[Resolvido] Análise de log-pc lento nao abrindo algumas paginas.

[leandro aislan 0]

Bom dia,

Gostaria que analisasse meu log, meu pc anda lento e algumas paginas nao abrem.

segue o Log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 09:10:07, on 29/06/2015

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.17840)

Boot mode: Normal

Running processes:

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Program Files (x86)\TeamViewer\TeamViewer.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe

C:\PROGRA~2\KASPER~1\KASPER~2.0\KASPER~2\stpass.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\SigmaTEK\SigmaNEST81\SigmaNEST.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Asafer\Desktop\back up leandro\Downloads\HijackThis.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehUni.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm

O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Anexar destino do link a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter destino do link em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking...GbPluginUni.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll

O23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Serviço do Kaspersky Anti-Virus (avp) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe

O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe

O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Sentinel LDK License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)

O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: Watchdata CCID Moniter v3.4 (WDBrazMonitor34) - Beijing WatchData System Co., Ltd. - C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 14955 bytes

[DigRam 144]

/!\ Bom Dia! leandro aislan /!\

 

> Baixe: < ZHPDiag2.exe > < > ( ... de Nicolas Coolman )

> Ou aqui! << Link!

> Ou aqui! << Mirror!

> Se o download não iniciar,automáticamente,vá em "clique aqui",para outro link alternativo.

> Salve-o no disco local! ( C ou D )

> Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

> Execute o ícone do pergaminho. ( ZHPDiag )

> Clique "COMPLETA" e aguarde a conclusão!

> Havendo travamentos em seu scan,substitua a opção "COMPLETA" pela "PESQUISAR".

> Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )

> Ps: Como o log será extenso,envie-o à Pjjoint.malekal.

> Ou acesse: < >

> Clique no botão Parcourir...

> Busque o relatório e clique no botão Abrir.

> Clique no botão "Créer le lien Cjoint".

> Copie o link que está ao lado de "Le lien a été créé" e poste-o em sua resposta.

> O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.

> Ou clique "Copier le lien (*)" e cole o link ao seu Post.

A+

[leandro aislan 0]

Bom dia,

 

Segue o mesmo:

 

http://www.cjoint.com/c/EGblCeJWGop

[DigRam 144]

/!\ Bom Dia! leandro aislan /!\

> Execute este script na ferramenta ZHPFix.

> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.

> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )

> À seguir,minimize o Bloco de Notas.

Script ZHPFix

EmptyPrefetch

EmptyClsid

EmptyTemp

FirewallRaz

ShortcutFix

HiddenFix

M2 - MFEP: RegExtension {87F8774F-B485-47E2-A755-A40A8A5E886C} . (...) -- C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\bb\xpi (.not file.)

O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã

O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM][64Bits] -- PokerStars

O43 - CFD: 27/06/2014 - 16:49:56 - [] ----D C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687

O43 - CFD: 27/12/2012 - 13:14:02 - [] ----D C:\Program Files (x86)\PokerStars

O43 - CFD: 14/01/2012 - 08:05:41 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars

O43 - CFD: 28/12/2012 - 15:51:55 - [] ----D C:\Users\Asafer\AppData\Local\PokerStars

O43 - CFD: 27/06/2014 - 16:49:56 - [] ----D C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687

O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [Enabled] .(...) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (.not file.)

O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" [Enabled] .(...) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (.not file.)

O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" [Enabled] .(...) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (.not file.)

O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" [Enabled] .(...) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (.not file.)

[HKCU\Software\AppDataLow\Software\toolbarcleaner]

[HKLM\Software\Wow6432Node\Baidu Security]

[HKCU\Software\ToolbarCleaneroptions]

[HKCU\Software\Safer Networking Limited]

[HKLM\Software\Wow6432Node\Safer Networking Limited]

[HKCU\Software\Baidu Security]

[HKLM\Software\Baidu Security]

[HKCU\Software\Baixaki]

sysrestore

> Abra a ferramenta ZHPFix. < >

> Clique IMPORTAÇÃO >> OK.

> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.

> Clique "GO".

> Poste o relatório!

< Peço aos visitantes que não utilizem este script em seus computadores,sob risco de danos aos mesmos! >

A+

[leandro aislan 0]

Bom dia,

 

Segue o mesmo:

 

Rapport de ZHPFix 2015.4.9.5 par Nicolas Coolman, Update du 18/03/2015

Fichier d'export Registre :

Run by Asafer at 02/07/2015 08:01:22

High Elevated Privileges : OK

Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 08s)

Prefetcher vazio

Reparação de atalhos do navegador

========== Softwares ==========

AUSENTE Uninstall Process: c:\program files (x86)\pokerstars\pokerstarsuninstall.exe

========== Chaves do Registo ==========

ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PokerStars]

ELIMINÉ: HKCU\Software\AppDataLow\Software\toolbarcleaner

ELIMINÉ: HKLM\Software\Wow6432Node\Baidu Security

ELIMINÉ: HKCU\Software\ToolbarCleaneroptions

ELIMINÉ: HKCU\Software\Safer Networking Limited

ELIMINÉ: HKLM\Software\Wow6432Node\Safer Networking Limited

ELIMINÉ: HKCU\Software\Baidu Security

ELIMINÉ:* HKLM\Software\Baidu Security

ELIMINÉ: HKCU\Software\Baixaki

========== Valores do Registo ==========

ELIMINÉ: FirewallRaz (SP) : C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

ELIMINÉ: FirewallRaz (SP) : C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

ELIMINÉ: FirewallRaz (SP) : C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

ELIMINÉ: FirewallRaz (SP) : C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

Ausente Valor Perfil Domínio FirewallRaz :

ELIMINÉ: RegExtension: {87F8774F-B485-47E2-A755-A40A8A5E886C}

ELIMINÉ: Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93}

========== Pastas ==========

Nenhuma pasta CLSID local utilizador vazia

ELIMINÉ Temporários windows (23)

ELIMINÉ: C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687

ELIMINÉ: C:\Program Files (x86)\PokerStars

ELIMINÉ: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars

ELIMINÉ: C:\Users\Asafer\AppData\Local\PokerStars

========== Ficheiros ==========

ELIMINÉ Temporários windows (156) (47.625.173 octets)

========== Pastas/Ficheiros ocultos restaurados ==========

Mes images (My Pictures) : 9 restaurados com sucesso

Ma musique (My Music) : 1 restaurados com sucesso

Ma Video (My Video) : 1 restaurados com sucesso

Mes Favoris (My Favorites) : 2 restaurados com sucesso

Mes Documents (My Documents) : 12 restaurados com sucesso

Mon Bureau (My Desktop) : 31565 restaurados com sucesso

Menu demarrer (Programs) : 8 restaurados com sucesso

Dossier utilisateur (AppData) : 46 restaurados com sucesso

Programmes (Program Files) : 95 restaurados com sucesso

========== Restauração Sistema ==========

Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========

9 : Chaves do Registo

7 : Valores do Registo

6 : Pastas

1 : Ficheiros

1 : Softwares

31739 : Pastas/Ficheiros ocultos restaurados

1 : Restauração Sistema

End of clean in 09mn 31s

========== Caminho do ficheiro do relatório ==========

C:\Users\Asafer\AppData\Roaming\ZHP\ZHPFix[R1].txt - 02/07/2015 08:01:30 [2934]

[DigRam 144]

/!\ Bom Dia! leandro aislan /!\

 

> Siga estes procedimentos,na ordem estabelecida!

 

> Baixe: < > ( ... by Malwarebytes.org )

> Salve-o no desktop!

> Desabilite seu antivírus!

> Para Windows 7,clique direito em JRT.exe e execute-o ...

> Aguarde a conclusão e poste o relatório. ( JRT.txt )

> Baixe: < > ( ... de Pierre 13 )

> Caso encontre dificuldades ou bloqueio ao realizar o download,utilize o navegador Internet Explorer.

> Salve-a no desktop!

> Para Windows 7 e 8,execute-a com clique direito do mouse.

> Desabilite seu antivírus!

> Escolha: Executar como administrador! ( Windows Vista, 7 ,8 e 8.1 ) (32 e 64 bits)

> Para Windows XP,basta duplo-clique em CTR.exe.

> Aguarde a finalização,que é rápida!

> Poste o relatório! ( CTR.txt )

> Baixe: < SFTGC > ( ... de Pierre13 )

> Tendo dificuldades no download,utilize o navegador Internet Explorer.

> Salve-o no desktop!

> Para Windows Vista e 7,execute "SFTGC.exe" como administrador!

> Execute-o e clique "Go".

> Aguarde seu término,que é rápido.

> Poste o relatório! ( SFT.txt )

> Ps: De acordo com o tamanho do relatório,não poste-o diretamente!

> Acesse,para esta tarefa! < >

A+

 

[leandro aislan 0]

Bom dia segue o log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 7.2.7 (07.02.2015:2)

OS: Windows 7 Home Premium x64

Ran by Asafer on 02/07/2015 at 10:56:55,82

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully deleted: [service] swdumon [Reboot required]

~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\SlimDrivers Startup

Successfully deleted: [Task] C:\Windows\tasks\SlimDrivers Startup.job

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\Windows\system32\drivers\swdumon.sys

~~~ Folders

Failed to delete: [Folder] C:\Program Files (x86)\gbplugin

Successfully deleted: [Folder] C:\ProgramData\gbplugin

Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\drivereasy

Successfully deleted: [Folder] C:\Users\Asafer\appdata\local\slimware utilities inc

Successfully deleted: [Folder] C:\users\public\documents\downloaded installers

~~~ FireFox

~~~ Chrome

[C:\Users\Asafer\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Asafer\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Asafer\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Asafer\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 02/07/2015 at 11:06:57,38

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Rapport de Contrôle restrictions Pierre13 (CTR version 2.0.0.2 ) du 02\07\2015 à 11:08:58

PC de Asafer

Windows 7 Home Premium Service Pack 1 (64 bits)

Réparation erreur 2203 effectuée.

Contrôle présence restrictions

[WORM_CRILOCK.A] supprimée.

[TROJ_POWELIKS.B] clé feature_browser_emulation supprimée.

[bKDR_BLACKEN.A] clé Check_Associations supprimée.

[bKDR_BLACKEN.A] clé PhishingFilter corrigée.

Autorisation installation sponsor Java(x86) supprimée.

Autorisation installation sponsor Java(x64) supprimée.

Restriction mise à jour Chrome supprimée.

Restriction Affichage Documents récents supprimée.

Restriction Affichage Documents supprimée.

Restriction synchronisation en arrière-plan des flux d’informations et des Web Slices supprimée.

Restriction découverte des flux RSS et des Web Slices supprimée.

Restriction LowerFilters Bluetooth supprimée.

Pavé numérique activé.

Restriction utilisateur pour Windows Installer supprimée.

Recherche Windows Update rétablie.

Service Pare feu Windows activé.

Paramètres Pare feu Windows rétablis par défaut et activé.

234 restrictions contrôlées.

15 restriction(s) réparée(s).

Re démarrer le PC pour prendre en compte la ou les réparations.

Le rapport est sur le bureau (C:\Users\Asafer\Desktop\CTR.txt)

[leandro aislan 0]

Segue o link:

http://www.cjoint.com/c/EGcooO8hxBo

Desde já agradeço.

[DigRam 144]

/!\ Bom Dia! leandro aislan /!\

 

> Os sintomas reclamados,ainda permanecem?

 

A+

[leandro aislan 0]

Boa tarde,

 

Melhorou sim, muitas coisas que não funcionavam, voltou a funcionar.

A conexao que usava em rede com meu outro Pc voltou a funcionar.

Não sei se tinha alguma coisa haver, mas minhas pastas ligada em rede consegui abrir novamente.

Posso já usar Banco aqui para pagamentos??

[DigRam 144]

/!\ Boa Noite! leandro aislan /!\

 

 

Posso já usar Banco aqui para pagamentos??

~~~ Folders

Failed to delete: [Folder] C:\Program Files (x86)\gbplugin

Successfully deleted: [Folder] C:\ProgramData\gbplugin << << Pasta removida!

---

---

> A JRT removeu uma pasta legítima,referente ao plugin de proteção bancária.

> Verifique se este incidente não bloqueou seu acesso ao Banco.

Abs!

[leandro aislan 0]

Bom dia,

 

Abri o Banco normalmente, tudo ok.

 

Muito obrigado

[DigRam 144]

< Cartilha de Segurança > << Link!

> Leiam as várias dicas que estão contidas na Cartilha de Segurança e fiquem livres de infecções!

< Avira Browser Safety > << Link!

> Instale este complemento ao Google Chrome ou Spark e navegue tranquilamente!

< direct download link for NoScript 2.6.9.21 > << Link!

> Instale este complemento ao Firefox e navegue tranquilamente!

> Previna-se da instalação de PUPs com o Unchecky. << Link!

> Utilizem o SpywareBlaster para proteger o Internet Explorer de Exploits e scripts maliciosos.

> Podem reparar,que proteções adicionais são oferecidas ao Mozilla Firefox e Google Chrome.

> Baixe: < SpywareBlaster 5.0 >

> Salve-o em Arquivos de programas.

> Após instalar o SB,vá em "Protection Status" >> Clique em "Enable All Protection"

> Atualize o SB,clicando em "Updates" >> "Check for Updates" >> Aguarde!

> Terminando,clique novamente em "Enable All Protection".

> Ps: À cada 10 dias,busque atualizar seu banco de definições.

 

> Outra boa solução para exploits,seria a instalação do Malwarebytes Anti-Exploit Free.

> Mantenham o Hosts e Internet Explorer protegidos,com o WinPatrol.

> O WinPatrol ao detectar solicitações de mudanças ao Hosts,lhes darão as opções de aceitarem ou rejeitarem as alterações.

> Para o download,cliquem: "Download WinPatrolToGo 2014"

> Desinfecte seus pendrives,com o Flash Disinfector.

> Ao executar,cliquem OK na 1ª e 2ª mensagem!

http://i.imgur.com/BxDHuwS.jpg

> Mantenham o Java e Flash Player,atualizados!

> Para o Java,execute sua instalação off-line. ( Windows Off-line )

http://i.imgur.com/gvIx5kz.jpg

> Ps: Durante sua instalação,desmarquem as caixas de instalação da Ask Toolbar.

http://i.imgur.com/chd4hOU.jpg

> Mantenham seus computadores atualizados,visitando regularmente o Windows Update.

PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.