[Resolvido] PC Lento e ficando sem som

[sr.silva 1]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 08:25:25, on 25/07/2014

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v10.0 (10.00.9200.17028)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Users\Rose\AppData\Roaming\uTorrent\uTorrent.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll

O2 - BHO: G-Buster Browser Defense BANESTES - {C41A1C0E-EA6C-11D4-B1B8-444553540017} - C:\Program Files (x86)\GbPlugin\gbiehbnt.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [RadioController] "C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [HP Deskjet 3510 series (NET)] "C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" -deviceID "BR33LFB2JY05TY:NW" -scfn "HP Deskjet 3510 series (NET)" -AutoStart 1

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Users\Rose\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKUS\S-1-5-19\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SISTEMA')

O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')

O4 - Startup: Curse.lnk = Rose\AppData\Roaming\Curse Client\Bin\Curse.exe

O4 - Global Startup: Acer Backup Manager Tray.lnk = C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: seg.banestes.com.br

O15 - Trusted Zone: www.banestes.com.br

O15 - Trusted Zone: wwws.banestes.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: www.santander.com.br

O15 - Trusted Zone: www.santanderempresarial.com.br

O15 - Trusted Zone: www.santandernet.com.br

O15 - Trusted Zone: wwws.santandernet.com.br

O15 - Trusted Zone: wwws2.santandernet.com.br

O15 - Trusted Zone: www.santandernetibe.com.br

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginBnt - C:\Program Files (x86)\GbPlugin\gbiehBnt.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Broadcom Card Reader Service (BrcmCardReader) - Broadcom Corp. - C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe

O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe

O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe

--

End of file - 13076 bytes

[DigRam 144]

Boa Noite! sr.silva

 

|- Baixe: < > ( ... par Xplode )

|- Ao acessar,clique na imagem: < >

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como

|- Ps: Dê início ao scan,clicando em "Examinar".

|- Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.

|- Copie o log ou clique "Relatório".

|- Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >

Abs!

[sr.silva 1]

# AdwCleaner v3.301 - Relatório criado 30/07/2014 às 09:57:21

# Atualizado 28/07/2014 por Xplode

# Sistema Operacional : Windows 8 Single Language (64 bits)

# Usuário : Rose

# Executando de : C:\Users\Rose\Downloads\adwcleaner_3.301.exe

# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

***** [ Tarefas ] *****

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKCU\Software\Conduit

Chave Deletedo : HKCU\Software\Softonic

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.17028

-\\ Google Chrome v36.0.1985.125

[ Arquivo : C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [6632 octets] - [15/09/2013 15:03:13]

AdwCleaner[R1].txt - [10919 octets] - [19/07/2014 21:17:47]

AdwCleaner[R2].txt - [1226 octets] - [30/07/2014 09:56:23]

AdwCleaner[s0].txt - [6271 octets] - [15/09/2013 15:04:59]

AdwCleaner[s1].txt - [10036 octets] - [19/07/2014 21:18:34]

AdwCleaner[s2].txt - [1044 octets] - [30/07/2014 09:57:21]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1104 octets] ##########

[DigRam 144]

Boa Tarde! sr.silva

 

|- Baixe: < ZHPDiag2.exe > < > ( ... de Nicolas Coolman )

|- Salve-o no disco local! ( C ou D )

|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

|- Execute o ícone do pergaminho. ( ZHPDiag )

|- Clique "COMPLETA" e aguarde a conclusão!

|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )

|- Ps: Se o log for extenso,envie-o à Pjjoint.malekal.

|- Ou acesse: < >

|- Maiores informações: < |Link| >

A+

[sr.silva 1]

Segue link..

 

http://pjjoint.malekal.com/files.php?read=20140804_d5c10z9k9d7

[DigRam 144]

Boa Noite! sr.silva

|- Execute este script na ferramenta ZHPFix.

|- Copie estas informações que estão em vermelho,para o Bloco de Notas.

|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )

|- À seguir,minimize o Bloco de Notas.

script zhpfix

P2 - FPN: [HKCU] [pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[MD5.45D18DC0CA53BFFAA11F992BEF63280D] [sPRF][16/09/2013] (.No owner - Setup/Uninstall.) -- C:\Users\Rose\AppData\Roaming\unins000.exe [706250]

[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [sPRF][07/01/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Rose\AppData\Roaming\unins001.exe [720082]

[MD5.169180F02ABCECA5DE72FC5EEBC861BB] [sPRF][20/01/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Rose\AppData\Roaming\unins002.exe [730322]

[MD5.A03592875F26DC6547E5B080BFC63A70] [sPRF][16/10/2013] (.No owner - Powered by BetterInstaller.) -- C:\Users\Rose\Desktop\DVDShrink_downloader_by_DVDShrink.exe [163352] =>Adware.MegaSearch

[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS.exe (.not file.) [0] =>Trojan.Keygen

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com

O39 - APT: AutoKMS - (...) -- C:\Windows\Tasks\AutoKMS.job [214] =>Trojan.Keygen

O39 - APT: AutoKMS - (...) -- C:\Windows\System32\Tasks\AutoKMS [214] =>Trojan.Keygen

O42 - Logiciel: Search-Results Toolbar - (.APN LLC.) [HKLM][64Bits] -- ilividtoolbargaw =>Adware.Bandoo

O43 - CFD: 16/10/2013 - 10:23:29 - [] ----D C:\Program Files (x86)\Baidu Security

O43 - CFD: 16/10/2013 - 10:30:19 - [] ----D C:\ProgramData\Baidu Security

O43 - CFD: 16/10/2013 - 10:23:29 - [] ----D C:\Users\Rose\AppData\Roaming\Baidu Security

O43 - CFD: 06/07/2013 - 00:19:10 - [] ----D C:\Program Files (x86)\MyFree Codec

O43 - CFD: 27/01/2014 - 04:39:39 - [] ----D C:\ProgramData\boost_interprocess

O43 - CFD: 04/07/2013 - 16:14:35 - [0] ----D C:\Users\Rose\AppData\Local\MusicPlayer

O45 - LFCP:[MD5.3FDA1843202679D8DF26AFEEDF31EB40] - 25/07/2014 - 08:39:35 ---A- - C:\Windows\Prefetch\SOFTONICDOWNLOADER_PARA_POCKE-ED6636E9.pf =>Toolbar.Conduit

http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit

O51 - MPSK:{7da3b545-9f5a-11e3-bebc-208984082313}\AutoRun\command. (...) -- F:\LGAutoRun.exe (.not file.)

O51 - MPSK:{9861d387-5c4e-11e3-bea7-208984082313}\AutoRun\command. (...) -- F:\LGAutoRun.exe (.not file.)

O61 - LFC: 28/07/2014 - 19:36:33 ---A- . (...) -- C:\Users\Rose\AppData\Local\Temp\Quarantine.exe [384485]

[HKCU\Software\Baidu Security]

[HKCU\Software\ilividtoolbargaw] =>Adware.Bandoo

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmartbarExeInstaller_RASAPI32 =>Hijacker.SmartBar

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmartbarExeInstaller_RASMANCS =>Hijacker.SmartBar

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbargaw] =>Adware.Bandoo^

[HKCU\Software\ilividtoolbargaw] =>Adware.Bandoo^

C:\Windows\Tasks\AutoKMS.job =>Trojan.Keygen^

C:\Windows\System32\Tasks\AutoKMS =>Trojan.Keygen^

C:\Users\Rose\Desktop\DVDShrink_downloader_by_DVDShrink.exe =>Adware.MegaSearch^

C:\Users\Rose\AppData\Local\Temp\MoviesToolbarSetup_Somoto_9_10_2013.exe =>Adware.MegaSearch

C:\Users\Rose\AppData\Local\Temp\180713_y.exe =>PUP.DealPly

C:\Users\Rose\AppData\Local\Temp\appshat-distribution.exe =>Adware.MegaSearch

C:\Users\Rose\AppData\Local\Temp\dp.exe =>PUP.DealPly

C:\Users\Rose\AppData\Local\Temp\nsw6AF4.tmp =>Adware.MegaSearch

C:\Users\Rose\AppData\Local\Temp\UpdateCheckerSetup.exe =>Adware.MegaSearch

firewallraz

emptytemp

|- Abra a ferramenta ZHPFix. < >

|- Clique IMPORTAÇÃO >> OK.

|- Clique "GO".

|- Poste o relatório!

A+

[sr.silva 1]

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014

Fichier d'export Registre :

Run by Rose at 05/08/2014 08:14:12

High Elevated Privileges : OK

Windows 8 Home Premium Edition, 64-bit (Build 9200)

Reciclagem vazia (01mn 10s)

========== Softwares ==========

AUSENTE Uninstall Process: c:\progra~2\search~1\datamngr\srtool~1\uninstall.exe

========== Processo memória ==========

ELIMINÉ: Memory Process: C:\Users\Rose\Desktop\DVDShrink_downloader_by_DVDShrink.exe

ELIMINÉ: Memory Process: C:\Users\Rose\AppData\Local\Temp\MoviesToolbarSetup_Somoto_9_10_2013.exe

ELIMINÉ: Memory Process: C:\Users\Rose\AppData\Local\Temp\180713_y.exe

ELIMINÉ: Memory Process: C:\Users\Rose\AppData\Local\Temp\appshat-distribution.exe

ELIMINÉ: Memory Process: C:\Users\Rose\AppData\Local\Temp\dp.exe

ELIMINÉ: Memory Process: C:\Users\Rose\AppData\Local\Temp\UpdateCheckerSetup.exe

========== Chaves do Registo ==========

ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbargaw]

ELIMINÉ: Mozilla Plugin: pandonetworks.com/PandoWebPlugin

ELIMINÉ CLSID MPSK: {7da3b545-9f5a-11e3-bebc-208984082313}

ELIMINÉ CLSID MPSK: {9861d387-5c4e-11e3-bea7-208984082313}

ELIMINÉ: HKCU\Software\Baidu Security

ELIMINÉ: HKCU\Software\ilividtoolbargaw

ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmartbarExeInstaller_RASAPI32

ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmartbarExeInstaller_RASMANCS

========== Valores do Registo ==========

Ausente Valor Perfil Padrão: FirewallRaz :

Ausente Valor Perfil Domínio FirewallRaz :

ELIMINÉ: FirewallRaz (Domain) : {808F1451-4108-46FD-ADBB-F17324B5F0BD}

ELIMINÉ: FirewallRaz (Domain) : {E7985E1D-C36F-4787-80A8-6350D07E9266}

ELIMINÉ: FirewallRaz (Domain) : NetPres-In-TCP-NoScope

ELIMINÉ: FirewallRaz (Domain) : NetPres-Out-TCP-NoScope

ELIMINÉ: FirewallRaz (None) : NetPres-WSD-In-UDP

ELIMINÉ: FirewallRaz (None) : NetPres-WSD-Out-UDP

ELIMINÉ: FirewallRaz (Public) : NetPres-In-TCP

ELIMINÉ: FirewallRaz (Public) : NetPres-Out-TCP

ELIMINÉ: FirewallRaz (None) : MCX-Prov-Out-TCP

ELIMINÉ: FirewallRaz (None) : MCX-McrMgr-Out-TCP

ELIMINÉ: FirewallRaz (Public) : {F7BD2C54-9DBB-413A-98B1-484DB898C371}

ELIMINÉ: FirewallRaz (Public) : {640F5DBB-6D8A-4D32-B71F-EA23092D0F5B}

ELIMINÉ: FirewallRaz (None) : {824A3541-ED14-4621-AEDA-28A522A638DB}

ELIMINÉ: FirewallRaz (None) : {FC4A8001-74B6-415F-8AE1-5D7D8AD5CDCC}

ELIMINÉ: FirewallRaz (Private) : {566563F0-A99E-4C4F-8F06-8EE2B410AB8A}

ELIMINÉ: FirewallRaz (Private) : {6A8FACA0-1775-4213-B46B-0E52099BE4AD}

ELIMINÉ: FirewallRaz (Private) : TCP Query User{2CA380E0-9A99-4693-895E-F0C10F54C5A0}C:\program files (x86)\ares\ares.exe

ELIMINÉ: FirewallRaz (Private) : UDP Query User{2CBF0673-9827-417D-A6B1-DAA9F23DADE7}C:\program files (x86)\ares\ares.exe

ELIMINÉ: FirewallRaz (Public) : TCP Query User{B052745E-1CE4-42F2-A15D-E89134D874C7}C:\program files (x86)\symantec\norton online backup\nobuclient.exe

ELIMINÉ: FirewallRaz (Public) : UDP Query User{7989D434-AD23-471F-A649-AD6AAD89A14D}C:\program files (x86)\symantec\norton online backup\nobuclient.exe

========== Elementos dos dados do Registo ==========

ELIMINÉ: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page

ELIMINÉ: R0 - Main,Start Page = KCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page

SUBSTITUI Value NoActiveDesktopChanges : Good (0) - Bad (1)

========== Pastas ==========

ELIMINÉ: C:\Program Files (x86)\Baidu Security

ELIMINÉ: C:\ProgramData\Baidu Security

ELIMINÉ: C:\Users\Rose\AppData\Roaming\Baidu Security

ELIMINÉ: C:\Program Files (x86)\MyFree Codec

ELIMINÉ: C:\ProgramData\boost_interprocess

ELIMINÉ: C:\Users\Rose\AppData\Local\MusicPlayer

ELIMINÉ Temporários windows (0)

========== Ficheiros ==========

ELIMINÉ: c:\program files (x86)\pando networks\media booster\nppandowebplugin.dll

ELIMINÉ: c:\windows\prefetch\softonicdownloader_para_pocke-ed6636e9.pf

ELIMINÉ: c:\users\rose\appdata\local\temp\quarantine.exe

ELIMINÉ: C:\Users\Rose\AppData\Local\Temp\nsw6AF4.tmp

ELIMINÉ Temporários windows (0) (0 octets)

========== Tarefa planificada ==========

ELIMINÉ: AutoKMS

========== Outros ==========

NÃO-TRATADO http://nicolascoolma...toolbar-conduit

========== Recapitulativo ==========

6 : Processo memória

8 : Chaves do Registo

22 : Valores do Registo

3 : Elementos dos dados do Registo

7 : Pastas

5 : Ficheiros

1 : Softwares

1 : Tarefa planificada

1 : Outros

End of clean in 06mn 58s

========== Caminho do ficheiro do relatório ==========

C:\Users\Rose\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/08/2014 08:15:23 [4606]

[DigRam 144]

Bom Dia! sr.silva

|- Foram encontrados processos na memória,que causam lentidão na máquina.

|- Siga,na ordem estabelecida,estas instruções!

|- Baixe: < > ( ... by Oleg N. Scherbakov )

|- Salve-o no desktop!

|- Desabilite seu antivírus!

|- Para Windows 7,clique direito em JRT.exe e execute-o ...

|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

|- Baixe: < NCDiag > < > ( ... de Nicolas Coolman )

|- Clique direito em NCDiag.exe e execute-o como administrador.

|- Aguarde a conclusão,que é rápida,e poste o relatório! ( NCScript.txt )

|- Serão 2 relatórios! ( NCDiag.txt e NCScript.txt )

|- Ps: Disponibilize o relatório NCDiag.txt em

A+

[sr.silva 1]

JRT.txt

http://cjoint.com/14au/DHirexulQV2.htm

NCDiag.txt

http://cjoint.com/14au/DHire6Yi7tP.htm

[DigRam 144]

Boa Noite! sr.silva

|- Execute este script na ferramenta ZHPFix.

|- Copie estas informações que estão em vermelho,para o Bloco de Notas.

|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c

|- À seguir,minimize o Bloco de Notas.

Script ZHPFix

FirewallRaz

EmptyPrefetch

EmptyTemp

EmptyFlash

C:\Users\Rose\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.µTorrent

C:\Users\Rose\Desktop\µTorrent.lnk =>P2P.µTorrent

C:\Users\Rose\AppData\Roaming\uTorrent\uTorrent.exe = >P2P.µTorrent =>P2P.µTorrent

C:\Users\Public\Desktop\Netflix.lnk =>Hijacker.Browser

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.µTorrent

[HKUS\S-1-5-21-4234301874-2312579503-1689864410-1002\S-1-5-21-4234301874-2312579503-1689864410-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.µTorrent

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{980A182F-E0A2-4A40-94C1-AE0C1235902E} =>P2P.Pando

HKLM\SOFTWARE\Wow6432Node\Pando Networks =>P2P.Pando

HKCU\Software\BitTorrent =>P2P.BitTorrent

HKCU\Software\Pando Networks =>P2P.Pando

C:\Program Files (x86)\Pando Networks =>P2P.Pando

C:\Users\Rose\AppData\Roaming\uTorrent =>P2P.µTorrent

C:\Users\Rose\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe =>P2P.Pando

[HKCR\CLSID\{33BCC8EC-0D01-4E10-AD3D-4DAF749873ED}] (Browser Application State) =>PUP.BrowserApp

[HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] (Groove GFS Browser Helper) =>Trojan.FindFDSearch

[HKCR\CLSID\{ADBE6DEC-9B04-4A3D-A09C-4BB38EF1351C}] (XAML Browser Application) =>PUP.BrowserApp

[HKCR\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}] (Browser Application State) =>PUP.BrowserApp

C:\Windows\Prefetch\UTORRENT.EXE-BB3A126A.pf =>P2P.µTorrent

EmptyCLSID

|- Abra a ferramenta ZHPFix. < >

|- Clique IMPORTAÇÃO >> OK.

|- Clique "GO".

|- Poste o relatório!

#####

#####

... Editando!

< TORCH >

|- Vá à este endereço,e instale o TORCHBrowser.
|- Ps: Como gostas de jogos,Torrents e Players,este navegador seria mais adequado à esse propósito.

< >

|- Faça seus ensaios e se gostar,pode até desinstalar o Google Chrome e ficar com o TORCH.



|- Clique "TORCH Free Download ou,caso queira,pode utilizar a instalação offline.

A+

[sr.silva 1]

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014

Fichier d'export Registre :

Run by Rose at 11/08/2014 05:12:01

High Elevated Privileges : OK

Windows 8 Home Premium Edition, 64-bit (Build 9200)

Reciclagem vazia (00mn 06s)

Prefetcher vazio

========== Processo memória ==========

ELIMINA REINICIAR: Memory Process: C:\Users\Rose\AppData\Roaming\uTorrent\uTorrent.exe

ELIMINÉ: Memory Process: C:\Windows\Prefetch\UTORRENT.EXE-BB3A126A.pf

========== Chaves do Registo ==========

ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Pando Networks

ELIMINÉ: HKCU\Software\BitTorrent

ELIMINÉ: HKCU\Software\Pando Networks

ELIMINÉ:³ HKCR\CLSID\{33BCC8EC-0D01-4E10-AD3D-4DAF749873ED}

ELIMINÉ:* HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

ELIMINÉ:³ HKCR\CLSID\{ADBE6DEC-9B04-4A3D-A09C-4BB38EF1351C}

ELIMINÉ:³ HKCR\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}

========== Valores do Registo ==========

Ausente Valor Perfil Padrão: FirewallRaz :

Ausente Valor Perfil Domínio FirewallRaz :

ELIMINÉ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent

========== Pastas ==========

Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========

ELIMINÉ Temporários windows (0) (0 octets)

ELIMINÉ Flash Cookies (0) (0 octets)

ELIMINÉ: C:\Users\Rose\Desktop\µTorrent.lnk

ELIMINÉ: C:\Users\Public\Desktop\Netflix.lnk

========== Recapitulativo ==========

2 : Processo memória

7 : Chaves do Registo

3 : Valores do Registo

1 : Pastas

4 : Ficheiros

End of clean in 00mn 26s

========== Caminho do ficheiro do relatório ==========

C:\Users\Rose\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/08/2014 08:15:23 [4685]

C:\Users\Rose\AppData\Roaming\ZHP\ZHPFix[R2].txt - 11/08/2014 05:12:09 [1680]

=====

Amigo, nunca ouvi falar desse navegador.

O que ele tem de "interessante" que os outros não tem?

[DigRam 144]

Bom Dia! sr.silva

Amigo, nunca ouvi falar desse navegador.

O que ele tem de "interessante" que os outros não tem?

< Quais as funcionalidades do Torch Browser > << Link!

|- As análises e comentários realizados no Baixaki,são ótimas para quem quer conhecer o Torch. Eu instalei em meu PC e estou muito satisfeito com seu desempenho.

|- Recomendo apenas que,durante a instalação,desmarque as caixinhas que instalam a Ask Toolbar.

|- Ps: O uTorrent foi desinstalado,já que fazia parte do script automático de NCDiag e que apresentou processos na memória.

|- Posteriormente,podes reinstalar o uTorrent (Bit Torrent) mas na observação dos sintomas que podem gerar ao causar alguma lentidão.

(|- Devemos ressaltar,também,a instalação de programas afiliados que o mesmo costuma realizar,mesmo desmarcando suas caixinhas.

-/-

|- Como está o computador? Ainda predominam os sintomas que o incomodam?

|- Caso queira,pode executar essa verificação,online,em Eset.

-/-

|- Execute escaneamento online em Eset. << Link!

|- Utilize o navegador "Internet Explorer 64 bits",para essa tarefa!

|- Tecle Windows+R e na caixa Executar,copie e cole: C:\Program Files\Internet Explorer\iexplore.exe

|- Dê o OK.

|- Com isso,o IE 64 bits irá rodar.

|- Siga,conforme a imagem,essa verificação ou scan.

|- Ao concluir,teremos em "Resultados do rastreamento" a opção "Exportar para arquivo de texto...".

|- Marque a caixa "Delete Quarantined files" >> Clique em FINISH.

|- Escolha o desktop e nomeie o relatório como Eset_log.

|- Poste esse relatório!

|- Ps: Caso nada seja detectado,não teremos relatório ou lista presente.

Abs!

[sr.silva 1]

Amigo..

 

Scan em andamento..

 

A princípio não tinha conseguido, mas agora foi!

[sr.silva 1]

Depois de 4horas de Scan...

C:\Users\Rose\Downloads\DTLite4471-0333.exe Win32/OpenCandy potentially unsafe application

C:\Users\Rose\Downloads\Pconverter (1).exe Win32/OpenCandy potentially unsafe application

C:\Users\Rose\Downloads\Pconverter.exe Win32/OpenCandy potentially unsafe application

C:\Users\Rose\Downloads\UnlockRoot v2.3.1.exe multiple threats

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[2].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[3].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[2].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[3].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultstb.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined

C:\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application deleted - quarantined

C:\Users\Rose\AppData\Local\Temp\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application deleted - quarantined

C:\Users\Rose\Downloads\bsplayer265.1074.exe Win32/OpenCandy potentially unsafe application deleted - quarantined

C:\Users\Rose\Downloads\Download.By.Tutoriaisid.blogspot.com.br.rar a variant of MSIL/HackKMS.A potentially unsafe application deleted - quarantined

C:\Users\Rose\Downloads\DTLite4471-0333 (1).exe Win32/OpenCandy potentially unsafe application deleted - quarantined

[DigRam 144]

Boa Tarde! sr.silva

|- Como está o PC? Ainda persistem os problemas?

-/-

|- Baixe: |DelFix| ( ... de Xplode )

|- Estando na página,clique Download Now.

|- Salve-a em um local conveniente! ( desktop! )

|- Feche aplicativos que estejam abertos.

|- Com as caixinhas marcadas!

|- Clique Executar!

|- Clique "Run".

-/-

|- Baixe: < JetClean 1.5.0 > ( ... by BlueSprig.com )

< Maiores informações! > << Leia aqui!

|- Salve-o em Arquivos de programas. ( jetclean-setup.exe )

|- Instale o software,tendo cuidado de desmarcar a instalação de programas afiliados.

|- Estando na Guia "1-Click",preferencialmente,vá em "Scan Now".

|- Escolha: Shut down PC after Repair

|- Ou escolhendo a opção "Scan & Repair",sem o reboot do PC.

|- Aguarde a conclusão,que mostrará um painel com indicações ou correções em verde.

|- Informe!

Abs!

[sr.silva 1]

DigRam..

 

Meu computador está "ok" amigo.

 

Não consegui visualizar as correções em verde pois deixei executando e sai da frente do pc.

 

No mais, só quero agradecer pela atenção e ajuda prestada.

 

Obrigado!!! :coolio: :coolio: :coolio:

 

E até o próximo problema!!! :assobiando:

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.