[Arquivado] Travamento do Windows Explorer resistente à formataçã

[Murilo Cerizza 0]

Desculpe, é que analisando a lista não vi nada que fosse incidir tão fortemente no desempenho.

Já desativei tudo o que não precisava (eu acho).

 

No momento não ocorrem travamentos, mas atualizo assim que ocorrerem (se ocorrerem).

segue novo log do ZHPDiag.

 

~ Relatório do ZHPDiag v2014.6.25.98 - Nicolas Coolman (25/06/2014)

~ Iniciado por Murilo (29/06/2014 21:56:22)

~ Endereço do Website : http://nicolascoolman.fr

~ Tradução pelo utilizador

~ Estatuto da versão : Nova Versão disponivel

~ Lista Branca : Ativado pelo programa

~ Elevação dos Privilégios : OK

~ Controle de Conta de Utilizador : Activate by user

---\\ Navegadores Internet

MSIE: Internet Explorer v11.0.9600.17126

GCIE: Google Chrome v35.0.1916.153 (Defaut)

---\\ Informações sobre os produtos Windows

~ Langage: Portugais

Windows 7 Enterprise, 64-bit Service Pack 1 (Build 7601)

Windows Server License Manager Script : Absent (Not found)

Windows ID Activation : Inconnue (Unknown)

Windows Licence : Inconnue (Unknown)

Software Protection Service (Protection logicielle) : KO

Windows Automatic Updates : OK

Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema

avast! Free Antivirus v9.0.2018

Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

CCleaner v4.15

---\\ Softwares de partilha do PeerToPeer (P2P)

Pando Media Booster v2.6.0.7

---\\ Monitoramento dos softwares

Adobe Reader XI

Java 7 Update 55

---\\ Informações sobre o sistema

~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 7323 MB (45% free)

System Restore: Activé (Enable)

System drive C: has 314 GB (85%) free of 366 GB

---\\ Modo de conexão ao sistema

~ Computer Name: MURILO-PC

~ User Name: Murilo

~ All Users Names: UpdatusUser, Murilo, HomeGroupUser$, Convidado, Administrador,

~ Unselected Option: 045,061,O62,065,066,080,O82,089

Logged in as Administrator

---\\ As variáveis de ambiente

~ System Unit : C:\

~ %AppZHP% : C:\Users\Murilo\AppData\Roaming\ZHP\

~ %AppData% : C:\Users\Murilo\AppData\Roaming\

~ %Desktop% : C:\Users\Murilo\Desktop\

~ %Favorites% : C:\Users\Murilo\Favorites\

~ %LocalAppData% : C:\Users\Murilo\AppData\Local\

~ %StartMenu% : C:\Users\Murilo\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos

C: Hard drive, Flash drive, Thumb drive (Free 314 Go of 366 Go)

D: CD-ROM drive (Free 0 Go of 0 Go)

E: Hard drive, Flash drive, Thumb drive (Free 304 Go of 596 Go)

M: Hard drive, Flash drive, Thumb drive (Free 332 Go of 333 Go)

---\\ Estado do Centro de Segurança do Windows

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified

~ Security Center: 48 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos

[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 04:24:46.) -- C:\Windows\Explorer.exe [2872320]

[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]

[MD5.40BFD9D6EC8E174145F012246CA73CCD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.19/06/2014 - 15:10:22.) -- C:\Windows\System32\wininet.dll [2266112]

[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 04:25:32.) -- C:\Windows\System32\Winlogon.exe [390656]

[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 04:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]

[MD5.314C17917AC8523EC77A710215012A65] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.19/06/2014 - 15:08:59.) -- C:\Windows\system32\Drivers\AFD.sys [497152]

[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]

[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]

[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 00:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]

[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 00:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]

[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 01:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]

[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]

[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]

[MD5.FAF015B07E3A2874A790A39B7D2C579F] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.20/11/2010 - 00:27:44.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]

[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 00:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]

[MD5.05D78AA5CB5F3F5C31160BDB955D0B7C] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/11/2010 - 04:33:48.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776]

[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]

[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 01:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]

[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 02:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]

[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]

[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 00:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]

[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 04:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]

~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)

~ Mes Favoris (My Favorites) : 1/22

~ Mes Documents (My Documents) : 1/2

~ Mon Bureau (My Desktop) : 1/50

~ Menu demarrer (Programs) : 1/34

~ Hidden Files: Scanned in 00mn 00s

---\\ Processos lançados

[MD5.77B61BA0EB74B23E21D24BC8F226439F] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352] [PID.2572]

[MD5.FD1AAB63DA3A91A04F34E64CF047309E] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\Murilo\AppData\Roaming\uTorrent\uTorrent.exe [1267536] [PID.2652] =>P2P.BitTorrent

[MD5.A005676B30AEB3C7703C317D992B193A] - (.Intel Corporation - Intel® USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648] [PID.3040]

[MD5.BA48CCEC781FD10B6C869F7C45CAA23E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208] [PID.4592]

[MD5.5041D28614C0278A089BEF977C501439] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752] [PID.4124]

[MD5.5AEBF6FA9805C9101220AA4FB4FA17E7] - (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016] [PID.4264]

[MD5.64A7C84C0A8C79B22033F92D43919062] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568] [PID.3468]

[MD5.2218928CF528D7BC295B1B4C69E9846C] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3890208] [PID.4532]

[MD5.98CADC34741738CFC24F5CDFDAA408FA] - (.ASUSTeK - ACEngSvr Module.) -- C:\Windows\SysWOW64\ACEngSvr.exe [162456] [PID.4368]

[MD5.EA5B870671079786F335AC7C10846C4F] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [295584] [PID.7144]

[MD5.048EA4B978851788E9F5E8E4F081DF7A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904] [PID.5132]

[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.4800]

[MD5.A80C173AC5C75706BB74AE4D78F2A53D] - (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe [164864] [PID.5656]

[MD5.5E5B1694E918A1739D46BDF45F437465] - (.Adobe Systems Incorporated - Adobe InDesign CS6.) -- C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe [4103312] [PID.2816]

[MD5.8FE651ACBA3344E645CFEB6286FFF6B8] - (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312] [PID.6732]

[MD5.EA87F150E722E4AB866AD0A13382FA02] - (.Adobe Systems Incorporated - Adobe Reader.) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe [1457528] [PID.1168]

[MD5.C213B43AB4018B2FBDED32C8EC31CDAE] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AcroTray.exe [2904984] [PID.6136]

[MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8071680] [PID.1940]

[MD5.E2BE5755D726E6830A5B460BED7791A1] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382312] [PID.504]

[MD5.43B1125D14E8797FDA9D5E167EB50AE3] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\GbpSv.exe [528424] [PID.692]

[MD5.A3626C6D3F2DC95497F3F61842D7FD89] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [80512] [PID.1808]

[MD5.DBC598E47E7A382E60E2A4745D41FEF9] - (.ASUS - GFNEXSrv.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896] [PID.1856]

[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1884]

[MD5.2504725939338177E1F627DA0EDA2FEF] - (.ASUSTek Computer Inc. - HControl.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [178848] [PID.1952]

[MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe [2488888] [PID.1556]

[MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe [174648] [PID.2060]

[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.2316]

[MD5.20FDCA4C83DA64A0A17E2C6E1428C5A1] - (.Atheros - Atheros Coex Service Application.) -- C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe [77824] [PID.3212]

[MD5.6C694DCCF460857A1216D93BF46C45A7] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2458984] [PID.2868]

~ Processes Running: Scanned in 00mn 01s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)

C:\Users\Murilo\AppData\Local\Google\Chrome\User Data\Default\Preferences

G2 - GCE: Preference [user Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)

G2 - GCE: Preference [user Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)

G2 - GCE: Preference [user Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome

~ Google Lines Browser: 18 Legitimates Filtered in 00mn 03s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)

P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Murilo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll

~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)

~ Le fichier hosts est sain (The hosts file is clean).

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects do navegador (02)

O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll

~ BHO: 13 Legitimates Filtered in 00mn 00s

---\\ Barras do Internet Explorer (03))

O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã

~ Toolbar: Scanned in 00mn 00s

---\\ Outras conexões do utilizador (04)

O4 - GS\QuickLaunch [Murilo]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Murilo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

~ Global Startup: 1 Legitimates Filtered in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)

O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

O4 - HKLM\..\Wow6432Node\Run: [uSB3MON] . (.Intel Corporation - Intel® USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)

O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation

O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation

~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)

O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br

O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br

~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)

O17 - HKLM\System\CCS\Services\Tcpip\..\{5054C86B-04FD-4DD6-87EC-C149BB226B0B}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{5054C86B-04FD-4DD6-87EC-C149BB226B0B}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{5054C86B-04FD-4DD6-87EC-C149BB226B0B}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)

O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation

~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll

~ Winlogon: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)

O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe

~ Services: 13 Legitimates Filtered in 00mn 03s

---\\ Tarefas planificadas automaticamente (039)

O39 - APT: - (..) -- C:\Windows\Tasks\AutoKMS.job [268] =>Trojan.Keygen

O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1064]

O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1068]

~ Scheduled Task: 14 Legitimates Filtered in 00mn 01s

---\\ Software instalados (042)

O42 - Logiciel: Módulo de Segurança - Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1

~ Logic: 23 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys

[HKCU\Software\124]

[HKCU\Software\AutoHelpDesk]

[HKCU\Software\GbAs]

[HKCU\Software\LADY'S WOOD 2013 LIMITED]

[HKCU\Software\Pando Networks]

[HKLM\Software\Wow6432Node\AutoHelpDesk]

[HKLM\Software\Wow6432Node\Pando Networks]

~ Key Software: 216 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 02/05/2014 - 17:53:45 - [] ----D C:\Program Files (x86)\Pando Networks

O43 - CFD: 06/05/2014 - 11:27:07 - [] ----D C:\Users\Murilo\AppData\Roaming\rmi

O43 - CFD: 25/05/2014 - 22:58:03 - [] ----D C:\Users\Murilo\AppData\Local\21217

O43 - CFD: 02/05/2014 - 20:38:39 - [] ----D C:\Users\Murilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter Strike 1.6 - 2012

~ Program Folder: 144 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)

O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 19/06/2014 - 15:10:22 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16284]

O44 - LFC:[MD5.1AAAF925C3B3C1CD9CE36DEEDC1E6777] - 19/06/2014 - 15:13:26 ---A- . (...) -- C:\Windows\IE11_main.log [15045]

O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 25/06/2014 - 15:08:00 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]

O44 - LFC:[MD5.00866A301D4422857A1490D599286A56] - 25/06/2014 - 15:26:24 ---A- . (...) -- C:\zoek-results.log [19108]

O44 - LFC:[MD5.49D23815E096DBFC93FBA5EB94989850] - 26/06/2014 - 23:26:16 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [17936]

O44 - LFC:[MD5.49D23815E096DBFC93FBA5EB94989850] - 26/06/2014 - 23:26:16 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [17936]

O44 - LFC:[MD5.4FB430EC1A37A32A391FD3A452DAD75D] - 29/06/2014 - 17:59:46 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147108]

O44 - LFC:[MD5.FDE6480BCCC9983A3AC627D0EF7293E5] - 29/06/2014 - 17:59:46 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [705268]

~ Files: 148 Legitimates Filtered in 00mn 18s

---\\ Operações e funções ao arranque do Windows Explorer (046)

O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj [64Bits] - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)

O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Murilo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

~ SMSR Keys: 16 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

~ MWPS: 18 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1

~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)

O58 - SDL:25/05/2014 - 22:54:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software

O58 - SDL:25/05/2014 - 22:54:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software

O58 - SDL:25/05/2014 - 22:54:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software

O58 - SDL:06/05/2014 - 11:14:46 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [254528]

O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]

O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]

O58 - SDL:09/06/2014 - 04:57:30 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [43520] =>Trojan.Staser

O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]

~ Drivers: 71 Legitimates Filtered in 00mn 00s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)

O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman

O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}

~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)

O64 - Services: CurCS - 25/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID

~ Legacy: 84 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)

~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files (x86)\google\chrome\application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com

O69 - SBI: SearchScopes [HKCU] {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - (Microsoft (Bing)) - http://www.bing.com

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com

~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)

[MD5.D97B2F62095B9FC5FBF70724CA8ED935] [sPRF][25/06/2014] (...) -- C:\Users\Murilo\AppData\Roaming\sp_data.sys [387]

[MD5.FF08C7CA2B3B107241B0E0880553FB30] [sPRF][19/05/2014] (...) -- C:\Users\Murilo\AppData\Roaming\unins000.dat [16119]

[MD5.954EEB12152F96B6C76240AA5A848FF7] [sPRF][25/06/2014] (...) -- C:\Users\Murilo\Desktop\AdwCleaner.exe [1342659]

[MD5.053F6372E20FB9D8653E65359F89AD3F] [sPRF][13/05/2014] (...) -- C:\Users\Murilo\Desktop\vnc.exe [293511]

~ Files: 4 Legitimates Filtered in 00mn 00s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)

O87 - FAEL: "{E943E2FB-0076-44E6-AD73-B9857249D5F3}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Murilo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

O87 - FAEL: "{4D5DAF87-5B59-4237-95FE-26BBE09E4C82}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Murilo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

~ Firewall: 2 Legitimates Filtered in 00mn 00s

---\\ Search Tracing Registry Key (O100)

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent

~ BTK: 155 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)

SS - | Demand 03/02/2012 274200 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe

SS - | Auto 02/05/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 02/05/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 17/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

SS - | Demand 08/12/2011 273168 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

SS - | Disabled 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

SR - | Auto 08/05/2014 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

SR - | Auto 21/11/2011 80512 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

SR - | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

SR - | Auto 25/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

SR - | Auto 08/12/2011 618256 | (EvtEng) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

SR - | Auto 06/05/2014 528424 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe

SR - | Auto 23/06/2012 890216 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe

SR - | Auto 24/06/2012 2458984 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

SR - | Demand 08/12/2011 148752 | (RegSrvc) . (.Intel® Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

SR - | Auto 23/06/2012 382312 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 03/05/2012 77824 | (ZAtheros Wlan Agent) . (.Atheros.) - C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe

SR - | Auto 08/12/2011 594704 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

~ Services: Scanned in 00mn 04s

---\\ Scâner Aditional (088)

Database Version : 13026 - (25/06/2014)

Clés trouvées (Keys found) : 1

Valeurs trouvées (Values found) : 1

Dossiers trouvés (Folders found) : 0

Fichiers trouvés (Files found) : 2

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^

C:\Users\Murilo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^

C:\Windows\Tasks\AutoKMS.job =>Trojan.Keygen^

~ Additionnel Scan: 260073 Items scanned in 00mn 16s

---\\ Informações complémentaires do módulos

~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)

~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Gestão do Proxy (R5)

~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects do navegador (02)

~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Barras do Internet Explorer (03))

~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Aplicações iniciadas por registo & pastas (04)

~ AMI: 5 Legitimates Filtered in 00mn 00s

---\\ Sumário das deteções encontradas na sua estação

http://nicolascoolman.fr/trojan-staser =>Trojan.Staser

~ MSI: 1 link(s) detected in 00mn 00s

~ 871 Legitimates filtered by white list

End of the scan (464 lines in 00mn 57s)(0)

[Power Max 54]

:seta: Selecione e copie todo o texto destacado em vermelho que te passei.

_____________________________________________________________________________________________________________

 

:seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

 

Copie este relatório e poste em sua próxima resposta e nos diga como está o PC depois disto.

[Murilo Cerizza 0]

O problema persiste.

 

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014

Fichier d'export Registre :

Run by Murilo at 30/06/2014 13:44:48

High Elevated Privileges : OK

Windows 7 Enterprise Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 09s)

Reparação de atalhos do navegador

========== Pastas ==========

Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========

ELIMINA REINICIAR: c:\windows\system32\drivers\isafekrnlboot.sys

ELIMINÉ Temporários windows (35) (1.985.787 octets)

ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========

Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========

1 : Pastas

3 : Ficheiros

1 : Restauração Sistema

End of clean in 00mn 20s

========== Caminho do ficheiro do relatório ==========

C:\Users\Murilo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/06/2014 16:01:21 [479]

C:\Users\Murilo\AppData\Roaming\ZHP\ZHPFix[R2].txt - 28/06/2014 02:20:23 [2913]

C:\Users\Murilo\AppData\Roaming\ZHP\ZHPFix[R3].txt - 29/06/2014 15:16:15 [1251]

C:\Users\Murilo\AppData\Roaming\ZHP\ZHPFix[R4].txt - 30/06/2014 13:44:58 [1090]

[Power Max 54]

Tudo indica que não tenha relação com vírus ou qualquer outra coisa do tipo. Se fosse problema de vírus, com a formatação teria sido resolvido.

 

Seu PC estava com adwares, mas eles já foram removidos.

 

Pode ser algum problema de hardware, mas aí neste caso seria preciso levar na assistência técnica para resolver.

[Murilo Cerizza 0]

entendo. obrigado pela ajuda.

[Power Max 54]

Tópico Arquivado

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.