[Resolvido] &nbspLog de Notebook lento

[michel+ 0]

Bem, meu notebook ficou lento duma hora pra outra, e até as musicas (e outros sons) ficam travando.

Já fiz escaneamentos, mas não encontrei nada.

Já tenho o notebook faz mais de 1 ano e, nunca me deu problemas antes.

Log do HijackThis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:31:00, on 16/04/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Baidu Security\PC Faster\3.2.0.9\PCFaster.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Users\user\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oquefazernainternet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oquefazernainternet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oquefazernainternet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazernainternet.com/q/%s

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [sidebar] "C:\Program Files (x86)\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKLM\..\Run: [baidu PC Faster 3.2.0.9] "C:\Program Files (x86)\Baidu Security\PC Faster\3.2.0.9\PCFaster.exe" -auto -start

O4 - HKLM\..\RunOnce: [!CD] C:\Windows\temp\dragon_setup.exe /S

O8 - Extra context menu item: Baixar com Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\..\{259FC381-5CC9-4C18-9EA9-15D44249EC82}: NameServer = 208.67.222.123,208.67.220.123

O17 - HKLM\System\CCS\Services\Tcpip\..\{64966CA4-9BA6-42F1-AA52-A576E8E66912}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CCS\Services\Tcpip\..\{D89BA3BF-8CBE-40A6-9028-B05D3895C605}: NameServer = 208.67.222.123,208.67.220.123

O17 - HKLM\System\CCS\Services\Tcpip\..\{EC773372-8EBB-49DF-AC38-394BC63D1E18}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CS1\Services\Tcpip\..\{259FC381-5CC9-4C18-9EA9-15D44249EC82}: NameServer = 208.67.222.123,208.67.220.123

O17 - HKLM\System\CS2\Services\Tcpip\..\{259FC381-5CC9-4C18-9EA9-15D44249EC82}: NameServer = 208.67.222.123,208.67.220.123

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Baidu Antivirus Service (BAVSvc) - Baidu, Inc. - C:\Program Files (x86)\Baidu Security\Cloud Security\BAVSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe

O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe

O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe

O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files (x86)\GameTracker\GSInGameService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe

O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe

O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE

O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Baidu PC Faster Service 3.2.0.9 (PCFasterSvc_{PCFaster_3.2.0.9}) - Baidu Inc. - C:\Program Files (x86)\Baidu Security\PC Faster\3.2.0.9\PCFasterSvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 12556 bytes

[DigRam 144]

Boa Tarde! michel+

|- Baixe: < http://general-changelog-team.fr/telechargements/logiciels/viewdownload/75-outils-de-xplode/28-adwcleaner'> > ( ... par Xplode )

|- Ao acessar,clique na imagem: < >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como
|- Ps: Dê início ao scan,clicando em "Remover". < http://imgbox.com/abpXmu2U'> >

http://imgbox.com/acuDr4Nb'>

|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt

-/-

|- Baixe: < http://thisisudax.org/downloads/JRT.exe'> > ( ... de Thisisu )
|- Salve-o no desktop!
|- Para Windows 7,clique direito em JRT.exe e execute-o como
|- Aguarde a conclusão e poste o relatório. ( JRT.txt )
|- Poste,também,HijackThis atualizado.

A+

[michel+ 0]

Log ADW Cleaner

 

http://cjoint.com/13av/CDqvi3YNCn3.htm

 

JRT

 

http://cjoint.com/13av/CDqvAKQ3RsF.htm

 

HijackThis

 

http://cjoint.com/13av/CDqvAYQsRyi.htm

[DigRam 144]

Boa Tarde! michel+

|- Desinstale: < Baidu Security >

-/-

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oquefazernainternet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oquefazernainternet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oquefazernainternet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazernainternet.com/q/%s

O4 - HKLM\..\Run: [baidu PC Faster 3.2.0.9] "C:\Program Files (x86)\Baidu Security\PC Faster\3.2.0.9\PCFaster.exe" -auto -start

O8 - Extra context menu item: Baixar com Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm

O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)

|- Abra o HijackThis.
|- Clique: Do a system scan only
|- Marque estas entradas em vermelho e clique "Fix checked".

-/-

|- Baixe: | ftp://zebulon.fr/ZHPDiag2.exe'>ZHPDiag2 | *ºº* < > *ºº* ( ... de Nicolas Coolman )

|- Salve-o no desktop!



|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.



|- Confirme todos os passos,ao instalar ZHPDiag.
|- Conclua a instalação,clicando em "Termine".



|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:

|- <1> MBRCheck
|- <2> ZHPDiag2
|- <3> ZHPFix



|- Clique no ícone do pergaminho. ( ZHPScript )



|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )
|- Habilite todas as opções de diagnóstico,clicando em "Options".



|- Clique em All.
|- Desmarque,à seguir,as caixinhas de n° O45,O61,O62,O65,O82.

|-

|- Clique em "Calendar" e escolha 30 dias!



|- Clique no botão UAC,para desabilitar essa proteção.



|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )
|- Ao concluir,clique em "Save Report".
|- Salve-o em um local conveniente! ( ZHPDiag.txt )
|- Ps: Não poste,diretamente,esse arquivo texto.

|- Envie-o à http://forum.imasters.com.br/topic/452207-pjjointmalekal-hospedagem-inteligente/'>Pjjoint.malekal,clicando na seta azul! < >

|- Ou acesse: http://cjoint.com/'> << Link!

|- Ou acesse: http://imgbox.com/abmdaZsE'> << Link!

|- Maiores informações: < |http://forum.imasters.com.br/topic/452911-myfiletk-cjoint/'>Link| >

A+

[michel+ 0]

Log

 

http://cjoint.com/13av/CDqwU0rxaGK.htm

[DigRam 144]

Boa Tarde! michel+

|- O relatório disponibilizado está incorreto!

######

Rapport de ZHPDiag v2013.4.16.xx par Nicolas Coolman, Update du 15/04/2013

######

|- Relatório correto! ( ZHPDiag )

######

Rapport de ZHPScript, Générateur de script Registres v1.10 par Nicolas Coolman, Update du 15/04/2013

######

|- Relatório incorreto ou não pedido. ( ZHPScript )

|- Tente,então,com ZHPDiag_silent.

|- Baixe: < > ( ... par Nicolas Coolman )

|- Salve-o no desktop!

|- Desabilite seu antivírus!

|- Caso utilize o Avast,estabeleça esta configuração à SandBox.

|- Para Windows Vista ou 7,clique direito e execute o arquivo como

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

|- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix

|- Poste e/ou cole aqui,o link que será gerado,logo após o relatório.

|- Ou acesse:

|- Ou acesse:

|- Maiores informações: < |Link| >

A+

[michel+ 0]

Seria então este log?

 

http://cjoint.com/13av/CDraICFHe3j.htm

 

Pois o meu está diferente - não aparece a opção UAC - e também tem só 2 ícones na área de trabalho (ZHPDiag e ZHPFix).

 

Este ultimo programa que me passou está com o link quebrado.

[DigRam 144]

Seria então este log?

 

http://cjoint.com/13av/CDraICFHe3j.htm

 

Pois o meu está diferente - não aparece a opção UAC - e também tem só 2 ícones na área de trabalho (ZHPDiag e ZHPFix).

 

Este ultimo programa que me passou está com o link quebrado.

Bom Dia! michel+

 

|- O log está correto!

|- Quanto ao link de ZHPDiag_silent,irei investigar!

 

-/-

 

|- Baixe: < http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe'>RogueKiller > ( ... par tigzy ) ( 32 bits version )

 

|- Ou: < http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe'> > ( ... par tigzy ) ( 64 bits version )

 

|- Salve-o no desktop!

|- Feche aplicativos que estejam abertos!

|- Execute RogueKiller.exe e aceite a Eula.

 

http://imgbox.com/abeo9i3V'>

 

|- Aguarde a finalização de seu Pre-scan.

 

 

|- Dê início ao diagnóstico,clicando no botão "Verificar".

|- Exemplo: Mode: Verificar -- Date: mm/dd/2013 00:52:24

|- Poste o relatório: RKreport[1].txt

 

-/-

 

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a http://windows.microsoft.com/pt-BR/windows-vista/Turn-User-Account-Control-on-or-off'>UAC.

 

 

|- Dê um duplo clique em ZHPFix.

|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

 

[MD5.00000000000000000000000000000000] [APT] [{BF200829-2209-4B85-9D85-F81A3B2751FD}] (...) -- F:\age2upa.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{D06A03FD-0B91-4D90-A141-AD256DD5A1AA}] (...) -- C:\users\user\Documents\Mipony\Shockwave_Installer_Slim.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{EA6DE2D8-8E72-47F0-AC30-D958F3545705}] (...) -- D:\_8_WoS_Across_Amer_CB559339BA17490596ECB7717F7A6A80.exe (.not file.) [0]

[MD5.A81C790A91A018D3BB8B344E4E90A95F] [sPRF][15/04/2013] (...) -- C:\Users\user\AppData\Local\Temp\~upgrade.dat [806]

O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Orphean Key

O43 - CFD: 31/07/2012 - 15:03:59 - [0] ----D C:\ProgramData\hssff

O43 - CFD: 16/04/2013 - 19:16:58 - [0] ----D C:\ProgramData\boost_interprocess

O43 - CFD: 14/04/2013 - 14:02:10 - [0] ----D C:\Users\user\AppData\Local\gctmp

O43 - CFD: 12/04/2013 - 23:12:42 - [0,000] ----D C:\Program Files (x86)\Baidu Security

O43 - CFD: 16/04/2013 - 16:53:38 - [0,000] ----D C:\ProgramData\Baidu

O43 - CFD: 12/04/2013 - 23:13:12 - [289,256] ----D C:\ProgramData\Baidu Security

O43 - CFD: 16/04/2013 - 17:20:55 - [0,001] ----D C:\Users\user\AppData\Roaming\Baidu

O43 - CFD: 12/04/2013 - 23:12:34 - [1,056] ----D C:\Users\user\AppData\Roaming\Baidu Security

O44 - LFC:[MD5.10195B1ACFDA8DB4CCF0D4722C3FF6B4] - 16/04/2013 - 16:02:31 ---A- . (...) -- C:\AdwCleaner[s1].txt [1244]

O53 - SMSR:HKLM\...\startupreg\vProt [Key] . (...) -- C:\Program Files (x86)\AVG Secure Search\vprot.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\{F3B564FA-AB4B-43F0-AC42-B4ED20890B26} [Key] . (...) -- wscript \\b \\Nologo "C:\Users\user\AppData\Local\Temp\{F3B564FA-AB4B-43F0-AC42-B4ED20890B26}.wsf" "\delete:{CD244BF5-F412-462F-A358-E1CA75C16E3F}.exe (.not file.)

O69 - SBI: SearchScopes [HKCU] {35EF27E1-528F-4123-705B-1A1741D79646} - (AVG Secure Search) - http://isearch.avg.com

O69 - SBI: prefs.js [user - qxdfiylv.default] user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"26\",\"lastVrsn\":\"26\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\[...]

O69 - SBI: SearchScopes [HKCU] {03A0B731-AD8A-4E88-9FF8-56828962E093} - (Funmoods) - http://start.funmoods.com

 

[HKCU\Software\BI]

[HKCU\Software\Baidu Security]

[HKCU\Software\BearShare]

[HKLM\Software\Wow6432Node\360Safe]

[HKLM\Software\Wow6432Node\Trymedia Systems]

[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}]

[HKLM\SYSTEM\CurrentControlSet\Services\HssSrv]

[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv]

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

[HKLM\Software\Wow6432Node\Microsoft\Tracing\Setup_RASAPI32]

[HKLM\Software\Wow6432Node\Microsoft\Tracing\Setup_RASMANCS]

[HKLM\Software\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}]

 

C:\ProgramData\hssff

C:\ProgramData\Baidu

C:\Users\user\AppData\Roaming\Baidu

 

proxyfix

emptytemp

emptyclsid

emptyflash

firewallraz

sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

 

|- Clique no menu,"Paste ClipBoard".

|- Clique "GO" -> Oui.

 

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

A+

[michel+ 0]

Log RK

 

http://cjoint.com/13av/CDrsxEn8zU6.htm

 

ZHPFix

 

http://cjoint.com/13av/CDrsB2Wy4wc.htm

[DigRam 144]

Boa Tarde! michel+

|- Abra,novamente,a ferramenta RogueKiller.

|- Clique em Verificar.

|- Clique na guia "Registro".

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> ENCONTRADO

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> ENCONTRADO

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> ENCONTRADO

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> ENCONTRADO

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> ENCONTRADO

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> ENCONTRADO

[HJ] HKLM\[...]\System : EnableLUA (0) -> ENCONTRADO

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> ENCONTRADO

|- Marque as checkbox destas entradas!

|- Clique "Deletar" e aguarde a conclusão!

|- À seguir,clique na guia "Atalho" e realize sua correção ou reparo.

|- Poste os relatórios!

|- Poste,também,HijackThis atualizado! << Log!

A+

[michel+ 0]

RK - qual seria?

 

http://cjoint.com/13av/CDrtSMWH7Di.htm

 

http://cjoint.com/13av/CDrtQE4QEF5.htm

 

HijackThis

 

http://cjoint.com/13av/CDrtQSdtobq.htm

[DigRam 144]

Boa Tarde! michel+

|- Você postou corretamente os relatórios de RogueKiller. São esses mesmos!

|- Remova as ferramentas que foram empregadas,com o DelFix.

-/-

|- Baixe: |http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/9-delfix'>DelFix| ( ... de Xplode )

|- Estando na página,clique na seta verde para o download.

|- Salve-a em um local conveniente! ( desktop! )

|- Feche aplicativos que estejam abertos.

http://imgbox.com/aciCkcnc'>

|- Execute-a!

|- Com as duas checkbox marcadas!

|- Clique "Run".

-/-

|- Otimize o PC,com o JetClean + JetBoost.

|- Baixe: < http://majorgeeks.com/downloadget.php?id=7226&file=1&evp=41637a00edff17468e59cba2d9bcf6bf'>JetClean 1.3.0 Final > ( ... by BlueSprig )

|- Salve-o em Arquivos de programas. ( jetclean-setup.exe )

http://imgbox.com/adzVh9sP'>

|- Instale o software e na guia "1-Click",escolha a opção "Registry Clean.

|- Vá em "Scan Now" e escolha: Shut down PC after Repair

< http://www.bluesprig.com/jetboost.html'>JetBoost >

http://imgbox.com/adcx3QVr'>

|- À seguir,tente melhorar a performance com o JetBoost.

|- Tudo Ok?

Abs!

[michel+ 0]

Por enquanto está muito melhor....

 

Tomara que continue assim.

 

 

Mas, depois que acabei de fazer tudo que me recomendou, resolvi excluir uma imagens desnecessárias, dai tive vontade de escutar musicas, dai me deparo com um monte de musicas sem programa para roda-lás, tinha pensado que elas tinham sido corrompidas, mas fiz a seleção de programa e deu tudo certo,! :D

 

 

 

 

Muito obrigado pela ajuda e, se eu precisar de algo novamente venho incomoda-los aqui novamente! :yay:

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.