Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

xterminow

[Resolvido] &nbspComputador muito lento

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

xterminow    0

xterminow
Postado

De um tempo pra ca o note ficou muito lento, notei um aumento na quantidade de memoria usada por alguns programas normais, como o mozilla e jogos. A inicialização do computador também ta muito demorada, não sei se é algum virus, enfim. Se puderem ajudar fico muito agradecido.

Log do HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:28:28, on 01/04/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Users\Paulo\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110808&tt=280812_2003_3512_7&babsrc=HP_ss&mntrId=eab1196700000000000090a4dee7fb6f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.com # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.com # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.info # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.info # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.org # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.org # misleading site
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Samsung BHO Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe" Minimum
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-21-1513193997-3538550247-1406820036-1006\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1513193997-3538550247-1406820036-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PSafeSVC - Unknown owner - (no file)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service - Unknown owner - C:\windows\System32\SUPDSvc.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Uniblue Maxi Disk Service (Uniblue.MaxiDiskSvc) - Unknown owner - C:\Program Files (x86)\Uniblue\MaxiDisk\service.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14597 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! xterminow

|- Baixe: < http://general-changelog-team.fr/telechargements/logiciels/viewdownload/75-outils-de-xplode/28-adwcleaner'>adwcleaner_logo.jpg > ( ... par Xplode )

|- Ao acessar,clique na imagem: < AdwCleaner_Tlcharger.jpg >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como Executar_Administrador.jpg
|- Ps: Dê início ao scan,clicando em "Remover". < http://imgbox.com/abpXmu2U'>abpXmu2U.jpg >

http://imgbox.com/acuDr4Nb'>acuDr4Nb.jpg

|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt

-/-

|- Baixe: | ftp://zebulon.fr/ZHPDiag2.exe'>ZHPDiag2 | *ºº* < NicolasCoolman.jpg > *ºº* ( ... de Nicolas Coolman )

|- Salve-o no desktop!

ZHPDiag2.jpg

|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

ZHPDiag_Installation.jpg

|- Confirme todos os passos,ao instalar ZHPDiag.
|- Conclua a instalação,clicando em "Termine".

ZHPDiag_MBRCheck.jpg

|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:

|- <1> MBRCheck
|- <2> ZHPDiag2
|- <3> ZHPFix

ZHPDiag_cones.jpg

|- Clique no ícone do pergaminho. ( ZHPScript )

ZHPDiag_Update.jpg

|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )
|- Habilite todas as opções de diagnóstico,clicando em "Options".

ZHPDiag_All.jpg

|- Clique em All.
|- Desmarque,à seguir,as caixinhas de n° O45,O61,O62,O65,O82.

|- ZHPDiag_30days.jpg

|- Clique em "Calendar" e escolha 30 dias!

ZHPDiag_UAC.jpg

|- Clique no botão UAC,para desabilitar essa proteção.

ZHPDiag_Lupa.jpg

|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )
|- Ao concluir,clique em "Save Report".
|- Salve-o em um local conveniente! ( ZHPDiag.txt )
|- Ps: Não poste,diretamente,esse arquivo texto.

|- Envie-o à http://forum.imasters.com.br/topic/452207-pjjointmalekal-hospedagem-inteligente/'>Pjjoint.malekal,clicando na seta azul! < ZHPDiag_Pjjoint-1.jpg >

|- Ou acesse: http://cjoint.com/'>Cjoint_Logo.jpg

|- Ou acesse: http://imgbox.com/abmdaZsE'>abmdaZsE.jpg

|- Maiores informações: < |http://forum.imasters.com.br/topic/452911-myfiletk-cjoint/'>Link| >

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

xterminow    0

xterminow
Postado

@DigRam

--- ADW

# AdwCleaner v2.115 - Relatório criado em 01/04/2013 às 19:39:33
# Atualizado em 17/03/2013 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : Paulo - PAULO-PC
# Modo de Boot : Normal
# Executado de : C:\Users\Paulo\Desktop\adwcleaner.exe
# Opção [Remover]


***** [serviços] *****


***** [Arquivos/Pastas] *****

Arquivo Removido : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Arquivo Removido : C:\user.js
Pasta Removido : C:\Program Files (x86)\BabylonToolbar
Pasta Removido : C:\ProgramData\Ask
Pasta Removido : C:\ProgramData\Babylon
Pasta Removido : C:\Users\Paulo\AppData\Local\APN
Pasta Removido : C:\Users\Paulo\AppData\Roaming\Babylon
Pasta Removido : C:\Users\Paulo\AppData\Roaming\BabylonToolbar
Pasta Removido : C:\Users\Paulo\AppData\Roaming\pdfforge
Pasta Removido : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registro] *****

Chave Removida : HKCU\Software\APN
Chave Removida : HKCU\Software\AppDataLow\Software\AskToolbar
Chave Removida : HKCU\Software\Ask.com
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Removida : HKLM\Software\APN
Chave Removida : HKLM\Software\AskToolbar
Chave Removida : HKLM\Software\Babylon
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Chave Removida : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Chave Removida : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Chave Removida : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Chave Removida : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Chave Removida : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Valor Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Navegadores] *****

-\\ Internet Explorer v9.0.8112.16470

Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110808&tt=280812_2003_3512_7&babsrc=HP_ss&mntrId=eab1196700000000000090a4dee7fb6f --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (pt-BR)

Arquivo : C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\g5nknbtt.default\prefs.js

Removida : user_pref("browser.search.defaultengine", "Ask.com");
Removida : user_pref("browser.search.defaultenginename", "Ask.com");
Removida : user_pref("browser.search.order.1", "Ask.com");
Removida : user_pref("extensions.asktb.ff-original-keyword-url", "");
Removida : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]

-\\ Google Chrome v25.0.1364.172

Arquivo : C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Preferences

Removida [l.8] : homepage = "hxxp://search.babylon.com/?affID=110808&tt=280812_2003_3512_7&babsrc=HP_ss&mntrId[...]
Removida [l.12] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110808&tt=280812_2003_351[...]
Removida [l.44] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Removida [l.47] : keyword = "babylon.com",
Removida [l.50] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=110808&tt=280812_2003_3512_7&b[...]
Removida [l.1529] : homepage = "hxxp://search.babylon.com/?affID=110808&tt=280812_2003_3512_7&babsrc=HP_ss&mntrId=ea[...]
Removida [l.1815] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110808&tt=280812_2003_3512_7[...]

*************************

AdwCleaner[s1].txt - [338 octets] - [01/04/2013 19:37:29]
AdwCleaner[s2].txt - [5924 octets] - [01/04/2013 19:39:33]

########## EOF - C:\AdwCleaner[s2].txt - [5984 octets] ##########

--- ZHPDIAG

http://pjjoint.malekal.com/files.php?read=ZHPDiag_20130402_u11e11g14g85


Att

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! xterminow

|- Baixe: < 1268r49.png > ( ... de Thisisu )
|- Salve-o no desktop!
|- Para Windows 7,clique direito em JRT.exe e execute-o como Executar_Administrador.jpg
|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

-/-
|- Feche programas/pastas que estejam abertas.
|- Feche,também,o navegador!
|- Para Windows Vista,desabilite a UAC.

ZHPFix_silent_zps532d2db6.jpg

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

[MD5.00000000000000000000000000000000] [APT] [EasyPartitionManager] (...) -- C:\Windows\MSetup\BA46-12225A02\EPM.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [scheduled Update for Ask Toolbar] (...) -- C:\Program Files (x86)\Ask.com\UpdateTask.exe (.not file.) [0] => Toolbar.Ask
[MD5.CE755676AE6D27A1EFEEFB0F3C70A929] [sPRF][16/01/2013] (.Ask.com - AskStub Application.) -- C:\Users\Paulo\AppData\Local\Temp\APNStub.exe [358600]
O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.com # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.com # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.info # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.info # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.org # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.org # misleading site
O4 - HKCU\..\Run: [AdobeBridge] Orphean Key
O4 - GS\Desktop: ESEA Client.lnk . (...) -- C:\Program Files (x86)\ESEA\ESEA Client\eseaclient.exe (.not file.)
O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM][64Bits] -- PokerStars => PartyGaming PokerStars
O43 - CFD: 02/01/2013 - 09:17:47 - [119,980] ----D C:\Program Files (x86)\PokerStars => PartyGaming PokerStars
O43 - CFD: 06/08/2012 - 15:40:24 - [0] ----D C:\Users\Paulo\AppData\Local\Histórico
O43 - CFD: 28/03/2013 - 18:57:23 - [4,340] ----D C:\Users\Paulo\AppData\Local\PokerStars => PartyGaming PokerStars
O51 - MPSK:{47fb6ef8-5fd1-11e2-b634-90a4dee7fb6f}\AutoRun\command. (...) -- G:\iLinker.exe (.not file.)
O87 - FAEL: "{16A4EEA0-2456-4B83-8D21-7F124AA5D1E5}" |In - None - P17 - TRUE | .(...) -- C:\Users\Paulo\AppData\Local\Temp\7zS7700\setup\hpznui40.exe (.not file.)

[HKLM\Software\Wow6432Node\360Safe] => Infection Diverse (Lozavita.Troj)

hostfix
proxyfix
emptytemp
emptyclsid
emptyflash
firewallraz
sysrestore


|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
|- Minimize o Bloco de Notas.

ZHPDiag_PasteClipboard.jpg

|- Clique no menu,"Paste ClipBoard".

acerMAbC.jpg

|- Clique "GO" -> Oui.

ZHPFix_GO.jpg

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

######
---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Paulo at 01/04/2013 20:08:38

device: opened successfully
user: error reading MBR

Disk trace:
error: Read Identificador inválido.
kernel: error reading MBR
~ MBR: 9 Legitimates Scanned in 00mn 02s
######

|- Informações da MBR não puderam ser acessadas pela ferramenta.

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

xterminow    0

xterminow
Postado

Olé DigRam, conforme solicitado segue:

@JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.0 (04.02.2013:1)
OS: Windows 7 Home Premium x64
Ran by Paulo on 02/04/2013 at 21:58:17,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9



~~~ Files

Successfully deleted: [File] "C:\windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{036AAA1A-1AD0-4DBB-B1A3-874891386C3E}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{0EC455B6-050B-4064-9314-86E3524464CB}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{171DCC6B-823A-4E10-AE43-C4AC8A7BD82E}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{1758D0D8-D6E9-434B-B6F8-FA2F902228E0}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{1EC9DF56-3AD9-4D45-A75D-8A5C7AF1E21F}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{206B226E-44AB-4D1E-AD82-42308AEFD5F7}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{2A45174E-EDEE-4C48-91C5-65B727F41BFC}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{386394B3-4702-40A4-8599-1487DADCA9D8}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{4600347C-0E46-48B7-9C8A-910FE088B7A1}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{473FDA41-6355-4FF0-A186-C6FED035DA3A}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{489665FE-58D6-477D-B562-F33F8B05B86F}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{491B0CD2-5ED1-41A8-966C-F0A14FFBC434}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{492B330B-2D83-47E8-9B23-87F5E575E8C3}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{4B949C88-E45C-4CA1-B725-CDC98093D568}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{50D5033F-D390-4B6D-B500-4C2B4A916FCE}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{5D5BD590-221E-482F-944E-4251B3E6513F}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{5DEF0417-1A18-45F9-9C81-83AE037DAD92}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{6D921762-95CB-4D61-913A-0C7320D51A6E}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{70255B8A-8D70-4F93-9A73-54C7AE41A66D}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{7FA5F725-91FC-441C-9D4A-B803A82B5A30}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{895D0D78-B2F8-4873-8A8C-4CF920DF7D83}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{896D2C8A-BA6E-45C3-A639-426AD0349979}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{8D378AFE-B267-4BF6-8F26-FC89F1DDA424}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{92BBC578-0320-490E-8D2B-428C6CC3C58C}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{93DA1503-E4FD-4F45-B523-C78C214EA181}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{95EC6752-4810-41BD-AFCB-5E51DD47D12A}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{9C1C7287-6D53-4ABF-A904-EA84FB643BDE}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{A1618042-E40E-49A2-A32D-7670BE2B7BCB}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{ABD666BC-1813-4B5B-975F-BD381DB70F2E}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{B08B22C9-A2D3-4059-98E0-907879C6DF50}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{B234ADA6-2CA8-4241-AA15-9507D24C3AF2}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{B621185F-7E55-417B-BD5B-81B4029E7C91}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{BC7A3092-745F-46FA-9724-ECE16AC66783}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{C1F4CB9D-DD86-4C23-A0D1-BF9C98D6C32C}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{C9F5BF82-2757-412E-A4D2-70158C01B972}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{CA23A280-69FB-4D51-B79E-0F15945E7D68}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{CAC8A8BA-A8F3-4B0B-96E4-5584FF8AF5F1}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{D0E76B30-EDD1-491E-8709-6CA30C2B2D88}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{D9DAC147-5188-454E-BEBB-F36826834867}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{DCC5CDC2-BD4F-4812-9DEE-1D5F75B82B21}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{DDEDBC43-98BC-426C-B897-C0BDF800F372}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{DFB5DFD3-EEFA-447B-B771-53F58EC7AC7B}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{EB3DFBDD-0892-415C-BEBA-DCFFB0092554}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{EDE19DE2-2132-4675-A268-A37C74BB3A69}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{F3C5DB8C-1ABD-4AE1-8752-1E38D2EF8E2A}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{F5B7454A-43EF-47DE-BF99-072E5E032DF0}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{F66DBC55-6562-48B0-A8CA-07D677C1DA13}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{F91C5771-E417-4E54-B4FC-C06E50F4EE26}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{FB8E6D0A-BCA0-4BDE-AADB-41AADB3EC9AA}
Successfully deleted: [Empty Folder] C:\Users\Paulo\appdata\local\{FCA7146F-9EFA-4705-95C5-436026E94056}



~~~ FireFox

Emptied folder: C:\Users\Paulo\AppData\Roaming\mozilla\firefox\profiles\g5nknbtt.default\minidumps [188 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/04/2013 at 22:08:04,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

@ZHPFix

Rapport de ZHPFix 2013.3.9.1 par Nicolas Coolman, Update du 9/03/2013
Fichier d'export Registre :
Run by Paulo at 02/04/2013 22:16:02
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Recycle Files Deleted

========== Software ==========
NOT FOUND Software Key: PokerStars

========== Registry Key ==========
NOT FOUND CLSID MPSK: {47fb6ef8-5fd1-11e2-b634-90a4dee7fb6f}
NOT FOUND Key: HKLM\Software\Wow6432Node\360Safe

========== Registry Value ==========
NOT FOUND RunValue: AdobeBridge
NOT FOUND {16A4EEA0-2456-4B83-8D21-7F124AA5D1E5}
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
No Value in Standard Profile Register Key FirewallRaz :
No Value in Domain Profile Register Key FirewallRaz :
DELETED FirewallRaz (Domain) : NetPres-In-TCP-NoScope
DELETED FirewallRaz (Domain) : NetPres-Out-TCP-NoScope
DELETED FirewallRaz (None) : NetPres-WSD-In-UDP
DELETED FirewallRaz (None) : NetPres-WSD-Out-UDP
DELETED FirewallRaz (Public) : NetPres-In-TCP
DELETED FirewallRaz (Public) : NetPres-Out-TCP
DELETED FirewallRaz (Public) : {515B589E-D18C-44B8-87A0-DC96F959E1F1}
DELETED FirewallRaz (Public) : {F13858F1-8579-4E63-999B-637471246673}
DELETED FirewallRaz (Private) : TCP Query User{B07C7250-EB8D-415C-BF46-F75BC5D774E0}C:\program files (x86)\mirc\mirc.exe
DELETED FirewallRaz (Private) : UDP Query User{A3C13B7F-EE5C-4194-BA3D-AE2D3A82CB23}C:\program files (x86)\mirc\mirc.exe
DELETED FirewallRaz (Public) : TCP Query User{5FA2AEEB-C6E3-49C9-AB48-2CB238B56862}C:\program files (x86)\mirc\mirc.exe
DELETED FirewallRaz (Public) : UDP Query User{FA10354C-89DB-4B78-92F9-4F5C774D4E67}C:\program files (x86)\mirc\mirc.exe
DELETED FirewallRaz (Private) : TCP Query User{044ECE9B-CD2F-4FC9-9342-CA7BB72723DF}C:\program files (x86)\samsung\pc auto backup\autobackup.exe
DELETED FirewallRaz (Private) : UDP Query User{A2ABA8A0-5C7A-4A60-B660-97B799928046}C:\program files (x86)\samsung\pc auto backup\autobackup.exe
DELETED FirewallRaz (Private) : {93CFE47C-C898-48DC-AE7A-658833449BCC}
DELETED FirewallRaz (Private) : {806138A8-80F2-46AF-8D5D-16B9C4479A43}
DELETED FirewallRaz (Private) : {CE55C5F9-5A81-434F-BD61-B9F6E12C1446}
DELETED FirewallRaz (Private) : {4971C0D7-C509-4569-9BCB-A308DB20FBE1}
DELETED FirewallRaz (Public) : {CE2B67BE-9506-434E-97CC-93696D2A62CB}
DELETED FirewallRaz (Public) : {42BB24EB-CEA8-471A-9DEC-BC8249DA98AD}
DELETED FirewallRaz (Public) : {A5E06B14-8F7C-46AF-B356-D0F2B046CE49}
DELETED FirewallRaz (Public) : {2822FB69-040A-4DD4-A5D5-7FCC86B36D3E}
DELETED FirewallRaz (Public) : TCP Query User{96C6E129-62CC-4BBB-91C6-AB12AD30B42B}C:\program files (x86)\samsung\pc auto backup\autobackup.exe
DELETED FirewallRaz (Public) : UDP Query User{89917DDB-A000-4FF4-B958-BEA44E07C37B}C:\program files (x86)\samsung\pc auto backup\autobackup.exe

========== Repertory ==========
No Empty CLSID Directories
DELETED Flash Cookies

========== File ==========
NOT FOUND Folder/File: c:\users\paulo\appdata\local\temp\apnstub.exe
NOT FOUND File: c:\users\paulo\desktop\esea client.lnk
NOT FOUND File: c:\program files (x86)\esea\esea client\eseaclient.exe
DELETED Window Temporary
DELETED Flash Cookies

========== Hosts file ==========
Hosts File not cleaned (Please Deactivate your Antivirus)
Hosts File not cleaned (Please Deactivate your Antivirus)

========== Task ==========
NOT FOUND Task: EasyPartitionManager
NOT FOUND Task: Scheduled Update for Ask Toolbar

========== Restoration ==========
Restore System Point created succefully


========== Summary ==========
2 : Registry Key
34 : Registry Value
2 : Repertory
5 : File
1 : Software
2 : Hosts file
2 : Task
1 : Restoration


End of clean in 00mn 20s

========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 02/04/2013 22:14:55 [1927]
C:\ZHP\ZHPFix[R2].txt - 02/04/2013 22:16:02 [3972]

 

Os itens em verde do seu post é para seu entendimento futuro ou eu teria que realizar alguma ação?!

Boa Noite!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! xterminow

|- Baixe: < http://sd-2.archive-host.com/membres/up/12765908573187185/MyHosts.exe'>MyHosts > ( ... par Jeanmimigab )
|- Salve-o no desktop!

MyHosts.jpg

|- Execute o arquivo MyHosts.exe,que está na área de trabalho.
|- Para Windows Vista ou 7,execute-o como administrador.

#######

** Rapport MyHosts.txt **

MyHosts V.1.0.0.2 de jeanmimigab

Merci à la team MH, W-T ,C_XX, Laddy et à Batch_man pour leurs aides

Résultat de l'opération:restauration du fichier hosts réussi...

** Fin du rapport **

#######

|- Poste o relatório: C:\MyHosts.txt

http://forum.imasters.com.br/topic/491263-computador-muito-lento/#entry1953452'>snapback.png : xterminow, em 06/02/2013, disse:
Os itens em verde do seu post é para seu entendimento futuro ou eu teria que realizar alguma ação?!

|- De certo modo,é para notificar e/ou lembrar-me dessa investigação.

-/-

|- Baixe: < http://public.avast.com/~gmerek/aswMBR.exe'>2v8pnvm.png > ( ... de Przemyslaw Gmerek )
|- Salve-o no desktop!

http://imgbox.com/accITeJn'>accITeJn.jpg

|- Para Windows 7,recomendo executar aswMBR.exe em Modo de Compatibilidade. Clique direito no arquivo e selecione "Propriedades".
|- Clique na guia "Compatibilidade e escolha Windows XP ( SP3 ).

aswMBR_C.jpg

|- Abra a ferramenta,com um duplo clique em aswMBR.exe.
|- Para Windows Vista ou 7,dê clique direito em "aswMBR.exe" e execute-o como Executar_Administrador.jpg

141muyu.png

|- Clique "Sim",para atualizar a ferramenta com as últimas definições da Avast.
|- Clique em "Scan" e,ao concluir,clique em "Save log".
|- Salve-o em local adequado! <- Poste esse relatório!
|- Ps: Será criado ao desktop,o dump MBR.dat que é backup da MBR e deve ser reservado.

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

xterminow    0

xterminow
Postado

@MyHosts

O ".txt" que abre no final é esse:

** Rapport MyHosts.txt **

MyHosts V.1.0.0.2 de jeanmimigab

Merci à la team MH, W-T ,C_XX, Laddy et à Batch_man pour leurs aides

Résultat de l'opération:restauration du fichier hosts réussi...

** Fin du rapport **

 

Na tela do programa fica:
arquivo processado: C\windows\system32\drivers\etc\hotsts
Caminho não encontrado - C\windows\system32\drivers\etc
1 arquivo (s) movido (s).
1 arquivo (s) copiado (s).
Caminho não encontrado - C\windows\system32\drivers\etc

 

 

@aswMBR

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-03 19:14:17
-----------------------------
19:14:17.079 OS Version: Windows x64 5.1.2600 Service Pack 3
19:14:17.079 Number of processors: 4 586 0x2A07
19:14:17.080 ComputerName: PAULO-PC UserName: Paulo
19:14:18.159 Initialze error C0000034 - driver not loaded
19:14:26.338 AVAST engine defs: 13040301
19:14:33.649 Service scanning
19:14:35.679 Service aswKbd C:\windows\System32\Drivers\aswKbd.sys **LOCKED**
19:14:35.803 Service aswRdr C:\windows\System32\Drivers\aswrdr2.sys **LOCKED**
19:14:35.844 Service aswRvrt C:\windows\System32\Drivers\aswRvrt.sys **LOCKED**
19:14:35.998 Service aswSP C:\windows\System32\Drivers\aswSP.sys **LOCKED**
19:14:36.040 Service aswTdi C:\windows\System32\Drivers\aswTdi.sys **LOCKED**
19:14:36.089 Service aswVmm C:\windows\System32\Drivers\aswVmm.sys **LOCKED**
19:14:58.661 Modules scanning
19:14:58.665 Disk 0 trace - called modules:
19:14:58.667
19:14:59.301 AVAST engine scan C:\
20:37:48.184 Scan finished successfully
20:52:24.035 The log file has been saved successfully to "C:\Users\Paulo\Desktop\aswMBR.txt"




Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! xterminow

< C:\Users\Paulo\Desktop\aswMBR.txt <<

|- Localize e poste aswMBR.txt.

-/-

|- Baixe: < http://majorgeeks.com/downloadget.php?id=7226&file=1&evp=41637a00edff17468e59cba2d9bcf6bf'>JetClean 1.3.0 Final > ( ... by BlueSprig )
|- Salve-o em Arquivos de programas. ( jetclean-setup.exe )

http://imgbox.com/adzVh9sP'>adzVh9sP.jpg

|- Instale o software e na guia "1-Click",escolha a opção "Registry Clean.
|- Vá em "Scan Now" e escolha: Shut down PC after Repair

< http://www.bluesprig.com/jetboost.html'>JetBoost >

http://imgbox.com/adcx3QVr'>adcx3QVr.jpg

|- À seguir,tente melhorar a performance com o JetBoost.

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

xterminow    0

xterminow
Postado

@DigRam

O arquivo que ficou salvo no desktop do aswMBR é exatamente esse .txt que eu postei, nada a mais. Posso refazer o procedimento caso necessario.

Realizei as 2 ações JetClean e JetBoost. Na primeira pelo que eu vi antes de reiniciar, tava falando que mais de 1gb foi limpo. O jetboost mostrou um boost de 40%.

 

Att

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! xterminow

 

|- Vamos concluir com a remoção das ferramentas que foram empregadas.

 

-/-

 

|- Baixe: |http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/9-delfix'>DelFix| ( ... de Xplode )

DelFix_SetaVerde.jpg

|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

http://imgbox.com/aciCkcnc'>aciCkcnc.jpg

|- Execute-a!
|- Com as duas checkbox marcadas!
|- Clique "Run".

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

xterminow    0

xterminow
Postado

# DelFix v10.2 - Logfile created 04/04/2013 at 13:28:23
# Updated 02/04/2013 by Xplode
# Username : Paulo - PAULO-PC

~ Removing disinfection tools ...

Deleted : C:\JRT
Deleted : C:\MyHosts
Deleted : C:\ZHP
Deleted : C:\Program Files (x86)\ZHPDiag
Deleted : C:\AdwCleaner[s1].txt
Deleted : C:\AdwCleaner[s2].txt
Deleted : C:\MyHosts.txt
Deleted : C:\PhysicalDisk0_MBR.bin
Deleted : C:\Users\Paulo\Desktop\adwcleaner.exe
Deleted : C:\Users\Paulo\Desktop\aswMBR.exe
Deleted : C:\Users\Paulo\Desktop\aswMBR.txt
Deleted : C:\Users\Paulo\Desktop\JRT.exe
Deleted : C:\Users\Paulo\Desktop\JRT.txt
Deleted : C:\Users\Paulo\Desktop\MyHosts.exe
Deleted : C:\Users\Paulo\Desktop\ZHPDiag.txt
Deleted : C:\Users\Paulo\Desktop\ZHPDiag2.exe
Deleted : C:\Users\Paulo\Desktop\ZHPFixReport.txt
Deleted : C:\Users\Public\Desktop\MBRCheck.lnk
Deleted : C:\Users\Public\Desktop\ZHPDiag.lnk
Deleted : C:\Users\Public\Desktop\ZHPFix.lnk
Deleted : C:\Users\Paulo\Downloads\HijackThis.exe
Deleted : C:\Users\Paulo\Downloads\hijackthis.log
Deleted : C:\Users\Paulo\Downloads\PCAutoBackup_setup.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Cleaning system restore ...

Deleted : RP #164 [Windows Update | 03/12/2013 23:44:03]
Deleted : RP #165 [Windows Update | 03/13/2013 06:00:28]
Deleted : RP #166 [installed Java 7 Update 17 | 03/14/2013 21:06:53]
Deleted : RP #167 [Windows Update | 03/19/2013 02:19:29]
Deleted : RP #168 [Windows Update | 03/22/2013 08:26:39]
Deleted : RP #169 [Windows Update | 03/26/2013 06:00:20]
Deleted : RP #170 [Windows Update | 03/29/2013 21:43:32]
Deleted : RP #171 [instalado OSCAR Editor | 04/01/2013 18:46:04]
Deleted : RP #172 [Windows Update | 04/02/2013 20:45:34]
Deleted : RP #173 [P | 04/03/2013 01:15:45]

New restore point created !

########## - EOF - ##########

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Olá! xterminow

 

|- Por aqui,nada mais à realizar! Tudo Ok?

 

Abs!

Compartilhar este post

Link para o post
Compartilhar em outros sites

xterminow    0

xterminow
Postado

Deu uma boa melhorada, como estou trabalhando ainda não consegui parar e ver realmente como o note está, dentro de alguns dias volto a retornar sobre a situação do note, perfeito?!

Muito obrigado pela atenção e pelos esclarecimentos!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Deu uma boa melhorada, como estou trabalhando ainda não consegui parar e ver realmente como o note está, dentro de alguns dias volto a retornar sobre a situação do note, perfeito?!

 

Muito obrigado pela atenção e pelos esclarecimentos!

Ok! Realize suas observações.

 

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito