414
C:\Users\asus\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012015041420150415
C:\Users\asus\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012015041520150416
C:\Users\asus\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012015041520150416\container.dat
C:\Users\asus\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012015041420150415\container.dat
C:\Users\asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Sqm
C:\Users\asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2C4V2IEJ
C:\Users\asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
C:\Users\asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F1LW93TV
C:\Users\asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJF8D6N2
C:\Users\asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO1AA7GK\wm_com_v_rgb_15x15[1].png
C:\Users\asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJF8D6N2\MG_pt-br[1].xml
C:\Users\asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJF8D6N2\update[1].htm
C:\Users\asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F1LW93TV\data[1].xml
C:\Users\asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F1LW93TV\media_guide_16x16[1].png
C:\Users\asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2C4V2IEJ\AllServices[1].xml
C:\Users\asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2C4V2IEJ\mg4_wmp12_30x30_2[1].png
C:\Users\asus\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations
C:\Users\asus\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
C:\Users\asus\AppData\Roaming\Microsoft\Windows\Recent\desktop.lnk
C:\Users\asus\AppData\Roaming\Microsoft\Windows\Recent\Downloads.lnk
C:\Users\asus\AppData\Roaming\Microsoft\Windows\Recent\Fixlog.lnk
C:\Users\asus\AppData\Roaming\Microsoft\Windows\Recent\lta_samantha_bentley_om120814_480p_1000.lnk
C:\Users\asus\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
C:\Users\asus\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms
C:\Users\asus\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74ea779831912e30.customDestinations-ms
C:\Users\asus\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ec3e36af0cdcb3e1.customDestinations-ms
C:\Users\asus\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1b4dd67f29cb1962.automaticDestinations-ms
C:\Users\asus\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\422397bcc2e274f5.automaticDestinations-ms
C:\Users\asus\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\9b9cdc69c1c24e2b.automaticDestinations-ms
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\098A74825DEB4C50FAE88C91A0B9713D_A95B4C8B6F5C96B78EE98784995320FE
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1060B7ADDE0FF6DE85637BF89FC4CEBC_009EBB1FCC5ED18B08CF6FEBAEC6AB3C
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1649B3188CAFEAFDE9966FA75F1A9EAF
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1DAF2884EC4DFA96BA4A58D4DBC9C406
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1F39B5CFACECFDE48DB25BCA2231FAC6_EFF75CC327209C24948C6870FD41C872
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\207B9FD92391B9B2A60A89B4C965D5DF
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\21253908F3CB05D51B1C2DA8B681A785
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\21EA03E12A6F9D076B6BC3318EA9363E_6EF0095DA824AE045AE9FC5B645DF095
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\21EA03E12A6F9D076B6BC3318EA9363E_826115E4465E0D44217BB13A36970BC4
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2427C246DCF85A06DD675914EDA68038_0AF402BF9A01FDF90C610C7EF3CC3450
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\28E6E448B6EE09BA9B433BEAA12FC67C_CF68B2AB40FF5C93ADFB6C84F946C751
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3130B1871A126520A8C47861EFE3ED4D
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\37C951188967C8EB88D99893D9D191FE
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3823B0119FA7D68ECD86999B07F5395F_E0403B009F50E7EBAA01B115ECE34BF3
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4309200C3DBAD0F6F0DFACE9165FD092
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\44FEE94F47151621461DCB0022F343BE_7DB0E371B710C9A241D822783493CABC
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_5459F68426E422817E179A6A1EB79BD5
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_B1CB1333D42495D9A10D2CAA47E4B14A
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4F4970A584703DA27ECC71A04C0A8133
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_357291A6FE673B87C13C03178A0D3FE0
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6B3C86056F9AA33BFBA8EF35E4D23D14
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6AA3321A15A787985201D7A6820782F0_35BFA9D40D21E81B408449EB9D85CCA4
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6AA3321A15A787985201D7A6820782F0_4E35DE6F4FCFB7BE2C045F6B5ED89FC8
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7396C420A8E1BC1DA97F1AF0D10BAD21
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77FBC64BA73370EC2F659BAD977FF2AD_9767A5403B067D539A02E2AD0F3C2C4A
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_066F94648CDEF710B031EC526EF705DE
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_613681F5EDAFF13D9171036A014C8859
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_C7D32D5FA850D7B78AC70733A5EBCA63
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_E23C16329B4C13EA1EF0AC4934D46EE1
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_8CA7164968F366C9A94AC8E71C4BDD9B
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_96DEA2BAAACB5C7A91C910F0C6DB31C3
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A1377F7115F1F126A15360369B165211
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AC9005F5466BD463DF06D711B370595F
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B8CC409ACDBF2A2FE04C56F2875B1FD6
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B912B2C6928A18B8CD7D50CF08BEA95B_59F02E5914F2CA1DE4FDE7879D99D153
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE432C2EE45E016635C9B13C029DA7E7
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C0AF5F80AA0D55CA55AD4471DD73D761
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_81A0840C0AD974942DF53C0F7BFF94D8
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA7B2D59B4E9BC2D316D1AECDFC12F63_F2F8C36E48A4BF7F6684EEABA37385A5
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_835A2FD7EE5F1F37B7872C78D42A88BF
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_BBB35F3D100606CE5776FB7E4248C8F3
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_C363969B7C41CF630D132EE0275D51B0
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_DBC0394482C86DF73874BFA8B90905A8
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DF9BB3ED1C25E516AC21AB5B0E493C11_90A4D08122136AD6240ADFE944C9F340
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E3B4D810CDA56990F6FC5106B77DA149_5ED16CDE7B849136BDA67AFC782542DE
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E48DDEA3BF68DF580551FA0F27950B54
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E82ACDA9F5169E971D6B19B65E168F2A_36A8F684D3E771C7AE147FEF3745A8C2
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E82ACDA9F5169E971D6B19B65E168F2A_ADC728A885BCE2A7A73B1D92DF32143F
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E82ACDA9F5169E971D6B19B65E168F2A_F6B87461FD8410E117804A8254501C39
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F6D2120A74D8E120A79AE4737511E774_CBF03BB0597616AB215DA8B0791939FA
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F90F18257CBB4D84216AC1E1F3BB2C76
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB788E090BC1F3AA2FBC9E8FB2859601
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\098A74825DEB4C50FAE88C91A0B9713D_A95B4C8B6F5C96B78EE98784995320FE
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1060B7ADDE0FF6DE85637BF89FC4CEBC_009EBB1FCC5ED18B08CF6FEBAEC6AB3C
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1649B3188CAFEAFDE9966FA75F1A9EAF
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1DAF2884EC4DFA96BA4A58D4DBC9C406
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1F39B5CFACECFDE48DB25BCA2231FAC6_EFF75CC327209C24948C6870FD41C872
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\207B9FD92391B9B2A60A89B4C965D5DF
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\21253908F3CB05D51B1C2DA8B681A785
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\21EA03E12A6F9D076B6BC3318EA9363E_6EF0095DA824AE045AE9FC5B645DF095
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\21EA03E12A6F9D076B6BC3318EA9363E_826115E4465E0D44217BB13A36970BC4
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\23B523C9E7746F715D33C6527C18EB9D
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2427C246DCF85A06DD675914EDA68038_0AF402BF9A01FDF90C610C7EF3CC3450
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\28E6E448B6EE09BA9B433BEAA12FC67C_CF68B2AB40FF5C93ADFB6C84F946C751
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3130B1871A126520A8C47861EFE3ED4D
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\37C951188967C8EB88D99893D9D191FE
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3823B0119FA7D68ECD86999B07F5395F_E0403B009F50E7EBAA01B115ECE34BF3
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4309200C3DBAD0F6F0DFACE9165FD092
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\44FEE94F47151621461DCB0022F343BE_7DB0E371B710C9A241D822783493CABC
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_5459F68426E422817E179A6A1EB79BD5
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_B1CB1333D42495D9A10D2CAA47E4B14A
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4F4970A584703DA27ECC71A04C0A8133
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_357291A6FE673B87C13C03178A0D3FE0
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_6B3C86056F9AA33BFBA8EF35E4D23D14
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6AA3321A15A787985201D7A6820782F0_35BFA9D40D21E81B408449EB9D85CCA4
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6AA3321A15A787985201D7A6820782F0_4E35DE6F4FCFB7BE2C045F6B5ED89FC8
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7396C420A8E1BC1DA97F1AF0D10BAD21
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77FBC64BA73370EC2F659BAD977FF2AD_9767A5403B067D539A02E2AD0F3C2C4A
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_066F94648CDEF710B031EC526EF705DE
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_613681F5EDAFF13D9171036A014C8859
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_C7D32D5FA850D7B78AC70733A5EBCA63
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_E23C16329B4C13EA1EF0AC4934D46EE1
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_8CA7164968F366C9A94AC8E71C4BDD9B
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_96DEA2BAAACB5C7A91C910F0C6DB31C3
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A1377F7115F1F126A15360369B165211
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AC9005F5466BD463DF06D711B370595F
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B8CC409ACDBF2A2FE04C56F2875B1FD6
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B912B2C6928A18B8CD7D50CF08BEA95B_59F02E5914F2CA1DE4FDE7879D99D153
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE432C2EE45E016635C9B13C029DA7E7
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C0AF5F80AA0D55CA55AD4471DD73D761
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_81A0840C0AD974942DF53C0F7BFF94D8
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA7B2D59B4E9BC2D316D1AECDFC12F63_F2F8C36E48A4BF7F6684EEABA37385A5
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_835A2FD7EE5F1F37B7872C78D42A88BF
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_BBB35F3D100606CE5776FB7E4248C8F3
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_C363969B7C41CF630D132EE0275D51B0
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_DBC0394482C86DF73874BFA8B90905A8
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DF9BB3ED1C25E516AC21AB5B0E493C11_90A4D08122136AD6240ADFE944C9F340
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E3B4D810CDA56990F6FC5106B77DA149_5ED16CDE7B849136BDA67AFC782542DE
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E48DDEA3BF68DF580551FA0F27950B54
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E82ACDA9F5169E971D6B19B65E168F2A_36A8F684D3E771C7AE147FEF3745A8C2
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E82ACDA9F5169E971D6B19B65E168F2A_ADC728A885BCE2A7A73B1D92DF32143F
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E82ACDA9F5169E971D6B19B65E168F2A_F6B87461FD8410E117804A8254501C39
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F6D2120A74D8E120A79AE4737511E774_CBF03BB0597616AB215DA8B0791939FA
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F90F18257CBB4D84216AC1E1F3BB2C76
C:\Users\asus\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FB788E090BC1F3AA2FBC9E8FB2859601
C:\windows\TEMP\Diebold
C:\windows\TEMP\lpksetup-20150415-022419-0.log
C:\windows\TEMP\lpksetup-20150415-131728-0.log
C:\windows\TEMP\ScheduledHeartbeat.log
C:\windows\TEMP\Diebold\Warsaw
C:\windows\Prefetch\AgAppLaunch.db
C:\windows\Prefetch\AgCx_SC1.db
C:\windows\Prefetch\AgCx_SC1.db.trx
C:\windows\Prefetch\AgCx_SC4.db
C:\windows\Prefetch\AgGlFaultHistory.db
C:\windows\Prefetch\AgGlFgAppHistory.db
C:\windows\Prefetch\AgGlGlobalHistory.db
C:\windows\Prefetch\AgGlUAD_P_S-1-5-21-4249470998-23894073-617930920-1000.db
C:\windows\Prefetch\AgGlUAD_S-1-5-21-4249470998-23894073-617930920-1000.db
C:\windows\Prefetch\AgRobust.db
C:\windows\Prefetch\AUDIODG.EXE-AB22E9A6.pf
C:\windows\Prefetch\BOOTSTRAP.EXE-1A996151.pf
C:\windows\Prefetch\CHROME.EXE-5349D2D7.pf
C:\windows\Prefetch\CMD.EXE-0BD30981.pf
C:\windows\Prefetch\CONHOST.EXE-0C6456FB.pf
C:\windows\Prefetch\CONSENT.EXE-40419367.pf
C:\windows\Prefetch\CSGO.EXE-DCBA800C.pf
C:\windows\Prefetch\DLLHOST.EXE-2C0B6678.pf
C:\windows\Prefetch\DLLHOST.EXE-6AA475E1.pf
C:\windows\Prefetch\DLLHOST.EXE-E173F32A.pf
C:\windows\Prefetch\DLLHOST.EXE-F99091EF.pf
C:\windows\Prefetch\FLASHPLAYERUPDATESERVICE.EXE-0129C0B2.pf
C:\windows\Prefetch\GAMEOVERLAYUI.EXE-BF84A71A.pf
C:\windows\Prefetch\GOOGLEUPDATE.EXE-0E1E7B82.pf
C:\windows\Prefetch\IGFXTRAY.EXE-F30110F3.pf
C:\windows\Prefetch\Layout.ini
C:\windows\Prefetch\LMS.EXE-E687E9C2.pf
C:\windows\Prefetch\NOTEPAD.EXE-C5670914.pf
C:\windows\Prefetch\NTOSBOOT-B00DFAAD.pf
C:\windows\Prefetch\PfSvPerfStats.bin
C:\windows\Prefetch\ReadyBoot
C:\windows\Prefetch\RUNDLL32.EXE-38FE020E.pf
C:\windows\Prefetch\RUNDLL32.EXE-89FB5927.pf
C:\windows\Prefetch\RUNDLL32.EXE-8CB5CF15.pf
C:\windows\Prefetch\SEARCHFILTERHOST.EXE-44162447.pf
C:\windows\Prefetch\SEARCHPROTOCOLHOST.EXE-69C456C3.pf
C:\windows\Prefetch\SFTGC (1).EXE-A0980532.pf
C:\windows\Prefetch\STEAMERRORREPORTER.EXE-7D9A1753.pf
C:\windows\Prefetch\STEAMSERVICE.EXE-2A912AE7.pf
C:\windows\Prefetch\STEAMWEBHELPER.EXE-4F926DC1.pf
C:\windows\Prefetch\SVCHOST.EXE-7C9048C0.pf
C:\windows\Prefetch\TASKENG.EXE-35FA9C06.pf
C:\windows\Prefetch\TASKHOST.EXE-A0F5E092.pf
C:\windows\Prefetch\TRUSTEDINSTALLER.EXE-766EFF52.pf
C:\windows\Prefetch\VSSVC.EXE-6C8F0C66.pf
C:\windows\Prefetch\WERMGR.EXE-F439C551.pf
C:\windows\Prefetch\WIMAXCONSOLE.EXE-E637FDB7.pf
C:\windows\Prefetch\WMIADAP.EXE-BB21CD77.pf
C:\windows\Prefetch\WMIPRVSE.EXE-E8B8DD29.pf
C:\windows\Prefetch\WSCSTATUSCONTROLLER.EXE-942F7D69.pf
C:\windows\Prefetch\WUAUCLT.EXE-5D573F0E.pf
C:\windows\Prefetch\WUDFHOST.EXE-DEBBE5F1.pf
C:\windows\Prefetch\ReadyBoot\Trace1.fx
C:\windows\Prefetch\ReadyBoot\Trace2.fx

Fim do relatório.

Pensez à vider la corbeille !

A mensagem continua, mas o notebook parece normal

por **joram** Qua 15 Abr 2015, 19:17

/!\ Olá! Guilherme Bastos /!\

> São parâmetros de configuração que localizados em pastas impróprias,ocasionam esse sintoma.
> Verifique se este Fix it o corrige.

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Vá à este endereço!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Execute o Fix it ali proposto!
> Clique: "Fix this problem"
> Siga as recomendações e ao concluir,reinicie o computador!
> Informe se resolveu!

A+

por Guilherme Bastos Sex 17 Abr 2015, 17:20

deu um erro que este fix it não se aplica a meu sistema operacional ou a versão do aplicativo e não achei outro nesse endereço

por **joram** Sex 17 Abr 2015, 20:17

Guilherme Bastos escreveu:deu um erro que este fix it não se aplica a meu sistema operacional ou a versão do aplicativo e não achei outro nesse endereço

/!\ Boa Noite! Guilherme Bastos /!\

> Manualmente,vc pode deletar estes desktop.ini,que a mensagem desaparecerá.
> Execute uma Pesquisa em seu PC,e remova todos os desktop.ini,cuja data de modificação seja recente.
> Pode ser as modificações datadas de 2015 ou 2014. isso aí!

> Informe ao concluir!

Abs!

por **joram** Ter 01 Set 2015, 21:14

Tópico Arquivado

Como o autor não respondeu por mais de 45 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.

por Conteúdo patrocinado

Possíveis Malwares

Possíveis Malwares

Re: Possíveis Malwares

Re: Possíveis Malwares

Re: Possíveis Malwares

Re: Possíveis Malwares

Re: Possíveis Malwares

Re: Possíveis Malwares

Re: Possíveis Malwares

Re: Possíveis Malwares

Re: Possíveis Malwares

Re: Possíveis Malwares

Re: Possíveis Malwares

Re: Possíveis Malwares

Re: Possíveis Malwares

Re: Possíveis Malwares

Re: Possíveis Malwares

Re: Possíveis Malwares

Re: Possíveis Malwares

Re: Possíveis Malwares

Re: Possíveis Malwares

Re: Possíveis Malwares

Re: Possíveis Malwares

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31