[Resolvido] Internet lenta - possível vírus

Bergs · Junho 5, 2014

Olá a todos,

Minha internet ficou lenta a mais o menos 1 semana, me dei conta de que isso pode ser vírus pois só no meu notebook está assim nos outros computadores está rodando normal.

quando acesso qualquer navegador sempre inicia com uma página que nunca acessei parece coisa de instalador de programas o link é o http://br.hao123.com/?tn=opencd_hp_hao123_br (Não acessem não sei se está passando víruz) isso aconteceu quando deixei meu irmão usar meu computador não consegui desinstalar isso. Essa página inicial estranha já está ativada a um bom tempo não sei se tem alguma relação com o problema da internet lenta.

Acabei desinstalando o avast pois não pegou esse suposto vírus ativei o kaspersky 2014 versão trial passei o scan completo e também não achou nada.

Segue o log para analise.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:35:24, on 05/06/2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16438)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\windows\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad

\scpsssh2.dll

O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:

\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker

\ie_content_blocker_plugin.dll

O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:

\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard

\ie_virtual_keyboard_plugin.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:

\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files

(x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files

(x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe

Gamma Loader.exe

O8 - Extra context menu item: Baixar com Mipony - file://C:\Program Files (x86)\MiPony\Browser

\IEContext.htm

O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files

(x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard

\ie_virtual_keyboard_plugin.dll

O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files

(x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows

live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows

live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad

\scpLIB.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems

Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows

\System32\alg.exe (file missing)

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files

(x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows

\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows

\system32\fxssvc.exe (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files

(x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files

(x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file

missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:

\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file

missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows

\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:

\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows

\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows

\system32\lsass.exe (file missing)

O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files (x86)\Scpad\scpVista.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows

\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows

\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows

\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:

\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:

\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows

\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows

\system32\vssvc.exe (file missing)

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin

\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:

\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows

\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:

\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown

owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 7683 bytes

Power Max · Junho 5, 2014

Olá Bergs.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:

http://www.bleepingcomputer.com/download/adwcleaner/

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[s0].txt

Ficamos na espera.

Bergs · Junho 6, 2014

Olá Power Max,

Segue o log do adwclear:

# AdwCleaner v3.212 - Relatório criado 06/06/2014 às 20:31:17

# Atualizado 05/06/2014 por Xplode

# Sistema Operacional : Microsoft Windows XP Service Pack 3 (64 bits)

# Usuário : windows - WINDOWS-PC

# Executando de : C:\Users\windows\Downloads\AdwCleaner.exe

# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Users\windows\AppData\Roaming\baidu

Pasta Deletada : C:\Users\windows\AppData\Roaming\OpenCandy

Pasta Deletada : C:\Users\windows\Documents\Updater

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v27.0.1 (pt-BR)

[ Arquivo : C:\Users\windows\AppData\Roaming\Mozilla\Firefox\Profiles\qinpg4g4.default\prefs.js ]

-\\ Google Chrome v35.0.1916.114

[ Arquivo : C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [search Provider] : hxxp://br.ask.com/web?q={searchTerms}

Deletedo [Extension] : blbkdnmdcafmfhinpmnlhhddbepgkeaa

*************************

AdwCleaner[R0].txt - [287 octets] - [05/06/2014 23:26:01]

AdwCleaner[R1].txt - [287 octets] - [05/06/2014 23:30:51]

AdwCleaner[R2].txt - [1691 octets] - [06/06/2014 20:13:46]

AdwCleaner[s0].txt - [1593 octets] - [06/06/2014 20:31:17]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1653 octets] ##########

Power Max · Junho 6, 2014

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:

http://www.hijackthis.nl/smeenk/

:seta: Para executá-lo corretamente siga as dicas deste tutorial:

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Bergs · Junho 7, 2014

Segue o log do zoek:

Zoek.exe v5.0.0.0 Updated 02-June-2014

Tool run by windows on 06/06/2014 at 21:17:45,81.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\windows\Downloads\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

06/06/2014 21:22:09 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.

127.0.0.1 localhost

::1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\windows\AppData\Roaming\Mozilla\Firefox\Profiles\qinpg4g4.default\prefs.js:

user_pref("browser.startup.homepage", "http://br.hao123.com/?tn=opencd_hp_hao123_br");

Added to C:\Users\windows\AppData\Roaming\Mozilla\Firefox\Profiles\qinpg4g4.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\windows\AppData\Roaming\Pencil\Profiles\zmhoykj3.default\prefs.js:

Added to C:\Users\windows\AppData\Roaming\Pencil\Profiles\zmhoykj3.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

"C:\Users\windows\AppData\Roaming\Loquax" deleted

"C:\Users\windows\AppData\Roaming\GrabPro" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"content_blocker@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com" [05/06/2014 00:15]

==== Firefox Extensions ======================

ProfilePath: C:\Users\windows\AppData\Roaming\Mozilla\Firefox\Profiles\qinpg4g4.default

- Download YouTube Videos as MP4 - %ProfilePath%\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\windows\AppData\Roaming\Mozilla\Firefox\Profiles\qinpg4g4.default

ADC539F67D3198679F480974EE203678 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.210.11

15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx[26/11/2013 04:55]

hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx[26/11/2013 04:55]

jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx[04/06/2014 22:28]

Google Drive - windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Kaspersky URL Advisor - windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj

Dangerous Websites Blocker - windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail

Virtual Keyboard - windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh

Google Wallet - windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

Google Docs - windows\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - windows\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - windows\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - windows\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Invalid Access Token. - windows\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg

WhatFont - windows\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm

Chrome In-App Payments service - windows\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - windows\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\windows\AppData\Local\Google\Chrome SxS\User Data\Default\Preferences was reset successfully

C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

C:\Users\windows\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\windows\Desktop\DBDesigner 4.lnk - C:\Program Files (x86)\fabFORCE\DBDesigner4.exe

C:\Users\windows\Desktop\Format Factory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe

C:\Users\windows\Desktop\IETester.lnk - C:\Program Files (x86)\Core Services\IETester\IETester.exe

C:\Users\windows\Desktop\MiPony.lnk - C:\Program Files (x86)\MiPony\MiPony.exe

C:\Users\windows\Desktop\MySQL Workbench 5.2 CE.lnk - C:\Program Files (x86)\MySQL\MySQL Workbench 5.2 CE\MySQLWorkbench.exe

C:\Users\windows\Desktop\WampServer.lnk - C:\wamp\wampmanager.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\Users\Public\Desktop\Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe

C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://br.hao123.com/?tn=opencd_hp_hao123_br

C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe

C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://br.hao123.com/?tn=opencd_hp_hao123_br

==== shortcuts in Users Start Menu ======================

C:\Users\windows\AppData\Roaming\Microsoft\windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\windows\AppData\Roaming\Microsoft\windows\Start Menu\Programs\Accessories\Command Prompt.lnk - C:\Windows\system32\cmd.exe

C:\Users\windows\AppData\Roaming\Microsoft\windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus\End User License Agreement.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\Doc\en\license.txt

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus\Kaspersky Anti-Virus Help.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\Doc\en\kav\context.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus\Kaspersky Anti-Virus.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus\Remove Kaspersky Anti-Virus.lnk - C:\Windows\SysWOW64\msiexec.exe /i{6F6873E3-5C92-4049-B511-231A138DD090} REMOVE=ALL

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus\Visit Kaspersky Lab on the Web.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kl.url

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe

C:\Users\windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://br.hao123.com/?tn=opencd_hp_hao123_br

C:\Users\windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk - C:\Program Files (x86)\MiPony\MiPony.exe

C:\Users\windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WampServer.lnk - C:\wamp\wampmanager.exe

C:\Users\windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe

C:\Users\windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe

C:\Users\windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\Users\windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Photoshop CS2.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop CS2\Photoshop.exe

C:\Users\windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://br.hao123.com/?tn=opencd_hp_hao123_br

C:\Users\windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sublime Text 3.lnk - C:\Program Files\Sublime Text 3\sublime_text.exe

C:\Users\windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== shortcuts After Repair ======================

C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==== Reset IE Proxy ======================

Value(s) before fix:

"ProxyEnable"=dword:00000000

Value(s) after fix:

"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\windows\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\windows\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\windows\AppData\Local\Mozilla\Firefox\Profiles\qinpg4g4.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\windows\AppData\Local\Google\Chrome SxS\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1 folders=2 180 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully

C:\Users\Default User\AppData\Local\temp emptied successfully

C:\Users\Public\AppData\Local\temp emptied successfully

C:\Users\windows\AppData\Local\Temp will be emptied at reboot

C:\Users\USURIO~1\AppData\Local\temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\windows\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 06/06/2014 at 21:50:06,50 ======================

Power Max · Junho 7, 2014

Baixe o programa Junkware Removal Tool no link abaixo:

http://thisisudax.org/downloads/JRT.exe

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

Bergs · Junho 7, 2014

Olá Power Max,

Parece que ainda continua com a internet lenta, já saiu aquela página inicial do browser.

Baixei o programa, mas estou sem tempo para fazer o escaneamento hoje, amanhã se Deus quiser posto o novo log.

Valeu pela força.

Power Max · Junho 7, 2014

ok, fico na espera. :)

Bergs · Junho 7, 2014

Bom dia Power Max!

Atual Status: super lento

JRT.txt:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Professional x64

Ran by windows on 07/06/2014 at 8:18:56,04

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 07/06/2014 at 8:33:03,72

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Power Max · Junho 7, 2014

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Bergs · Junho 7, 2014

Zoek.exe v5.0.0.0 Updated 02-June-2014

Tool run by windows on 07/06/2014 at 11:36:42,43.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\windows\Downloads\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-07-005006.log 17962 bytes

==== Folders Found ======================

==== Files Found ======================

--- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\Cleaner\baidu_av_4_0_3_57478.ini ---

Company: ------

File Description: ------

File Version: ------

Product Name: ------

Copyright: ------

Original Filename: ------

File type: ----a-w-

File size: 251

Created time: 2014-06-05 01:15:05

Modified time: 2014-06-04 19:12:32

MD5: 3D8C1FF515F58D45FAF52E4E025F5D02

SHA1: 2F402D66774979A01E960F728AC9E36D75219CF3

==== Registry Search Results for "Baidu" ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]

"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]

"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_USERS\S-1-5-21-1299730479-2196865454-1643372235-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1299730479-2196865454-1643372235-1000\Software\Avast Software\WRC\SearchRules\baidu.com]

"url"="^http\\:\\/\\/www\\.baidu\\.com\\/.*"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1 folders=2 180 bytes)

==== EOF on 07/06/2014 at 11:43:10,32 ======================

Power Max · Junho 8, 2014

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Bergs · Junho 10, 2014

Zoek.exe v5.0.0.0 Updated 02-June-2014

Tool run by windows on 09/06/2014 at 21:58:35,71.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\windows\Downloads\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-07-005006.log 17962 bytes

C:\zoek-results2014-06-07-144310.log 2035 bytes

==== System Restore Info ======================

09/06/2014 22:01:10 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]

"DllName"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]

"DllName"=-

[-HKEY_USERS\S-1-5-21-1299730479-2196865454-1643372235-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1299730479-2196865454-1643372235-1000\Software\Avast Software\WRC\SearchRules\baidu.com]

[HKEY_USERS\S-1-5-21-1299730479-2196865454-1643372235-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1299730479-2196865454-1643372235-1000\Software\Avast Software\WRC\SearchRules\baidu.com]

"url"=-

==== Folders Found ======================

==== Files Found ======================

--- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\Cleaner\baidu_av_4_0_3_57478.ini ---

Company: ------

File Description: ------

File Version: ------

Product Name: ------

Copyright: ------

Original Filename: ------

File type: ----a-w-

File size: 251

Created time: 2014-06-05 01:15:05

Modified time: 2014-06-04 19:12:32

MD5: 3D8C1FF515F58D45FAF52E4E025F5D02

SHA1: 2F402D66774979A01E960F728AC9E36D75219CF3

==== Registry Search Results for "Baidu" ======================

[HKEY_USERS\S-1-5-21-1299730479-2196865454-1643372235-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1299730479-2196865454-1643372235-1000\Software\Avast Software\WRC\SearchRules\baidu.com]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1 folders=2 180 bytes)

==== EOF on 09/06/2014 at 22:07:28,83 ======================

Power Max · Junho 10, 2014

:seta: Faça o download do < ZHPDiag > < > ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

Bergs · Junho 10, 2014

Olá Power Max,

Boa noite!, creio que amanhã posto o relatório do ZHPDiag.

Power Max · Junho 10, 2014

ok, ficamos na espera.

Bergs · Junho 11, 2014

~ Relatório do ZHPDiag v2014.6.9.87 - Nicolas Coolman (09/06/2014)

~ Iniciado por windows (10/06/2014 21:52:59)

~ Endereço do Website : http://nicolascoolman.fr

~ Tradução pelo utilizador

~ Estatuto da versão : Versão atualizada.

~ Lista Branca : Ativado pelo programa

~ Elevação dos Privilégios : OK

~ Controle de Conta de Utilizador : Activate by user

---\\ Navegadores Internet

MSIE: Internet Explorer v11.0.9600.17041 (Defaut)

MFIE: Mozilla Firefox 27.0.1

GCIE: Google Chrome v35.0.1916.114

---\\ Informações sobre os produtos Windows

~ Langage: Portugais

Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)

Windows Server License Manager Script : OK

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema

Kaspersky Anti-Virus v14.0.0.4651

Windows Defender W7 (Deactivate)

---\\ Softwares d'optimização do sistema

CCleaner v4.00

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares

Adobe Flash Player 13 ActiveX

Java 7 Update 21

---\\ Informações sobre o sistema

~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 1908 MB (64% free)

System Restore: Activé (Enable)

System drive C: has 401 GB (86%) free of 466 GB

---\\ Modo de conexão ao sistema

~ Computer Name: WINDOWS-PC

~ User Name: windows

~ All Users Names: windows, HomeGroupUser$, Convidado, Administrador,

~ Unselected Option: 045,061,O62,065,066,080,O82,089

Logged in as Administrator

---\\ As variáveis de ambiente

~ System Unit : C:\

~ %AppZHP% : C:\Users\windows\AppData\Roaming\ZHP\

~ %AppData% : C:\Users\windows\AppData\Roaming\

~ %Desktop% : C:\Users\windows\Desktop\

~ %Favorites% : C:\Users\windows\Favorites\

~ %LocalAppData% : C:\Users\windows\AppData\Local\

~ %StartMenu% : C:\Users\windows\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos

C: Hard drive, Flash drive, Thumb drive (Free 401 Go of 466 Go)

D: CD-ROM drive (Not Inserted)

F: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

---\\ Estado do Centro de Segurança do Windows

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified

~ Security Center: 49 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos

[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]

[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]

[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.05/06/2014 - 22:55:26.) -- C:\Windows\System32\wininet.dll [2260480]

[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]

[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]

[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]

[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]

[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]

[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]

[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]

[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]

[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]

[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]

[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]

[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]

[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]

[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]

[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]

[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]

[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]

[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]

[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]

~ Generic Processes: Scanned in 00mn 01s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)

~ Mes images (My Pictures) : 1/11

~ Mes musiques (My Musics) : 1/3

~ Mes Favoris (My Favorites) : 1/123

~ Mes Documents (My Documents) : 1/3563

~ Mon Bureau (My Desktop) : 1/46

~ Menu demarrer (Programs) : 1/31

~ Hidden Files: Scanned in 00mn 10s

---\\ Processos lançados

[MD5.B96D82EA7BC9A842028559968E9570D4] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe [1004864] [PID.3076]

[MD5.F5546A846F16DB4578DF72F30AACB1FC] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8066560] [PID.5492]

[MD5.0D2F8F4055903A762AD46204E5A42E86] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512] [PID.1432]

[MD5.318706813FB613072A688F2653B0689F] - (.Banco Bradesco S.A. - scpVista.) -- C:\Program Files (x86)\Scpad\scpVista.exe [360624] [PID.1716]

[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.1944]

[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2208]

[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.2940]

~ Processes Running: Scanned in 00mn 01s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)

C:\Users\windows\AppData\Local\Google\Chrome\User Data\Default\Preferences

G2 - GCE: Preference [user Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)

G2 - GCE: Preference [user Data\Default] [dchlnpcodkpfdpacogkljefecpegganj] Kaspersky URL Advisor v.14.0.0.4651 (Désactivé)

G2 - GCE: Preference [user Data\Default] [hghkgaeecgjhjkannahfamoehjmkjail] Dangerous Websites Blocker v.14.0.0.4651 (Désactivé)

G2 - GCE: Preference [user Data\Default] [jagncdcchgajhfhijbbhecadmaiegcmh] Virtual Keyboard v.14.0.0.4917 (Désactivé)

G2 - GCE: Preference [user Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome

~ Google Lines Browser: 18 Legitimates Filtered in 00mn 06s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com

~ IE Browser: 20 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)

~ Le fichier hosts est sain (The hosts file is clean).

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects do navegador (02)

O2 - BHO: CompSegIB [64Bits] - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files (x86)\Scpad\scpsssh2.dll

~ BHO: 13 Legitimates Filtered in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)

O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe

~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)

O9 - Extra button: Virtual Keyboard [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kbrd.ico

O9 - Extra button: URLs check [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\logo.ico

~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)

O17 - HKLM\System\CCS\Services\Tcpip\..\{0164E1BD-D6AE-4024-93C5-8954FA739211}: DhcpNameServer = 10.10.25.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{0164E1BD-D6AE-4024-93C5-8954FA739211}: DhcpDomain = Fcname

O17 - HKLM\System\CS1\Services\Tcpip\..\{0164E1BD-D6AE-4024-93C5-8954FA739211}: DhcpNameServer = 10.10.25.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{0164E1BD-D6AE-4024-93C5-8954FA739211}: DhcpDomain = Fcname

O17 - HKLM\System\CS2\Services\Tcpip\..\{0164E1BD-D6AE-4024-93C5-8954FA739211}: DhcpNameServer = 10.10.25.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{0164E1BD-D6AE-4024-93C5-8954FA739211}: DhcpDomain = Fcname

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.25.1

~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)

O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation

~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll

~ Winlogon: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)

O23 - Service: scpVista (scpVista) . (.Banco Bradesco S.A. - scpVista.) - C:\Program Files (x86)\Scpad\scpVista.exe

~ Services: 3 Legitimates Filtered in 00mn 10s

---\\ Tarefas planificadas automaticamente (039)

O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]

O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]

O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]

~ Scheduled Task: 8 Legitimates Filtered in 00mn 07s

---\\ HKCU & HKLM Software Keys

[HKCU\Software\Vectorian]

[HKCU\Software\iDenUG]

~ Key Software: 173 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 20/12/2013 - 01:14:15 - [] ----D C:\Program Files (x86)\Guits

O43 - CFD: 04/11/2013 - 20:31:34 - [] ----D C:\Program Files (x86)\Scpad

O43 - CFD: 12/01/2014 - 19:40:16 - [] ----D C:\Users\windows\AppData\Roaming\LiveReload

O43 - CFD: 12/01/2014 - 19:34:27 - [] ----D C:\Users\windows\AppData\Local\LiveReload

~ Program Folder: 141 Legitimates Filtered in 00mn 01s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)

O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 05/06/2014 - 22:55:24 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16284]

O44 - LFC:[MD5.79483D0BC2AD618798B07CD2F4E85CF3] - 05/06/2014 - 23:01:17 ---A- . (...) -- C:\Windows\IE11_main.log [10265]

O44 - LFC:[MD5.7EC940478752F4D6B116A2D17DB79B70] - 06/06/2014 - 21:50:06 ---A- . (...) -- C:\zoek-results2014-06-07-005006.log [17962]

O44 - LFC:[MD5.3AF86BC6DC4261BFD89DB8DE0FC814C9] - 08/06/2014 - 17:09:04 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148034]

O44 - LFC:[MD5.A4FC068BBEB5BE4177AD58233F1F4DC4] - 08/06/2014 - 17:09:04 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706452]

O44 - LFC:[MD5.02D65F479BE83AFE964003B77AF1092C] - 09/06/2014 - 22:07:28 ---A- . (...) -- C:\zoek-results.log [2507]

~ Files: 106 Legitimates Filtered in 00mn 08s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

~ MWPS: 18 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)

O58 - SDL:27/06/2013 - 19:59:25 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]

O58 - SDL:27/06/2013 - 19:59:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]

O58 - SDL:27/06/2013 - 19:59:26 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software

O58 - SDL:13/08/2009 - 08:38:24 ---A- . (.CSR, plc - Bluetooth Remote Control Driver.) -- C:\Windows\System32\Drivers\BthAvrcp.sys [29184]

O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]

O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]

O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]

~ Drivers: 62 Legitimates Filtered in 00mn 05s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)

O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman

~ ADS: Scanned in 00mn 00s

---\\ Associações Shell Spawning (O67)

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)

~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com

~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)

[MD5.E9C07055AC3C030C81E3C828FE15B6A0] [sPRF][29/10/2013] (.brModelo - Modelagem de bases de dados.) -- C:\Users\windows\Desktop\brModelo.exe [531456]

~ Files: 1 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)

SS - | Demand 05/02/2013 72704 | (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

SS - | Auto 30/09/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 30/09/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 19/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

SS - | Demand 10/12/2008 24636 | (wampapache) . (.Apache Software Foundation.) - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe

SS - | Demand 15/02/2009 6558336 | (wampmysqld) . (...) - c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe

SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 26/11/2013 214512 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe

SR - | Auto 24/10/2012 360624 | (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files (x86)\Scpad\scpVista.exe

SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 12s

---\\ Scâner Aditional (088)

Database Version : 13026 - (09/06/2014)

Clés trouvées (Keys found) : 0

Valeurs trouvées (Values found) : 0

Dossiers trouvés (Folders found) : 0

Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 178232 Items scanned in 00mn 38s

---\\ Informações complémentaires do módulos

~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Extensions (G2)

~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)

~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur s (O2)

~ AMI: 3 Legitimates Filtered in 00mn 00s

~ 760 Legitimates filtered by white list

End of the scan (346 lines in 03mn 10s)(0)

Power Max · Junho 11, 2014

como está o PC e a internet?

Bergs · Junho 11, 2014

agora parece ok. o que vc me diz?

Power Max · Junho 11, 2014

:) Fico feliz que o problema tenha sido resolvido.

:seta: Só para finalizar siga estes tutoriais abaixo, por gentileza:

Excluindo erros e otimizando seu PC com o CCleaner

Elimine arquivos inúteis de seu PC com o PureRa

_______________________________________________________________________________________________________________________

:seta: Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas deste tutorial.

_______________________________________________________________________________________________________________________

:) Foi um prazer ajudar. Conte sempre conosco!

Arquivado

[Resolvido] Internet lenta - possível vírus

Recommended Posts

Bergs 53

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

Bergs 53

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

Bergs 53

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

Bergs 53

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

Bergs 53

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

Bergs 53

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

Bergs 53

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

Bergs 53

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

Bergs 53

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

Bergs 53

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54