Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Bom dia,
Gostaria que analisasse meu log, meu pc anda lento e algumas paginas nao abrem.
segue o Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:10:07, on 29/06/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\PROGRA~2\KASPER~1\KASPER~2.0\KASPER~2\stpass.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\SigmaTEK\SigmaNEST81\SigmaNEST.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Asafer\Desktop\back up leandro\Downloads\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Anexar destino do link a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converter destino do link em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking...GbPluginUni.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Serviço do Kaspersky Anti-Virus (avp) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Sentinel LDK License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Watchdata CCID Moniter v3.4 (WDBrazMonitor34) - Beijing WatchData System Co., Ltd. - C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 14955 bytes
/!\ Bom Dia! leandro aislan /!\
Execute este script na ferramenta ZHPFix.
Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
À seguir,minimize o Bloco de Notas.
Script ZHPFix
EmptyPrefetch
EmptyClsid
EmptyTemp
FirewallRaz
ShortcutFix
HiddenFix
M2 - MFEP: RegExtension {87F8774F-B485-47E2-A755-A40A8A5E886C} . (...) -- C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\bb\xpi (.not file.)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã
O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM][64Bits] -- PokerStars
O43 - CFD: 27/06/2014 - 16:49:56 - [] ----D C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687
O43 - CFD: 27/12/2012 - 13:14:02 - [] ----D C:\Program Files (x86)\PokerStars
O43 - CFD: 14/01/2012 - 08:05:41 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
O43 - CFD: 28/12/2012 - 15:51:55 - [] ----D C:\Users\Asafer\AppData\Local\PokerStars
O43 - CFD: 27/06/2014 - 16:49:56 - [] ----D C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [Enabled] .(...) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" [Enabled] .(...) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" [Enabled] .(...) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" [Enabled] .(...) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (.not file.)
[HKCU\Software\AppDataLow\Software\toolbarcleaner]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKCU\Software\ToolbarCleaneroptions]
[HKCU\Software\Safer Networking Limited]
[HKLM\Software\Wow6432Node\Safer Networking Limited]
[HKCU\Software\Baidu Security]
[HKLM\Software\Baidu Security]
[HKCU\Software\Baixaki]
sysrestore
Abra a ferramenta ZHPFix. < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHPFix_logo2_zpsea0f2aa4.jpg&key=d5542cfa8c2927966334db1e22757054447548c1fa99304069314737b6934181" alt="ZHPFix_logo2_zpsea0f2aa4.jpg" /> >
Clique IMPORTAÇÃO >> OK.
Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
Clique "GO".
Poste o relatório!
/applications/core/interface/imageproxy/imageproxy.php?img=http://r17.imgfast.net/users/1712/29/07/67/smiles/434264.gif&key=8b580fd8c41338fe0925cd84ba4dbbb4293b15fe6a04cbd03d242b4e86624720" alt="434264.gif" />
< Peço aos visitantes que não utilizem este script em seus computadores,sob risco de danos aos mesmos! >
A+
Bom dia,
Segue o mesmo:
Rapport de ZHPFix 2015.4.9.5 par Nicolas Coolman, Update du 18/03/2015
Fichier d'export Registre :
Run by Asafer at 02/07/2015 08:01:22
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 08s)
Prefetcher vazio
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\pokerstars\pokerstarsuninstall.exe
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PokerStars]
ELIMINÉ: HKCU\Software\AppDataLow\Software\toolbarcleaner
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ: HKCU\Software\ToolbarCleaneroptions
ELIMINÉ: HKCU\Software\Safer Networking Limited
ELIMINÉ: HKLM\Software\Wow6432Node\Safer Networking Limited
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baixaki
========== Valores do Registo ==========
ELIMINÉ: FirewallRaz (SP) : C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
ELIMINÉ: FirewallRaz (SP) : C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
ELIMINÉ: FirewallRaz (SP) : C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
ELIMINÉ: FirewallRaz (SP) : C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: RegExtension: {87F8774F-B485-47E2-A755-A40A8A5E886C}
ELIMINÉ: Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93}
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (23)
ELIMINÉ: C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687
ELIMINÉ: C:\Program Files (x86)\PokerStars
ELIMINÉ: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
ELIMINÉ: C:\Users\Asafer\AppData\Local\PokerStars
========== Ficheiros ==========
ELIMINÉ Temporários windows (156) (47.625.173 octets)
========== Pastas/Ficheiros ocultos restaurados ==========
Mes images (My Pictures) : 9 restaurados com sucesso
Ma musique (My Music) : 1 restaurados com sucesso
Ma Video (My Video) : 1 restaurados com sucesso
Mes Favoris (My Favorites) : 2 restaurados com sucesso
Mes Documents (My Documents) : 12 restaurados com sucesso
Mon Bureau (My Desktop) : 31565 restaurados com sucesso
Menu demarrer (Programs) : 8 restaurados com sucesso
Dossier utilisateur (AppData) : 46 restaurados com sucesso
Programmes (Program Files) : 95 restaurados com sucesso
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
9 : Chaves do Registo
7 : Valores do Registo
6 : Pastas
1 : Ficheiros
1 : Softwares
31739 : Pastas/Ficheiros ocultos restaurados
1 : Restauração Sistema
End of clean in 09mn 31s
========== Caminho do ficheiro do relatório ==========
C:\Users\Asafer\AppData\Roaming\ZHP\ZHPFix[R1].txt - 02/07/2015 08:01:30 [2934]
/!\ Bom Dia! leandro aislan /!\
Siga estes procedimentos,na ordem estabelecida!
Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i48.tinypic.com/1268r49.png&key=be85c7a026af0cb092d2f868777759c6b4bd667a01f00e36e91558a667424520" alt="1268r49.png" /> > ( ... by Malwarebytes.org )
Salve-o no desktop!
Desabilite seu antivírus!
Para Windows 7,clique direito em JRT.exe e execute-o ...
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />
Aguarde a conclusão e poste o relatório. ( JRT.txt )
Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/CTR_Logo_zpsd76553a2.jpg&key=ce4b68a6b3c6a8966a5bf17fa2db486536539d5a79aef725baeea1d0ad4c160b" alt="CTR_Logo_zpsd76553a2.jpg" /> > ( ... de Pierre 13 )
Caso encontre dificuldades ou bloqueio ao realizar o download,utilize o navegador Internet Explorer.
Salve-a no desktop!
Para Windows 7 e 8,execute-a com clique direito do mouse.
Desabilite seu antivírus!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i39.tinypic.com/8vq7ma.jpg&key=54cd86231d1d8260cccd74af55605b09525bc49350c2e15616b9be0763b25942" alt="8vq7ma.jpg" />
Escolha: Executar como administrador! ( Windows Vista, 7 ,8 e 8.1 ) (32 e 64 bits)
Para Windows XP,basta duplo-clique em CTR.exe.
Aguarde a finalização,que é rápida!
Poste o relatório! ( CTR.txt )
Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1377.photobucket.com/albums/ah43/caedurodrigues/Removal%2520Tools/SFT_Icon_zpsf8e1bf56.png&key=50ea599a4148658ca55b3ee0c7481356f54733c2bc24a6e3f86d76dad34561da" alt="SFT_Icon_zpsf8e1bf56.png" />SFTGC > ( ... de Pierre13 )
Tendo dificuldades no download,utilize o navegador Internet Explorer.
Salve-o no desktop!
Para Windows Vista e 7,execute "SFTGC.exe" como administrador!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/SFTGC_Go_zps151dad06.jpg&key=1b6242bb716a1a228385ec3e75d2bd83e0dff6646ff08e4d73d5097c9c6f66c5" alt="SFTGC_Go_zps151dad06.jpg" />
Execute-o e clique "Go".
Aguarde seu término,que é rápido.
Poste o relatório! ( SFT.txt )
Ps: De acordo com o tamanho do relatório,não poste-o diretamente!
Acesse,para esta tarefa! < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" /> >
A+
Bom dia segue o log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.7 (07.02.2015:2)
OS: Windows 7 Home Premium x64
Ran by Asafer on 02/07/2015 at 10:56:55,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully deleted: [service] swdumon [Reboot required]
~~~ Tasks
Successfully deleted: [Task] C:\Windows\system32\tasks\SlimDrivers Startup
Successfully deleted: [Task] C:\Windows\tasks\SlimDrivers Startup.job
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Windows\system32\drivers\swdumon.sys
~~~ Folders
Failed to delete: [Folder] C:\Program Files (x86)\gbplugin
Successfully deleted: [Folder] C:\ProgramData\gbplugin
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\drivereasy
Successfully deleted: [Folder] C:\Users\Asafer\appdata\local\slimware utilities inc
Successfully deleted: [Folder] C:\users\public\documents\downloaded installers
~~~ FireFox
~~~ Chrome
[C:\Users\Asafer\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Asafer\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Asafer\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Asafer\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/07/2015 at 11:06:57,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rapport de Contrôle restrictions Pierre13 (CTR version 2.0.0.2 ) du 02\07\2015 à 11:08:58
PC de Asafer
Windows 7 Home Premium Service Pack 1 (64 bits)
Réparation erreur 2203 effectuée.
Contrôle présence restrictions
[WORM_CRILOCK.A] supprimée.
[TROJ_POWELIKS.B] clé feature_browser_emulation supprimée.
[bKDR_BLACKEN.A] clé Check_Associations supprimée.
[bKDR_BLACKEN.A] clé PhishingFilter corrigée.
Autorisation installation sponsor Java(x86) supprimée.
Autorisation installation sponsor Java(x64) supprimée.
Restriction mise à jour Chrome supprimée.
Restriction Affichage Documents récents supprimée.
Restriction Affichage Documents supprimée.
Restriction synchronisation en arrière-plan des flux d’informations et des Web Slices supprimée.
Restriction découverte des flux RSS et des Web Slices supprimée.
Restriction LowerFilters Bluetooth supprimée.
Pavé numérique activé.
Restriction utilisateur pour Windows Installer supprimée.
Recherche Windows Update rétablie.
Service Pare feu Windows activé.
Paramètres Pare feu Windows rétablis par défaut et activé.
234 restrictions contrôlées.
15 restriction(s) réparée(s).
Re démarrer le PC pour prendre en compte la ou les réparations.
Le rapport est sur le bureau (C:\Users\Asafer\Desktop\CTR.txt)
/!\ Bom Dia! leandro aislan /!\
Os sintomas reclamados,ainda permanecem?
A+
Boa tarde,
Melhorou sim, muitas coisas que não funcionavam, voltou a funcionar.
A conexao que usava em rede com meu outro Pc voltou a funcionar.
Não sei se tinha alguma coisa haver, mas minhas pastas ligada em rede consegui abrir novamente.
Posso já usar Banco aqui para pagamentos??
/!\ Boa Noite! leandro aislan /!\
>
Posso já usar Banco aqui para pagamentos??
~~~ Folders
Failed to delete: [Folder] C:\Program Files (x86)\gbplugin
Successfully deleted: [Folder] C:\ProgramData\gbplugin << << Pasta removida!
---
---
A JRT removeu uma pasta legítima,referente ao plugin de proteção bancária.
Verifique se este incidente não bloqueou seu acesso ao Banco.
Abs!
Bom dia,
Abri o Banco normalmente, tudo ok.
Muito obrigado
< Cartilha de Segurança > << Link!
Leiam as várias dicas que estão contidas na Cartilha de Segurança e fiquem livres de infecções!
< /applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/D6VX88q.jpg&key=f89675165232d371403bf1ecc584d81336db290b7287ca57be8f66c7818c71ed" alt="D6VX88q.jpg" />Avira Browser Safety > << Link!
Instale este complemento ao Google Chrome ou Spark e navegue tranquilamente!
< /applications/core/interface/imageproxy/imageproxy.php?img=https://noscript.net/noscript/logo.png&key=9195d0cc245706787252cb9154acc56cd3111a80ae4b93d8c09b0a4d6462f017" alt="logo.png" /> direct download link for NoScript 2.6.9.21 > << Link!
Instale este complemento ao Firefox e navegue tranquilamente!
/applications/core/interface/imageproxy/imageproxy.php?img=http://rammichael.com/wp-content/uploads/2014/10/unchecky_0.3_notification_icon.png&key=b5b10ad1a908fe024d77081e2bb1ad9690273a4b824d9dcfae2e322957a41591" alt="unchecky_0.3_notification_icon.png" />
Previna-se da instalação de PUPs com o Unchecky. << Link!
Utilizem o SpywareBlaster para proteger o Internet Explorer de Exploits e scripts maliciosos.
Podem reparar,que proteções adicionais são oferecidas ao Mozilla Firefox e Google Chrome.
> Baixe: < SpywareBlaster 5.0 >
Salve-o em Arquivos de programas.
Após instalar o SB,vá em "Protection Status" >> Clique em "Enable All Protection"
Atualize o SB,clicando em "Updates" >> "Check for Updates" >> Aguarde!
Terminando,clique novamente em "Enable All Protection".
Ps: À cada 10 dias,busque atualizar seu banco de definições.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/tmmJyxa.jpg&key=d3cbcd2e68906581bf6c71dcd19b1a82ab43d9cd8bee440764b62a81c00a18af" alt="tmmJyxa.jpg" />
Outra boa solução para exploits,seria a instalação do Malwarebytes Anti-Exploit Free.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/rYESBio.jpg&key=a6626db3646830da7e2ec27e21a933a31ce93dd27633a03f2c474260de813c02" alt="rYESBio.jpg" />
Mantenham o Hosts e Internet Explorer protegidos,com o WinPatrol.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/2VNx3WO.jpg&key=ab74b27f588d8d654abfd3b5941700c6a9aa0c37644c3587d718822fa59a6187" alt="2VNx3WO.jpg" />
O WinPatrol ao detectar solicitações de mudanças ao Hosts,lhes darão as opções de aceitarem ou rejeitarem as alterações.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/8ixYlsp.jpg&key=9881c0c5506991b41f3702f0a7c4adaec7c2752231b27e4a958570ff5a3f5659" alt="8ixYlsp.jpg" />
Para o download,cliquem: "Download WinPatrolToGo 2014"
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/cCTJ6FJ.jpg&key=d738d5ec5e9a1edaeac74d2a0e2fa9e27c601e2c7a8d9824a6fbd4d13e477839" alt="cCTJ6FJ.jpg" />
Desinfecte seus pendrives,com o Flash Disinfector.
Ao executar,cliquem OK na 1ª e 2ª mensagem!
http://i.imgur.com/BxDHuwS.jpg
Mantenham o Java e Flash Player,atualizados!
Para o Java,execute sua instalação off-line. ( Windows Off-line )
http://i.imgur.com/gvIx5kz.jpg
Ps: Durante sua instalação,desmarquem as caixas de instalação da Ask Toolbar.
http://i.imgur.com/chd4hOU.jpg
Mantenham seus computadores atualizados,visitando regularmente o Windows Update.
PROBLEMA RESOLVIDO
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
/!\ Bom Dia! leandro aislan /!\
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/pSGTOt0.jpg&key=c025ad22eb7b311e78e340f8e1eaeaf29ee05f56c9d0b8d7e5a876fa0a3e37c3" alt="pSGTOt0.jpg" />
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag_Pergaminho2_zps6e758639.jpg&key=6ea716e3ff0c1e80fdbb9b821ab86cbec4d10a8ec6466840625e1b7577bb9e18" alt="ZHPDiag_Pergaminho2_zps6e758639.jpg" />
/applications/core/interface/imageproxy/imageproxy.php?img=http://9.t.imgbox.com/Vnc4TryL.jpg&key=95d2236a6bb65f85938db2fa2f2931d2b3e7431e2cb91cb7f09c5f51e3d6bda7" alt="Vnc4TryL.jpg" />
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/1YI8m8l.jpg&key=3c2a42133266a54843c1270f7cc7ad0c7a33b234a3d244010fc14dd7924de48c" alt="1YI8m8l.jpg" />
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acrVh6GY.jpg&key=a98031df11d71116e6fc6fe6586a03c4ab49a7be484751ed5881cb409d37ce42" alt="acrVh6GY.jpg" />
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Copierlelien_zpsd51f499f.jpg&key=660428e74964025a431cba1b51ee2132f7bbee4aaf74172bd3f0a3be25c5b2b1" alt="Copierlelien_zpsd51f499f.jpg" />
A+