[Arquivado] Multiplos Processos Rodando e Lentidão

Italo Cesar Camelo Soares · Abril 16, 2015

Olá,

Estou preocupado com o número de processos que aparecem em meu computador. Não consigo ver motivo para a existencia de tantos. No caso do chrome.exe ele aparece em 9 processos mesmo eu só tendo duas abas abertas. Com relação ao svchost.exe é ainda pior pois este tem 14 processos rodando. Tenho notado também uma lentidão incomum na iniciação do windows.

Desde ja agradeço a ajuda.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 09:42:58, on 16/04/2015

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.17728)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\Explorer.EXE

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\BlueStacks\HD-LogRotatorService.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe

C:\Program Files\BlueStacks\HD-UpdaterService.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\AVAST Software\Avast\avastui.exe

C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe

C:\Program Files\Diebold\Warsaw\core.exe

C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\CCleaner\CCleaner.exe

C:\Users\ItaloCesar\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\RunDll32.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE

C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe

C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Windows\system32\svchost.exe

C:\Program Files\TeamViewer\TeamViewer_Service.exe

C:\Program Files\Diebold\Warsaw\core.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\AVAST Software\Avast\avastui.exe

C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"

O4 - HKLM\..\Run: [iME14 KOR Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /KOR /Log

O4 - HKLM\..\Run: [iME14 JPN Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /JPN /Log

O4 - HKLM\..\Run: [iME14 CHS Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHS /Log

O4 - HKLM\..\Run: [iME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log

O4 - HKLM\..\Run: [Diebold - Warsaw] C:\Program Files\Diebold\Warsaw\core.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_57EA622A40B1A8BBE23DA0B74D14B12A] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window

O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA')

O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')

O4 - Startup: Dropbox.lnk = ItaloCesar\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: Monitorar alertas de tinta - HP Deskjet 1510 series.lnk = ?

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe

O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: http://www.bb.com.br

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll

O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe

O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe

O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-UpdaterService.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe

O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe

--

End of file - 14349 bytes

Power Max · Abril 16, 2015

Olá Italo.

:seta: Faça o download do < ZHPDiag > < > ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_____________________________________________________________________________

Obs: Caso o relatório do ZHPDiag fique muito grande e não couber na sua resposta, acesse o site Cjoint:

http://cjoint.com

Clique no botão Escolher arquivo > Selecione o arquivo do log (relatório) e clique no botão Abrir.

Clique no botão Créer le lien Cjoint

Copie o link que aparecerá ao lado da frase Le lien a été créé e poste este link em sua próxima resposta.

Italo Cesar Camelo Soares · Abril 17, 2015

Olá aqui esta o relatorio:

http://cjoint.com/?EDrpMrAZhaT

Power Max · Abril 17, 2015

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:

http://www.bleepingcomputer.com/download/adwcleaner/

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[s0].txt

Ficamos na espera.

Italo Cesar Camelo Soares · Abril 18, 2015

Aqui está o relatorio do AdwCleaner:

# AdwCleaner v4.201 - Relatório criado 17/04/2015 às 22:11:48

# Atualizado 08/04/2015 por Xplode

# Base de dados : 2015-04-15.1 [servidor]

# Sistema operacional : Windows 7 Ultimate Service Pack 1 (x86)

# Usuário : ItaloCesar - ITALOCESAR-PC

# Executando de : C:\Users\ItaloCesar\Desktop\adwcleaner_4.201.exe

# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Pasta Excluído : C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect

Pasta Excluído : C:\Users\ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp

Pasta Excluído : C:\Users\ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei

Arquivo Excluído : C:\Users\ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cbhfdchmklhpcngcgjmpdbjakdggkkjp_0.localstorage

Arquivo Excluído : C:\Users\ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_imcbnnnoghiihopefblgehihofbfbmei_0.localstorage

Arquivo Excluído : C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Hao123.lnk

Arquivo Excluído : C:\Users\Convidado\Desktop\Hao123.lnk

***** [ Tarefas agendadas ] *****

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Apagado : HKCU\Software\Mozilla\Extends

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17728

-\\ Mozilla Firefox v37.0 (x86 en-US)

-\\ Google Chrome v44.0.2369.0

[C:\Users\ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Apagado [Homepage] :

[C:\Users\ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Apagado [startup_URLs] : 5F84E36B2CD49B27235E3CC40889B06074DE7F629FB39CC022D3249E8B29C93E"},"software_reporter":{"prompt_reason":"A3CAC4FCF3C8EA9F117E40334782D77ECFB9F83E9BB7DAE440D37B415D38AD00","prompt_seed":"E179E95449FCBE54B8F3F37435B59BE064B015188E7C93D3EF9236AE172DA831","prompt_version":"96B6E8071F94E169737F5F72BC030F476D18D4891D38C6D62187AF753FB6C6EF"},"sync":{"remaining_rollback_tries":"90FD53A3A89CBF0BB362668E0A3E071077D2285A6D8EFDB5E0734EC70BAA3D4E"}},"super_mac":"F7612A06B3D44970731A7A59D1B55CC5297823DAC7DB765233FB6DD7EF7F4920"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.google.com.br/","hxxp://searchou.com/?id=e409365500000000000086a6c88ba6b0

-\\ Opera v28.0.1750.51

*************************

AdwCleaner[R0].txt - [7573 bytes] - [01/09/2014 14:49:15]

AdwCleaner[R1].txt - [7831 bytes] - [01/09/2014 15:06:12]

AdwCleaner[R2].txt - [8895 bytes] - [17/04/2015 22:05:33]

AdwCleaner[s0].txt - [449 bytes] - [01/09/2014 14:51:17]

AdwCleaner[s1].txt - [7115 bytes] - [01/09/2014 15:08:28]

AdwCleaner[s2].txt - [2779 bytes] - [17/04/2015 22:11:48]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [2838 bytes] ##########

Power Max · Abril 18, 2015

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:

http://www.hijackthis.nl/smeenk/

Salve-o no Desktop (Área de Trabalho).

Para executá-lo corretamente siga as dicas deste tutorial:

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Italo Cesar Camelo Soares · Abril 21, 2015

Zoek.exe v5.0.0.0 Updated 08-April-2015

Tool run by ItaloCesar on 18/04/2015 at 16:51:30,19.

Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\ItaloCesar\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

18/04/2015 16:55:19 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.

127.0.0.1 localhost

::1 localhost

==== Empty Folders Check ======================

C:\Program Files\Citrix deleted successfully

C:\Program Files\Malwarebytes' Anti-Malware deleted successfully

C:\Program Files\MSXML 4.0 deleted successfully

C:\Program Files\Paint.NET deleted successfully

C:\PROGRA~2\CorelDRAW Graphics Suite X5 deleted successfully

C:\PROGRA~2\Oracle deleted successfully

C:\PROGRA~2\Symantec deleted successfully

C:\Users\ItaloCesar\AppData\Roaming\HpUpdate deleted successfully

C:\Users\ItaloCesar\AppData\Roaming\Malwarebytes deleted successfully

C:\Users\ItaloCesar\AppData\Local\CRE deleted successfully

C:\Users\ItaloCesar\AppData\Local\VirtualStore deleted successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\CrashDumps deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\CONVID~1\AppData\Roaming\Mozilla\Firefox\Profiles\pkwp6csp.default\prefs.js:

Added to C:\Users\CONVID~1\AppData\Roaming\Mozilla\Firefox\Profiles\pkwp6csp.default\prefs.js:

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\ITALOC~1\AppData\Roaming\Mozilla\Firefox\Profiles\cfs8o0kd.default-1409597556909\prefs.js:

Added to C:\Users\ITALOC~1\AppData\Roaming\Mozilla\Firefox\Profiles\cfs8o0kd.default-1409597556909\prefs.js:

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\Program Files\Citrix not found

C:\Program Files\Paint.NET not found

C:\Program Files\Arquivos Comuns deleted

C:\Program Files\ImageJ deleted

C:\PROGRA~2\Some Kind Of Soft deleted

C:\Users\ItaloCesar\.android deleted

C:\PROGRA~2\InstallMate deleted

C:\PROGRA~2\Package Cache deleted

C:\Windows\wininit.ini deleted

C:\Windows\system32\config\systemprofile\Searches deleted

C:\Program Files\Mozilla Firefox\components\sprotector.js deleted

C:\Users\ItaloCesar\AppData\Roaming\unins000.exe deleted

"C:\Program Files\MATLAB" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\CONVID~1\AppData\Roaming\Mozilla\Firefox\Profiles\pkwp6csp.default

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\ITALOC~1\AppData\Roaming\Mozilla\Firefox\Profiles\cfs8o0kd.default-1409597556909

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [03/03/2015 21:21]

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\ItaloCesar\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [01/09/2014 15:55]

==== Firefox Extensions ======================

ProfilePath: C:\Users\ITALOC~1\AppData\Roaming\Mozilla\Firefox\Profiles\cfs8o0kd.default-1409597556909

- GBBD Banco do Brasil - C:\Users\ItaloCesar\AppData\Local\GAS Tecnologia\GBBD\bb\xpi

AppDir: C:\Program Files\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\ItaloCesar\AppData\Roaming\Mozilla\Firefox\Profiles\cfs8o0kd.default-1409597556909

0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat

9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

98137411B9C632095F919E2CE70B288A - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update

19454D237DDA0653CB9274F2F3F36559 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION

5180B825E1F4E7C2900A98295E5CB386 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision

343BA8F3ABC8CE69700F37DB4A82300F - C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll - Silverlight Plug-In

5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin

B5CFBB8AC7C0069D80DBEAA72F3CE9E2 - C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll - Shockwave for Director / Shockwave for Director

1DE5D05F67114FAEA17AD47B5E01DF6F - C:\Users\ItaloCesar\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil

AB3546B509E4B89096078EB2081C39C7 - C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrlui.dll - Microsoft® Silverlight

==== Chromium Look ======================

Google Chrome Version: 44.0.2369.0 (Possible outdated, latest Stable version: 41.0.2272.118) [z-db]

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[03/03/2015 21:21]

lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 18:22]

Google Drive - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

avast WebRep - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda

Gmail - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

Angry Birds - ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj

Google Docs - ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

selector is not a valid CSS selector - ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb

Google Search - ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Clear Cache - ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn

orion theme - ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\denlnfkhnpeejofbcbpcbaphpnfncmhn

Legendas Brasil Utilidades - ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggfkikjepbfnilidoicegfpoppcpblog

AdBlock - ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

Avast Online Security - ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

Adblock for Pirate Bay - ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd

Chrome Hotword Shared Module - ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

Skype Click to Call - ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

10 min - ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmclgeiaglomndjkoanmfchooefjhnki

Google Wallet - ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Checker Plus for Gmailâ„¢ - ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj

Gmail - ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Preferences

},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{"https://mail.google.com:443 ,*":{"setting":1}},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{"https://desenvrepositorio.ufba.br:443,https://desenvrepositorio.ufba.br:443":{"setting":{"cert_exceptions_map":{"4294967095bv5t5vRyC28CEBJ0fFiHcJhLvh/MEfCVjwQNrTffI9M=":1},"guid":"32C86645-89D4-479A-AF18-A6F3E8CEB76A","version":1}},"https://www.dsr.inpe.br:443,https://www.dsr.inpe.br:443":{"setting":{"cert_exceptions_map":{"4294967094isqQmzZKhrJMLt0lu4wLE3f2lAmwOFucICR9TpGii6E=":1},"guid":"ED4C2E56-B88A-4B93-92BA-F7F3514B856C","version":1}}}},"pattern_pairs":{"*.*":{"per_plugin":{"ConduitChromeApiPlugin.dll":1,"np-cwmp.dll":1,"npConduitNewTabPlugin.dll":1}},"[*.]9gag.tv,*":{"fullscreen":1},"[*.]br.leagueoflegends.com,*":{"fullscreen":1},"[*.]kotaku.com,*":{"fullscreen":1},"[*.]leagueoflegends.wikia.com,*":{"fullscreen":1},"[*.]leninja.com.br,*":{"fullscreen":1},"[*.]lolpt.com,*":{"multiple-automatic-downloads":2},"[*.]thump.vice.com,*":{"fullscreen":1},"[*.]www.break.com,*":{"fullscreen":1},"[*.]www.huffingtonpost.ca,*":{"fullscreen":1},"[*.]www.hypeness.com.br,*":{"fullscreen":1},"[*.]www.justdancenow.com,*":{"fullscreen":1},"[*.]www.netflix.com,*":{"fullscreen":1},"[*.]www.nytimes.com,*":{"fullscreen":1},"[*.]www.thisiscolossal.com,*":{"fullscreen":1},"[*.]www.youtube.com,*":{"fullscreen":1},"http://www.submarinoviagens.com.br:80,http://9gag.com:80":{"geolocation":2},"https://[*.]www.facebook.com:443,*":{"fullscreen":1},"https://[*.]www.youtube.com:443,*":{"fullscreen":1},"https://desenvrepositorio.ufba.br:443,https://desenvrepositorio.ufba.br:443":{"ssl-cert-decisions":{"cert_exceptions_map":{"4294967095bv5t5vRyC28CEBJ0fFiHcJhLvh/MEfCVjwQNrTffI9M=":1},"guid":"32C86645-89D4-479A-AF18-A6F3E8CEB76A","version":1}},"https://mail.google.com:443,*":{"last_used":{"notifications":1423846555.918624},"notifications":1},"https://mail.google.com:443,https://mail.google.com:443":{"last_used":{"notifications":1429211710.677209}},"https://www.dsr.inpe.br:443,https://www.dsr.inpe.br:443":{"ssl-cert-decisions":{"cert_exceptions_map":{"4294967094isqQmzZKhrJMLt0lu4wLE3f2lAmwOFucICR9TpGii6E=":1},"guid":"ED4C2E56-B88A-4B93-92BA-F7F3514B856C","version":1}}},"plugin_whitelist":{"ConduitChromeApiPlugin":{"dll":true},"np-cwmp":{"dll":true},"npConduitNewTabPlugin":{"dll":true}},"pref_version":1},"created_by_version":"34.0.1847.131","default_content_settings":{},"exit_type":"Crashed","exited_cleanly":true,"gaia_info_picture_url":"https://lh3.googleusercontent.com/-5a7Iul5OaFs/AAAAAAAAAAI/AAAAAAAAAUE/0FeVoigPZNg/s256-c/photo.jpg","gaia_info_update_time":"13073859988490962","icon_version":3,"is_managed":false,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Italo Cesar","password_manager_groups_for_domains":[2,null,null,null,null,3,5],"per_host_zoom_levels":{},"using_default_avatar":false,"using_default_name":false,"using_gaia_avatar":true},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"savefile":{"default_directory":"C:\\Users\\ItaloCesar\\Desktop"},"selectfile":{"last_directory":"D:\\Arquivos\\Imagens"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13044197515428073"},"spellcheck":{"dictionary":"en-US"},"sync":{"acknowledged_types":["Bookmarks","Preferences","Passwords","Autofill Profiles","Autofill","Themes","Typed URLs","Extensions","Search Engines","Sessions","Apps","App settings","Extension settings","History Delete Directives","Synced Notifications","Synced Notification App Info","Dictionary","Favicon Images","Favicon Tracking","Priority Preferences","Managed Users","Managed User Shared Settings","Articles","App List","Tabs","Encryption keys"],"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"bookmarks":true,"device_info":true,"dictionary":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAALYpwi0ldn0eQM9PR3k5meAAAAAACAAAAAAAQZgAAAAEAACAAAADHIKUL9fahS/Wz20t2AqW/RbeOykm2gGepg4HioUSOqgAAAAAOgAAAAAIAACAAAABHLiBhVXqtisYXltvUXznZD52VEIgEYZYdMRyV0tiLEEAAAAAvhh7VbjL7Yw9TMBZzRVQObJpNpLuMzMiSbAWqzB8Z3jztM4x+u5PMWPTfRcxpHq9mOEQNtSwjcvNiMFfSHfRGQAAAANBTr9jutyLBCxdQD30mkbNPBGOkcg9qizytfPCn98SRBWvePxCbHuEGyHKyu32y3gN8iLoMVoDHz6C1WSSidPg=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"first_sync_time":"13047088951347417","has_setup_completed":true,"history_delete_directives":true,"keep_everything_synced":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAALYpwi0ldn0eQM9PR3k5meAAAAAACAAAAAAAQZgAAAAEAACAAAACMgIHW/F1jcriQBdasDU4r5RITOWFNfyqqI6aEeveiCwAAAAAOgAAAAAIAACAAAAD2OiE/dQM/liX4BvGzi4//CaaKsBeTSby4rCm72KDeoFAAAAALH3agPDx75C71XFg6UQG2+Z3UapF7BGKT6F+WHuzdSlXHFbD4/QwD6H/jJo3VZIya75cxUUkjTjHVoG/qkKPRqI3EJ74HgKmEEvmsL+FBdkAAAABXoV2w1eGTDujqfhyOHU8L1BMMjef2Z5EI9rINu8BmQJh0Voc9yvKBXEFxQL5cwXG8pyeL/pUto88ja44JInKg","last_synced_time":"13073860422201808","managed_user_settings":true,"managed_user_shared_settings":true,"managed_user_whitelists":true,"managed_users":true,"passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_syncbceoc+MAdwuCyR1oim7J5A==","sessions":true,"suppress_start":false,"synced_notification_app_info":true,"synced_notifications":true,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"user_skipped":true},"synced_notification":{"first_run":false},"translate_accepted_count":{"cs":0,"de":3,"en":0,"es":0,"fr":0,"ja":1,"pt":0,"ro":0,"ru":3},"translate_blocked_languages":["en","pt"],"translate_denied_count":{"cs":1,"de":0,"en":8,"es":5,"fr":3,"ja":0,"pt":14,"ro":1,"ru":0},"translate_language_blacklist":["pt","en"],"translate_last_denied_time":1.406415e+12,"translate_site_blacklist":[],"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}

E82B6BAAB6A9670A75FC037","lccekmodgklaepjeofjdjpbminllajkg":"5543ACC3F170C95B962C0291FF57588A54C94A2BD9D65B6EEA3A56CAC001E6E7","lifbcibllhkdhoafpjfnlhfpfgnpldfl":"3E16994E4ACDA92FD9B2250724890B54E50C84078AB2BB6BBDBD5D5A2C252B6F","mfehgcgbbipciphmccgaenjidiccnmng":"6280D960CA8E4A4C51850A3D6A19128589D74736ECA131421AF26E8D6DB3668A","mfffpogegjflfpflabcdkioaeobkgjik":"76659CB4F066EA1BE69A9C5A1D7B5BB4AE093E23616E46EE7BB1629819A52E97","mgndgikekgjfcpckkfioiadnlibdjbkf":"243F64511C66CB7279C0A41550E1FA414D984F0516C37FFFE545E89A0CD6C0F3","mhjfbmdgcfjbbpaeojofohoefgiehjai":"CCB16F7A5F22E1B729A1D0A16D8FB18678F40C371153A9AEFB1D815A010218E7","mmclgeiaglomndjkoanmfchooefjhnki":"735BBA0D6B1AE654F6F4F4B6B1C92E33B4E20457EA5C67AA1C8FF679201BCAF8","nbpagnldghgfoolbancepceaanlmhfmd":"D097835CA411EE340B3E56E479B5E2BA94FDEF810FF39E103E8FC48E9AEB669B","neajdppkdcdipfabeoofebfddakdcjhd":"3ECAEF28FAE2565847EB3D8D66EDF0138342F2DFDB4291E5C039D962F1BEB01B","nkeimhogjdpnpccoofpliimaahmaaome":"30354B8F9640629B7261CB1752AD9002B73ADC9AD3A659057133885E5FBDA577","nmmhkkegccagdldgiimedpiccmgmieda":"361B72A648D7EAACBD079459764C56CCEE629B56192CB9CFC5719E7C20E961E4","oeopbcgkkoapgobdbedcemjljbihmemj":"358DA853739F9FCF9E719EC19524A54B808EAE08FE7CA0043741001893368215","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"1C6005B110F7129C44C529203658A7486EC990D4CD95CB41A0396A0B963ACF2D","pjkljhegncpnkpknbcohdijeoejaedia":"B38FAB16C9F9F0698DF13145367E7331A2232B11DCF16E9361BD58F5FFBB9A6E"}},"google":{"services":{"last_username":"8EB025C5AA6A2B07BA164DF3E245D28FDBBB916963AC154916B23789290A2AD8","username":"8E3AB034AED20B246CC4B29ECB027AC78BEC39FEAB0B0EB13015D6E9F2BDCCB9"}},"homepage":"8B4C3F023C3A29D7B051F038F3C667DF48BB8F66E2086B85FE6CCE8A0CE0B535","homepage_is_newtabpage":"4D9107126AF9FEA55D56172A0BF5B690BA4CFE3AE5AEF2C204AD24ACDA5CA751","pinned_tabs":"B6EBCA8806773374BF981EC312FE4E3124B9053BF9A53808FBFC2504076392EF","prefs":{"preference_reset_time":"356355DF18367AD40102F9073F268BDAB46586ACF36A12F74F1C222F8A9C01D7"},"profile":{"reset_prompt_memento":"526C88C254FB7B19FB67012375587F76A62C6BC35F2D1C192FC073EAA5F8A4E2"},"safebrowsing":{"incidents_sent":"04528842C1ED4C0139052C4C12C403D2E041995E446B8E6EF98599AF55CA5E41"},"search_provider_overrides":"B91683062CADCFBA5750E88ABD97952FBD746CE50969E7057BD4BC05F8F7A29D","session":{"restore_on_startup":"4D1B22FC020FC2F692DC617FBD33B98CAF43C9E8A3B54BE831253A6C4810BC43","startup_urls":"5F84E36B2CD49B27235E3CC40889B06074DE7F629FB39CC022D3249E8B29C93E"},"software_reporter":{"prompt_reason":"A3CAC4FCF3C8EA9F117E40334782D77ECFB9F83E9BB7DAE440D37B415D38AD00","prompt_seed":"E179E95449FCBE54B8F3F37435B59BE064B015188E7C93D3EF9236AE172DA831","prompt_version":"96B6E8071F94E169737F5F72BC030F476D18D4891D38C6D62187AF753FB6C6EF"},"sync":{"remaining_rollback_tries":"90FD53A3A89CBF0BB362668E0A3E071077D2285A6D8EFDB5E0734EC70BAA3D4E"}},"super_mac":"5E10CB006F6FA6F747B5D562EB32DC9D6EB6731E4272FEA947FED7A36E7F5D3B"},"session":{"restore_on_startup":5,"startup_urls":["http://www.google.com.br/","http://searchou.com/?id=e409365500000000000086a6c88ba6b0","http://search.conduit.com/?ctid=CT3311875&SearchSource=48&CUI=UN26603291095402281&UM=2","http://search.conduit.com/?ctid=CT3306060&SearchSource=48&CUI=UN37546572341174228&UM=2","http://www.default-search.net?sid=492&aid=121&itype=n&ver=12283&tm=323&src=hmp","http://istart.webssearches.com/?type=hp&ts=1421869927&from=kmp&uid=HitachiXHTS541010A9E680_JB100013HVKA2AHVKA2AX","http://istart.webssearches.com/?type=hppp&ts=1421869965&from=kmp&uid=HitachiXHTS541010A9E680_JB100013HVKA2AHVKA2AX]},"sync":{"remaining_rollback_tries":0}}

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

"Default_Page_URL"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.google.com"

"Default_Page_URL"="http://www.google.com"

"Start Page"="http://www.google.com"

"Search Page"="http://www.google.com"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully

C:\Users\ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully

C:\Users\ItaloCesar\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully

C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

C:\Users\ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

C:\Users\ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

C:\Users\ItaloCesar\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Convidado\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Users\ItaloCesar\Desktop\HiJackThis.lnk - C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\ItaloCesar\Desktop\Imagens.lnk - D:\Arquivos\Imagens

C:\Users\ItaloCesar\Desktop\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe

C:\Users\ItaloCesar\Desktop\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe

C:\Users\ItaloCesar\Desktop\Atalhos\Apps.lnk - C:\Users\Public\Libraries\Apps.library-ms

C:\Users\ItaloCesar\Desktop\Atalhos\aTube Catcher.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe

C:\Users\ItaloCesar\Desktop\Atalhos\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\avastui.exe

C:\Users\ItaloCesar\Desktop\Atalhos\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe

C:\Users\ItaloCesar\Desktop\Atalhos\Comprar suprimentos - HP Deskjet 1510 series.lnk - C:\Program Files\HP\HP Deskjet 1510 series\Bin\hpqDTSS.exe

C:\Users\ItaloCesar\Desktop\Atalhos\Curse.lnk - C:\Users\ItaloCesar\AppData\Roaming\Curse Client\Bin\Curse.exe

C:\Users\ItaloCesar\Desktop\Atalhos\GeForce Experience.lnk - C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe

C:\Users\ItaloCesar\Desktop\Atalhos\Goldentec Webcam Utility.lnk - C:\Program Files\366\USB PC Camera\vmcam\bin\camera.exe

C:\Users\ItaloCesar\Desktop\Atalhos\Google Earth.lnk - C:\Program Files\Google\Google Earth\client\googleearth.exe

C:\Users\ItaloCesar\Desktop\Atalhos\HP Deskjet 1510 series.lnk - C:\Program Files\HP\HP Deskjet 1510 series\Bin\HP Deskjet 1510 series.exe -Start UDCDevicePage

C:\Users\ItaloCesar\Desktop\Atalhos\HP Photo Creations.lnk - C:\Program Files\HP Photo Creations\PhotoProduct.exe

C:\Users\ItaloCesar\Desktop\Atalhos\ImageJ.lnk - C:\Program Files\ImageJ\ImageJ.exe

C:\Users\ItaloCesar\Desktop\Atalhos\KMPlayer.lnk - C:\Program Files\The KMPlayer\KMPlayer.exe

C:\Users\ItaloCesar\Desktop\Atalhos\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

C:\Users\ItaloCesar\Desktop\Atalhos\MATLAB R2013a.lnk - C:\Program Files\MATLAB\R2013a\bin\matlab.exe

C:\Users\ItaloCesar\Desktop\Atalhos\MediaMonkey.lnk - C:\Program Files\MediaMonkey\MediaMonkey.exe

C:\Users\ItaloCesar\Desktop\Atalhos\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\ItaloCesar\Desktop\Atalhos\Nero BackItUp 10.lnk - C:\Windows\Installer\{68AB6930-5BFF-4FF6-923B-516A91984FE6}\BackItUp._AB9F1F47710540918A47B78D2BED5DAD.exe

C:\Users\ItaloCesar\Desktop\Atalhos\Nero Burning ROM 10.lnk - C:\Windows\Installer\{7A5D731D-B4B3-490E-B339-75685712BAAB}\ScBurningROMStartM_7533AE23D677474387D2A66427FA7052.exe

C:\Users\ItaloCesar\Desktop\Atalhos\Nero MediaHub 10.lnk - C:\Windows\Installer\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}\NeroMediaHub._63C8A7B0BBE5459F9AC436392B2FF50D.exe

C:\Users\ItaloCesar\Desktop\Atalhos\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe

C:\Users\ItaloCesar\Desktop\Atalhos\Nero Vision 10.lnk - C:\Windows\Installer\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}\NewShortcut1_28CF345AD4354131AA47B77D4165D813.exe

C:\Users\ItaloCesar\Desktop\Atalhos\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe

C:\Users\ItaloCesar\Desktop\Atalhos\Spybot - Search & Destroy.lnk - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Users\ItaloCesar\Desktop\Atalhos\Start BlueStacks.lnk - C:\Program Files\BlueStacks\HD-StartLauncher.exe

C:\Users\ItaloCesar\Desktop\Atalhos\TeamViewer 7.lnk - C:\Program Files\TeamViewer\Version7\TeamViewer.exe

C:\Users\ItaloCesar\Desktop\Atalhos\Update Checker.lnk - C:\Program Files\FileHippo.com\UpdateChecker.exe

C:\Users\ItaloCesar\Desktop\Atalhos\Video Search.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe /VIDEOSEARCH

C:\Users\ItaloCesar\Desktop\Atalhos\µTorrent.lnk -

==== shortcuts in Users Start Menu ======================

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk - C:\Users\ItaloCesar\AppData\Roaming\Curse Client\Bin\Curse.exe

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\ItaloCesar\AppData\Roaming\Dropbox\bin\Dropbox.exe /home

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\ItaloCesar\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\ItaloCesar\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 1510 series.lnk - C:\Windows\system32\RunDll32.exe "C:\Program Files\HP\HP Deskjet 1510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN47T172Z505XJ;CONNECTION=USB;MONITOR=1;

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\avastui.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Atualização HP.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\Ajuda.lnk - C:\Program Files\HP\HP Deskjet 1510 series\Bin\HelpViewer\hpqlpvwr.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\Comprar suprimentos.lnk - C:\Program Files\HP\HP Deskjet 1510 series\Bin\hpqDTSS.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\Configuração da impressora & Software.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\Desinstalar.lnk - C:\Windows\System32\msiexec.exe /qb /x {5BA55943-EF60-412F-ADF0-5729325D5967}

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\Estudo de aprimoramento de produtos HP.lnk - C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe /changesettings /UA 12.5 /DDV 0x0b00

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\Ferramentas de diagnóstico de impressora online HP.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\HP Deskjet 1510 series.lnk - C:\Program Files\HP\HP Deskjet 1510 series\Bin\HP Deskjet 1510 series.exe -Start UDCDevicePage

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\HP Scan.lnk - C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPScan.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\Site de suporte do produto.lnk - C:\Program Files\HP\HP Deskjet 1510 series\ProductSupportShortcut.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\Desinstalar HP Photo Creations.lnk - C:\Program Files\HP Photo Creations\uninst.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\HP Photo Creations.lnk - C:\Program Files\HP Photo Creations\PhotoProduct.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool.lnk - C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk - C:\Program Files\K-Lite Codec Pack\MPC-HC\mpc-hc.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\vsfilter.dll",DirectVobSub

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configureAudio

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow VFW interface.lnk - C:\Windows\System32\rundll32.exe "C:\Windows\system32\ff_vfw.dll",configureVFW

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configure

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\LAV\lavaudio.ax",OpenConfiguration

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\LAV\lavsplitter.ax",OpenConfiguration

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\LAV\lavvideo.ax",OpenConfiguration

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\madVR.lnk - C:\Program Files\K-Lite Codec Pack\Filters\madVR\madHcCtrl.exe editLocalSettingsDontWait

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk - C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /resetsettings

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\x264 VFW (x86).lnk - C:\Windows\System32\rundll32.exe "C:\Windows\system32\x264vfw.dll",Configure

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Xvid VFW.lnk - C:\Windows\System32\rundll32.exe "C:\Windows\system32\xvidvfw.dll",Configure

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\Frequently Asked Questions.lnk - C:\Program Files\K-Lite Codec Pack\Info\faq.htm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudioNext.lnk - C:\Program Files\K-Lite Codec Pack\Tools\GraphStudioNext.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Haali Muxer.lnk - C:\Program Files\K-Lite Codec Pack\Filters\Haali\gdsmux.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk - C:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Win7DSFilterTweaker.lnk - C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk - C:\Program Files\K-Lite Codec Pack\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Middle Earth Shadow of Mordor\Middle Earth Shadow of Mordor.lnk - G:\New Directory\Middle Earth Shadow of Mordor\x64\ShadowOfMordor.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Middle Earth Shadow of Mordor\Uninstall.lnk - G:\New Directory\Middle Earth Shadow of Mordor\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer\Console do Trusteer Endpoint Protection.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer\Encerrar Trusteer Endpoint Protection.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer\Iniciar Trusteer Endpoint Protection.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files\Skype\Phone\Skype.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com/?type=sc&ts=1403397767&from=smt&uid=SAMSUNGXHD502HJ_S2BWJ60B902163

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://isearch.omiga-plus.com/?type=sc&ts=1403397767&from=smt&uid=SAMSUNGXHD502HJ_S2BWJ60B902163

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ Google Earth.lnk - C:\Program Files\Google\Google Earth\client\googleearth.exe

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Assassins Creed IV Black Flag.lnk - C:\Program Files\Assassins Creed IV Black Flag\AC4BFSP.exe

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\FileHippo App Manager.lnk - C:\Program Files\FileHippo.com\FileHippo.AppManager.exe

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Game Of War.lnk - C:\Program Files\BlueStacks\HD-RunApp.exe -p com.machinezone.gow -a com.mz.jix.SplashActivity

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ImageJ.lnk - C:\Program Files\ImageJ\ImageJ.exe

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\KMPlayer.exe.lnk - C:\Program Files\The KMPlayer\KMPlayer.exe

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\MapleStory.lnk - D:\Arquivos\Games\P.C\NEXON\Europe MapleStory\MapleStory.exe

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\MATLAB R2013a.lnk - C:\Program Files\MATLAB\R2013a\bin\matlab.exe

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera 21.lnk - C:\Program Files\Opera\launcher.exe

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Play League of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe

C:\Users\ItaloCesar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== shortcuts After Repair ======================

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe

==== Reset IE Proxy ======================

Value(s) before fix:

"ProxyEnable"=dword:00000000

Value(s) after fix:

"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{36F838A1-F109-6BA8-FCF1-01ED3702D613} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1 deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager deleted successfully

==== Empty IE Cache ======================

C:\Users\Convidado\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\ItaloCesar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Convidado\AppData\Local\Mozilla\Firefox\Profiles\pkwp6csp.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\ItaloCesar\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully

C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=85737 folders=6009 2026389374 bytes)

==== Empty Temp Folders ======================

C:\Users\Convidado\AppData\Local\Temp emptied successfully

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\ItaloCesar\AppData\Local\Temp will be emptied at reboot

C:\Users\USURIO~1\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\ITALOC~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not found

==== EOF on 18/04/2015 at 18:06:33,62 ======================

Power Max · Abril 22, 2015

Baixe o programa Junkware Removal Tool no link abaixo:

http://thisisudax.org/downloads/JRT.exe

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Italo Cesar Camelo Soares · Abril 29, 2015

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.6.6 (04.28.2015:1)

OS: Windows 7 Ultimate x86

Ran by ItaloCesar on 28/04/2015 at 21:28:08,35

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 28/04/2015 at 21:32:41,66

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Power Max · Abril 29, 2015

Faça o download do < ZHPCleaner > < > ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPCleaner para baixá-lo, tal como mostra a imagem abaixo:

Para executá-lo corretamente siga as dicas desta postagem:

Tutorial completo do ZHPCleaner

Após a utilização dele, copie todo o conteúdo do seu relatório ZHPCleaner.txt e poste em sua próxima resposta.

Italo Cesar Camelo Soares · Maio 2, 2015

~ ZHPCleaner v2015.5.1.205 by Nicolas Coolman (02/05/2015)

~ Run by ItaloCesar (Administrator) (02/05/2015 10:50:00)

~ Forum : http://forum.nicolascoolman.fr

~ Facebook : https://www.facebook.com/nicolascoolman1

~ State version : Version OK

~ Type : Reparo

~ Report : C:\Users\ItaloCesar\Desktop\ZHPCleaner.txt

~ Quarantine : C:\Users\ItaloCesar\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt

~ UAC : Deactivate

~ Boot Mode : Normal (Normal boot)

~ Windows 7, 32-bit Service Pack 1 (Build 7601)

---\\ Serviços (0)

~ Nenhum ítem malicioso foi encontrado.

---\\ Navegadores de Internet (0)

~ Nenhum ítem malicioso foi encontrado.

---\\ Arquivo hosts (2)

SUBSTITUIDO:

Número de redirecionamentos encontrados 1/22

---\\ Tarefas automáticas agendadas. (0)

~ Nenhum ítem malicioso foi encontrado.

---\\ Explorer ( Arquivos, Pastas) (0)

~ Nenhum ítem malicioso foi encontrado.

---\\ Registro ( Chaves, Valores, Dados ) (1)

SUPRIMIDO valor: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_57EA622A40B1A8BBE23DA0B74D14B12A ["C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window] (PUP.Vosteran)

---\\ Resultado de reparação

Reparação efectuada com sucesso

---\\ Estatísticas

~ Items scan : 842

~ Items encontrado : 1

~ items cancelados : 0

~ Items réparo : 1

End of clean at 10:50:16

===================

ZHPCleaner-[R]-02052015-10_50_16.txt

ZHPCleaner--02052015-10_49_06.txt

Power Max · Maio 2, 2015

Abra o Malwarebytes que você já tem instalado em seu PC.

Clique na opção Atualizar Agora > Se aparecer a frase Uma nova versão do Malwarebytes Anti-Malware está pronta para ser instalada. Instalar agora?, clique em OK. Na próxima tela que surge, escolha o idioma Português (Brasil) e clique em Ok.

Para executá-lo corretamente siga, por gentileza, as dicas desta postagem:

Tutorial do Malwarebytes Anti-Malware

Na sua próxima resposta poste o Scan Log (Log de Verificação) mais recente do Malwarebytes.

Ficamos no aguardo.

Italo Cesar Camelo Soares · Maio 6, 2015

Malwarebytes Anti-Malware

www.malwarebytes.org

Data da Verificação: 02/05/2015

Hora da Verificação: 21:29:27

Arquivo de Log: Scan Log.txt

Administrador: Sim

Versão: 2.00.4.1028

Base de Dados de Malware: v2015.05.03.01

Base de Dados de Rootkit: v2015.04.21.01

Licença: Grátis

Proteção de Malware: Desabilitado

Proteção de Site Malicioso: Desabilitado

Auto-Proteção: Desabilitado

SO: Windows 7 Service Pack 1

Processador: x86

Sistema de Arquivos: NTFS

Usuário: ItaloCesar

Tipo da Verificação: Verificação Personalizada

Resultado: Terminado

Objetos Verificados: 771885

Tempo Decorrido: 2 hr, 52 min, 51 seg

Memória: Habilitado

Inicialização: Habilitado

Sistema de Arquivos: Habilitado

Arquivos Compactados: Habilitado

Rootkits: Habilitado

Heurística: Habilitado

PUP: Habilitado

PUM: Habilitado

Processos: 0

(Nenhum item malicioso detectado)

Módulos: 0

(Nenhum item malicioso detectado)

Chaves de Registro: 0

(Nenhum item malicioso detectado)

Valores de Registro: 0

(Nenhum item malicioso detectado)

Dados de Registro: 0

(Nenhum item malicioso detectado)

Pastas: 0

(Nenhum item malicioso detectado)

Arquivos: 16

PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface32.dll.vir, Quarentena, [5ddd620dd9b1989e56f89a1d60a110f0],

PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface64.dll.vir, Quarentena, [e05a71fe64266ec81e30f0c7aa57b749],

PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterfacef32.dll.vir, Quarentena, [ba8089e6741695a194ba447359a89a66],

PUP.Optional.IEPluginService.A, C:\AdwCleaner\Quarantine\C\Program Files\SupTab\RSHP.exe.vir, Quarentena, [76c49fd05a3083b3e6d99efcd13046ba],

PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect32.dll.vir, Quarentena, [b387541b3e4cad890945269121e0b050],

PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect64.dll.vir, Quarentena, [37033e3164269e9870de5c5b98691ee2],

PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv32.dll.vir, Quarentena, [2119fa759eecfc3a72dcf0c74cb5ee12],

PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv64.dll.vir, Quarentena, [d268c7a862283ef89db18433d62b8779],

PUP.Optional.SupTab.A, C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir, Quarentena, [66d4b7b8cac0a2946532b285ba46ef11],

PUP.Optional.IePluginService.A, C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir, Quarentena, [81b9cba4fe8c58deb086196ffb0601ff],

PUP.Optional.WPM.A, C:\AdwCleaner\Quarantine\C\ProgramData\WindowsProtectManger\wprotectmanager.exe.vir, Quarentena, [54e688e7b5d52b0b6a8de4d6cb36ef11],

PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.31.4.510_0\APISupport\APISupport.dll.vir, Quarentena, [4feb0c637317f145573da92789787888],

PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir, Quarentena, [85b56708a1e9e254b4e010c0bf42966a],

PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\ItaloCesar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir, Quarentena, [66d4e788ee9c5cda078d7d5325dcad53],

PUP.Optional.Skytech.A, C:\AdwCleaner\Quarantine\C\Users\ItaloCesar\AppData\Roaming\omiga-plus\UninstallManager.exe.vir, Quarentena, [65d5e18e8802f14590be3384f0118a76],

PUP.Optional.OpenCandy, D:\Arquivos\Programas\aTube_Catcher_Setup.exe, Quarentena, [7fbb8ae5088240f6b89d0e2929dd2cd4],

Setores Físicos: 0

(Nenhum item malicioso detectado)

(end)

Power Max · Maio 6, 2015

:seta: Abra novamente o ( ZHPDiag )

|- Clique "COMPLETA" e aguarde a conclusão:

|- Ao concluir, poste o relatório ZHPDiag.txt

_______________________________________________

Obs: Caso o relatório do ZHPDiag fique muito grande e não couber na sua resposta, acesse o site Cjoint:

http://cjoint.com

Clique no botão Escolher arquivo > Selecione o arquivo do log (relatório) e clique no botão Abrir.

Clique no botão Créer le lien Cjoint

Copie o link que aparecerá ao lado da frase Le lien a été créé e poste este link em sua próxima resposta.

Italo Cesar Camelo Soares · Maio 9, 2015

http://cjoint.com/?EEjcqiLqbRp

Power Max · Maio 9, 2015

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

Escolhendo Programas que Iniciam com o PC

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, da forma indicada neste tutorial acima, para fazer uma limpeza e otimização do PC.

________________________________________________________________________

:seta: No seu PC está constando a presença do Spybot, que atualmente encontra-se bastante defasado e, portanto, é desnecessário. Sugiro que o desinstale para deixar seu PC mais rápido e eficiente.

__________________________________________________________________________

:seta: Também está constando em seu PC a presença do antivirus Norton e Avast. Isto pode causar conflitos entre eles e lentidão no sistema, sugiro que desinstale um dos dois.

___________________________________________________________________________

:seta: Selecione e copie todo o texto destacado em vermelho abaixo (começando em script zhpfix e indo até emptyclsid)

script zhpfix

SysRestore

B0 - SPO: operaprefs.ini [italoCesar] Home URL=http://br.hao123.com/?tn=incore_pay_hp_01_hao123_br

P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (...) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (.not file.)

O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Chave orfã

O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd

O4 - HKUS\S-1-5-21-4160099537-3683981686-3450057582-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd

O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Chave orfã

[MD5.00000000000000000000000000000000] [APT] [MATLAB R2013a Startup Accelerator] (...) -- C:\Program Files\MATLAB\R2013a\bin\win32\MATLABStartupAccelerator.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{AECB940F-F07F-4755-94AD-D770F865ECBB}] (...) -- C:\Users\ItaloCesar\Desktop\Shockwave_Installer_Full.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{C7EAE25C-6AF7-48D2-AB19-8DF7E59F69DA}] (...) -- C:\Users\ItaloCesar\Desktop\air14_win.exe (.not file.) [0]

O43 - CFD: 01/09/2014 - 16:08:57 - [] ----D C:\ProgramData\boost_interprocess

O43 - CFD: 03/07/2014 - 19:34:22 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hao123-Brazil

O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - http://www.google.com

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com

ShortcutFix

EmptyTemp

EmptyFlash

emptyclsid

_____________________________________________________________________________________________________________

:seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Nota: Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

Italo Cesar Camelo Soares · Maio 14, 2015

Ola Power Max,

Cara meu pc tá com problema pra iniciar o windows no modo normal. Só to conseguindo iniciar ele no modo de segurança como estou agora. Quando boto pra reiniciar ele ate reinicia normal, mas só ate chegar na tela de "iniciando o windows" onde o simbolo do windows aparece. Depois disso era para aparecer o icone do mouse e mostrar a tela azul de iniciação do 7, mas o que ta acontecendo é a tela se desligando e não acendendo mais. A luz da cpu fica acesa como se tivesse processando algo, mas nada que eu faço faz a tela do monitor acender e mostrar o que ta acontecendo. So consigo acessar o pc pelo modo de segurança.

Outra coisa não consigo desinstalar o norton e spybot, Eu clico na opção de desinstalar e ou aparece uma mensagem de erro (caso do spybot) ou nada acontece (norton).

Segue o relatorio do ZHP

Rapport de ZHPFix 2015.4.9.5 par Nicolas Coolman, Update du 18/03/2015

Fichier d'export Registre :

Run by ItaloCesar at 13/05/2015 22:14:49

High Elevated Privileges : OK

Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 01s)

Reparação de atalhos do navegador

========== Chaves do Registo ==========

ELIMINÉ: Mozilla Plugin: @pandonetworks.com/PandoWebPlugin

ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]

ELIMINÉ: CLSID Extra Buttons: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}

ELIMINÉ: SearchScopes :{012E1000-F331-11DB-8314-0800200C9A66}

ELIMINÉ: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

========== Valores do Registo ==========

ELIMINÉ: Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

========== Pastas ==========

Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========

ELIMINA REINICIAR: c:\program files\ccleaner\ccleaner.exe

ELIMINÉ Temporários windows (15) (1.502.033 octets)

ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========

Nenhum ponto de restauro do sistema foi criado

========== Recapitulativo ==========

5 : Chaves do Registo

1 : Valores do Registo

1 : Pastas

3 : Ficheiros

1 : Restauração Sistema

End of clean in 00mn 03s

========== Caminho do ficheiro do relatório ==========

C:\Users\ItaloCesar\AppData\Roaming\ZHP\ZHPFix[R1].txt - 13/05/2015 22:14:51 [1368]

Atualização...

Não sei se foi depois de eu desativar as coisa desnecessárias e passar o Ccleaner, mas deu certo pra reiniciar o pc e ele iniciar normal. Porem o problema pra desinstalar o Spybot e Norton persistem.

Power Max · Maio 14, 2015

Baixe o programa IObit Uninstaller acessando este link abaixo e clicando no botão Free Download:

http://www.iobit.com/advanceduninstaller.html

Para usar corretamente o IObit Uninstaller siga as dicas deste tutorial:

Aprenda fazer a desinstalação de qualquer programa por completo

Seguindo as dicas do tutorial acima, use o IObit Uninstaller para desinstalar o Spybot e o Norton.

OBS: Caso não seja possível fazer a remoção deles no modo normal do Windows, inicie o PC em Modo Seguro com rede (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver iniciando e escolhendo a opção Modo Seguro com rede. Quando o PC estiver em modo seguro com rede faça a remoção do Norton e Spybot com o IObit Uninstaller como é mostrado no tutorial acima.

Depois disto nos diga se eles foram removidos.

Italo Cesar Camelo Soares · Maio 20, 2015

Olá,

usando o programa recomendado só consegui remover o Norton. O Spybot ainda consta no sistema e pode até ser iniciado normalmente, mas na tela do IObit não mostra o programa pra ser desinstalado. Eu tentei usar o programa no modo de segurança, mas não aparecia do mesmo jeito.

Power Max · Maio 20, 2015

Baixe o programa Revo Uninstaller no site abaixo (opte pela versão Free dele):

http://www.revouninstaller.com/revo_uninstaller_free_download.html

Depois disto tente desinstalá-los usando o Revo Uninstaller e nos diga se funcionou e como está o PC depois disto.

Arquivado

[Arquivado] Multiplos Processos Rodando e Lentidão

Recommended Posts

Italo Cesar Camelo Soares 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

Italo Cesar Camelo Soares 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

Italo Cesar Camelo Soares 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

Italo Cesar Camelo Soares 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

Italo Cesar Camelo Soares 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

Italo Cesar Camelo Soares 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

Italo Cesar Camelo Soares 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

Italo Cesar Camelo Soares 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

Italo Cesar Camelo Soares 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

Italo Cesar Camelo Soares 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54