Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
computador muito lento e reiniciando:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:54:02, on 19/12/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal
Running processes:
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Rafael\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Microsoft Web Test Recorder 12.0 Helper - {432dd630-7e03-4c97-9d62-b99f52df4fc2} - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office15\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~4\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Rafael\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [spotify] "C:\Users\Rafael\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Rafael\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [NitroPC] "C:\Program Files (x86)\NitroPC\NitroPC.exe" -minimized
O4 - HKCU\..\Run: [Microsoft Defender] "C:\ProgramData\rafaelProcesso.exe"
O4 - HKCU\..\Run: [TgnhUP9] C:\Users\Rafael\AppData\Roaming\0l\TgnhUP9.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://.aeriagames.com
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: www.itau.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: *.itau.com.br
O15 - Trusted Zone: http://www.itaupersonnalite.com.br
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Baidu AntiVirus Service (bavsvc) - Unknown owner - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavsvc.exe (file missing)
O23 - Service: Baidu Hips Service (bhipssvc) - Unknown owner - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bhipssvc.exe (file missing)
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SPLASH.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe--
End of file - 13444 bytes
obrigado
Bom dia, DigRam!
Obrigado pela ajuda,
*** [ Serviços ] ***
Serviço Deletada : c2cautoupdatesvc
Serviço Deletada : c2cpnrsvc
*** [ Arquivos / Pastas ] ***
Pasta Deletada : C:\ProgramData\GiouSave
Pasta Deletada : C:\ProgramData\YoutubeADBloccKe
Pasta Deletada : C:\ProgramData\dbf00538d9d09952
Pasta Deletada : C:\Program Files (x86)\GS_Booster
Pasta Deletada : C:\Program Files (x86)\GiouSave
Pasta Deletada : C:\Program Files (x86)\YoutubeADBloccKe
Pasta Deletada : C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\eobkmljjcapccpbgopnbihgngbbcggki
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\eobkmljjcapccpbgopnbihgngbbcggki
Pasta Deletada : C:\Users\Rafael_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\eobkmljjcapccpbgopnbihgngbbcggki
Pasta Deletada : C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eobkmljjcapccpbgopnbihgngbbcggki
Pasta Deletada : C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eobkmljjcapccpbgopnbihgngbbcggki
Pasta Deletada : C:\Users\Rafael\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eobkmljjcapccpbgopnbihgngbbcggki
Pasta Deletada : C:\Users\Rafael_2\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eobkmljjcapccpbgopnbihgngbbcggki
Arquivo Deletada : C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
Arquivo Deletada : C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
*** [ Tarefas ] ***
*** [ Atalhos ] ***
*** [ Registro ] ***
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Chave Deletedo : HKLM\SOFTWARE\Classes\.
Chave Deletedo : HKLM\SOFTWARE\Classes\..9
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{570933a0-4d9e-4140-9114-9e79c1724f24}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{af7d13a7-d424-46f3-a4a1-27d3ee7f2ff9}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{570933a0-4d9e-4140-9114-9e79c1724f24}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{af7d13a7-d424-46f3-a4a1-27d3ee7f2ff9}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{570933a0-4d9e-4140-9114-9e79c1724f24}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{af7d13a7-d424-46f3-a4a1-27d3ee7f2ff9}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{570933a0-4d9e-4140-9114-9e79c1724f24}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{af7d13a7-d424-46f3-a4a1-27d3ee7f2ff9}
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{570933a0-4d9e-4140-9114-9e79c1724f24}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{af7d13a7-d424-46f3-a4a1-27d3ee7f2ff9}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{570933a0-4d9e-4140-9114-9e79c1724f24}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{af7d13a7-d424-46f3-a4a1-27d3ee7f2ff9}
Chave Deletedo : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Chave Deletedo : HKLM\SOFTWARE\DeviceVM
Chave Deletedo : HKLM\SOFTWARE\GS_Booster
Chave Deletedo : HKLM\SOFTWARE\Baidu
Chave Deletedo : HKLM\SOFTWARE\Classes\Installer\Features\BD04C21DD7DC68D42958E5F22E63394E
Chave Deletedo : HKLM\SOFTWARE\Classes\Installer\Products\BD04C21DD7DC68D42958E5F22E63394E
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BD04C21DD7DC68D42958E5F22E63394E
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\portaldosites.com
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sweet-page.com
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.portaldosites.com
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.sweet-page.com
*** [ Navegadores ] ***
-\\ Internet Explorer v11.0.9600.17496
-\\ Google Chrome v39.0.2171.95
[C:\Users\Rafael_2\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deletedo [Extension] : eobkmljjcapccpbgopnbihgngbbcggki
-\\ Comodo Dragon v
*************************
AdwCleaner[R0].txt - [11133 octets] - [12/05/2014 14:58:26]
AdwCleaner[R1].txt - [1115 octets] - [28/05/2014 18:08:37]
AdwCleaner[R2].txt - [9377 octets] - [24/06/2014 20:45:13]
AdwCleaner[R3].txt - [1344 octets] - [24/06/2014 20:57:48]
AdwCleaner[R4].txt - [1406 octets] - [14/07/2014 21:15:28]
AdwCleaner[R5].txt - [7791 octets] - [19/09/2014 21:53:36]
AdwCleaner[R6].txt - [1913 octets] - [15/12/2014 21:34:14]
AdwCleaner[R7].txt - [1801 octets] - [18/12/2014 18:51:13]
AdwCleaner[R8].txt - [7350 octets] - [20/12/2014 10:22:16]
AdwCleaner[s0].txt - [9147 octets] - [12/05/2014 14:59:23]
AdwCleaner[s1].txt - [1170 octets] - [28/05/2014 18:26:42]
AdwCleaner[s2].txt - [7449 octets] - [24/06/2014 20:46:37]
AdwCleaner[s3].txt - [1398 octets] - [24/06/2014 20:59:01]
AdwCleaner[s4].txt - [1462 octets] - [14/07/2014 22:09:28]
AdwCleaner[s5].txt - [7523 octets] - [19/09/2014 21:54:56]
AdwCleaner[s6].txt - [1963 octets] - [15/12/2014 21:37:40]
AdwCleaner[s7].txt - [1925 octets] - [18/12/2014 18:52:49]
AdwCleaner[s8].txt - [7032 octets] - [20/12/2014 10:25:55]
########## EOF - C:\AdwCleaner\AdwCleaner[s8].txt - [7092 octets] ##########
Boa Tarde! Rafael Icassati 2
Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://hijackthis.nl/smeenk/Zoek-exe.png&key=258c0a7e2e2a8839d194a8a472a7fac8b2b0a57b6edfe01c0c75632b2d33ae07" alt="Zoek-exe.png" /> > ( ... by Smeenk )
< /applications/core/interface/imageproxy/imageproxy.php?img=http://www.imgdumper.nl/uploads6/51a612a8b2bc1/51a612a8b27e2-Zoek.png&key=b080d87f02699d418b53b08471d428294848da3b0e2385f0657dbc188036baad" alt="51a612a8b27e2-Zoek.png" />zoek.exe >
Salve-o ao desktop!
Desabilite seu antivírus!
Para Windows 7,execute zoek.exe como administrador.
emptyfolderscheck;delete
emptytemp;
autoclean;Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
Clique "Run Script".
>
Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
Surgirão informações,pedindo-lhe que aguarde o surgimento do relatório.
Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Zoek_Reboot_zpscf60b3cf.jpg&key=cd3dbc8b6058332b5ca134f03724ff8c45ff51d7f31a8c732301729c7a9e6c94" alt="Zoek_Reboot_zpscf60b3cf.jpg" />
Confirme o reboot!
>
zoek.hta failed by unknown error.
Restart computer, and try again.
Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
Poste o relatório,que estará em C:\zoek-results.txt <<
A+
Bom dia, DigRam!
Zoek.exe v5.0.0.0 Updated 21-December-2014
Tool run by Rafael on 21/12/2014 at 10:33:51,13.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Rafael\Desktop\zoek.exe.exe [scan all users] [script inserted]
==== Older Logs ======================
C:\zoek-results2014-12-21-111535.log 978 bytes
C:\zoek-results2014-12-21-112929.log 381 bytes
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Users\Rafael\.android deleted
C:\found.000 deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\Elcomsoft Password Recovery deleted
C:\Users\Rafael\AppData\Local\nss7D7A.tmp deleted
C:\Users\Rafael\AppData\Local\com deleted
C:\Users\Rafael\AppData\Local\Wondershare deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\Rafael\AppData\Roaming\Rafael01248712.exe deleted
C:\Users\Rafael\AppData\Roaming\unins000.exe deleted
C:\Users\Rafael\AppData\Roaming\unins001.exe deleted
"C:\PROGRA~3\rafaelProcesso.exe" deleted
"C:\Users\Rafael\AppData\Roaming\uID\UjZAjq.exe" deleted
"C:\Users\Rafael\AppData\Roaming\uID\yWm.zip" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\DAQExp.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted
"C:\Users\Rafael\AppData\Roaming\uID" deleted
"C:\PROGRA~2\COMMON~1\Wondershare" deleted
"C:\PROGRA~3\Package Cache" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"otis@digitalpersona.com"="C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt" [22/09/2011 15:37]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"otis@digitalpersona.com"="C:\Program Files (x86)\DigitalPersona\Bin\firefoxext" [22/09/2011 15:37]
==== Fake Chromium Profiles Check ======================
Fake profile C:\Users\Administrador\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrador\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrador\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Convidado\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Convidado\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Convidado\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Rafael\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Rafael\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Rafael_2\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Rafael_2\AppData\Local\Comodo\Dragon deleted
==== Chromium Look ======================
Google Chrome Version: 39.0.2171.95 (Could not determine latest Stable Version)
PhotoLive Download Facebook Photos - Rafael_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpjnpabklnaaifclgealaepelncljadk
==== Chromium Startpages ======================
C:\Users\Rafael_2\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",
"startup_urls": "[http://www.google.com/" ],
"urls_to_restore_on_startup": "[http://www.google.com/" ]
==== Chromium Fix ======================
C:\Users\Rafael_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpjnpabklnaaifclgealaepelncljadk deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{1B399743-BC9C-419A-B03A-1C401BC72208} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Diebold - Warsaw deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Java ME Platform SDK 3.4 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Rafael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Rafael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Rafael\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Rafael_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Rafael_2\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=525 folders=593 1531587019 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Rafael\AppData\Local\Temp will be emptied at reboot
C:\Users\Rafael_2\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Rafael\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 21/12/2014 at 11:18:20,44 ======================
/!\ Boa Tarde! RafaeL Icassati 2 /!\
Baixe: < ZHPDiag2.exe > < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/NicolasCoolman.jpg&key=31eaca9d787a5cb7b785eaca882cfe95bdd41bfffaf35086b6e7ecf044ef83cf" alt="NicolasCoolman.jpg" /> > ( ... de Nicolas Coolman )
Salve-o no disco local! ( C ou D )
Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag_Pergaminho2_zps6e758639.jpg&key=6ea716e3ff0c1e80fdbb9b821ab86cbec4d10a8ec6466840625e1b7577bb9e18" alt="ZHPDiag_Pergaminho2_zps6e758639.jpg" />
Execute o ícone do pergaminho. ( ZHPDiag )
Clique "COMPLETA" e aguarde a conclusão!
Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
Ps: Como o log será extenso,envie-o à Pjjoint.malekal.
Ou acesse: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" /> >
Maiores informações: < |Link| >
A+
Boa noite DigRam!
http://pjjoint.malekal.com/files.php?id=20141226_i5g11b15u15j7
Boa Noite! Rafael Icassati 2
Execute este script na ferramenta ZHPFix.
Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
À seguir,minimize o Bloco de Notas.
Script ZHPFix
Firewallraz
Emptytemp
ProxyFix
[MD5.9D0767859EE938C0C4FAC30693109843] [WIS][23/06/2014] (.SupraSavings - SupraSavings.) -- C:\Windows\Installer\268a565.msi [3162112] =>PUP.SupraSavings
[MD5.9A5263D3C011F34BFA10C5458CF27197] [WIS][23/06/2014] (.SupraSavings - SupraSavings.) -- C:\Windows\Installer\26a60b8.msi [4997120] =>PUP.SupraSavings[MD5.00000000000000000000000000000000] [APT] [DVDAgent] (...) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{298AF818-EB68-496E-8ACC-49BE8C5BC137}] (...) -- C:\Users\Rafael\AppData\Roaming\webssearches\UninstallManager.exe (.not file.) [0] =>Hijacker.WebsSearches
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>;<local>;*.local =>Hijacker.ProxyO2 - BHO: (no name) [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Chave orfã
O2 - BHO: (no name) [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Chave orfã
O23 - Service: Baidu AntiVirus Service (bavsvc) . (...) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavsvc.exe (.not file.)
O23 - Service: Baidu Hips Service (bhipssvc) . (...) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bhipssvc.exe (.not file.)
O41 - Driver: (badriver) . (. - .) - C:\Windows\System32\drivers\badriver.sys (.not file.)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\DRIVERS\blbdrive.sys
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
O43 - CFD: 09/04/2014 - 14:19:38 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 09/05/2014 - 14:44:02 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 09/04/2014 - 14:20:43 - [] ----D C:\Users\Rafael\AppData\Roaming\Baidu Security
O43 - CFD: 25/03/2014 - 19:33:48 - [] ----D C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
O51 - MPSK:{3c648b72-bc0f-11e3-a6ab-0027139bf0ab}\AutoRun\command. (...) -- F:\LGAutoRun.exe (.not file.)
O58 - SDL:21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624]
O58 - SDL:21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bfilter.sys (Bfilter) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BFILTER
O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bfmon.sys (Bfmon) .(.Baidu, Inc. - Baidu FS Monitor Driver.) - LEGACY_BFMON
O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bprotect.sys (Bprotect) .(.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - LEGACY_BPROTECT
O90 - PUC: "8B501B6E56F182443979D1DFA8309BD4" . (.SupraSavings.) -- c:\Windows\Installer\{E6B105B8-1F65-4428-9397-1DFD8A03B94D}\icon64.ico =>PUP.SupraSavings
[HKCU\Software\Baidu Security]
[HKCU\Software\Baixaki]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]
[HKLM\Software\Wow6432Node\ProtectExtension] =>PUP.ProtectExtension
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}] =>Crapware.SpyHunter^
C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^
C:\Windows\Installer\268a565.msi =>PUP.SupraSavings^
C:\Windows\Installer\26a60b8.msi =>PUP.SupraSavings^ServiceStop:badriver
ServiceStop:Bfilter
ServiceStop:Bfmon
ServiceStop:blbdrive
ServiceStop:Bprotect
ServiceStop:bavsvc
ServiceStop:bhipssvc
Abra a ferramenta ZHPFix. < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHPFix_logo2_zpsea0f2aa4.jpg&key=d5542cfa8c2927966334db1e22757054447548c1fa99304069314737b6934181" alt="ZHPFix_logo2_zpsea0f2aa4.jpg" /> >
Clique IMPORTAÇÃO >> OK.
Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
Clique "GO".
Poste o relatório!
A+
Tópico Arquivado
Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.
Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.
Boa Noite! Rafael Icassati 2
> >< /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" /> >
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/AdwCleaner_Examinar_zps828ed634.jpg&key=ab3daa6c25adcfd393aa42949dcd0177a1c4f1dba193cc7c9704843f6ef97402" alt="AdwCleaner_Examinar_zps828ed634.jpg" />
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Limpar_zps06005ae9.jpg&key=e03b122437ba41a51aeb80130d87464e234beda92d71d6cab1205ee84e50d78e" alt="AdwCleaner_Limpar_zps06005ae9.jpg" />
A+