[Arquivado] gerenciador de tarefas fechando sozinho

jajablabla · Janeiro 18, 2015

ja vi varios forum e topicos com esse problema mas nenhum me ajudo, ja baixei alguns antiviru e antispyware e continuo com o mesmo problema, ja tentei mexer no regedit e nada, alguem poderia me ajudar?

log

Logfile of HijackThis v1.99.1

Scan saved at 19:39:47, on 18/01/2015

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v11.0 (11.00.9600.17239)

Running processes:

C:\Program Files (x86)\AVG\AVG2015\avgui.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1421531760&from=key7&uid=ST500DM002-1BD142_S2AG4KAJXXXXS2AG4KAJ

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1421531760&from=key7&uid=ST500DM002-1BD142_S2AG4KAJXXXXS2AG4KAJ

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1421531760&from=key7&uid=ST500DM002-1BD142_S2AG4KAJXXXXS2AG4KAJ&q={searchTerms}

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1421531760&from=key7&uid=ST500DM002-1BD142_S2AG4KAJXXXXS2AG4KAJ&q={searchTerms}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1421531760&from=key7&uid=ST500DM002-1BD142_S2AG4KAJXXXXS2AG4KAJ

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: ArcPluginIEBHO - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll

O2 - BHO: AVG Web TuneUp - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll

O2 - BHO: Advanced SystemCare Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL

O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [Advanced SystemCare 8] "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto

O4 - HKCU\..\Run: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - (no file)

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll

O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Advanced SystemCare Service 8 (AdvancedSystemCareService8) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Stardock Start8 (Start8) - Stardock Software, Inc - C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: vToolbarUpdater18.2.0 - AVG Secure Search - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - %ProgramFiles%\Windows Defender\NisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - %ProgramFiles%\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

DigRam · Janeiro 18, 2015

/!\ Boa Noite! jajablabla /!\

> Baixe: <

> ( ... par Xplode )

>

> Ou daqui: < AdwCleaner >

> Ao acessar,clique em "Download Now".

>

> Salve-o no desktop!

<

>

> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

> Ps: Dê início ao scan,clicando em "Examinar".

> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.

> Copie o log ou clique "Relatório".

> Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >

> Baixe: <

> ( ... by Oleg N. Scherbakov )

> Salve-o no desktop!

> Desabilite seu antivírus!

> Para Windows 7,clique direito em JRT.exe e execute-o ...

> Aguarde a conclusão e poste o relatório. ( JRT.txt )

A+

jajablabla · Janeiro 18, 2015

Boa noite DigRam

Log Adwcleaner

# AdwCleaner v4.108 - Relatório criado 18/01/2015 às 21:06:13

# Atualizado 17/01/2015 por Xplode

# Database : 2015-01-18.1 [Live]

# Sistema Operacional : Windows 8.1 Pro (64 bits)

# Usuário : Familia - FMILIA

# Executando de : C:\Users\Familia\Desktop\AdwCleaner.exe

# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : vToolbarUpdater18.2.0

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\AVG Secure Search

Pasta Deletada : C:\ProgramData\AVG Security Toolbar

Pasta Deletada : C:\ProgramData\baidu

Pasta Deletada : C:\ProgramData\WindowsMangerProtect

Pasta Deletada : C:\ProgramData\YTAHelper

Pasta Deletada : C:\ProgramData\IHProtectUpDate

Pasta Deletada : C:\Program Files (x86)\Common Files\AVG Secure Search

Pasta Deletada : C:\Users\Familia\AppData\Local\CrashRpt

Pasta Deletada : C:\Users\Familia\AppData\Local\BreakingNewsAlert

Pasta Deletada : C:\Users\Familia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage

Pasta Deletada : C:\Users\Public\Documents\baidu

Pasta Deletada : C:\Users\Public\Documents\Goobzo

Pasta Deletada : C:\Users\Public\Documents\ShopperPro

Pasta Deletada : C:\Users\Public\Documents\YTAHelper

Pasta Deletada : C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\vfb6a856.default\Extensions\Avg@toolbar

Pasta Deletada : C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\vfb6a856.default\Extensions\faststartff@gmail.com

Arquivo Deletada : C:\ProgramData\Duplicaterecord.js

Arquivo Deletada : C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\vfb6a856.default\searchplugins\avg-secure-search.xml

Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml

Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml

Arquivo Deletada : C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_istart.webssearches.com_0.localstorage

Arquivo Deletada : C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_istart.webssearches.com_0.localstorage-journal

Arquivo Deletada : C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

Arquivo Deletada : C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

Arquivo Deletada : C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage

***** [ Tarefas ] *****

Tarefa Deletedo : Driver Booster Scan

Tarefa Deletedo : Driver Booster Update

***** [ Atalhos ] *****

***** [ Registro ] *****

Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Chave Deletedo : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Chave Deletedo : HKLM\SOFTWARE\Classes\S

Chave Deletedo : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Chave Deletedo : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Chave Deletedo : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Chave Deletedo : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect

Chave Deletedo : HKCU\Software\Mozilla\Extends

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}

Chave Deletedo : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Chave Deletedo : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command

Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command

Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Chave Deletedo : HKCU\Software\Goobzo

Chave Deletedo : HKCU\Software\Baidu

Chave Deletedo : HKCU\Software\AppDataLow\Software\DynConIE

Chave Deletedo : HKLM\SOFTWARE\Goobzo

Chave Deletedo : HKLM\SOFTWARE\SupDp

Chave Deletedo : HKLM\SOFTWARE\Baidu

Chave Deletedo : HKLM\SOFTWARE\IHProtect

Chave Deletedo : [x64] HKLM\SOFTWARE\ShopperPro

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17239

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

-\\ Mozilla Firefox v26.0 (pt-BR)

[vfb6a856.default\prefs.js] - Linha deletada : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");

[vfb6a856.default\prefs.js] - Linha deletada : user_pref("extensions.quick_start.enable_search1", false);

[vfb6a856.default\prefs.js] - Linha deletada : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v39.0.2171.99

*************************

AdwCleaner[R0].txt - [11122 octets] - [18/01/2015 21:05:43]

AdwCleaner[s0].txt - [8809 octets] - [18/01/2015 21:06:13]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8869 octets] ##########

Log JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.1 (12.28.2014:1)

OS: Windows 8.1 Pro x64

Ran by Familia on 18/01/2015 at 21:17:27,33

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\DRIVER BOOSTER.TMP-825120F7.pf

Successfully deleted: [File] C:\Windows\prefetch\DRIVERBOOSTER.EXE-51D78DCC.pf

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu security"

Successfully deleted: [Folder] "C:\Users\Familia\AppData\Roaming\baidu security"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 18/01/2015 at 21:22:38,71

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

esperando resposta

DigRam · Janeiro 18, 2015

/!\ Boa Noite! jajablabla /!\

> Baixe: < ZHPDiag2.exe > <

> ( ... de Nicolas Coolman )

> Salve-o no disco local! ( C ou D )

> Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

> Execute o ícone do pergaminho. ( ZHPDiag )

> Clique "COMPLETA" e aguarde a conclusão!

> Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )

> Ps: Como o log será extenso,envie-o à Pjjoint.malekal.

> Ou acesse: <

>

> Maiores informações: < |Link| >

A+

jajablabla · Janeiro 19, 2015

feito o procedimento

log-----> http://www.cjoint.com/15jv/EAtbLEcL1Uy.htm

DigRam · Janeiro 19, 2015

/!\ Boa Noite! jajablabla /!\

> Execute este script na ferramenta ZHPFix.

> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.

> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )

> À seguir,minimize o Bloco de Notas.

Script ZHPFix

FirewallRaz

EmptyPrefetch

EmptyTemp

EmptyFlash

HiddenFix

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified

[HKLM\Software\EnigmaSoftwareGroup]

[HKLM\Software\Wow6432Node\Baidu Security]

[HKLM\Software\Wow6432Node\Baidu_Drp_pos]

[HKCU\Software\Baidu Security]

[HKLM\Software\Baidu Security]

O2 - BHO: ExplorerWnd Helper [64Bits] - {10921475-03CE-4E04-90CE-E2E7EF20C814} Chave orfã

O2 - BHO: Lync Click to Call BHO [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} Chave orfã

O3 - Toolbar: (no name) - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Chave orfã

O4 - HKCU\..\Run: [ASRockXTU] Chave orfã

O4 - HKUS\S-1-5-21-3970006290-1249037127-3537394885-1003\..\Run: [ASRockXTU] Chave orfã

O43 - CFD: 12/01/2015 - 23:42:15 - [0] ----D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}

O45 - LFCP:[MD5.F47ED06E88E8BE31964B044C1FA3C2F8] - 17/01/2015 - 20:09:58 ---A- - C:\Windows\Prefetch\SHSETUP.EXE-F29B63AC.pf

O45 - LFCP:[MD5.AA2FC7152BCE314A7CB075AA21E197EB] - 17/01/2015 - 20:08:35 ---A- - C:\Windows\Prefetch\SPYHUNTER-INSTALLER.EXE-792745B4.pf

O45 - LFCP:[MD5.60A2F4B80CC38C17C98BBDD8271E9231] - 17/01/2015 - 20:10:51 ---A- - C:\Windows\Prefetch\SPYHUNTER4.EXE-7BD5E907.pf

O45 - LFCP:[MD5.475F0DA4B4B4FD4DAF7503EB13984673] - 17/01/2015 - 18:57:12 ---A- - C:\Windows\Prefetch\VOPACKAGE.EXE-A8EF07FE.pf

O45 - LFCP:[MD5.C53F0839A20A3CB21828E1D3F6E5FC0E] - 17/01/2015 - 18:55:52 ---A- - C:\Windows\Prefetch\VOPACKAGE.EXE-ACF18C45.pf

O45 - LFCP:[MD5.E4EA407EBAEC4A8B5285E610A1F79EF6] - 17/01/2015 - 18:57:55 ---A- - C:\Windows\Prefetch\WINCHECKWRAPPER.EXE-13EBB7DF.pf

O45 - LFCP:[MD5.FDF475AEFA5B7EFF89028262446C29E6] - 17/01/2015 - 21:44:23 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA31.EXE-C5554ED8.pf

O45 - LFCP:[MD5.2C991E1DF5E782964874F09C8F1092A0] - 17/01/2015 - 20:10:19 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA32.EXE-D8AB095D.pf

O45 - LFCP:[MD5.66958C4A60AB69D0255BE3D9CC303E9D] - 17/01/2015 - 20:10:28 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA34.EXE-FF567E67.pf

O45 - LFCP:[MD5.CBFC39309007AB5AC3664B0E42A77567] - 17/01/2015 - 21:45:47 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA37.EXE-3957ADF6.pf

O61 - LFC: 11/01/2015 - 22:24:14 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_10168\ins_iwebar.exe [156128]

O61 - LFC: 11/01/2015 - 22:24:14 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_11772\ins_iwebar.exe [156128]

O61 - LFC: 11/01/2015 - 22:24:14 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_2290\ins_iwebar.exe [156128]

O61 - LFC: 11/01/2015 - 22:24:14 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_23108\ins_iwebar.exe [156128]

O61 - LFC: 11/01/2015 - 22:24:15 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_25450\ins_iwebar.exe [156128]

O61 - LFC: 11/01/2015 - 22:24:15 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_29222\ins_iwebar.exe [156128]

O61 - LFC: 11/01/2015 - 22:24:15 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_30918\ins_iwebar.exe [156128]

O61 - LFC: 11/01/2015 - 22:24:15 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_31673\ins_iwebar.exe [156128]

O61 - LFC: 11/01/2015 - 22:24:15 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_32748\ins_iwebar.exe [156128]

O61 - LFC: 11/01/2015 - 22:24:15 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_7687\ins_iwebar.exe [156128]

O61 - LFC: 11/01/2015 - 22:24:15 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_9659\ins_iwebar.exe [156128]

O61 - LFC: 12/01/2015 - 22:24:14 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_1072\ins_iwebar.exe [157152]

O61 - LFC: 12/01/2015 - 22:24:14 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_13291\ins_iwebar.exe [156640]

O61 - LFC: 12/01/2015 - 22:24:14 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_13775\ins_iwebar.exe [157152]

O61 - LFC: 12/01/2015 - 22:24:14 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_2261\ins_iwebar.exe [157152]

O61 - LFC: 12/01/2015 - 22:24:14 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_22687\ins_iwebar.exe [157152]

O61 - LFC: 12/01/2015 - 22:24:15 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_26406\ins_iwebar.exe [157152]

O61 - LFC: 12/01/2015 - 22:24:15 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_26808\ins_iwebar.exe [157152]

O61 - LFC: 12/01/2015 - 22:24:15 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_29821\ins_iwebar.exe [157152]

O61 - LFC: 12/01/2015 - 22:24:15 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_30485\ins_iwebar.exe [157152]

O61 - LFC: 12/01/2015 - 22:24:15 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_426\ins_iwebar.exe [157152]

O61 - LFC: 17/01/2015 - 22:24:00 ---A- . (.wincheck.) -- C:\Users\Familia\AppData\Local\Microsoft\Windows\INetCache\IE\XYKPU6BD\WinCheckSetup[1].exe [325616]

O61 - LFC: 17/01/2015 - 22:24:15 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\n2965\VOPackage.exe [324427]

O61 - LFC: 17/01/2015 - 22:24:16 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\SHSetup.exe [47329360]

O61 - LFC: 17/01/2015 - 22:24:28 ---A- . (.Enigma Software Group USA, LLC..) -- C:\Users\Familia\Downloads\SpyHunter-installer.exe [728960]

O61 - LFC: 11/01/2015 - 22:24:14 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_16276\ins_sense.exe [156128]

O61 - LFC: 11/01/2015 - 22:24:14 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_16387\ins_sense.exe [156128]

O61 - LFC: 11/01/2015 - 22:24:14 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_20214\ins_sense.exe [156128]

O61 - LFC: 11/01/2015 - 22:24:14 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_21328\ins_sense.exe [156128]

O61 - LFC: 11/01/2015 - 22:24:14 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_24054\ins_sense.exe [156128]

O61 - LFC: 11/01/2015 - 22:24:14 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_24700\ins_sense.exe [156128]

O61 - LFC: 11/01/2015 - 22:24:15 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_25110\ins_sense.exe [156128]

O61 - LFC: 11/01/2015 - 22:24:15 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_29548\ins_sense.exe [156128]

O61 - LFC: 11/01/2015 - 22:24:15 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_4420\ins_sense.exe [156128]

O61 - LFC: 11/01/2015 - 22:24:15 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_5325\ins_sense.exe [156128]

O61 - LFC: 11/01/2015 - 22:24:15 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_888\ins_sense.exe [156128]

O61 - LFC: 12/01/2015 - 22:24:14 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_10247\ins_sense.exe [156640]

O61 - LFC: 12/01/2015 - 22:24:14 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_11827\ins_sense.exe [156640]

O61 - LFC: 12/01/2015 - 22:24:14 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_15850\ins_sense.exe [156640]

O61 - LFC: 12/01/2015 - 22:24:14 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_16170\ins_sense.exe [156640]

O61 - LFC: 12/01/2015 - 22:24:14 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_20498\ins_sense.exe [156640]

O61 - LFC: 12/01/2015 - 22:24:14 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_22785\ins_sense.exe [156640]

O61 - LFC: 12/01/2015 - 22:24:15 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_25078\ins_sense.exe [156640]

O61 - LFC: 12/01/2015 - 22:24:15 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_28613\ins_sense.exe [156640]

O61 - LFC: 12/01/2015 - 22:24:15 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_29858\ins_sense.exe [156640]

O61 - LFC: 12/01/2015 - 22:24:15 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Install_3330\ins_sense.exe [156640]

O61 - LFC: 14/01/2015 - 22:24:15 ---A- . (.IObit.) -- C:\Users\Familia\AppData\Local\Temp\is-BENFT.tmp\UninstallPromote.exe [2681120]

O61 - LFC: 17/01/2015 - 22:24:14 ---A- . (.Baidu, Inc..) -- C:\Users\Familia\AppData\Local\Temp\Baidu_Secure_SystemUp_5.0.7.102888.exe [23561768]

O61 - LFC: 17/01/2015 - 22:24:15 ---A- . (...) -- C:\Users\Familia\AppData\Local\Temp\Quarantine.exe [601088]

O61 - LFC: 17/01/2015 - 22:24:15 ---A- . (.Baidu Inc..) -- C:\Users\Familia\AppData\Local\Temp\n2965\PCFaster_1103-b4e1b032.exe [1569312]

O61 - LFC: 17/01/2015 - 22:24:15 ---A- . (.TabMain.) -- C:\Users\Familia\AppData\Local\Temp\n2965\WebsearchesInstaller.exe [291424]

O61 - LFC: 18/01/2015 - 22:24:15 ---A- . (.Microsoft Corporation.) -- C:\Users\Familia\AppData\Local\Temp\is-94130.tmp\_isetup\_shfoldr.dll [23312]

O67 - Shell Spawning: <.html> <BaiduSparkHTML>[HKLM\..\open\Command] (.Not Key.)

O67 - Shell Spawning: <.html> <BaiduSparkHTML>[HKCU\..\open\Command] (.Not Key.)

C:\Users\Familia\AppData\Local\Installer

> Abra a ferramenta ZHPFix. <

>

> Clique IMPORTAÇÃO >> OK.

> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.

> Clique "GO".

> Poste o relatório!

< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >

A+

jajablabla · Janeiro 19, 2015

pronto fiz tudo aqui

Relatorio

Rapport de ZHPFix 2015.1.15.1 par Nicolas Coolman, Update du 15/01/2015

Fichier d'export Registre :

Run by Familia at 19/01/2015 12:49:29

High Elevated Privileges : OK

Windows 8 Business Edition, 64-bit Service Pack 1 (9600)

Reciclagem vazia (00mn 05s)

Prefetcher vazio

========== Chaves do Registo ==========

ELIMINÉ:* HKLM\Software\EnigmaSoftwareGroup

ELIMINÉ: HKLM\Software\Wow6432Node\Baidu Security

ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos

ELIMINÉ: HKCU\Software\Baidu Security

ELIMINÉ:* HKLM\Software\Baidu Security

========== Valores do Registo ==========

Ausente Valor Perfil Padrão: FirewallRaz :

Ausente Valor Perfil Domínio FirewallRaz :

ELIMINÉ: FirewallRaz (Domain) : {9E3D57FC-7C37-4424-9352-4831E97D029D}

ELIMINÉ: FirewallRaz (Domain) : {548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}

ELIMINÉ: FirewallRaz (Domain) : NetPres-In-TCP-NoScope

ELIMINÉ: FirewallRaz (Domain) : NetPres-Out-TCP-NoScope

ELIMINÉ: FirewallRaz (None) : NetPres-WSD-In-UDP

ELIMINÉ: FirewallRaz (None) : NetPres-WSD-Out-UDP

ELIMINÉ: FirewallRaz (Public) : NetPres-In-TCP

ELIMINÉ: FirewallRaz (Public) : NetPres-Out-TCP

ELIMINÉ: FirewallRaz (None) : MCX-Prov-Out-TCP

ELIMINÉ: FirewallRaz (None) : MCX-McrMgr-Out-TCP

ELIMINÉ: FirewallRaz (Public) : TCP Query User{D080E430-7547-4C7B-A2EE-DCE49E376F8E}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe

ELIMINÉ: FirewallRaz (Public) : UDP Query User{BEFA2A55-B1BE-4961-B117-8186AC055724}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe

ELIMINÉ: FirewallRaz (Public) : {25CCB71C-0F9E-489E-964D-C61DA3C8582B}

ELIMINÉ: FirewallRaz (Public) : {207DD49E-1EA5-4A30-AA78-7E56767D8F0B}

ELIMINÉ: FirewallRaz (Public) : {AB67A9C9-70E1-4B7A-888C-0EB79D62A10B}

ELIMINÉ: FirewallRaz (Public) : {E1129AB1-BAFD-4889-BBA4-99E5EC87B9D4}

ELIMINÉ: FirewallRaz (Public) : {140FCCB6-9B1F-4D75-98AB-52730FFA164C}

ELIMINÉ: FirewallRaz (Public) : {2BB409FF-8DED-46F5-9D68-A64DA418DC02}

ELIMINÉ: FirewallRaz (Public) : {B2D5F9BF-54E9-4901-A33D-2A81398FBB7E}

ELIMINÉ: FirewallRaz (Public) : {6596F637-3F88-4457-A3CD-1381BD657946}

ELIMINÉ: FirewallRaz (Public) : {52E540EC-40CD-4B52-90DC-29844602F450}

ELIMINÉ: FirewallRaz (Public) : {1E7ECBBF-A7D3-4E46-9755-79616E8A6C3E}

ELIMINÉ: FirewallRaz (Public) : {C770A334-4D90-4B5C-A0A3-918F35BD3BB3}

ELIMINÉ: FirewallRaz (Public) : {783A938D-733E-4ABA-8414-9FA942F3A706}

ELIMINÉ: FirewallRaz (Public) : {5BC0B867-C771-40D0-A6A9-EC29E3D64AEA}

ELIMINÉ: FirewallRaz (Public) : {91B1B3A4-B0C3-4E4D-BB33-50E137E84D51}

ELIMINÉ: FirewallRaz (Public) : {8A6D877F-9F8C-4D2A-9256-DCFE758F7BFD}

ELIMINÉ: FirewallRaz (Public) : {BCDFA3E0-91A1-4E00-8825-27338E575A1E}

ELIMINÉ: FirewallRaz (Public) : {C3651CC6-67A1-4682-B224-FCD8376CE11B}

ELIMINÉ: FirewallRaz (Public) : {F078D1EB-711B-4A96-936B-1162B4B753A2}

ELIMINÉ: FirewallRaz (Public) : {18C129AE-456C-4CCF-8768-4A9E49E71C76}

ELIMINÉ: FirewallRaz (Public) : {A61CC0C2-23D2-49BF-B7BD-82E2B2DC8805}

ELIMINÉ: FirewallRaz (Public) : {7270D5A9-17CA-4702-88F5-216299D83467}

ELIMINÉ: FirewallRaz (Public) : {9E9A12B4-493A-4334-A5E1-D928A6C5179D}

ELIMINÉ: FirewallRaz (Public) : {CD8F7044-FA4B-4071-BFA9-B4B335AD3990}

ELIMINÉ: Toolbar: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}

ELIMINÉ RunValue: ASRockXTU

========== Elementos dos dados do Registo ==========

ELIMINÉ Explorer Association Data Application: http://www.fileextensionpro.com/redir.aspx?s=smtycl1_0_0_0_0,119389ed-b904-403f-bb17-49c3207cd4de,&LangID=%04x&Ext=%s

========== Pastas ==========

ELIMINÉ Temporários windows (0)

ELIMINÉ Flash Cookies (0)

ELIMINÉ: C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}

ELIMINÉ: c:\users\familia\appdata\local\installer

========== Ficheiros ==========

ELIMINÉ Temporários windows (0) (0 octets)

ELIMINÉ Flash Cookies (0) (0 octets)

ELIMINÉ: c:\windows\prefetch\shsetup.exe-f29b63ac.pf

ELIMINÉ: c:\windows\prefetch\spyhunter-installer.exe-792745b4.pf

ELIMINÉ: c:\windows\prefetch\spyhunter4.exe-7bd5e907.pf

ELIMINÉ: c:\windows\prefetch\vopackage.exe-a8ef07fe.pf

ELIMINÉ: c:\windows\prefetch\vopackage.exe-acf18c45.pf

ELIMINÉ: c:\windows\prefetch\wincheckwrapper.exe-13ebb7df.pf

ELIMINÉ: c:\windows\prefetch\wisecustomcalla31.exe-c5554ed8.pf

ELIMINÉ: c:\windows\prefetch\wisecustomcalla32.exe-d8ab095d.pf

ELIMINÉ: c:\windows\prefetch\wisecustomcalla34.exe-ff567e67.pf

ELIMINÉ: c:\windows\prefetch\wisecustomcalla37.exe-3957adf6.pf

ELIMINÉ: c:\users\familia\appdata\local\microsoft\windows\inetcache\ie\xykpu6bd\winchecksetup[1].exe

ELIMINÉ: c:\users\familia\downloads\spyhunter-installer.exe

========== Pastas/Ficheiros ocultos restaurados ==========

Mes images (My Pictures) : 2 restaurados com sucesso

Ma musique (My Music) : 24 restaurados com sucesso

Ma Video (My Video) : 1 restaurados com sucesso

Mes Favoris (My Favorites) : 2 restaurados com sucesso

Mes Documents (My Documents) : 4 restaurados com sucesso

Mon Bureau (My Desktop) : 1 restaurados com sucesso

Menu demarrer (Programs) : 9 restaurados com sucesso

Dossier utilisateur (AppData) : 13 restaurados com sucesso

Programmes (Program Files) : 12 restaurados com sucesso

========== Recapitulativo ==========

5 : Chaves do Registo

39 : Valores do Registo

1 : Elementos dos dados do Registo

4 : Pastas

14 : Ficheiros

68 : Pastas/Ficheiros ocultos restaurados

End of clean in 00mn 44s

========== Caminho do ficheiro do relatório ==========

C:\Users\Familia\AppData\Roaming\ZHP\ZHPFix[R1].txt - 19/01/2015 12:49:36 [5555]

aguardando resposta

DigRam · Janeiro 19, 2015

/!\ Boa Tarde! jajablabla /!\

> Baixe: < SFTGC > ( ... de Pierre13 )

> Salve-o no desktop!

> Para Windows Vista e 7,execute "SFTGC.exe" como administrador!

> Execute-o e clique "Go".

> Aguarde seu término,que é rápido.

> Poste o relatório! ( SFT.txt )

> Ps: De acordo com o tamanho do relatório,não poste-o diretamente!

> Acesse,para esta tarefa! <

>

A+

jajablabla · Janeiro 19, 2015

Boa tarde digram aqui esta o relatorio

---> http://www.cjoint.com/15jv/EAtqOeBskFE.htm

DigRam · Janeiro 19, 2015

/!\ Boa Tarde! jajablabla /!\

> Baixe: <

> ( ... by Smeenk )

<

zoek.exe >

> Salve-o ao desktop!

> Desabilite seu antivírus!

> Para Windows 7,execute Zoek.exe como administrador.

emptyfolderscheck;delete

ipconfig /flushdns;b

quickscan;

autoclean;

> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.

> Clique "Run Script".

Zoek.exe is running now.

Do not start any browser windows, they will be closed automatically.

Please wait! This window will close when finished.

A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

> Surgirão informações,pedindo-lhe que aguarde o surgimento do relatório.

> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.

> Confirme o reboot!

zoek.hta failed by unknown error.

Restart computer, and try again.

> Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.

> Poste o relatório,que estará em C:\zoek-results.txt <<

A+

jajablabla · Janeiro 19, 2015

Relatorio

----> http://www.cjoint.com/15jv/EAtsQJh2MnF.htm

DigRam · Janeiro 19, 2015

/!\ Boa Tarde! jajablabla /!\

> Seu Gerenciador de Tarefas,ainda,apresenta problemas?

A+

jajablabla · Janeiro 19, 2015

pois e, ele ainda fecha sozinho :\

DigRam · Janeiro 19, 2015

pois e, ele ainda fecha sozinho :\

/!\ Boa Tarde! jajablabla /!\

> Desinstale: < Advanced SystemCare 8 > ou Todos os softwares da IObit.

> Após desinstalar,utilize o BitRemover.

> Baixe: < BitRemover > ( ... by T-Tools )

> Salve-o no desktop! ( Para Windows XP/Vista e Windows 7 )

> Marque todas as checkbox.

> Clique "Go" >> "Sim!"

> Ps: A funcionalidade desta ferramenta,requer a instalação do ".NET Framework 3.5".

A+

jajablabla · Janeiro 19, 2015

fiz tudo e o problema continua :\

DigRam · Janeiro 19, 2015

/!\ Boa Tarde! jajablabla /!\

> Baixe: <

> ( ... by Farbar )

> No banner àcima,é para sistemas 32bits!

< Farbar Recovery Scan Tool 64-Bit >

> No link àcima,é para sistemas 64bits!

> Salve-o no desktop! (Área de trabalho ...)

> Execute a ferramenta! Clique "Yes" >> "Scan".

> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.

> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".

> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.

> Poste os relatórios! (FRST.txt + Addition.txt)

> Como o log será extenso,envie-o à

>

> O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.

> Ou clique "Copier le lien (*)" e cole o link ao seu Post.

A+

jajablabla · Janeiro 19, 2015

Relatorio FRST

http://www.cjoint.com/15jv/EAtuKssJcIu.htm

Relatorio addition

http://www.cjoint.com/15jv/EAtuLCJAQlZ.htm

aguardando resposta :)

DigRam · Janeiro 19, 2015

/!\ Boa Noite! jajablabla /!\

==================== Event log errors: =========================

Application errors:

==================

Error: (01/19/2015 04:46:39 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nome do aplicativo com falha: Taskmgr.exe, versão: 6.3.9600.17031, carimbo de data/hora: 0x530857f7

Nome do módulo com falha: ntdll.dll, versão: 6.3.9600.17031, carimbo de data/hora: 0x530895af

Código de exceção: 0xc0000005

Deslocamento da falha: 0x0000000000066f4f

ID do processo com falha: 0xf60

Hora de início do aplicativo com falha: 0xTaskmgr.exe0

Caminho do aplicativo com falha: Taskmgr.exe1

Caminho do módulo com falha: Taskmgr.exe2

ID do Relatório: Taskmgr.exe3

Nome completo do pacote com falha: Taskmgr.exe4

ID do aplicativo relativo ao pacote com falha: Taskmgr.exe5

---

> O log de erros mostra,realmente,falhas no Taskmgr.exe,onde a pesquisa baseada na EventID: 1000 é complexa.

>

> Copie estas informações que estão em vermelho,para o Bloco de Notas.

> Salve-as com o nome fixlist. << Texto!

> Salve-as no desktop! ( Área de trabalho ... ) /!\ C:\Users\Familia\Desktop /!\

start

CloseProcesses:

emptytemp:

(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

ShellIconOverlayIdentifiers: [baiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => No File

R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2635552 2015-01-14] (IObit)

S3 cpuz137; \??\C:\Users\Familia\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]

2015-01-19 16:42 - 2015-01-19 16:42 - 00110080 _____ (Thomas Hoen - T-Tools) C:\Users\Familia\Desktop\BitRemover.exe

2015-01-19 15:18 - 2015-01-19 14:49 - 00024064 _____ () C:\Windows\zoek-delete.exe

2015-01-19 14:51 - 2015-01-19 15:25 - 00064085 _____ () C:\zoek-results.log

2015-01-19 14:49 - 2015-01-19 15:16 - 00000000 ____D () C:\zoek_backup

2015-01-19 14:49 - 2015-01-19 14:49 - 01295360 _____ () C:\Users\Familia\Desktop\zoek.exe

2015-01-19 13:30 - 2015-01-19 13:30 - 00069260 _____ () C:\Users\Familia\Desktop\SFTGC.txt

2015-01-19 13:27 - 2015-01-19 13:27 - 01348096 _____ () C:\Users\Familia\Desktop\SFTGC.exe

2015-01-19 12:49 - 2015-01-19 12:49 - 00005637 _____ () C:\Users\Familia\Desktop\ZHPFixReport.txt

2015-01-19 12:42 - 2015-01-19 12:52 - 00009076 _____ () C:\Users\Familia\Desktop\Novo Documento de Texto.txt

2015-01-18 22:26 - 2015-01-18 22:26 - 00114785 _____ () C:\Users\Familia\Desktop\ZHPDiag.txt

2015-01-18 22:25 - 2015-01-18 22:25 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin

2015-01-18 22:22 - 2015-01-19 12:49 - 00000000 ____D () C:\Users\Familia\AppData\Roaming\ZHP

2015-01-18 22:22 - 2015-01-18 22:22 - 00002007 _____ () C:\Users\Familia\Desktop\ZHPFix.lnk

2015-01-18 22:22 - 2015-01-18 22:22 - 00001876 _____ () C:\Users\Familia\Desktop\ZHPDiag.lnk

2015-01-18 22:22 - 2015-01-18 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP

2015-01-18 22:22 - 2015-01-18 22:22 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag

2015-01-18 21:22 - 2015-01-18 21:22 - 00000931 _____ () C:\Users\Familia\Desktop\JRT.txt

2015-01-18 21:15 - 2015-01-18 21:15 - 01707939 _____ (Thisisu) C:\Users\Familia\Desktop\JRT.exe

2015-01-18 20:58 - 2015-01-18 21:06 - 00000000 ____D () C:\AdwCleaner

2015-01-18 20:56 - 2015-01-18 20:57 - 02186752 _____ () C:\Users\Familia\Desktop\AdwCleaner.exe

2015-01-18 19:35 - 2015-01-18 19:39 - 00000000 ____D () C:\HijackThis

2015-01-18 13:18 - 2015-01-18 13:18 - 00000000 ____D () C:\Users\Familia\AppData\Roaming\TuneUp Software

2015-01-17 19:56 - 2015-01-17 19:59 - 00000000 ____D () C:\Users\Public\Documents\Baidu Security

2015-01-17 19:09 - 2015-01-19 15:20 - 00002204 _____ () C:\Windows\setupact.log

2015-01-17 19:09 - 2015-01-17 19:09 - 00000000 _____ () C:\Windows\setuperr.log

2015-01-17 19:08 - 2015-01-19 15:19 - 00604780 _____ () C:\Windows\PFRO.log

2015-01-17 18:40 - 2015-01-17 18:40 - 05505024 _____ () C:\Windows\system32\config\DRIVERS.iobit

2015-01-15 18:27 - 2015-01-15 18:27 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes

2015-01-15 18:27 - 2015-01-15 18:27 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-15 18:26 - 2015-01-15 18:27 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Familia\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-15 18:20 - 2015-01-15 18:20 - 05609736 _____ (Swearware) C:\Users\Familia\Downloads\pegaai.exe.exe

2015-01-15 13:33 - 2015-01-15 13:34 - 62234624 _____ () C:\Windows\system32\config\COMPONENTS.iobit

2015-01-14 18:59 - 2015-01-14 18:59 - 00054873 _____ () C:\Windows\SysWOW64\CCCInstall_201501141859406994.log

2015-01-14 18:41 - 2015-01-14 18:56 - 00002858 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Familia)

2015-01-14 17:41 - 2015-01-18 15:08 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SISTEMA)

2015-01-12 23:48 - 2015-01-12 23:48 - 73515008 _____ () C:\Windows\system32\config\SOFTWARE.iobit

2015-01-12 23:48 - 2015-01-12 23:48 - 00376832 _____ () C:\Windows\system32\config\DEFAULT.iobit

2015-01-12 23:48 - 2015-01-12 23:48 - 00073728 _____ () C:\Windows\system32\config\SAM.iobit

2015-01-12 23:48 - 2015-01-12 23:48 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit

2015-01-12 23:42 - 2015-01-18 16:09 - 00000000 ____D () C:\Users\Todos os Usuários\IObit

2015-01-12 23:42 - 2015-01-18 16:09 - 00000000 ____D () C:\ProgramData\IObit

2015-01-12 23:41 - 2015-01-19 16:41 - 00000000 ____D () C:\Program Files (x86)\IObit

2015-01-12 23:41 - 2015-01-18 16:09 - 00000000 ____D () C:\Users\Familia\AppData\Roaming\IObit

2015-01-12 23:39 - 2015-01-12 23:41 - 44931728 _____ (IObit ) C:\Users\Familia\Downloads\advanced-systemcare-setup.exe

2015-01-11 17:00 - 2015-01-11 17:00 - 00060601 _____ () C:\Windows\SysWOW64\CCCInstall_201501111700079122.log

2015-01-19 17:14 - 2014-05-02 20:48 - 01252784 _____ () C:\Windows\WindowsUpdate.log

2015-01-18 14:52 - 2014-05-02 21:00 - 00000000 ____D () C:\Users\Todos os Usuários\AVAST Software

2015-01-18 14:52 - 2014-05-02 21:00 - 00000000 ____D () C:\ProgramData\AVAST Software

HKLM\...\StartupApproved\Run32: => "AvastUI.exe"

Task: {3B302E48-5A3E-40CF-A460-2E13D3923A43} - \Optimize Start Menu Cache Files-S-1-5-21-3970006290-1249037127-3537394885-1001 No Task File <==== ATTENTION

Task: {B67BD472-D7BC-4AB3-A5A9-C826452C5C90} - \WPD\SqmUpload_S-1-5-21-3970006290-1249037127-3537394885-1002 No Task File <==== ATTENTION

Task: {D1471D4B-AFEA-4BB0-A65F-95EDC645255C} - \Optimize Start Menu Cache Files-S-1-5-21-3970006290-1249037127-3537394885-1002 No Task File <==== ATTENTION

Task: {F3E87F30-9BE8-4839-A8AF-6E748E0A9798} - \WPD\SqmUpload_S-1-5-21-3970006290-1249037127-3537394885-1001 No Task File <==== ATTENTION

Task: {F5378BE7-EA39-41CB-81A4-52A3E402BFEF} - System32\Tasks\Driver Booster SkipUAC (SISTEMA) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:56E2E879

CMD: bitsadmin /reset /allusers

CMD: ipconfig /flushdns

end

> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!

> Na mensagem,clique Executar.

> Poste o relatório! (Fixlog.txt)

< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >

A+

jajablabla · Janeiro 19, 2015

fiz o procedimento e o problema continua :\

Relatorio

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015

Ran by Familia at 2015-01-19 20:34:09 Run:1

Running from C:\Users\Familia\Desktop

Loaded Profiles: Familia (Available profiles: Familia)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************