Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Murilo Cerizza

[Arquivado] Travamento do Windows Explorer resistente à formataçã

Recommended Posts

Boa tarde.

O problema começou no ano passado. O Windows Explorer travava e as vezes a maquina reiniciava.

Acabei por formatar o notebook mas não adiantou. Mudei do Windos 8 para o 7 e nada também.

Achei que após uma formatação completa esse problema desapareceria.

 

Segue o log

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:29:38, on 23/06/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\iSafe\iSafeTray.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AcroTray.exe
C:\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1401647623&from=mp3&uid=HitachiXHTS547575A9E384_J2140020C0ULXAC0ULXAX
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: ASUS Browser Extension x86 - {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Murilo\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - Startup: Thunderbird.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IePlugin Services (IePluginServices) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginServices\PluginService.exe
O23 - Service: iSafeService - Elex do Brasil Participações Ltda - C:\Program Files (x86)\iSafe\iSafeSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update HulaToo - Unknown owner - C:\Program Files (x86)\HulaToo\updateHulaToo.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WindowsProtectManger Service (WindowsProtectManger) - Fuyu LIMITED - C:\ProgramData\WindowsProtectManger\wprotectmanager.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
--
End of file - 12575 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá.

 

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:

http://www.bleepingcomputer.com/download/adwcleaner/

 

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

 

Remova adwares e toolbars maliciosas com o Adwcleaner

 

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[s0].txt

 

Ficamos na espera.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, boa tarde.

 

Segue log do AdwCleaner.

 

# AdwCleaner v3.213 - Relatório criado 25/06/2014 às 12:32:54
# Atualizado 23/06/2014 por Xplode
# Sistema Operacional : Windows 7 Enterprise Service Pack 1 (64 bits)
# Usuário : Murilo - MURILO-PC
# Executando de : C:\Users\Murilo\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : IePluginServices
Serviço Deletada : iSafeKrnl
Serviço Deletada : iSafeNetFilter
[#] Serviço Deletada : iSafeService
[#] Serviço Deletada : Update HulaToo
Serviço Deletada : WindowsProtectManger
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\IePluginServices
Pasta Deletada : C:\ProgramData\WindowsProtectManger
[!] Pasta Deletada : C:\Program Files (x86)\iSafe
Pasta Deletada : C:\Program Files (x86)\SupTab
Pasta Deletada : C:\Program Files (x86)\Common Files\337
Pasta Deletada : C:\Users\Murilo\AppData\Local\Oxy
Pasta Deletada : C:\Users\Murilo\AppData\Local\Temp\Desk365
Pasta Deletada : C:\Users\Murilo\AppData\Local\Temp\HulaToo
Pasta Deletada : C:\Users\Murilo\AppData\Roaming\Desk 365
Pasta Deletada : C:\Users\Murilo\AppData\Roaming\eCyber
Pasta Deletada : C:\Users\Murilo\AppData\Roaming\iSafe
Pasta Deletada : C:\Users\Murilo\AppData\Roaming\Oxy
Pasta Deletada : C:\Users\Murilo\AppData\Roaming\SupTab
Pasta Deletada : C:\Users\Murilo\AppData\Roaming\WinZipper
Pasta Deletada : C:\Users\Murilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
Pasta Deletada : C:\Users\Murilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Arquivo Deletada : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
Arquivo Deletada : C:\Windows\System32\Tasks\Oxy
***** [ Atalhos ] *****
Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Murilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\Murilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\Murilo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASMANCS
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{EAB5257A-1FB3-474C-9B42-231F52622E72}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Valor Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\Escolade
Chave Deletedo : HKCU\Software\V9
Chave Deletedo : HKLM\Software\Desksvc
Chave Deletedo : HKLM\Software\hdcode
Chave Deletedo : HKLM\Software\iSafe
Chave Deletedo : HKLM\Software\qone8Software
Chave Deletedo : HKLM\Software\SupDp
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\V9
Chave Deletedo : HKLM\Software\winzipersvc
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17126
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]
-\\ Google Chrome v35.0.1916.153
[ Arquivo : C:\Users\Murilo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Homepage] : hxxp://start.qone8.com/?type=hp&ts=1401647623&from=mp3&uid=HitachiXHTS547575A9E384_J2140020C0ULXAC0ULXAX
Deletedo [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
*************************
AdwCleaner[R0].txt - [8606 octets] - [25/06/2014 12:32:23]
AdwCleaner[s0].txt - [6381 octets] - [25/06/2014 12:32:54]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6441 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu antivírus para evitar conflitos.

 

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:

http://www.hijackthis.nl/smeenk/

 

:seta: Para executá-lo corretamente siga as dicas deste tutorial:

 

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

 

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue log do Zoek

 

Zoek.exe v5.0.0.0 Updated 22-06-2014
Tool run by Murilo on 25/06/2014 at 15:08:32,96.
Microsoft Windows 7 Enterprise 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Murilo\Downloads\zoek.exe [scan all users] [script inserted]
==== System Restore Info ======================
25/06/2014 15:09:51 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeKrnl deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\iSafeKrnl deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeNetFilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\iSafeNetFilter deleted successfully
==== FireFox Fix ======================
Deleted from C:\Users\Murilo\AppData\Roaming\Thunderbird\Profiles\9b8tqm1g.default\prefs.js:
Added to C:\Users\Murilo\AppData\Roaming\Thunderbird\Profiles\9b8tqm1g.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
C:\Users\Murilo\AppData\Roaming\iSafe deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC deleted
C:\Users\Murilo\Searches deleted
C:\windows\SysNative\tasks\RunAsStdUser Task deleted
C:\windows\SysNative\drivers\{b2db3058-74ee-4ace-bcd8-8cd0fbe3a4f6}Gw64.sys deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\Murilo\AppData\Roaming\unins000.exe deleted
"C:\PROGRA~2\iSafe\iSafeRKScanShell64.dll" deleted
"C:\PROGRA~2\iSafe\sqlite3x64.dll" deleted
"C:\PROGRA~2\iSafe" not deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn" [13/05/2014 10:59]
==== Firefox Extensions ======================
==== Firefox Plugins ======================
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[25/05/2014 22:53]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Murilo\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[22/05/2014 15:31]
AdBlock - Murilo\AppData\Local\Chromium\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
avast Online Security - Murilo\AppData\Local\Chromium\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - Murilo\AppData\Local\Chromium\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Banco do Brasil - Murilo\AppData\Local\Chromium\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
Google Docs - Murilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Murilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Murilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Murilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Adblock Advisor - Murilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplojogpbcbnjoemcalepfmbcpnkpjjo
GBBD Banco do Brasil - Murilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp
Google Wallet - Murilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Banco do Brasil - Murilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
Gmail - Murilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\Murilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma deleted successfully
C:\Users\Murilo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage deleted successfully
C:\Users\Murilo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
==== Reset Google Chrome ======================
C:\Users\Murilo\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Murilo\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\UpdatusUser\Desktop\Counter Strike 1.6.lnk - C:\Program Files (x86)\Counter Strike 1.6\hl.exe -game cstrike
C:\Users\UpdatusUser\Desktop\CS1.6.lnk - C:\Users\Murilo\Desktop
==== shortcuts in Users Start Menu ======================
C:\Users\Murilo\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk - C:\Users\Murilo\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\Murilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Murilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Murilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter Strike 1.6 - 2012\Play - CS 1.6 - 2012.lnk - C:\Program Files (x86)\Counter Strike 1.6\hl.exe -game cstrike
C:\Users\Murilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter Strike 1.6 - 2012\Remover - CS 1.6 - 2012.lnk - C:\Program Files (x86)\Counter Strike 1.6\Remover.exe
C:\Users\Murilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\Murilo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
C:\Users\Murilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\Murilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe -hunter
C:\Users\Murilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
C:\Users\Murilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url
C:\Users\Murilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Murilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Murilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Murilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS6.lnk - C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe ExtendScript Toolkit CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Utilities - CS6\ExtendScript Toolkit CS6\ExtendScript Toolkit.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Extension Manager CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Adobe Extension Manager CS6.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Media Encoder CS6.lnk - C:\Program Files\Adobe\Adobe Media Encoder CS6\Adobe Media Encoder.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends\League of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Murilo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Murilo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Murilo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird (2).lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Murilo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Murilo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Murilo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Murilo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\Murilo\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\Murilo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Murilo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Command Prompt.lnk - C:\Windows\system32\cmd.exe
C:\Users\Murilo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Murilo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Murilo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Murilo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Murilo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WindowsProtectManger deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Murilo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Murilo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Murilo\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Murilo\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Murilo\AppData\Local\Chromium\User Data\Default\Cache emptied successfully
C:\Users\Murilo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1274 folders=155 273196109 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Murilo\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Users\Usuário Padrão\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Murilo\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\PROGRA~2\iSafe" not found
==== EOF on 25/06/2014 at 15:26:24,25 ======================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o programa Junkware Removal Tool no link abaixo:

http://thisisudax.org/downloads/JRT.exe

 

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

 

Tutorial do Junkware Removal Tool

 

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

 

Ficamos na espera.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa tarde.



Segue log do Junkware Removal Tool



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Enterprise x64

Ran by Murilo on 26/06/2014 at 16:17:50,03

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





~~~ Services




~~~ Registry Values




~~~ Registry Keys


Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\isafe




~~~ Files




~~~ Folders




~~~ Event Viewer Logs were cleared






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 26/06/2014 at 16:22:50,86

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Faça o download do < ZHPDiag > < NicolasCoolman.jpg> ( ... de Nicolas Coolman )

 

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

 

2aa105k.jpg

 

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

 

Tutorial de instalação e execução do aplicativo ZHPDiag

 

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa noite.


Segue log ZHPDiag


~ Relatório do ZHPDiag v2014.6.25.98 - Nicolas Coolman (25/06/2014)

~ Iniciado por Murilo (26/06/2014 19:53:55)

~ Endereço do Website : http://nicolascoolman.fr

~ Tradução pelo utilizador

~ Estatuto da versão : Versão atualizada.

~ Lista Branca : Ativado pelo programa

~ Elevação dos Privilégios : OK

~ Controle de Conta de Utilizador : Activate by user



---\\ Navegadores Internet

MSIE: Internet Explorer v11.0.9600.17126

GCIE: Google Chrome v35.0.1916.153 (Defaut)


---\\ Informações sobre os produtos Windows

~ Langage: Portugais

Windows 7 Enterprise, 64-bit Service Pack 1 (Build 7601)

Windows Server License Manager Script : Absent (Not found)

Windows ID Activation : Inconnue (Unknown)

Windows Licence : Inconnue (Unknown)

Software Protection Service (Protection logicielle) : KO

Windows Automatic Updates : OK

Windows Activation Technologies : OK


---\\ Softwares de proteçao do sistema

avast! Free Antivirus v9.0.2018

Windows Defender W7 (Activate)


---\\ Softwares d'optimização do sistema


---\\ Softwares de partilha do PeerToPeer (P2P)

Pando Media Booster v2.6.0.7


---\\ Monitoramento dos softwares

Adobe Reader XI

Java 7 Update 55


---\\ Informações sobre o sistema

~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 7323 MB (65% free)

System Restore: Activé (Enable)

System drive C: has 309 GB (84%) free of 366 GB


---\\ Modo de conexão ao sistema

~ Computer Name: MURILO-PC

~ User Name: Murilo

~ All Users Names: UpdatusUser, Murilo, HomeGroupUser$, Convidado, Administrador,

~ Unselected Option: 045,061,O62,065,066,080,O82,089

Logged in as Administrator


---\\ As variáveis de ambiente

~ System Unit : C:\

~ %AppZHP% : C:\Users\Murilo\AppData\Roaming\ZHP\

~ %AppData% : C:\Users\Murilo\AppData\Roaming\

~ %Desktop% : C:\Users\Murilo\Desktop\

~ %Favorites% : C:\Users\Murilo\Favorites\

~ %LocalAppData% : C:\Users\Murilo\AppData\Local\

~ %StartMenu% : C:\Users\Murilo\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\


---\\ Enumeração das unidades dos discos

C: Hard drive, Flash drive, Thumb drive (Free 309 Go of 366 Go)

D: CD-ROM drive (Free 0 Go of 0 Go)

M: Hard drive, Flash drive, Thumb drive (Free 332 Go of 333 Go)




---\\ Estado do Centro de Segurança do Windows

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified

~ Security Center: 48 Legitimates Filtered in 00mn 00s




---\\ Pesquisa particular de ficheiros genéricos

[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 04:24:46.) -- C:\Windows\Explorer.exe [2872320]

[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]

[MD5.40BFD9D6EC8E174145F012246CA73CCD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.19/06/2014 - 15:10:22.) -- C:\Windows\System32\wininet.dll [2266112]

[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 04:25:32.) -- C:\Windows\System32\Winlogon.exe [390656]

[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 04:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]

[MD5.314C17917AC8523EC77A710215012A65] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.19/06/2014 - 15:08:59.) -- C:\Windows\system32\Drivers\AFD.sys [497152]

[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]

[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]

[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 00:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]

[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 00:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]

[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 01:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]

[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]

[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]

[MD5.FAF015B07E3A2874A790A39B7D2C579F] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.20/11/2010 - 00:27:44.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]

[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 00:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]

[MD5.05D78AA5CB5F3F5C31160BDB955D0B7C] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/11/2010 - 04:33:48.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776]

[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]

[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 01:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]

[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 02:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]

[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]

[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 00:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]

[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 04:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]

~ Generic Processes: Scanned in 00mn 00s




---\\ Estatuto dos ficheiros ocultos (Oculto/Total)

~ Mes Favoris (My Favorites) : 1/22

~ Mes Documents (My Documents) : 1/2

~ Mon Bureau (My Desktop) : 1/45

~ Menu demarrer (Programs) : 1/34

~ Hidden Files: Scanned in 00mn 00s




---\\ Processos lançados

[MD5.77B61BA0EB74B23E21D24BC8F226439F] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352] [PID.2572]

[MD5.FD1AAB63DA3A91A04F34E64CF047309E] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\Murilo\AppData\Roaming\uTorrent\uTorrent.exe [1267536] [PID.2652] =>P2P.BitTorrent

[MD5.A005676B30AEB3C7703C317D992B193A] - (.Intel Corporation - Intel® USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648] [PID.3040]

[MD5.BA48CCEC781FD10B6C869F7C45CAA23E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208] [PID.4592]

[MD5.5041D28614C0278A089BEF977C501439] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752] [PID.4124]

[MD5.5AEBF6FA9805C9101220AA4FB4FA17E7] - (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016] [PID.4264]

[MD5.64A7C84C0A8C79B22033F92D43919062] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568] [PID.3468]

[MD5.2218928CF528D7BC295B1B4C69E9846C] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3890208] [PID.4532]

[MD5.98CADC34741738CFC24F5CDFDAA408FA] - (.ASUSTeK - ACEngSvr Module.) -- C:\Windows\SysWOW64\ACEngSvr.exe [162456] [PID.4368]

[MD5.EA5B870671079786F335AC7C10846C4F] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [295584] [PID.7144]

[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.7036]

[MD5.509E0687DA8749E65D002011E57BF20A] - (.No owner - PVP.net Patcher Kernel.) -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe [1302080] [PID.6880]

[MD5.E853A440275C00CA063F2FD073036846] - (.No owner - PVP.net Patcher.) -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.210\deploy\LoLLauncher.exe [5428728] [PID.3456]

[MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8071680] [PID.5488]

[MD5.E2BE5755D726E6830A5B460BED7791A1] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382312] [PID.504]

[MD5.43B1125D14E8797FDA9D5E167EB50AE3] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\GbpSv.exe [528424] [PID.692]

[MD5.A3626C6D3F2DC95497F3F61842D7FD89] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [80512] [PID.1808]

[MD5.DBC598E47E7A382E60E2A4745D41FEF9] - (.ASUS - GFNEXSrv.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896] [PID.1856]

[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1884]

[MD5.2504725939338177E1F627DA0EDA2FEF] - (.ASUSTek Computer Inc. - HControl.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [178848] [PID.1952]

[MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe [2488888] [PID.1556]

[MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe [174648] [PID.2060]

[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.2316]

[MD5.20FDCA4C83DA64A0A17E2C6E1428C5A1] - (.Atheros - Atheros Coex Service Application.) -- C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe [77824] [PID.3212]

[MD5.6C694DCCF460857A1216D93BF46C45A7] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2458984] [PID.2868]

~ Processes Running: Scanned in 00mn 00s




---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)

C:\Users\Murilo\AppData\Local\Google\Chrome\User Data\Default\Preferences

G2 - GCE: Preference [user Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)

G2 - GCE: Preference [user Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)

G2 - GCE: Preference [user Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)


---\\ Pasta de extensão do Google Chrome

~ Google Lines Browser: 18 Legitimates Filtered in 00mn 02s




---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)

P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Murilo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll

~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s




---\\ Internet Explorer, Gestão do Proxy (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s




---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s




---\\ Redireção do ficheiro Hosts (01)

~ Le fichier hosts est sain (The hosts file is clean).

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 21




---\\ Browser Helper Objects do navegador (02)

O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll

~ BHO: 13 Legitimates Filtered in 00mn 00s




---\\ Barras do Internet Explorer (03))

O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã

~ Toolbar: Scanned in 00mn 00s




---\\ Outras conexões do utilizador (04)

O4 - GS\QuickLaunch [Murilo]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Murilo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

~ Global Startup: 1 Legitimates Filtered in 00mn 01s




---\\ Aplicações iniciadas por registo & pastas (04)

O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

O4 - HKLM\..\Run: [ASUSQuickGesture(x86)] . (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe

O4 - HKLM\..\Run: [ASUSTPLoader(x64)] . (.AsusTek - ASUS Smart Gesture Loader.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe

O4 - HKLM\..\Run: [ASUSQuickGesture(x64)] . (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe

O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe

O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Murilo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

O4 - HKLM\..\Wow6432Node\Run: [uSB3MON] . (.Intel Corporation - Intel® USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated

O4 - HKLM\..\Wow6432Node\Run: [bCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation

O4 - HKLM\..\Wow6432Node\Run: [ATKOSD2] . (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

O4 - HKLM\..\Wow6432Node\Run: [ATKMEDIA] . (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

O4 - HKLM\..\Wow6432Node\Run: [HControlUser] . (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

O4 - HKLM\..\Wow6432Node\Run: [ACMON] . (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

O4 - HKUS\S-1-5-21-1487414907-913627215-427101228-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Murilo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

~ Application: Scanned in 00mn 00s




---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)

O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation

O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation

~ IE Extra Buttons: Scanned in 00mn 00s




---\\ Site na zona confiavél do Internet Explorer (05)

O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br

O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br

~ IE Zone Confiance: Scanned in 00mn 00s




---\\ Alteração Dominio/Clientes DNS (017)

O17 - HKLM\System\CCS\Services\Tcpip\..\{5054C86B-04FD-4DD6-87EC-C149BB226B0B}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{5054C86B-04FD-4DD6-87EC-C149BB226B0B}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{5054C86B-04FD-4DD6-87EC-C149BB226B0B}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

~ Domain: Scanned in 00mn 00s




---\\ Protocolo adicional (018)

O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation

~ Protocole Additionnel: Scanned in 00mn 00s




---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll

~ Winlogon: Scanned in 00mn 00s




---\\ Lista dos serviços NT não Microsoft e não desativados (023)

O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe

~ Services: 13 Legitimates Filtered in 00mn 03s




---\\ Tarefas planificadas automaticamente (039)

[MD5.00000000000000000000000000000000] [APT] [Windows Updater] (...) -- C:\Users\Murilo\AppData\Roaming\Oxy\Updater.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{09C3B62E-3528-460C-9F78-811F1FFFB3D2}] (...) -- E:\arquivos asus\Wireless_Display_Intel_Win7_64_Z30120\Setup3.0.12.0.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{AF52C63B-446B-47ED-BD7B-1FF2CDDD36BC}] (...) -- E:\arquivos asus\Wireless_Console_3_Win7_64_Z3030\Setup.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{BCAF9878-89C6-4C6A-9087-106C1EF0A734}] (...) -- C:\Users\Murilo\AppData\Local\Temp\Temp1_LAN_Realtek_Win7_64_Z7488232011.zip\setup.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{F8F3ADD9-B9C1-4696-A96E-BDB362E7225A}] (...) -- F:\CS 1.6 - 2012.exe (.not file.) [0]

O39 - APT: - (..) -- C:\Windows\Tasks\AutoKMS.job [268] =>Trojan.Keygen

O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1064]

O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1068]

~ Scheduled Task: 18 Legitimates Filtered in 00mn 02s




---\\ Drivers lançados ao arranque do sistema (041)

O41 - Driver: (iSafeKrnlKit) . (. - .) - C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys (.not file.) =>Trojan.Staser

O41 - Driver: ({b2db3058-74ee-4ace-bcd8-8cd0fbe3a4f6}Gw64) . (. - .) - C:\Windows\System32\drivers\{b2db3058-74ee-4ace-bcd8-8cd0fbe3a4f6}Gw64.sys (.not file.)

~ Drivers: 87 Legitimates Filtered in 00mn 00s




---\\ Software instalados (042)

O42 - Logiciel: Módulo de Segurança - Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1

~ Logic: 23 Legitimates Filtered in 00mn 00s




---\\ HKCU & HKLM Software Keys

[HKCU\Software\124]

[HKCU\Software\AutoHelpDesk]

[HKCU\Software\GbAs]

[HKCU\Software\LADY'S WOOD 2013 LIMITED]

[HKCU\Software\Pando Networks]

[HKLM\Software\Wow6432Node\AutoHelpDesk]

[HKLM\Software\Wow6432Node\Pando Networks]

~ Key Software: 212 Legitimates Filtered in 00mn 00s




---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 02/05/2014 - 17:53:45 - [] ----D C:\Program Files (x86)\Pando Networks

O43 - CFD: 06/05/2014 - 11:27:07 - [] ----D C:\Users\Murilo\AppData\Roaming\rmi

O43 - CFD: 25/05/2014 - 22:58:03 - [] ----D C:\Users\Murilo\AppData\Local\21217

O43 - CFD: 02/05/2014 - 20:38:39 - [] ----D C:\Users\Murilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter Strike 1.6 - 2012

~ Program Folder: 144 Legitimates Filtered in 00mn 00s




---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)

O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 19/06/2014 - 15:10:22 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16284]

O44 - LFC:[MD5.1AAAF925C3B3C1CD9CE36DEEDC1E6777] - 19/06/2014 - 15:13:26 ---A- . (...) -- C:\Windows\IE11_main.log [15045]

O44 - LFC:[MD5.7B0F057D13DFE3F6B0441269618C1BE2] - 19/06/2014 - 23:17:11 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [17936]

O44 - LFC:[MD5.7B0F057D13DFE3F6B0441269618C1BE2] - 19/06/2014 - 23:17:11 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [17936]

O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 25/06/2014 - 15:08:00 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]

O44 - LFC:[MD5.00866A301D4422857A1490D599286A56] - 25/06/2014 - 15:26:24 ---A- . (...) -- C:\zoek-results.log [19108]

O44 - LFC:[MD5.4FB430EC1A37A32A391FD3A452DAD75D] - 25/06/2014 - 22:34:17 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147108]

O44 - LFC:[MD5.FDE6480BCCC9983A3AC627D0EF7293E5] - 25/06/2014 - 22:34:17 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [705268]

~ Files: 148 Legitimates Filtered in 00mn 18s




---\\ Operações e funções ao arranque do Windows Explorer (046)

O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj [64Bits] - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

~ ShellExecuteHooks: Scanned in 00mn 00s




---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

~ MWPS: 18 Legitimates Filtered in 00mn 00s




---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1

~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s




---\\ Lista dos drivers do sistema (SDL) (O58)

O58 - SDL:25/05/2014 - 22:54:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software

O58 - SDL:25/05/2014 - 22:54:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software

O58 - SDL:25/05/2014 - 22:54:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software

O58 - SDL:06/05/2014 - 11:14:46 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [254528]

O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]

O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]

O58 - SDL:09/06/2014 - 04:57:30 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [43520] =>Trojan.Staser

O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]

~ Drivers: 71 Legitimates Filtered in 00mn 03s




---\\ Lista das ferramentas de remoção de vírus (LAT) (063)

O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman

O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}

~ ADS: Scanned in 00mn 00s




---\\ Lista dos serviços Legacy du registo (064)

O64 - Services: CurCS - 25/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID

~ Legacy: 84 Legitimates Filtered in 00mn 00s




---\\ Associações Shell Spawning (O67)

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)

~ FASS Keys: 11 Legitimates Filtered in 00mn 00s




---\\ Menu de inicialização Internet (068)

O68 - StartMenuInternet: <Chromium.VHE57KCYPM3FNPVUZ4CPEZA43E> <Chromium>[HKLM\..\Shell\open\Command] (...) -- c:\users\murilo\appdata\local\oxy\application\oxy.exe (.not file.)

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files (x86)\google\chrome\application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s




---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com

O69 - SBI: SearchScopes [HKCU] {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - (Microsoft (Bing)) - http://www.bing.com

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com

~ Keys: Scanned in 00mn 00s




---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)

[MD5.D97B2F62095B9FC5FBF70724CA8ED935] [sPRF][25/06/2014] (...) -- C:\Users\Murilo\AppData\Roaming\sp_data.sys [387]

[MD5.FF08C7CA2B3B107241B0E0880553FB30] [sPRF][19/05/2014] (...) -- C:\Users\Murilo\AppData\Roaming\unins000.dat [16119]

[MD5.954EEB12152F96B6C76240AA5A848FF7] [sPRF][25/06/2014] (...) -- C:\Users\Murilo\Desktop\AdwCleaner.exe [1342659]

[MD5.053F6372E20FB9D8653E65359F89AD3F] [sPRF][13/05/2014] (...) -- C:\Users\Murilo\Desktop\vnc.exe [293511]

~ Files: 4 Legitimates Filtered in 00mn 00s




---\\ Lista das exceções do FireWall (FirewallRules) (O87)

O87 - FAEL: "{E943E2FB-0076-44E6-AD73-B9857249D5F3}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Murilo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

O87 - FAEL: "{4D5DAF87-5B59-4237-95FE-26BBE09E4C82}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Murilo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

~ Firewall: 2 Legitimates Filtered in 00mn 00s




---\\ Search Tracing Registry Key (O100)

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\deskSvc_RASAPI32 =>Hijacker.22Find

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\deskSvc_RASMANCS =>Hijacker.22Find

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeScan_RASAPI32 =>Trojan.Staser

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeScan_RASMANCS =>Trojan.Staser

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeSvc2_RASAPI32 =>Trojan.Staser

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeSvc2_RASMANCS =>Trojan.Staser

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeSvc_RASAPI32 =>Trojan.Staser

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeSvc_RASMANCS =>Trojan.Staser

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeTray_RASAPI32 =>Trojan.Staser

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeTray_RASMANCS =>Trojan.Staser

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeUpdate_RASAPI32 =>Trojan.Staser

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeUpdate_RASMANCS =>Trojan.Staser

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafe_RASAPI32 =>Trojan.Staser

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafe_RASMANCS =>Trojan.Staser

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent

~ BTK: 169 Legitimates Filtered in 00mn 00s




---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)

SS - | Demand 03/02/2012 274200 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe

SS - | Auto 02/05/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 02/05/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 17/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

SS - | Demand 08/12/2011 273168 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

SS - | Disabled 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

SR - | Auto 08/05/2014 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

SR - | Auto 21/11/2011 80512 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

SR - | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

SR - | Auto 25/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

SR - | Auto 08/12/2011 618256 | (EvtEng) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

SR - | Auto 06/05/2014 528424 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe

SR - | Auto 23/06/2012 890216 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe

SR - | Auto 24/06/2012 2458984 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

SR - | Demand 08/12/2011 148752 | (RegSrvc) . (.Intel® Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

SR - | Auto 23/06/2012 382312 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 03/05/2012 77824 | (ZAtheros Wlan Agent) . (.Atheros.) - C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe

SR - | Auto 08/12/2011 594704 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

~ Services: Scanned in 00mn 04s




---\\ Scâner Aditional (088)

Database Version : 13026 - (25/06/2014)

Clés trouvées (Keys found) : 0

Valeurs trouvées (Values found) : 2

Dossiers trouvés (Folders found) : 0

Fichiers trouvés (Files found) : 2


[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^

C:\Users\Murilo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^

C:\Windows\Tasks\AutoKMS.job =>Trojan.Keygen^

~ Additionnel Scan: 259948 Items scanned in 00mn 27s




---\\ Informações complémentaires do módulos

~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)

~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Gestão do Proxy (R5)

~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects do navegador (02)

~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Barras do Internet Explorer (03))

~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Aplicações iniciadas por registo & pastas (04)

~ AMI: 5 Legitimates Filtered in 00mn 00s




---\\ Sumário das deteções encontradas na sua estação



~ MSI: 2 link(s) detected in 00mn 00s




~ 867 Legitimates filtered by white list

End of the scan (492 lines in 01mn 11s)(0)

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.

__________________________________________________________________________

 

:seta: Selecione e copie todo o texto destacado em vermelho que te passei.

_____________________________________________________________________________________________________________

 

:seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

 

Copie este relatório e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa tarde.


O problema ainda persiste.

Segue log do ZHPFix


Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014

Fichier d'export Registre :

Run by Murilo at 27/06/2014 16:01:13

High Elevated Privileges : OK

Windows 7 Enterprise Edition, 64-bit Service Pack 1 (Build 7601)


Reciclagem vazia (00mn 08s)



========== Recapitulativo ==========



End of clean in 00mn 08s


========== Caminho do ficheiro do relatório ==========

C:\Users\Murilo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/06/2014 16:01:21 [399]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Parece que você não copiou o texto vermelho que te passei todo. Repita o passo a passo que te passei acima com atenção e poste o novo relatório que o programa vai criar.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigado pela observação.

Segue log.

 

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Murilo at 28/06/2014 02:20:20
High Elevated Privileges : OK
Windows 7 Enterprise Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ Driver Key: iSafeKrnlKit
ELIMINÉ Driver Key: {b2db3058-74ee-4ace-bcd8-8cd0fbe3a4f6}Gw64
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\deskSvc_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\deskSvc_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeScan_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeScan_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeSvc2_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeSvc2_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeSvc_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeSvc_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeTray_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeTray_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeUpdate_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeUpdate_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafe_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafe_RASMANCS
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ: StartMenuInternet: c:\users\murilo\appdata\local\oxy\application\oxy.exe
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\isafekrnlboot.sys
ELIMINÉ Temporários windows (127) (3.432.242 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: Windows Updater
ELIMINÉ: {09C3B62E-3528-460C-9F78-811F1FFFB3D2}
ELIMINÉ: {AF52C63B-446B-47ED-BD7B-1FF2CDDD36BC}
ELIMINÉ: {BCAF9878-89C6-4C6A-9087-106C1EF0A734}
ELIMINÉ: {F8F3ADD9-B9C1-4696-A96E-BDB362E7225A}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
16 : Chaves do Registo
6 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
3 : Ficheiros
5 : Tarefa planificada
1 : Restauração Sistema
End of clean in 00mn 33s
========== Caminho do ficheiro do relatório ==========
C:\Users\Murilo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/06/2014 16:01:21 [479]
C:\Users\Murilo\AppData\Roaming\ZHP\ZHPFix[R2].txt - 28/06/2014 02:20:23 [2832]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Abra novamente o ( ZHPDiag )

 

ZHPDiag_Pergaminho2_zps6e758639.jpg

 

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

 

ZHPDiag_Pesquisar_zps3acb0f25.jpg

 

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

 

zhpdia11.png

Compartilhar este post


Link para o post
Compartilhar em outros sites
Segue Log


~ Relatório do ZHPDiag v2014.6.25.98 - Nicolas Coolman (25/06/2014)

~ Iniciado por Murilo (29/06/2014 11:11:18)

~ Endereço do Website : http://nicolascoolman.fr

~ Tradução pelo utilizador

~ Estatuto da versão : Nova Versão disponivel

~ Lista Branca : Ativado pelo programa

~ Elevação dos Privilégios : OK

~ Controle de Conta de Utilizador : Deactivate by program



---\\ Navegadores Internet

MSIE: Internet Explorer v11.0.9600.17126

GCIE: Google Chrome v35.0.1916.153 (Defaut)


---\\ Informações sobre os produtos Windows

~ Langage: Portugais

Windows 7 Enterprise, 64-bit Service Pack 1 (Build 7601)

Windows Server License Manager Script : Absent (Not found)

Windows ID Activation : Inconnue (Unknown)

Windows Licence : Inconnue (Unknown)

Software Protection Service (Protection logicielle) : KO

Windows Automatic Updates : OK

Windows Activation Technologies : OK


---\\ Softwares de proteçao do sistema

avast! Free Antivirus v9.0.2018

Windows Defender W7 (Activate)


---\\ Softwares d'optimização do sistema

CCleaner v4.15


---\\ Softwares de partilha do PeerToPeer (P2P)

Pando Media Booster v2.6.0.7


---\\ Monitoramento dos softwares

Adobe Reader XI

Java 7 Update 55


---\\ Informações sobre o sistema

~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 7323 MB (76% free)

System Restore: Activé (Enable)

System drive C: has 312 GB (85%) free of 366 GB


---\\ Modo de conexão ao sistema

~ Computer Name: MURILO-PC

~ User Name: Murilo

~ All Users Names: UpdatusUser, Murilo, HomeGroupUser$, Convidado, Administrador,

~ Unselected Option: 045,061,O62,065,066,080,O82,089

Logged in as Administrator


---\\ As variáveis de ambiente

~ System Unit : C:\

~ %AppZHP% : C:\Users\Murilo\AppData\Roaming\ZHP\

~ %AppData% : C:\Users\Murilo\AppData\Roaming\

~ %Desktop% : C:\Users\Murilo\Desktop\

~ %Favorites% : C:\Users\Murilo\Favorites\

~ %LocalAppData% : C:\Users\Murilo\AppData\Local\

~ %StartMenu% : C:\Users\Murilo\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\


---\\ Enumeração das unidades dos discos

C: Hard drive, Flash drive, Thumb drive (Free 312 Go of 366 Go)

D: CD-ROM drive (Free 0 Go of 0 Go)

M: Hard drive, Flash drive, Thumb drive (Free 332 Go of 333 Go)




---\\ Estado do Centro de Segurança do Windows

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified

~ Security Center: 48 Legitimates Filtered in 00mn 00s




---\\ Pesquisa particular de ficheiros genéricos

[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 04:24:46.) -- C:\Windows\Explorer.exe [2872320]

[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]

[MD5.40BFD9D6EC8E174145F012246CA73CCD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.19/06/2014 - 15:10:22.) -- C:\Windows\System32\wininet.dll [2266112]

[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 04:25:32.) -- C:\Windows\System32\Winlogon.exe [390656]

[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 04:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]

[MD5.314C17917AC8523EC77A710215012A65] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.19/06/2014 - 15:08:59.) -- C:\Windows\system32\Drivers\AFD.sys [497152]

[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]

[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]

[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 00:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]

[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 00:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]

[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 01:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]

[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]

[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]

[MD5.FAF015B07E3A2874A790A39B7D2C579F] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.20/11/2010 - 00:27:44.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]

[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 00:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]

[MD5.05D78AA5CB5F3F5C31160BDB955D0B7C] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/11/2010 - 04:33:48.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776]

[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]

[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 01:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]

[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 02:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]

[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]

[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 00:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]

[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 04:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]

~ Generic Processes: Scanned in 00mn 00s




---\\ Estatuto dos ficheiros ocultos (Oculto/Total)

~ Mes Videos (My Videos) : 1/2

~ Mes Favoris (My Favorites) : 1/44

~ Mes Documents (My Documents) : 1/4

~ Mon Bureau (My Desktop) : 1/88

~ Menu demarrer (Programs) : 1/68

~ Hidden Files: Scanned in 00mn 00s




---\\ Processos lançados

[MD5.77B61BA0EB74B23E21D24BC8F226439F] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352] [PID.2572]

[MD5.FD1AAB63DA3A91A04F34E64CF047309E] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\Murilo\AppData\Roaming\uTorrent\uTorrent.exe [1267536] [PID.2652] =>P2P.BitTorrent

[MD5.A005676B30AEB3C7703C317D992B193A] - (.Intel Corporation - Intel® USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648] [PID.3040]

[MD5.BA48CCEC781FD10B6C869F7C45CAA23E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208] [PID.4592]

[MD5.5041D28614C0278A089BEF977C501439] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752] [PID.4124]

[MD5.5AEBF6FA9805C9101220AA4FB4FA17E7] - (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016] [PID.4264]

[MD5.64A7C84C0A8C79B22033F92D43919062] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568] [PID.3468]

[MD5.2218928CF528D7BC295B1B4C69E9846C] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3890208] [PID.4532]

[MD5.98CADC34741738CFC24F5CDFDAA408FA] - (.ASUSTeK - ACEngSvr Module.) -- C:\Windows\SysWOW64\ACEngSvr.exe [162456] [PID.4368]

[MD5.EA5B870671079786F335AC7C10846C4F] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [295584] [PID.7144]

[MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8071680] [PID.4100]

[MD5.E2BE5755D726E6830A5B460BED7791A1] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382312] [PID.504]

[MD5.43B1125D14E8797FDA9D5E167EB50AE3] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\GbpSv.exe [528424] [PID.692]

[MD5.A3626C6D3F2DC95497F3F61842D7FD89] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [80512] [PID.1808]

[MD5.DBC598E47E7A382E60E2A4745D41FEF9] - (.ASUS - GFNEXSrv.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896] [PID.1856]

[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1884]

[MD5.2504725939338177E1F627DA0EDA2FEF] - (.ASUSTek Computer Inc. - HControl.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [178848] [PID.1952]

[MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe [2488888] [PID.1556]

[MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe [174648] [PID.2060]

[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.2316]

[MD5.20FDCA4C83DA64A0A17E2C6E1428C5A1] - (.Atheros - Atheros Coex Service Application.) -- C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe [77824] [PID.3212]

[MD5.6C694DCCF460857A1216D93BF46C45A7] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2458984] [PID.2868]

~ Processes Running: Scanned in 00mn 00s




---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)

C:\Users\Murilo\AppData\Local\Google\Chrome\User Data\Default\Preferences

G2 - GCE: Preference [user Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)

G2 - GCE: Preference [user Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)

G2 - GCE: Preference [user Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)


---\\ Pasta de extensão do Google Chrome

~ Google Lines Browser: 35 Legitimates Filtered in 00mn 03s




---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)

P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Murilo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll

~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s




---\\ Internet Explorer, Gestão do Proxy (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s




---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s




---\\ Redireção do ficheiro Hosts (01)

~ Le fichier hosts est sain (The hosts file is clean).

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 21




---\\ Browser Helper Objects do navegador (02)

O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll

~ BHO: 26 Legitimates Filtered in 00mn 00s




---\\ Barras do Internet Explorer (03))

O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã

~ Toolbar: Scanned in 00mn 00s




---\\ Outras conexões do utilizador (04)

O4 - GS\QuickLaunch [Murilo]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Murilo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

~ Global Startup: 1 Legitimates Filtered in 00mn 00s




---\\ Aplicações iniciadas por registo & pastas (04)

O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

O4 - HKLM\..\Run: [ASUSQuickGesture(x86)] . (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe

O4 - HKLM\..\Run: [ASUSTPLoader(x64)] . (.AsusTek - ASUS Smart Gesture Loader.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe

O4 - HKLM\..\Run: [ASUSQuickGesture(x64)] . (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe

O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe

O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Murilo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

O4 - HKLM\..\Wow6432Node\Run: [uSB3MON] . (.Intel Corporation - Intel® USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

O4 - HKLM\..\Wow6432Node\Run: [bCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation

O4 - HKLM\..\Wow6432Node\Run: [ATKOSD2] . (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

O4 - HKLM\..\Wow6432Node\Run: [ATKMEDIA] . (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

O4 - HKLM\..\Wow6432Node\Run: [HControlUser] . (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

O4 - HKLM\..\Wow6432Node\Run: [ACMON] . (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

O4 - HKUS\S-1-5-21-1487414907-913627215-427101228-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Murilo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

~ Application: Scanned in 00mn 00s




---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)

O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation

O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation

~ IE Extra Buttons: Scanned in 00mn 00s




---\\ Site na zona confiavél do Internet Explorer (05)

O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br

O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br

~ IE Zone Confiance: Scanned in 00mn 00s




---\\ Alteração Dominio/Clientes DNS (017)

O17 - HKLM\System\CCS\Services\Tcpip\..\{5054C86B-04FD-4DD6-87EC-C149BB226B0B}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{5054C86B-04FD-4DD6-87EC-C149BB226B0B}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{5054C86B-04FD-4DD6-87EC-C149BB226B0B}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

~ Domain: Scanned in 00mn 00s




---\\ Protocolo adicional (018)

O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation

~ Protocole Additionnel: Scanned in 00mn 00s




---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll

~ Winlogon: Scanned in 00mn 00s




---\\ Lista dos serviços NT não Microsoft e não desativados (023)

O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe

~ Services: 13 Legitimates Filtered in 00mn 02s




---\\ Tarefas planificadas automaticamente (039)

O39 - APT: - (..) -- C:\Windows\Tasks\AutoKMS.job [268] =>Trojan.Keygen

O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1064]

O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1068]

~ Scheduled Task: 28 Legitimates Filtered in 00mn 01s




---\\ Drivers lançados ao arranque do sistema (041)

O41 - Driver: (iSafeKrnlKit) . (. - .) - C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys (.not file.) =>Trojan.Staser

O41 - Driver: ({b2db3058-74ee-4ace-bcd8-8cd0fbe3a4f6}Gw64) . (. - .) - C:\Windows\System32\drivers\{b2db3058-74ee-4ace-bcd8-8cd0fbe3a4f6}Gw64.sys (.not file.)

~ Drivers: 83 Legitimates Filtered in 00mn 00s




---\\ Software instalados (042)

O42 - Logiciel: Módulo de Segurança - Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1

~ Logic: 23 Legitimates Filtered in 00mn 00s




---\\ HKCU & HKLM Software Keys

[HKCU\Software\124]

[HKCU\Software\AutoHelpDesk]

[HKCU\Software\GbAs]

[HKCU\Software\LADY'S WOOD 2013 LIMITED]

[HKCU\Software\Pando Networks]

[HKLM\Software\Wow6432Node\AutoHelpDesk]

[HKLM\Software\Wow6432Node\Pando Networks]

~ Key Software: 216 Legitimates Filtered in 00mn 00s




---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 02/05/2014 - 17:53:45 - [] ----D C:\Program Files (x86)\Pando Networks

O43 - CFD: 06/05/2014 - 11:27:07 - [] ----D C:\Users\Murilo\AppData\Roaming\rmi

O43 - CFD: 25/05/2014 - 22:58:03 - [] ----D C:\Users\Murilo\AppData\Local\21217

O43 - CFD: 02/05/2014 - 20:38:39 - [] ----D C:\Users\Murilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter Strike 1.6 - 2012

~ Program Folder: 144 Legitimates Filtered in 00mn 00s




---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)

O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 19/06/2014 - 15:10:22 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16284]

O44 - LFC:[MD5.1AAAF925C3B3C1CD9CE36DEEDC1E6777] - 19/06/2014 - 15:13:26 ---A- . (...) -- C:\Windows\IE11_main.log [15045]

O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 25/06/2014 - 15:08:00 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]

O44 - LFC:[MD5.00866A301D4422857A1490D599286A56] - 25/06/2014 - 15:26:24 ---A- . (...) -- C:\zoek-results.log [19108]

O44 - LFC:[MD5.4FB430EC1A37A32A391FD3A452DAD75D] - 25/06/2014 - 22:34:17 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147108]

O44 - LFC:[MD5.FDE6480BCCC9983A3AC627D0EF7293E5] - 25/06/2014 - 22:34:17 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [705268]

O44 - LFC:[MD5.49D23815E096DBFC93FBA5EB94989850] - 26/06/2014 - 23:26:16 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [17936]

O44 - LFC:[MD5.49D23815E096DBFC93FBA5EB94989850] - 26/06/2014 - 23:26:16 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [17936]

~ Files: 148 Legitimates Filtered in 00mn 00s




---\\ Operações e funções ao arranque do Windows Explorer (046)

O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj [64Bits] - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

~ ShellExecuteHooks: Scanned in 00mn 00s




---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

~ MWPS: 18 Legitimates Filtered in 00mn 00s




---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1

~ MWPE Keys: 10 Legitimates Filtered in 00mn 00s




---\\ Lista dos drivers do sistema (SDL) (O58)

O58 - SDL:25/05/2014 - 22:54:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software

O58 - SDL:25/05/2014 - 22:54:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software

O58 - SDL:25/05/2014 - 22:54:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software

O58 - SDL:06/05/2014 - 11:14:46 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [254528]

O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]

O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]

O58 - SDL:09/06/2014 - 04:57:30 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [43520] =>Trojan.Staser

O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]

~ Drivers: 71 Legitimates Filtered in 00mn 00s




---\\ Lista das ferramentas de remoção de vírus (LAT) (063)

O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman

O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}

~ ADS: Scanned in 00mn 00s




---\\ Lista dos serviços Legacy du registo (064)

O64 - Services: CurCS - 25/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID

~ Legacy: 84 Legitimates Filtered in 00mn 00s




---\\ Associações Shell Spawning (O67)

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)

~ FASS Keys: 11 Legitimates Filtered in 00mn 00s




---\\ Menu de inicialização Internet (068)

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files (x86)\google\chrome\application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s




---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com

O69 - SBI: SearchScopes [HKCU] {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - (Microsoft (Bing)) - http://www.bing.com

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com

~ Keys: Scanned in 00mn 00s




---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)

[MD5.D97B2F62095B9FC5FBF70724CA8ED935] [sPRF][25/06/2014] (...) -- C:\Users\Murilo\AppData\Roaming\sp_data.sys [387]

[MD5.FF08C7CA2B3B107241B0E0880553FB30] [sPRF][19/05/2014] (...) -- C:\Users\Murilo\AppData\Roaming\unins000.dat [16119]

[MD5.954EEB12152F96B6C76240AA5A848FF7] [sPRF][25/06/2014] (...) -- C:\Users\Murilo\Desktop\AdwCleaner.exe [1342659]

[MD5.053F6372E20FB9D8653E65359F89AD3F] [sPRF][13/05/2014] (...) -- C:\Users\Murilo\Desktop\vnc.exe [293511]

~ Files: 4 Legitimates Filtered in 00mn 00s




---\\ Lista das exceções do FireWall (FirewallRules) (O87)

O87 - FAEL: "{E943E2FB-0076-44E6-AD73-B9857249D5F3}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Murilo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

O87 - FAEL: "{4D5DAF87-5B59-4237-95FE-26BBE09E4C82}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Murilo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

~ Firewall: 2 Legitimates Filtered in 00mn 00s




---\\ Search Tracing Registry Key (O100)

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent

~ BTK: 155 Legitimates Filtered in 00mn 00s




---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)

SS - | Demand 03/02/2012 274200 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe

SS - | Auto 02/05/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 02/05/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 17/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

SS - | Demand 08/12/2011 273168 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

SS - | Disabled 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

SR - | Auto 08/05/2014 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

SR - | Auto 21/11/2011 80512 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

SR - | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

SR - | Auto 25/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

SR - | Auto 08/12/2011 618256 | (EvtEng) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

SR - | Auto 06/05/2014 528424 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe

SR - | Auto 23/06/2012 890216 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe

SR - | Auto 24/06/2012 2458984 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

SR - | Demand 08/12/2011 148752 | (RegSrvc) . (.Intel® Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

SR - | Auto 23/06/2012 382312 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 03/05/2012 77824 | (ZAtheros Wlan Agent) . (.Atheros.) - C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe

SR - | Auto 08/12/2011 594704 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

~ Services: Scanned in 00mn 04s




---\\ Scâner Aditional (088)

Database Version : 13026 - (25/06/2014)

Clés trouvées (Keys found) : 0

Valeurs trouvées (Values found) : 2

Dossiers trouvés (Folders found) : 0

Fichiers trouvés (Files found) : 2


[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^

C:\Users\Murilo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^

C:\Windows\Tasks\AutoKMS.job =>Trojan.Keygen^

~ Additionnel Scan: 259531 Items scanned in 00mn 14s




---\\ Informações complémentaires do módulos

~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)

~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Gestão do Proxy (R5)

~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects do navegador (02)

~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Barras do Internet Explorer (03))

~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Aplicações iniciadas por registo & pastas (04)

~ AMI: 5 Legitimates Filtered in 00mn 00s




---\\ Sumário das deteções encontradas na sua estação


~ MSI: 1 link(s) detected in 00mn 00s




~ 895 Legitimates filtered by white list

End of the scan (469 lines in 00mn 33s)(0)

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Selecione e copie todo o texto destacado em vermelho que te passei.

_____________________________________________________________________________________________________________

 

:seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

 

Copie este relatório e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014

Fichier d'export Registre :

Run by Murilo at 29/06/2014 15:16:11

High Elevated Privileges : OK

Windows 7 Enterprise Edition, 64-bit Service Pack 1 (Build 7601)


Reciclagem vazia (00mn 03s)

Reparação de atalhos do navegador


========== Chaves do Registo ==========

ELIMINÉ Driver Key: iSafeKrnlKit

ELIMINÉ Driver Key: {b2db3058-74ee-4ace-bcd8-8cd0fbe3a4f6}Gw64


========== Pastas ==========

Nenhuma pasta CLSID local utilizador vazia


========== Ficheiros ==========

ELIMINA REINICIAR: c:\windows\system32\drivers\isafekrnlboot.sys

ELIMINÉ Temporários windows (6) (550.495 octets)

ELIMINÉ Flash Cookies (0) (0 octets)


========== Restauração Sistema ==========

Ponto de restauro do sistema criado com sucesso



========== Recapitulativo ==========

2 : Chaves do Registo

1 : Pastas

3 : Ficheiros

1 : Restauração Sistema



End of clean in 00mn 14s


========== Caminho do ficheiro do relatório ==========

C:\Users\Murilo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/06/2014 16:01:21 [479]

C:\Users\Murilo\AppData\Roaming\ZHP\ZHPFix[R2].txt - 28/06/2014 02:20:23 [2913]

C:\Users\Murilo\AppData\Roaming\ZHP\ZHPFix[R3].txt - 29/06/2014 15:16:15 [1170]

Compartilhar este post


Link para o post
Compartilhar em outros sites

De maneira geral está bom.

Mas o problema do windows explorer travando ainda persiste.

 

Jogando no google, antes de postar qualquer coisa aqui, vi um caso em que o sistema de hibernação do windows não se recuperava, e por isso travava tudo. Desativei a hibernação mas não resolveu.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Eu te pedi para seguir aquele tutorial para escolher os programas que iniciam com o PC e parece que você não o seguiu, porque está constando os mesmos programas iniciando.

 

Quanto menos programas iniciando junto com o Windows, mais rápido o PC fica e consequentemente as chances de travar são menores. Seria bom seguir aquela dica que te passei.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.