[Resolvido] &nbspNotebook não desliga e não reinicia

[João Marcello Calil 0]

Recentemente o notebook que uso no trabalho passou a não desligar nem reiniciar pelo Windows, sendo preciso usar o botão físico.

Segue o log do HijackThis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:52:31, on 01/07/2013

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v10.0 (10.00.9200.16518)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Users\joao.calil\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Program Files (x86)\CounterPath\X-Lite\x-lite.exe

C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\joao.calil\Downloads\HijackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"

O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R

O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [googletalk] C:\Users\joao.calil\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files (x86)\CounterPath\X-Lite\x-lite.exe"

O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files (x86)\AT&T Global Network Client\NetSP.exe" -show

O4 - HKCU\..\Run: [KeePass Password Safe] "C:\Calil\KeePass-1.25\KeePass.exe"

O4 - Global Startup: AT&T Global Network Client.lnk = C:\Program Files (x86)\AT&T Global Network Client\NetClientLauncher.exe

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = geosystem.local

O17 - HKLM\System\CCS\Services\Tcpip\..\{6B2CC8FE-F2C6-4CBA-8EB9-5C65F8904CAD}: NameServer = 192.168.0.20,8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\..\{F098EA99-17DE-4A12-A75F-39DBC0B75926}: Domain = rexam.net

O17 - HKLM\System\CCS\Services\Tcpip\..\{F098EA99-17DE-4A12-A75F-39DBC0B75926}: NameServer = 10.252.3.40,10.254.3.40

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = geosystem.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = geosystem.local

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = geosystem.local

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: @oem1.inf,%AEFilters.SvcDesc%;Andrea Cirrus Logic Filters Service (AECLFilters) - Unknown owner - C:\Windows\system32\AECLSr64.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AtherosSvc - Unknown owner - C:\Windows\system32\AdminService.exe (file missing)

O23 - Service: Cirrus Audio Service (CirrusAudioService) - Cirrus Logic - c:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Tecnologia de armazenamento Intel® Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: AT&T Autoconnect Focus Reporting Service (NetAutoconnectFocusSvc) - AT&T - C:\Program Files (x86)\AT&T Global Network Client\NetAutoconnectFocusSvc.exe

O23 - Service: AT&T Network Configuration Service (netcfgsvr) - AT&T - C:\Program Files (x86)\AT&T Global Network Client\netcfgsvr.exe

O23 - Service: AT&T Global Network Client Service (NetClientSvc) - AT&T - C:\Program Files (x86)\AT&T Global Network Client\NetClientSvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: AT&T Global Network Client Logging Service (NetLogSvc) - AT&T - C:\Program Files (x86)\AT&T Global Network Client\NetLogSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Samsung UPD Service2 - Unknown owner - C:\Windows\System32\SUPDSvc2.exe (file missing)

O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Sierra Wireless Card Detection Service (SwiCardDetectSvc) - Sierra Wireless, Inc. - C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe

O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.4.2\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 14811 bytes

Grato desde já!

[DigRam 144]

Boa Tarde! João Marcello Calil

|- Está,pelo problema,recebendo ajuda em outro Fórum?

-/-

|- Baixe: < > ( ... par Xplode )

|- Ao acessar,clique na imagem: < >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como

|- Ps: Dê início ao scan,clicando em "Remover". < >

|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt

-/-

|- Baixe: | ZHPDiag2 | *ºº* < > *ºº* ( ... de Nicolas Coolman )

|- Salve-o no desktop!

|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

|- Confirme todos os passos,ao instalar ZHPDiag.

|- Conclua a instalação,clicando em "Termine".

|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:

|- <1> MBRCheck

|- <2> ZHPDiag2

|- <3> ZHPFix

|- Clique no ícone do pergaminho. ( ZHPScript )

|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )

|- Habilite todas as opções de diagnóstico,clicando em "Options".

|- Clique em All.

|- Desmarque,à seguir,as de n° O45,O61.

|-

|- Clique em "Calendar" e escolha 30 dias!

|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )

|- Ao concluir,clique em "Save Report".

|- Ps: Salve-o em um local conveniente!

|- Ps: Não poste,diretamente,esse arquivo texto.

|- Envie-o à Pjjoint.malekal,clicando na seta azul! < >

|- Ou acesse: < >

|- Maiores informações: < |Link| >

A+

[João Marcello Calil 0]

Relatório do AdwCleaner:

# AdwCleaner v2.303 - Relatório criado em 01/07/2013 às 14:31:02

# Atualizado em 08/06/2013 por Xplode

# Sistema Operacional : Windows 8 Pro (64 bits)

# Usuário : joao.calil - GEONB44

# Modo de Boot : Normal

# Executado de : C:\Users\joao.calil\Desktop\adwcleaner.exe

# Opção [Remover]

***** [serviços] *****

***** [Arquivos/Pastas] *****

Pasta Removido : C:\Users\Administrador\AppData\Roaming\pdfforge

***** [Registro] *****

Chave Removida : HKLM\SOFTWARE\Classes\S

Chave Removida : HKLM\Software\PIP

***** [Navegadores] *****

-\\ Internet Explorer v10.0.9200.16519

[OK] Registro está limpo.

-\\ Google Chrome v27.0.1453.116

Arquivo : C:\Users\joao.calil\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

Arquivo : C:\Users\hugo.guarany\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

*************************

AdwCleaner[s1].txt - [938 octets] - [01/07/2013 14:31:02]

########## EOF - C:\AdwCleaner[s1].txt - [997 octets] ##########

Quando abri o Chrome, apareceu um aviso de que o arquivo de preferências estava corrompido, mas o browser funciona normalmente.

[DigRam 144]

Olá!

 

 

 

Arquivo : C:\Users\joao.calil\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

Arquivo : C:\Users\hugo.guarany\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

|- Interessante! Aqui está 'dizendo' que está OK.

|- Aguardo o log da ferramenta ZHPDiag.

 

Abs!

[João Marcello Calil 0]

Log do ZHPDiag, direto do site para o qual foi pedido que se fizesse upload:

http://pjjoint.malekal.com/files.php?read=ZHPDiag_20130701_v15i11i15o5y15

[DigRam 144]

Bom Dia! João Marcello Calil

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

|- Dê um duplo clique em ZHPFix.

|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

 

O43 - CFD: 14/06/2013 - 16:29:32 - [0] ----D C:\Users\joao.calil\AppData\Local\Shrew Soft VPN

C:\Users\joao.calil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.cracked.com_0.localstorage => Crack, KeyGen, Keymaker - Possible Malware

C:\Users\joao.calil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.cracked.com_0.localstorage-journal => Crack, KeyGen, Keymaker - Possible Malware

C:\Users\joao.calil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.cracked.com_0.localstorage => Crack, KeyGen, Keymaker - Possible Malware

C:\Users\joao.calil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.cracked.com_0.localstorage-journal => Crack, KeyGen, Keymaker - Possible Malware

O87 - FAEL: "{C7EF3AFD-9E23-4A42-A126-7387777CB49B}" |In - Public - P6 - TRUE | .(...) -- C:\Users\joao.calil\AppData\Local\Temp\Ins3FD1\Setup.exe (.not file.)

O87 - FAEL: "{1DEE502C-299E-4DB9-975F-93F2F87A039B}" |In - Public - P17 - TRUE | .(...) -- C:\Users\joao.calil\AppData\Local\Temp\Ins3FD1\Setup.exe (.not file.)

O87 - FAEL: "{6EDB025B-7423-4B58-B903-B3489A38E06A}" |In - Domain - P6 - TRUE | .(...) -- C:\Users\joao.calil\AppData\Local\Temp\Ins3FD1\Setup.exe (.not file.)

O87 - FAEL: "{1ECF0216-EA15-45D9-9A49-1C8B4ADAB492}" |In - Domain - P17 - TRUE | .(...) -- C:\Users\joao.calil\AppData\Local\Temp\Ins3FD1\Setup.exe (.not file.)

O87 - FAEL: "{41F042B9-EA02-4F9F-A3CC-84C8C8CAB8B5}" |In - Private - P6 - TRUE | .(...) -- C:\Users\joao.calil\AppData\Local\Temp\Ins3FD1\Setup.exe (.not file.)

proxyfix

emptytemp

emptyclsid

emptyflash

firewallraz

sysrestore

 

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

|- Clique no menu,"Paste ClipBoard".

|- Clique "GO" -> Oui.

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

A+

[João Marcello Calil 0]

Rapport de ZHPFix 2013.6.12.3 par Nicolas Coolman, Update du 12/06/2013

Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-02-07-2013-16-37-23.txt

Run by joao.calil at 02/07/2013 16:36:31

High Elevated Privileges : OK

Windows 8 Business Edition, 64-bit (Build 9200)

Recycle Files Deleted

========== Memory Process ==========

DELETED Memory Process: C:\Users\joao.calil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.cracked.com_0.localstorage

DELETED Memory Process: C:\Users\joao.calil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.cracked.com_0.localstorage-journal

========== Registry Value ==========

DELETED {C7EF3AFD-9E23-4A42-A126-7387777CB49B}

DELETED {1DEE502C-299E-4DB9-975F-93F2F87A039B}

DELETED {6EDB025B-7423-4B58-B903-B3489A38E06A}

DELETED {1ECF0216-EA15-45D9-9A49-1C8B4ADAB492}

DELETED {41F042B9-EA02-4F9F-A3CC-84C8C8CAB8B5}

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

DELETED FirewallRaz (Domain) : {808F1451-4108-46FD-ADBB-F17324B5F0BD}

DELETED FirewallRaz (Domain) : {E7985E1D-C36F-4787-80A8-6350D07E9266}

DELETED FirewallRaz (Domain) : NetPres-In-TCP-NoScope

DELETED FirewallRaz (Domain) : NetPres-Out-TCP-NoScope

DELETED FirewallRaz (None) : NetPres-WSD-In-UDP

DELETED FirewallRaz (None) : NetPres-WSD-Out-UDP

DELETED FirewallRaz (Public) : NetPres-In-TCP

DELETED FirewallRaz (Public) : NetPres-Out-TCP

DELETED FirewallRaz (None) : MCX-Prov-Out-TCP

DELETED FirewallRaz (None) : MCX-McrMgr-Out-TCP

DELETED FirewallRaz (Public) : {EE424E30-EEB7-47E1-85A5-5CC1168A884B}

DELETED FirewallRaz (Public) : {4CEE7A40-4068-4F26-A3E1-DAEE9F4D3BDB}

DELETED FirewallRaz (Public) : {AE320D46-3DB2-408E-9660-2C40E9B74A2A}

DELETED FirewallRaz (Public) : {5BFD3E8C-3989-405A-8543-B8A23B9669E2}

========== Repertory ==========

No Empty CLSID Directories

DELETED Flash Cookies

========== File ==========

DELETED File***: c:\users\joao.calil\appdata\local\google\chrome\user data\default\local storage\http_www.cracked.com_0.localstorage

DELETED File***: c:\users\joao.calil\appdata\local\google\chrome\user data\default\local storage\http_www.cracked.com_0.localstorage-journal

DELETED Window Temporary

DELETED Flash Cookies

========== Restoration ==========

Restore System Point created succefully

========== Summary ==========

2 : Memory Process

27 : Registry Value

2 : Repertory

4 : File

1 : Restoration

End of clean in 01mn 56s

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 02/07/2013 16:37:23 [2684]

[DigRam 144]

Bom Dia! João Marcello Calil

|- Desinstale: C:\Program Files (x86)\Everything <<

-/-

|- Baixe: < SFTGC > ( ... de Pierre13 )

|- Salve-o no desktop!

|- Para Windows Vista e 7,execute "SFTGC.exe" como administrador!

|- Execute-o e clique "Go".

|- Aguarde seu término,que é rápido.

|- Poste o relatório! ( SFT.txt )

|- Ps: De acordo com o tamanho do relatório,não poste-o diretamente!

|- Acesse,para essa tarefa! < >

-/-

|- Baixe: |DelFix| ( ... de Xplode )

|- Estando na página,clique na seta verde para o download.

|- Salve-a em um local conveniente! ( desktop! )

|- Feche aplicativos que estejam abertos.

|- Execute-a!

|- Com a checkbox marcada! ( Remove disinfection tools )

|- Clique "Run".

|- Tudo Ok?

Abs!

[João Marcello Calil 0]

Desculpe a demora.

Relatório do SFGTC: http://cjoint.com/data3/3GivS0MoeIM.htm

[DigRam 144]

Bom Dia! João Marcello Calil

 

|- Seus problemas permanecem?

 

A+

[João Marcello Calil 0]

Bom Dia! João Marcello Calil

 

|- Seus problemas permanecem?

 

A+

 

Sim. :(

[DigRam 144]

Boa Tarde! João Marcello Calil

< Auto ShutDown > << Link!

|- Até a solução em definitivo,verifique se este software desliga ou reinicia o computador!

|- Ps: Ao instalar,não esqueça de clicar várias vezes em "Decline",pois apresentam alguns associados que buscam instalar seus 'programinhas'.

|- Ps: Informe os resultados!

A+

[João Marcello Calil 0]

O programa não funcionou quando usei a contagem regressiva (countdown), mas funcionou quando usei a hora do sistema.

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.