Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

sr.silva

[Resolvido] PC Lento e ficando sem som

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 08:25:25, on 25/07/2014

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v10.0 (10.00.9200.17028)

Boot mode: Normal


Running processes:

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Users\Rose\AppData\Roaming\uTorrent\uTorrent.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll

O2 - BHO: G-Buster Browser Defense BANESTES - {C41A1C0E-EA6C-11D4-B1B8-444553540017} - C:\Program Files (x86)\GbPlugin\gbiehbnt.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [RadioController] "C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [HP Deskjet 3510 series (NET)] "C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" -deviceID "BR33LFB2JY05TY:NW" -scfn "HP Deskjet 3510 series (NET)" -AutoStart 1

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Users\Rose\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKUS\S-1-5-19\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SISTEMA')

O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')

O4 - Startup: Curse.lnk = Rose\AppData\Roaming\Curse Client\Bin\Curse.exe

O4 - Global Startup: Acer Backup Manager Tray.lnk = C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: seg.banestes.com.br

O15 - Trusted Zone: www.banestes.com.br

O15 - Trusted Zone: wwws.banestes.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: www.santander.com.br

O15 - Trusted Zone: www.santanderempresarial.com.br

O15 - Trusted Zone: www.santandernet.com.br

O15 - Trusted Zone: wwws.santandernet.com.br

O15 - Trusted Zone: wwws2.santandernet.com.br

O15 - Trusted Zone: www.santandernetibe.com.br

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginBnt - C:\Program Files (x86)\GbPlugin\gbiehBnt.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Broadcom Card Reader Service (BrcmCardReader) - Broadcom Corp. - C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe

O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe

O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe


--

End of file - 13076 bytes


Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! sr.silva

 

|- Baixe: < AdwCleaner_Logo2_zps580bcd78.jpg > ( ... par Xplode )
|- Ao acessar,clique na imagem: < download-button-jdownloads.png >
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como Executar_Administrador.jpg
advz4z8Y.jpg
|- Ps: Dê início ao scan,clicando em "Examinar".
|- Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
|- Copie o log ou clique "Relatório".
|- Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >
Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites
# AdwCleaner v3.301 - Relatório criado 30/07/2014 às 09:57:21

# Atualizado 28/07/2014 por Xplode

# Sistema Operacional : Windows 8 Single Language (64 bits)

# Usuário : Rose

# Executando de : C:\Users\Rose\Downloads\adwcleaner_3.301.exe

# Opção : Limpar


***** [ Serviços ] *****



***** [ Arquivos / Pastas ] *****



***** [ Tarefas ] *****



***** [ Atalhos ] *****



***** [ Registro ] *****


Chave Deletedo : HKCU\Software\Conduit

Chave Deletedo : HKCU\Software\Softonic


***** [ Navegadores ] *****


-\\ Internet Explorer v10.0.9200.17028



-\\ Google Chrome v36.0.1985.125


[ Arquivo : C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\preferences ]



*************************


AdwCleaner[R0].txt - [6632 octets] - [15/09/2013 15:03:13]

AdwCleaner[R1].txt - [10919 octets] - [19/07/2014 21:17:47]

AdwCleaner[R2].txt - [1226 octets] - [30/07/2014 09:56:23]

AdwCleaner[s0].txt - [6271 octets] - [15/09/2013 15:04:59]

AdwCleaner[s1].txt - [10036 octets] - [19/07/2014 21:18:34]

AdwCleaner[s2].txt - [1044 octets] - [30/07/2014 09:57:21]


########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1104 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! sr.silva

 

|- Baixe: < ZHPDiag2.exe > < NicolasCoolman.jpg > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.
ZHPDiag_Pergaminho2_zps6e758639.jpg
|- Execute o ícone do pergaminho. ( ZHPDiag )
ZHPDiagCompleta_zpse85ea35b.jpg
|- Clique "COMPLETA" e aguarde a conclusão!
zhpdia11.png
|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Se o log for extenso,envie-o à Pjjoint.malekal.
|- Ou acesse: < Cjoint_Logo.jpg >
|- Maiores informações: < |Link| >
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa Noite! sr.silva


|- Execute este script na ferramenta ZHPFix.

|- Copie estas informações que estão em vermelho,para o Bloco de Notas.

|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )

|- À seguir,minimize o Bloco de Notas.


script zhpfix

P2 - FPN: [HKCU] [pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[MD5.45D18DC0CA53BFFAA11F992BEF63280D] [sPRF][16/09/2013] (.No owner - Setup/Uninstall.) -- C:\Users\Rose\AppData\Roaming\unins000.exe [706250]

[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [sPRF][07/01/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Rose\AppData\Roaming\unins001.exe [720082]

[MD5.169180F02ABCECA5DE72FC5EEBC861BB] [sPRF][20/01/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Rose\AppData\Roaming\unins002.exe [730322]

[MD5.A03592875F26DC6547E5B080BFC63A70] [sPRF][16/10/2013] (.No owner - Powered by BetterInstaller.) -- C:\Users\Rose\Desktop\DVDShrink_downloader_by_DVDShrink.exe [163352] =>Adware.MegaSearch

[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS.exe (.not file.) [0] =>Trojan.Keygen

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com

O39 - APT: AutoKMS - (...) -- C:\Windows\Tasks\AutoKMS.job [214] =>Trojan.Keygen

O39 - APT: AutoKMS - (...) -- C:\Windows\System32\Tasks\AutoKMS [214] =>Trojan.Keygen

O42 - Logiciel: Search-Results Toolbar - (.APN LLC.) [HKLM][64Bits] -- ilividtoolbargaw =>Adware.Bandoo

O43 - CFD: 16/10/2013 - 10:23:29 - [] ----D C:\Program Files (x86)\Baidu Security

O43 - CFD: 16/10/2013 - 10:30:19 - [] ----D C:\ProgramData\Baidu Security

O43 - CFD: 16/10/2013 - 10:23:29 - [] ----D C:\Users\Rose\AppData\Roaming\Baidu Security

O43 - CFD: 06/07/2013 - 00:19:10 - [] ----D C:\Program Files (x86)\MyFree Codec

O43 - CFD: 27/01/2014 - 04:39:39 - [] ----D C:\ProgramData\boost_interprocess

O43 - CFD: 04/07/2013 - 16:14:35 - [0] ----D C:\Users\Rose\AppData\Local\MusicPlayer

O45 - LFCP:[MD5.3FDA1843202679D8DF26AFEEDF31EB40] - 25/07/2014 - 08:39:35 ---A- - C:\Windows\Prefetch\SOFTONICDOWNLOADER_PARA_POCKE-ED6636E9.pf =>Toolbar.Conduit


O51 - MPSK:{7da3b545-9f5a-11e3-bebc-208984082313}\AutoRun\command. (...) -- F:\LGAutoRun.exe (.not file.)

O51 - MPSK:{9861d387-5c4e-11e3-bea7-208984082313}\AutoRun\command. (...) -- F:\LGAutoRun.exe (.not file.)

O61 - LFC: 28/07/2014 - 19:36:33 ---A- . (...) -- C:\Users\Rose\AppData\Local\Temp\Quarantine.exe [384485]

[HKCU\Software\Baidu Security]

[HKCU\Software\ilividtoolbargaw] =>Adware.Bandoo

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmartbarExeInstaller_RASAPI32 =>Hijacker.SmartBar

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmartbarExeInstaller_RASMANCS =>Hijacker.SmartBar

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbargaw] =>Adware.Bandoo^

[HKCU\Software\ilividtoolbargaw] =>Adware.Bandoo^

C:\Windows\Tasks\AutoKMS.job =>Trojan.Keygen^

C:\Windows\System32\Tasks\AutoKMS =>Trojan.Keygen^

C:\Users\Rose\Desktop\DVDShrink_downloader_by_DVDShrink.exe =>Adware.MegaSearch^

C:\Users\Rose\AppData\Local\Temp\MoviesToolbarSetup_Somoto_9_10_2013.exe =>Adware.MegaSearch

C:\Users\Rose\AppData\Local\Temp\180713_y.exe =>PUP.DealPly

C:\Users\Rose\AppData\Local\Temp\appshat-distribution.exe =>Adware.MegaSearch

C:\Users\Rose\AppData\Local\Temp\dp.exe =>PUP.DealPly

C:\Users\Rose\AppData\Local\Temp\nsw6AF4.tmp =>Adware.MegaSearch

C:\Users\Rose\AppData\Local\Temp\UpdateCheckerSetup.exe =>Adware.MegaSearch

firewallraz

emptytemp


|- Abra a ferramenta ZHPFix. < ZHPFix_logo2_zpsea0f2aa4.jpg >

|- Clique IMPORTAÇÃO >> OK.

|- Clique "GO".

|- Poste o relatório!


A+

Compartilhar este post


Link para o post
Compartilhar em outros sites
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014

Fichier d'export Registre :

Run by Rose at 05/08/2014 08:14:12

High Elevated Privileges : OK

Windows 8 Home Premium Edition, 64-bit (Build 9200)


Reciclagem vazia (01mn 10s)


========== Softwares ==========

AUSENTE Uninstall Process: c:\progra~2\search~1\datamngr\srtool~1\uninstall.exe


========== Processo memória ==========

ELIMINÉ: Memory Process: C:\Users\Rose\Desktop\DVDShrink_downloader_by_DVDShrink.exe

ELIMINÉ: Memory Process: C:\Users\Rose\AppData\Local\Temp\MoviesToolbarSetup_Somoto_9_10_2013.exe

ELIMINÉ: Memory Process: C:\Users\Rose\AppData\Local\Temp\180713_y.exe

ELIMINÉ: Memory Process: C:\Users\Rose\AppData\Local\Temp\appshat-distribution.exe

ELIMINÉ: Memory Process: C:\Users\Rose\AppData\Local\Temp\dp.exe

ELIMINÉ: Memory Process: C:\Users\Rose\AppData\Local\Temp\UpdateCheckerSetup.exe


========== Chaves do Registo ==========

ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbargaw]

ELIMINÉ: Mozilla Plugin: pandonetworks.com/PandoWebPlugin

ELIMINÉ CLSID MPSK: {7da3b545-9f5a-11e3-bebc-208984082313}

ELIMINÉ CLSID MPSK: {9861d387-5c4e-11e3-bea7-208984082313}

ELIMINÉ: HKCU\Software\Baidu Security

ELIMINÉ: HKCU\Software\ilividtoolbargaw

ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmartbarExeInstaller_RASAPI32

ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmartbarExeInstaller_RASMANCS


========== Valores do Registo ==========

Ausente Valor Perfil Padrão: FirewallRaz :

Ausente Valor Perfil Domínio FirewallRaz :

ELIMINÉ: FirewallRaz (Domain) : {808F1451-4108-46FD-ADBB-F17324B5F0BD}

ELIMINÉ: FirewallRaz (Domain) : {E7985E1D-C36F-4787-80A8-6350D07E9266}

ELIMINÉ: FirewallRaz (Domain) : NetPres-In-TCP-NoScope

ELIMINÉ: FirewallRaz (Domain) : NetPres-Out-TCP-NoScope

ELIMINÉ: FirewallRaz (None) : NetPres-WSD-In-UDP

ELIMINÉ: FirewallRaz (None) : NetPres-WSD-Out-UDP

ELIMINÉ: FirewallRaz (Public) : NetPres-In-TCP

ELIMINÉ: FirewallRaz (Public) : NetPres-Out-TCP

ELIMINÉ: FirewallRaz (None) : MCX-Prov-Out-TCP

ELIMINÉ: FirewallRaz (None) : MCX-McrMgr-Out-TCP

ELIMINÉ: FirewallRaz (Public) : {F7BD2C54-9DBB-413A-98B1-484DB898C371}

ELIMINÉ: FirewallRaz (Public) : {640F5DBB-6D8A-4D32-B71F-EA23092D0F5B}

ELIMINÉ: FirewallRaz (None) : {824A3541-ED14-4621-AEDA-28A522A638DB}

ELIMINÉ: FirewallRaz (None) : {FC4A8001-74B6-415F-8AE1-5D7D8AD5CDCC}

ELIMINÉ: FirewallRaz (Private) : {566563F0-A99E-4C4F-8F06-8EE2B410AB8A}

ELIMINÉ: FirewallRaz (Private) : {6A8FACA0-1775-4213-B46B-0E52099BE4AD}

ELIMINÉ: FirewallRaz (Private) : TCP Query User{2CA380E0-9A99-4693-895E-F0C10F54C5A0}C:\program files (x86)\ares\ares.exe

ELIMINÉ: FirewallRaz (Private) : UDP Query User{2CBF0673-9827-417D-A6B1-DAA9F23DADE7}C:\program files (x86)\ares\ares.exe

ELIMINÉ: FirewallRaz (Public) : TCP Query User{B052745E-1CE4-42F2-A15D-E89134D874C7}C:\program files (x86)\symantec\norton online backup\nobuclient.exe

ELIMINÉ: FirewallRaz (Public) : UDP Query User{7989D434-AD23-471F-A649-AD6AAD89A14D}C:\program files (x86)\symantec\norton online backup\nobuclient.exe


========== Elementos dos dados do Registo ==========

ELIMINÉ: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page

ELIMINÉ: R0 - Main,Start Page = KCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page

SUBSTITUI Value NoActiveDesktopChanges : Good (0) - Bad (1)


========== Pastas ==========

ELIMINÉ: C:\Program Files (x86)\Baidu Security

ELIMINÉ: C:\ProgramData\Baidu Security

ELIMINÉ: C:\Users\Rose\AppData\Roaming\Baidu Security

ELIMINÉ: C:\Program Files (x86)\MyFree Codec

ELIMINÉ: C:\ProgramData\boost_interprocess

ELIMINÉ: C:\Users\Rose\AppData\Local\MusicPlayer

ELIMINÉ Temporários windows (0)


========== Ficheiros ==========

ELIMINÉ: c:\program files (x86)\pando networks\media booster\nppandowebplugin.dll

ELIMINÉ: c:\windows\prefetch\softonicdownloader_para_pocke-ed6636e9.pf

ELIMINÉ: c:\users\rose\appdata\local\temp\quarantine.exe

ELIMINÉ: C:\Users\Rose\AppData\Local\Temp\nsw6AF4.tmp

ELIMINÉ Temporários windows (0) (0 octets)


========== Tarefa planificada ==========

ELIMINÉ: AutoKMS


========== Outros ==========




========== Recapitulativo ==========

6 : Processo memória

8 : Chaves do Registo

22 : Valores do Registo

3 : Elementos dos dados do Registo

7 : Pastas

5 : Ficheiros

1 : Softwares

1 : Tarefa planificada

1 : Outros



End of clean in 06mn 58s


========== Caminho do ficheiro do relatório ==========

C:\Users\Rose\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/08/2014 08:15:23 [4606]

Compartilhar este post


Link para o post
Compartilhar em outros sites
Bom Dia! sr.silva


|- Foram encontrados processos na memória,que causam lentidão na máquina.

|- Siga,na ordem estabelecida,estas instruções!


|- Baixe: < 1268r49.png > ( ... by Oleg N. Scherbakov )


|- Salve-o no desktop!

|- Desabilite seu antivírus!

|- Para Windows 7,clique direito em JRT.exe e execute-o ... Executar_Administrador.jpg

|- Aguarde a conclusão e poste o relatório. ( JRT.txt )


|- Baixe: < NCDiag > < NicolasCoolman.jpg > ( ... de Nicolas Coolman )


|- Clique direito em NCDiag.exe e execute-o como administrador.

|- Aguarde a conclusão,que é rápida,e poste o relatório! ( NCScript.txt )

|- Serão 2 relatórios! ( NCDiag.txt e NCScript.txt )

|- Ps: Disponibilize o relatório NCDiag.txt em pub.gif

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa Noite! sr.silva
|- Execute este script na ferramenta ZHPFix.
|- Copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c
|- À seguir,minimize o Bloco de Notas.
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
C:\Users\Rose\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.µTorrent
C:\Users\Rose\Desktop\µTorrent.lnk =>P2P.µTorrent
C:\Users\Rose\AppData\Roaming\uTorrent\uTorrent.exe = >P2P.µTorrent =>P2P.µTorrent
C:\Users\Public\Desktop\Netflix.lnk =>Hijacker.Browser
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.µTorrent
[HKUS\S-1-5-21-4234301874-2312579503-1689864410-1002\S-1-5-21-4234301874-2312579503-1689864410-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.µTorrent
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{980A182F-E0A2-4A40-94C1-AE0C1235902E} =>P2P.Pando
HKLM\SOFTWARE\Wow6432Node\Pando Networks =>P2P.Pando
HKCU\Software\BitTorrent =>P2P.BitTorrent
HKCU\Software\Pando Networks =>P2P.Pando
C:\Program Files (x86)\Pando Networks =>P2P.Pando
C:\Users\Rose\AppData\Roaming\uTorrent =>P2P.µTorrent
C:\Users\Rose\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe =>P2P.Pando
[HKCR\CLSID\{33BCC8EC-0D01-4E10-AD3D-4DAF749873ED}] (Browser Application State) =>PUP.BrowserApp
[HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] (Groove GFS Browser Helper) =>Trojan.FindFDSearch
[HKCR\CLSID\{ADBE6DEC-9B04-4A3D-A09C-4BB38EF1351C}] (XAML Browser Application) =>PUP.BrowserApp
[HKCR\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}] (Browser Application State) =>PUP.BrowserApp
C:\Windows\Prefetch\UTORRENT.EXE-BB3A126A.pf =>P2P.µTorrent
EmptyCLSID
|- Abra a ferramenta ZHPFix. < ZHPFix_logo2_zpsea0f2aa4.jpg >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!
#####
#####
... Editando!
< TORCH >

|- Vá à este endereço,e instale o TORCHBrowser.
|- Ps: Como gostas de jogos,Torrents e Players,este navegador seria mais adequado à esse propósito.
< Torch_Torrents_zps886dd1a9.jpg >

|- Faça seus ensaios e se gostar,pode até desinstalar o Google Chrome e ficar com o TORCH.

TORCHBrowser_zpsadf71aac.jpg

|- Clique "TORCH Free Download ou,caso queira,pode utilizar a instalação offline.
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014

Fichier d'export Registre :

Run by Rose at 11/08/2014 05:12:01

High Elevated Privileges : OK

Windows 8 Home Premium Edition, 64-bit (Build 9200)


Reciclagem vazia (00mn 06s)

Prefetcher vazio


========== Processo memória ==========

ELIMINA REINICIAR: Memory Process: C:\Users\Rose\AppData\Roaming\uTorrent\uTorrent.exe

ELIMINÉ: Memory Process: C:\Windows\Prefetch\UTORRENT.EXE-BB3A126A.pf


========== Chaves do Registo ==========

ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Pando Networks

ELIMINÉ: HKCU\Software\BitTorrent

ELIMINÉ: HKCU\Software\Pando Networks

ELIMINÉ:³ HKCR\CLSID\{33BCC8EC-0D01-4E10-AD3D-4DAF749873ED}

ELIMINÉ:* HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

ELIMINÉ:³ HKCR\CLSID\{ADBE6DEC-9B04-4A3D-A09C-4BB38EF1351C}

ELIMINÉ:³ HKCR\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}


========== Valores do Registo ==========

Ausente Valor Perfil Padrão: FirewallRaz :

Ausente Valor Perfil Domínio FirewallRaz :

ELIMINÉ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent


========== Pastas ==========

Nenhuma pasta CLSID local utilizador vazia


========== Ficheiros ==========

ELIMINÉ Temporários windows (0) (0 octets)

ELIMINÉ Flash Cookies (0) (0 octets)

ELIMINÉ: C:\Users\Rose\Desktop\µTorrent.lnk

ELIMINÉ: C:\Users\Public\Desktop\Netflix.lnk



========== Recapitulativo ==========

2 : Processo memória

7 : Chaves do Registo

3 : Valores do Registo

1 : Pastas

4 : Ficheiros



End of clean in 00mn 26s


========== Caminho do ficheiro do relatório ==========

C:\Users\Rose\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/08/2014 08:15:23 [4685]

C:\Users\Rose\AppData\Roaming\ZHP\ZHPFix[R2].txt - 11/08/2014 05:12:09 [1680]



=====


Amigo, nunca ouvi falar desse navegador.


O que ele tem de "interessante" que os outros não tem?

Compartilhar este post


Link para o post
Compartilhar em outros sites
Bom Dia! sr.silva

Amigo, nunca ouvi falar desse navegador.

O que ele tem de "interessante" que os outros não tem?

|- As análises e comentários realizados no Baixaki,são ótimas para quem quer conhecer o Torch. Eu instalei em meu PC e estou muito satisfeito com seu desempenho.
|- Recomendo apenas que,durante a instalação,desmarque as caixinhas que instalam a Ask Toolbar.
|- Ps: O uTorrent foi desinstalado,já que fazia parte do script automático de NCDiag e que apresentou processos na memória.
|- Posteriormente,podes reinstalar o uTorrent (Bit Torrent) mas na observação dos sintomas que podem gerar ao causar alguma lentidão.
(|- Devemos ressaltar,também,a instalação de programas afiliados que o mesmo costuma realizar,mesmo desmarcando suas caixinhas.
-/-
|- Como está o computador? Ainda predominam os sintomas que o incomodam?
|- Caso queira,pode executar essa verificação,online,em Eset.
-/-
|- Execute escaneamento online em Eset. << Link!
|- Utilize o navegador "Internet Explorer 64 bits",para essa tarefa!
|- Tecle Windows+R e na caixa Executar,copie e cole: C:\Program Files\Internet Explorer\iexplore.exe
|- Dê o OK.
|- Com isso,o IE 64 bits irá rodar.
th_Nod32.gif
|- Siga,conforme a imagem,essa verificação ou scan.
adkmMHUi.jpg
|- Ao concluir,teremos em "Resultados do rastreamento" a opção "Exportar para arquivo de texto...".
|- Marque a caixa "Delete Quarantined files" >> Clique em FINISH.
|- Escolha o desktop e nomeie o relatório como Eset_log.
|- Poste esse relatório!
|- Ps: Caso nada seja detectado,não teremos relatório ou lista presente.
Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Depois de 4horas de Scan...


C:\Users\Rose\Downloads\DTLite4471-0333.exe Win32/OpenCandy potentially unsafe application

C:\Users\Rose\Downloads\Pconverter (1).exe Win32/OpenCandy potentially unsafe application

C:\Users\Rose\Downloads\Pconverter.exe Win32/OpenCandy potentially unsafe application

C:\Users\Rose\Downloads\UnlockRoot v2.3.1.exe multiple threats

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[2].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[3].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[2].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[3].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultstb.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined

C:\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application deleted - quarantined

C:\Users\Rose\AppData\Local\Temp\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application deleted - quarantined

C:\Users\Rose\Downloads\bsplayer265.1074.exe Win32/OpenCandy potentially unsafe application deleted - quarantined

C:\Users\Rose\Downloads\Download.By.Tutoriaisid.blogspot.com.br.rar a variant of MSIL/HackKMS.A potentially unsafe application deleted - quarantined

C:\Users\Rose\Downloads\DTLite4471-0333 (1).exe Win32/OpenCandy potentially unsafe application deleted - quarantined

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa Tarde! sr.silva
|- Como está o PC? Ainda persistem os problemas?
-/-
|- Baixe: |DelFix| ( ... de Xplode )

DelFix_Download_zpsb5d944c7.jpg
|- Estando na página,clique Download Now.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.
DelFix_Executar_zpsd62f8dcc.jpg
|- Com as caixinhas marcadas!
|- Clique Executar!
|- Clique "Run".
-/-
|- Baixe: < JetClean 1.5.0 > ( ... by BlueSprig.com )
< Maiores informações! > << Leia aqui!
|- Salve-o em Arquivos de programas. ( jetclean-setup.exe )
adzVh9sP.jpg
|- Instale o software,tendo cuidado de desmarcar a instalação de programas afiliados.
|- Estando na Guia "1-Click",preferencialmente,vá em "Scan Now".
|- Escolha: Shut down PC after Repair
adkBv5Jp.jpg
|- Ou escolhendo a opção "Scan & Repair",sem o reboot do PC.
|- Aguarde a conclusão,que mostrará um painel com indicações ou correções em verde.
|- Informe!
Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

DigRam..

 

Meu computador está "ok" amigo.

 

Não consegui visualizar as correções em verde pois deixei executando e sai da frente do pc.

 

No mais, só quero agradecer pela atenção e ajuda prestada.

 

Obrigado!!! :coolio: :coolio: :coolio:

 

E até o próximo problema!!! :assobiando:

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.