[Resolvido] Pc congelando com 10 a 15 minutos de uso

Felipe Augusto de Godoy · Dezembro 25, 2014

Olá galera, sou novo aqui e por favor moderadores, me desculpem se estou postando na área errada.

É o seguinte, a configuração do meu PC é razoável e desde que o comprei ele vinha apresentando defeitos (tela azul em um período de 1 a 2 meses), mas eu não me importei em ativar a garantia. De uns tempos para cá ele havia aumentado a frequência de tela azul a cada semana que passava, de 1 tela azul por semana para 10 telas azuis em 1 dia. No começo parecia normal, a tela azul ocorria e ao terminar de salvar o minidump o computador reiniciava sozinho. Por aumentar a frequência de telas azuis fui em um fórum gringo da microsoft para obter ajuda. Eles mandaram upar o minidump e então me disseram para atualizar a BIOS, atualizar alguns drives que estavam causando tela azul e etc. Então as telas azuis pararam. Após um periodo de 6 meses, elas voltaram porém com um error code diferente: MEMORY_MANAGEMENT causado por ntoskrnl32.exe (o que descobri recentemente também).

Essa nova tela azul não fazia o computador reiniciar, apenas ficava na tela azul mesmo após o minidump ser despejado corretamente. Após um período de 2 meses (atualmente), o computador parou de dar tela azul e simplesmente congela do nada. Pesquisei vários casos parecidos com o meu e não encontrei um que resolvesse então vim postar aqui. Eu realizei procedimentos como testar a memória usando o memtest68 (encontrei 300 erros em 2 verificadas do memtest, mas nada preocupante pois testei o mesmo pente em um computador de um amigo e o mesmo não apresentou nenhum erro).

E o problema foi só piorando: ao inicializar o computador, algumas vezes, a tela da BIOS não aparecia e ficava tela preta infinitamente (até eu resetar, é claro), e o mesmo acontecia com a GPU, porém, a tela de BIOS aparecia e depois ficava uma tela preta com uns riscos vermelhos e brancos na parte de cima da tela, os quais iam aumentando conforme o pc ficasse ligado. (Obs.: com ou sem a GPU, quando conseguia ligar o computador, sempre quando freezava, a LED do CPU não piscava, apenas ficava aceso). Então eu removi a GPU e após vários resets consegui entrar no modo de reparo de inicialização (sem a GPU), e reparei a inicialização do computador e consegui ligá-lo novamente, porém, o mesmo problema de congelamento permanecia.

Descartei a possibilidade de ser a RAM, a GPU e o HD. Amanhã vou testar na casa de um amigo a minha fonte no PC dele. Outro detalhe: descobri que meu gravador de CD/DVD aparenta estar danificado, pois tentei dar boot pelo CD do windows para reparar e o mesmo ficou na tela preta com a barrinha " _ " piscando.

Estou postando este tópico pois, por algum milagre, consegui entrar pelo modo de segurança com rede (o qual não está congelando o PC após grande tempo de uso). Desconfio que possa ser algum vírus, pois, algumas vezes ao iniciar o computador a tela da BIOS não aparecia, como já relatei neste tópico.

Desculpem pela formatação que ficou horrível, mas qualquer informação adicional que precisarem para solucionar meu problema eu disponibilizo.

Mais uma observação: Meu computador sofreu bastante quedas de energia devido aos ótimos serviços da copel na minha rua --'

Configurações do PC:

I3 3220 3.30ghz;

Mobo Gigabyte GA-B75M-D2V;

RAM DDR3 Kingston 4GB

HD 320GB (não lembro a marca)

Fonte MyMax 420W

Agradeço desde já.

DigRam · Dezembro 25, 2014

/!\ Boa Tarde! Felipe Augusto de Godoy /!\

> Leia a Regra N° 02 e poste o log do HijackThis,conforme está ali orientado.

A+

Felipe Augusto de Godoy · Dezembro 25, 2014

Olá boa tarde DigRam, aqui está o log do HiJackThis. Observação: iniciei o computador em modo normal e tirei o cabo de rede e adivinha... O computador não congelou. O que isso pode significar?

Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:34:12, on 25/12/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: uTorrentBar_PT Toolbar - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files (x86)\uTorrentBar_PT\prxtbuTo0.dll (file missing)
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.aeriagames.com
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C31F5793-DD21-4E3B-9AD8-0E197C7FCF2D}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Firewall do AVG (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: @C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_core.dll,-101 (chromoting) - Google Inc. - C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7101 bytes

@EDIT:

Eu fui no msconfig e desativei todos os programas e serviços (exceto da microsoft) que não eram necessários (exceção: antivírus) na inicialização, porém, o computador ainda congelou.

Felipe Augusto de Godoy · Dezembro 25, 2014

Estou realizando todos os testes no modo de segurança, pois o modo normal é muito instável. Não sei se é necessário realizar os testes no modo normal, enfim...

Vou deixar aqui o log do scan pelo anti vírus (avg 2015).

http://www.cjoint.com/14dc/DLzv4MK9SYE.htm

DigRam · Dezembro 26, 2014

/!\ Boa Noite! Felipe Augusto de Godoy /!\

> Baixe: <

> ( ... par Xplode )

>

> Ou daqui: < AdwCleaner >

> Ao acessar,clique em "Download Now".

>

> Salve-o no desktop!

<

>

> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

> Ps: Dê início ao scan,clicando em "Examinar".

> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.

> Copie o log ou clique "Relatório".

> Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >

A+

Felipe Augusto de Godoy · Dezembro 26, 2014

Boa noite DigRam,

Eu já havia realizado a limpeza com o adwcleaner previamente, então, vou postar o log do mesmo. Fiz o scan novamente e o ADWCleaner não encontrou nenhuma nova entrada ou registry key.

Also, estarei online continuamente. Se puder/quiser acompanhar o tópico em "tempo real", agradeço :)

Log ADWCleaner 1

# AdwCleaner v4.106 - Relatório criado 25/12/2014 às 01:25:29
# Atualizado 21/12/2014 por Xplode
# Database : 2014-12-21.4 [Live]
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Usuario - USUARIO-PC
# Executando de : C:\Users\Usuario\Downloads\adwcleaner_4.106.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : APNMCP
[#] Serviço Deletada : d0e87c27

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\AskPartnerNetwork
Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\DSearchLink
Pasta Deletada : C:\ProgramData\StarApp
Pasta Deletada : C:\ProgramData\Tarma Installer
Pasta Deletada : C:\ProgramData\Trusted Publisher
Pasta Deletada : C:\ProgramData\Adblocker
Pasta Deletada : C:\ProgramData\savee On
Pasta Deletada : C:\ProgramData\savenushyare i
Pasta Deletada : C:\ProgramData\4b423998222d53f5
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\savenushyare i
Pasta Deletada : C:\Program Files (x86)\AskPartnerNetwork
Pasta Deletada : C:\Program Files (x86)\baidu
Pasta Deletada : C:\Program Files (x86)\Conduit
Pasta Deletada : C:\Program Files (x86)\Free Video Converter
Pasta Deletada : C:\Program Files (x86)\Optimizer Pro
Pasta Deletada : C:\Program Files (x86)\sw-booster
Pasta Deletada : C:\Program Files (x86)\WebSearch
Pasta Deletada : C:\Program Files (x86)\Adblocker
Pasta Deletada : C:\Program Files (x86)\savee On
Pasta Deletada : C:\Users\Usuario\AppData\Local\Temp\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Local\Temp\Smartbar
Pasta Deletada : C:\Program Files\PC Optimizer Pro
Pasta Deletada : C:\Users\Administrador\AppData\Local\Chromatic Browser
Pasta Deletada : C:\Users\Administrador\AppData\Local\torch
Pasta Deletada : C:\Users\Convidado\AppData\Local\Chromatic Browser
Pasta Deletada : C:\Users\Convidado\AppData\Local\torch
Pasta Deletada : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Pasta Deletada : C:\Users\HomeGroupUser$\AppData\Local\torch
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Local\Chromatic Browser
Pasta Deletada : C:\Users\Usuario\AppData\Local\Conduit
Pasta Deletada : C:\Users\Usuario\AppData\Local\eSupport.com
Pasta Deletada : C:\Users\Usuario\AppData\Local\lollipop
Pasta Deletada : C:\Users\Usuario\AppData\Local\Smartbar
Pasta Deletada : C:\Users\Usuario\AppData\Local\torch
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\Conduit
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\PriceGong
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\savenushyare i
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\337
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Updater
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Pasta Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
Pasta Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnbmfljfohghaepamnfokgggaejlmfol
Pasta Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljcgbedjplidkdjahbaalanadmjfgop
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\fibcabecdnignppiiedckmboejdhiaoa
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\fibcabecdnignppiiedckmboejdhiaoa
Pasta Deletada : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fibcabecdnignppiiedckmboejdhiaoa
Pasta Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fibcabecdnignppiiedckmboejdhiaoa
Arquivo Deletada : C:\END
Arquivo Deletada : C:\Windows\System32\roboot64.exe
Arquivo Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
Arquivo Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal

***** [ Tarefas ] *****

Tarefa Deletedo : BackgroundContainer Startup Task
Tarefa Deletedo : BitGuard

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pljcgbedjplidkdjahbaalanadmjfgop
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Chave Deletedo : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Adblocker.Adblocker
Chave Deletedo : HKLM\SOFTWARE\Classes\Adblocker.Adblocker.1.0
Chave Deletedo : HKCU\Software\532db8dbd6ae942
Chave Deletedo : HKLM\SOFTWARE\532db8dbd6ae942
Chave Deletedo : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-792098896
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecb
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_703c874a
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}
Chave Deletedo : HKLM\SOFTWARE\Classes\Toolbar.CT2851643
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{14F1EFBE-0BCB-9CE0-9703-0F8B04DED175}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{771DBA4E-EC9C-3B61-8B38-382D4A4699E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9EBDA2F4-99CC-75E3-555F-AAE30571D22D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{EAB5257A-1FB3-474C-9B42-231F52622E72}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14F1EFBE-0BCB-9CE0-9703-0F8B04DED175}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{771DBA4E-EC9C-3B61-8B38-382D4A4699E7}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9EBDA2F4-99CC-75E3-555F-AAE30571D22D}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{14F1EFBE-0BCB-9CE0-9703-0F8B04DED175}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{771DBA4E-EC9C-3B61-8B38-382D4A4699E7}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9EBDA2F4-99CC-75E3-555F-AAE30571D22D}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{14F1EFBE-0BCB-9CE0-9703-0F8B04DED175}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{771DBA4E-EC9C-3B61-8B38-382D4A4699E7}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9EBDA2F4-99CC-75E3-555F-AAE30571D22D}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{771DBA4E-EC9C-3B61-8B38-382D4A4699E7}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9EBDA2F4-99CC-75E3-555F-AAE30571D22D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{771DBA4E-EC9C-3B61-8B38-382D4A4699E7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{9EBDA2F4-99CC-75E3-555F-AAE30571D22D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{771DBA4E-EC9C-3B61-8B38-382D4A4699E7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9EBDA2F4-99CC-75E3-555F-AAE30571D22D}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Deletedo : HKCU\Software\APN PIP
Chave Deletedo : HKCU\Software\AskPartnerNetwork
Chave Deletedo : HKCU\Software\BABSOLUTION
Chave Deletedo : HKCU\Software\BI
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\DataMngr
Chave Deletedo : HKCU\Software\DataMngr_Toolbar
Chave Deletedo : HKCU\Software\Delta
Chave Deletedo : HKCU\Software\eSupport.com
Chave Deletedo : HKCU\Software\filescout
Chave Deletedo : HKCU\Software\Free Video Converter
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\pc optimizer pro
Chave Deletedo : HKCU\Software\RegisteredApplicationsEx
Chave Deletedo : HKCU\Software\SmartBar
Chave Deletedo : HKCU\Software\smartbarbackup
Chave Deletedo : HKCU\Software\smartbarlog
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\Tbccint_HKLM
Chave Deletedo : HKCU\Software\onekit
Chave Deletedo : HKCU\Software\Baidu
Chave Deletedo : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKCU\Software\AppDataLow\SProtector
Chave Deletedo : HKCU\Software\AppDataLow\Toolbar
Chave Deletedo : HKCU\Software\AppDataLow\Software\BackgroundContainer
Chave Deletedo : HKCU\Software\AppDataLow\Software\Conduit
Chave Deletedo : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Chave Deletedo : HKCU\Software\AppDataLow\Software\PriceGong
Chave Deletedo : HKCU\Software\AppDataLow\Software\SmartBar
Chave Deletedo : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chave Deletedo : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chave Deletedo : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Chave Deletedo : HKLM\SOFTWARE\aartemisSoftware
Chave Deletedo : HKLM\SOFTWARE\AskPartnerNetwork
Chave Deletedo : HKLM\SOFTWARE\awesomehpSoftware
Chave Deletedo : HKLM\SOFTWARE\Conduit
Chave Deletedo : HKLM\SOFTWARE\DataMngr
Chave Deletedo : HKLM\SOFTWARE\Delta
Chave Deletedo : HKLM\SOFTWARE\hdcode
Chave Deletedo : HKLM\SOFTWARE\omiga-plusSoftware
Chave Deletedo : HKLM\SOFTWARE\PIP
Chave Deletedo : HKLM\SOFTWARE\qone8Software
Chave Deletedo : HKLM\SOFTWARE\SP Global
Chave Deletedo : HKLM\SOFTWARE\SProtector
Chave Deletedo : HKLM\SOFTWARE\SW-Booster
Chave Deletedo : HKLM\SOFTWARE\sweet-pageSoftware
Chave Deletedo : HKLM\SOFTWARE\webssearchesSoftware
Chave Deletedo : HKLM\SOFTWARE\Baidu
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{81BFDC6A-7574-424C-AA2E-0A19FE2B1A3F}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62D82EC1-0D3A-DF54-8E3E-07E1337A5311}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{993EA8F6-6E55-7E4E-39DE-5796E3226DB9}
Chave Deletedo : [x64] HKLM\SOFTWARE\aartemisSoftware
Chave Deletedo : [x64] HKLM\SOFTWARE\awesomehpSoftware
Chave Deletedo : [x64] HKLM\SOFTWARE\omiga-plusSoftware
Chave Deletedo : [x64] HKLM\SOFTWARE\qone8Software
Chave Deletedo : [x64] HKLM\SOFTWARE\sweet-pageSoftware
Chave Deletedo : [x64] HKLM\SOFTWARE\Tarma Installer
Chave Deletedo : [x64] HKLM\SOFTWARE\webssearchesSoftware
Dados Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16521

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v34.0.5 (x86 pt-BR)

[hj3yggok.default-1404748270349\prefs.js] - Linha deletada : user_pref("browser.startup.homepage", "hxxp://br.hao123.com/?tn=incore_pay_hp_ex01_hao123_br");

-\\ Google Chrome v39.0.2171.71

[C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [search Provider] : hxxp://websearch.searchesplace.info/?l=1&q={searchTerms}&pid=512&r=2013/08/05&hid=1158043224&lg=EN&cc=BR&unqvl=30
[C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [search Provider] : hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=845D94DE8003A173&affID=123884&tt=280813_dtts&tsp=4991
[C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [search Provider] : hxxp://br.ask.com/web?q={searchTerms}
[C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [search Provider] : hxxp://www.softonic.com.br/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [17230 octets] - [25/12/2014 00:56:29]
AdwCleaner[s0].txt - [14873 octets] - [25/12/2014 01:25:29]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [14934 octets] ##########

DigRam · Dezembro 26, 2014

/!\ Boa Noite! Felipe Augusto de Godoy /!\

> Baixe: <

> ( ... by Oleg N. Scherbakov )

> Salve-o no desktop!

> Desabilite seu antivírus!

> Para Windows 7,clique direito em JRT.exe e execute-o ...

> Aguarde a conclusão e poste o relatório. ( JRT.txt )

A+

Felipe Augusto de Godoy · Dezembro 26, 2014

Já havia realizado também o mesmo procedimento.

Log JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Ultimate x64
Ran by Usuario on 25/12/2014 at 1:45:05,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02CF22F9-20EF-87A8-8C9A-D763A7F38F01}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02CF22F9-20EF-87A8-8C9A-D763A7F38F01}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e0301295-ab3e-4af3-979f-3d453c5f9f48}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{e0301295-ab3e-4af3-979f-3d453c5f9f48}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02CF22F9-20EF-87A8-8C9A-D763A7F38F01}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{02CF22F9-20EF-87A8-8C9A-D763A7F38F01}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02CF22F9-20EF-87A8-8C9A-D763A7F38F01}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{02CF22F9-20EF-87A8-8C9A-D763A7F38F01}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\SearchNewTab
Successfully deleted: [Folder] "C:\ProgramData\baidu security"
Successfully deleted: [Folder] "C:\Users\Usuario\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Usuario\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\baidu security"
Successfully deleted: [Folder] "C:\Program Files (x86)\saveshare"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Usuario\appdata\local\{034BD7AD-529A-4962-BA4B-9ED712D644D1}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/12/2014 at 1:46:40,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

@EDIT: realizei novamente o procedimento e o JRT não indicou novas chaves, ou seja, log limpo.

DigRam · Dezembro 26, 2014

/!\ Boa Noite! Felipe Augusto de Godoy /!\

> Baixe: < > ( ... by Smeenk )

<

zoek.exe >

> Salve-o ao desktop!

> Desabilite seu antivírus!

> Para Windows 7,execute zoek.exe como administrador.

emptyfolderscheck;delete

emptytemp;

autoclean;

> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.

> Clique "Run Script".

Zoek.exe is running now.

Do not start any browser windows, they will be closed automatically.

Please wait! This window will close when finished.

A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

> Surgirão informações,pedindo-lhe que aguarde o surgimento do relatório.

> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.

> Confirme o reboot!

zoek.hta failed by unknown error.

Restart computer, and try again.

> Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.

> Poste o relatório,que estará em C:\zoek-results.txt <<

A+

Felipe Augusto de Godoy · Dezembro 26, 2014

Só uma dúvida: Eu devo executar esses escaneamentos no modo normal de boot ou pode ser safemode mesmo?

Log Zoek-results.txt

Zoek.exe v5.0.0.0 Updated 24-12-2014
Tool run by Usuario on 26/12/2014 at 0:18:09,48.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Usuario\Downloads\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\Comodo deleted successfully
C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\o deleted successfully
C:\PROGRA~2\Pando Networks deleted successfully
C:\PROGRA~2\Zenimax Online deleted successfully
C:\PROGRA~3\LumaEmu_SteamCloud deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\Usuario\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Usuario\AppData\Roaming\Publish Providers deleted successfully
C:\Users\Usuario\AppData\Local\StormFall deleted successfully
C:\Users\Usuario\AppData\Local\Warface deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1144292019-2563834070-1988740619-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6B4A69B-0F38-42B4-9037-DA9091A89698} deleted successfully
HKEY_USERS\S-1-5-21-1144292019-2563834070-1988740619-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DCEEAEF1-6366-4FBF-95AB-00FB1E3F2F73} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Users\Usuario\AppData\LocalLow\{771DBA4E-EC9C-3B61-8B38-382D4A4699E7} deleted
C:\Users\Usuario\AppData\LocalLow\{9EBDA2F4-99CC-75E3-555F-AAE30571D22D} deleted
C:\Users\Usuario\AppData\Local\Packages\windows_ie_ac_001\AC\{771DBA4E-EC9C-3B61-8B38-382D4A4699E7} deleted
C:\Users\Usuario\AppData\Local\Packages\windows_ie_ac_001\AC\{9EBDA2F4-99CC-75E3-555F-AAE30571D22D} deleted
C:\Users\Usuario\AppData\Local\25793 deleted
C:\Users\Usuario\AppData\LocalLow\uTorrentBar_PT deleted
C:\Users\Usuario\.android deleted
C:\PROGRA~2\E.M. PowerPoint Video Converter deleted
C:\PROGRA~2\uTorrentBar_PT deleted
C:\found.000 deleted
C:\found.001 deleted
C:\found.002 deleted
C:\found.003 deleted
C:\found.004 deleted
C:\found.005 deleted
C:\found.006 deleted
C:\Users\Usuario\AppData\Roaming\die.bat deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Usuario\AppData\Local\avgchrome deleted
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Video Converter.lnk deleted
C:\Users\Usuario\Downloads\adt-bundle-windows-x86_64-20130729.zip deleted
C:\Users\Usuario\Downloads\SoftonicDownloader_para_kart-n-crazy.exe deleted
C:\Users\Usuario\Downloads\SoftonicDownloader_para_sony-vegas.exe deleted
C:\Users\Usuario\AppData\LocalLow\SearchNewTab deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\ujims3j7.default-1418430567427\jetpack deleted
C:\Users\Usuario\Downloads\Vegas Pro 12 Patch[GGF].rar.exe deleted
"C:\Users\Usuario\AppData\Local\LumaEmu" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\ujims3j7.default-1418430567427
- Twitch.tv Stream Browser - %ProfilePath%\extensions\jid0-5q424C3HVeyE2T4d9bkO7CpXNjU@jetpack.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\hj3yggok.default-1404748270349
9860727E477F17B88E39AF8B69B0407A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll - Shockwave Flash
DE85813201ACE03E7909F618B56B4600 - C:\Users\Usuario\AppData\Roaming\raidcall\plugins\nprcplugin.dll - Raidcall plugin
2549375E682A65FA624D52F3AD27FC48 - C:\Users\Usuario\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
4C07B5286D129DFD25C24B4A31B9B888 - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll - Happy Cloud Plugin
CDDE41D245FA4C4EAF96BC99E2952F16 - C:\Users\Usuario\AppData\Local\Roblox\Versions\version-c4060e4821af4163\NPRobloxProxy.dll - Roblox Launcher Plugin

Profilepath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\ujims3j7.default-1418430567427
9860727E477F17B88E39AF8B69B0407A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll - Shockwave Flash
DE85813201ACE03E7909F618B56B4600 - C:\Users\Usuario\AppData\Roaming\raidcall\plugins\nprcplugin.dll - Raidcall plugin
2549375E682A65FA624D52F3AD27FC48 - C:\Users\Usuario\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
4C07B5286D129DFD25C24B4A31B9B888 - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll - Happy Cloud Plugin
CDDE41D245FA4C4EAF96BC99E2952F16 - C:\Users\Usuario\AppData\Local\Roblox\Versions\version-c4060e4821af4163\NPRobloxProxy.dll - Roblox Launcher Plugin

==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrador\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrador\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrador\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Convidado\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Convidado\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Convidado\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Usuario\AppData\Local\Google\Chrome SxS deleted

==== Chromium Look ======================

Google Chrome Version: 39.0.2171.95 (Up to date, latest Stable version: 39.0.2171.95)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
mdebcffgnijbblbinknkbefciofebcda - C:\Users\Usuario\AppData\Local\CRE\mdebcffgnijbblbinknkbefciofebcda.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
mdebcffgnijbblbinknkbefciofebcda - C:\Users\Usuario\AppData\Local\CRE\mdebcffgnijbblbinknkbefciofebcda.crx[]

Angry Birds - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj
XJZ Survey Remover - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cphljojhgmnabimjemakjleocdheengh
LoL Stream Browser - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampbncgejp

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{e0301295-ab3e-4af3-979f-3d453c5f9f48} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{e0301295-ab3e-4af3-979f-3d453c5f9f48} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A7329DF2-A840-527E-0C76-53C14E93E8CA} deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Applian FLV Player2.0.25 deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\A6CDFB184757C424AAE2A091EFB2A1F3 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Creative Cloud deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Infrastructure Helper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Usuario\AppData\Local\Mozilla\Firefox\Profiles\hj3yggok.default-1404748270349\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=664 folders=142 866446525 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrador\AppData\Local\temp emptied successfully
C:\Users\Convidado\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\HomeGroupUser$\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\Usuario\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Usuario\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 26/12/2014 at 0:31:21,19 ======================

DigRam · Dezembro 26, 2014

/!\ Bom Dia! Felipe Augusto de Godoy /!\

Só uma dúvida: Eu devo executar esses escaneamentos no modo normal de boot ou pode ser safemode mesmo?

> Caso a (s) ferramenta(s) não rodem em Modo Normal,pode executá-las em Modo Seguro.

> Baixe: <

> ( ... by Farbar )

> No banner àcima,é para sistemas 32bits!

< Farbar Recovery Scan Tool 64-Bit >

> No link àcima,é para sistemas 64bits!

> Salve-o no desktop! (Área de trabalho ...)

> Execute a ferramenta! Clique "Yes" >> "Scan".

> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.

> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".

> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.

> Poste os relatórios! (FRST.txt + Addition.txt)

> Como o log será extenso,envie-o à

>

> O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.

> Ou clique "Copier le lien (*)" e cole o link ao seu Post.

A+

Felipe Augusto de Godoy · Dezembro 26, 2014

Bom dia DigRam, o programa não possui mais a opção 'KnowDlls' para escanear.

Segue os logs:

Log FRST -> http://www.cjoint.com/14dc/DLAlSIV4owQ.htm

Log Addition.txt -> http://www.cjoint.com/14dc/DLAlTXeu5wf.htm

DigRam · Dezembro 26, 2014

/!\ Bom Dia! Felipe Augusto de Godoy /!\

> Copie estas informações que estão em vermelho,para o Bloco de Notas.

> Salve-a com o nome fixlist. << Texto!

> Salve-a na pasta Downloads! /!\ C:\Users\Usuario\Downloads /!\

HKU\S-1-5-21-1144292019-2563834070-1988740619-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[s1].txt [985 2014-12-25] ()

ShellIconOverlayIdentifiers: [baiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll No File

HKU\S-1-5-21-1144292019-2563834070-1988740619-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

ProxyServer: [.DEFAULT] => http=127.0.0.1:49611;https=127.0.0.1:49611

URLSearchHook: HKLM-x32 - (No Name) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - No File

S3 npggsvc; C:\Windows\system32\GameMon.des -service [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

S1 korzgsio; \??\C:\Windows\system32\drivers\korzgsio.sys [X]

S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

S1 MpKslbddcd41f; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CF17D603-E5AD-4257-B676-2F7B614E2489}\MpKslbddcd41f.sys [X]

S3 npkycryp; \??\C:\Program Files (x86)\Old Times + Ragnarok\npkycryp.sys [X]

S3 Spring; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Spring64.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S1 uvpbvnsp; \??\C:\Windows\system32\drivers\uvpbvnsp.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]

S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]

S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]

S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]

2014-12-26 00:30 - 2014-12-26 00:18 - 00024064 _____ () C:\Windows\zoek-delete.exe

2014-12-26 00:20 - 2014-12-26 00:31 - 00012794 _____ () C:\zoek-results.log

2014-12-26 00:18 - 2014-12-26 00:27 - 00000000 ____D () C:\zoek_backup

2014-12-26 00:17 - 2014-12-26 00:17 - 01295360 _____ () C:\Users\Usuario\Downloads\zoek.exe

2014-12-26 00:09 - 2014-12-26 00:09 - 00000770 _____ () C:\Users\Usuario\Desktop\JRT.txt

2014-12-25 18:56 - 2014-12-25 18:56 - 00007235 _____ () C:\Users\Usuario\Desktop\hijackthis2.txt

2014-12-25 15:12 - 2014-12-25 15:12 - 00003007 _____ () C:\Users\Usuario\Desktop\HiJackThis.lnk

2014-12-25 15:12 - 2014-12-25 15:12 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2014-12-25 15:12 - 2014-12-25 15:12 - 00000000 ____D () C:\Program Files (x86)\HiJackThis

2014-12-25 03:13 - 2014-12-25 03:13 - 00045584 _____ () C:\ComboFix.txt

2014-12-25 02:54 - 2011-06-26 04:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-12-25 02:54 - 2010-11-07 15:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-12-25 02:54 - 2009-04-20 02:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-12-25 02:54 - 2000-08-30 22:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-12-25 02:54 - 2000-08-30 22:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-12-25 02:54 - 2000-08-30 22:00 - 00098816 _____ () C:\Windows\sed.exe

2014-12-25 02:54 - 2000-08-30 22:00 - 00080412 _____ () C:\Windows\grep.exe

2014-12-25 02:54 - 2000-08-30 22:00 - 00068096 _____ () C:\Windows\zip.exe

2014-12-25 02:51 - 2014-12-25 03:13 - 00000000 ____D () C:\Qoobox

2014-12-25 02:49 - 2014-12-25 02:49 - 05603465 ____R (Swearware) C:\Users\Usuario\Downloads\ComboFix.exe

2014-12-25 01:44 - 2014-12-25 01:44 - 01707646 _____ (Thisisu) C:\Users\Usuario\Downloads\JRT.exe

2014-12-25 00:56 - 2014-12-25 23:47 - 00000000 ____D () C:\AdwCleaner

2014-12-25 00:55 - 2014-12-25 00:55 - 02173952 _____ () C:\Users\Usuario\Downloads\adwcleaner_4.106.exe

2014-12-25 00:44 - 2014-12-25 00:44 - 01402880 _____ () C:\Users\Usuario\Downloads\HijackThis.msi

2014-12-25 00:35 - 2014-12-25 18:41 - 00109635 _____ () C:\Users\Usuario\Desktop\avgrep.txt

2014-12-13 21:45 - 2014-12-13 21:45 - 00001198 _____ () C:\Users\Usuario\Documents\contradição.txt

2014-12-13 18:55 - 2014-12-13 18:55 - 00010852 _____ () C:\Users\Usuario\Documents\contasnetflix.txt

2014-12-11 23:59 - 2014-12-11 23:59 - 00841027 _____ () C:\Users\Usuario\Downloads\WDR (1).zip

2014-12-11 23:18 - 2014-12-11 23:47 - 00861791 _____ () C:\Users\Usuario\Downloads\WDR.zip

2014-11-28 19:54 - 2014-11-28 19:54 - 00044269 _____ () C:\Users\Usuario\Downloads\DxDiag.txt

2014-12-16 23:44 - 2013-04-29 20:30 - 00040499 _____ () C:\Users\Usuario\Documents\xhm.txt

2014-12-12 00:14 - 2013-06-07 00:25 - 00000198 _____ () C:\Users\Usuario\Documents\dados cadastrais games.txt

Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C0C02}) (Version: 12.12.2.83 - APN, LLC) <==== ATTENTION

uTorrentBar_PT Toolbar (HKLM-x32\...\uTorrentBar_PT Toolbar) (Version: 6.11.2.6 - uTorrentBar_PT) <==== ATTENTION

Task: {99A9ECA1-B0C2-43FD-9A68-BEA15AC6A7DC} - \94A46359-5537-4201-BEFD-1EC63DFD0943 No Task File <==== ATTENTION

Task: {DED27AF3-B3B6-4962-8598-BB91D16BC102} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION

AlternateDataStreams: C:\ProgramData\Temp:B755D674

AlternateDataStreams: C:\Users\Todos os Usuários\Temp:B755D674

AlternateDataStreams: C:\Users\Usuario\Downloads\xjzsurveyremoverpermissionkeygeneratoractivationkey__7934_il3082014.exe:typelib

C:\Users\Usuario\jagex_cl_runescape_LIVE.dat

C:\Users\Usuario\random.dat

SubSystems: [Windows] ==> Baidu

emptytemp:

Hosts:

end

> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!

> Na mensagem,clique Executar.

> Poste o relatório! (Fixlog.txt)

A+

Felipe Augusto de Godoy · Dezembro 26, 2014

Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-12-2014
Ran by Usuario at 2014-12-26 10:43:58 Run:1
Running from C:\Users\Usuario\Downloads
Loaded Profile: Usuario (Available profiles: Usuario)
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1144292019-2563834070-1988740619-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[s1].txt [985 2014-12-25] ()
ShellIconOverlayIdentifiers: [baiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll No File
HKU\S-1-5-21-1144292019-2563834070-1988740619-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [.DEFAULT] => http=127.0.0.1:49611;https=127.0.0.1:49611
URLSearchHook: HKLM-x32 - (No Name) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - No File
S3 npggsvc; C:\Windows\system32\GameMon.des -service [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 korzgsio; \??\C:\Windows\system32\drivers\korzgsio.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 MpKslbddcd41f; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CF17D603-E5AD-4257-B676-2F7B614E2489}\MpKslbddcd41f.sys [X]
S3 npkycryp; \??\C:\Program Files (x86)\Old Times + Ragnarok\npkycryp.sys [X]
S3 Spring; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Spring64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S1 uvpbvnsp; \??\C:\Windows\system32\drivers\uvpbvnsp.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
2014-12-26 00:30 - 2014-12-26 00:18 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-12-26 00:20 - 2014-12-26 00:31 - 00012794 _____ () C:\zoek-results.log
2014-12-26 00:18 - 2014-12-26 00:27 - 00000000 ____D () C:\zoek_backup
2014-12-26 00:17 - 2014-12-26 00:17 - 01295360 _____ () C:\Users\Usuario\Downloads\zoek.exe
2014-12-26 00:09 - 2014-12-26 00:09 - 00000770 _____ () C:\Users\Usuario\Desktop\JRT.txt
2014-12-25 18:56 - 2014-12-25 18:56 - 00007235 _____ () C:\Users\Usuario\Desktop\hijackthis2.txt
2014-12-25 15:12 - 2014-12-25 15:12 - 00003007 _____ () C:\Users\Usuario\Desktop\HiJackThis.lnk
2014-12-25 15:12 - 2014-12-25 15:12 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-12-25 15:12 - 2014-12-25 15:12 - 00000000 ____D () C:\Program Files (x86)\HiJackThis
2014-12-25 03:13 - 2014-12-25 03:13 - 00045584 _____ () C:\ComboFix.txt
2014-12-25 02:54 - 2011-06-26 04:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-25 02:54 - 2010-11-07 15:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-25 02:54 - 2009-04-20 02:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-25 02:54 - 2000-08-30 22:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-25 02:54 - 2000-08-30 22:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-25 02:54 - 2000-08-30 22:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-25 02:54 - 2000-08-30 22:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-25 02:54 - 2000-08-30 22:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-25 02:51 - 2014-12-25 03:13 - 00000000 ____D () C:\Qoobox
2014-12-25 02:49 - 2014-12-25 02:49 - 05603465 ____R (Swearware) C:\Users\Usuario\Downloads\ComboFix.exe
2014-12-25 01:44 - 2014-12-25 01:44 - 01707646 _____ (Thisisu) C:\Users\Usuario\Downloads\JRT.exe
2014-12-25 00:56 - 2014-12-25 23:47 - 00000000 ____D () C:\AdwCleaner
2014-12-25 00:55 - 2014-12-25 00:55 - 02173952 _____ () C:\Users\Usuario\Downloads\adwcleaner_4.106.exe
2014-12-25 00:44 - 2014-12-25 00:44 - 01402880 _____ () C:\Users\Usuario\Downloads\HijackThis.msi
2014-12-25 00:35 - 2014-12-25 18:41 - 00109635 _____ () C:\Users\Usuario\Desktop\avgrep.txt
2014-12-13 21:45 - 2014-12-13 21:45 - 00001198 _____ () C:\Users\Usuario\Documents\contradição.txt
2014-12-13 18:55 - 2014-12-13 18:55 - 00010852 _____ () C:\Users\Usuario\Documents\contasnetflix.txt
2014-12-11 23:59 - 2014-12-11 23:59 - 00841027 _____ () C:\Users\Usuario\Downloads\WDR (1).zip
2014-12-11 23:18 - 2014-12-11 23:47 - 00861791 _____ () C:\Users\Usuario\Downloads\WDR.zip
2014-11-28 19:54 - 2014-11-28 19:54 - 00044269 _____ () C:\Users\Usuario\Downloads\DxDiag.txt
2014-12-16 23:44 - 2013-04-29 20:30 - 00040499 _____ () C:\Users\Usuario\Documents\xhm.txt
2014-12-12 00:14 - 2013-06-07 00:25 - 00000198 _____ () C:\Users\Usuario\Documents\dados cadastrais games.txt
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C0C02}) (Version: 12.12.2.83 - APN, LLC) <==== ATTENTION
uTorrentBar_PT Toolbar (HKLM-x32\...\uTorrentBar_PT Toolbar) (Version: 6.11.2.6 - uTorrentBar_PT) <==== ATTENTION
Task: {99A9ECA1-B0C2-43FD-9A68-BEA15AC6A7DC} - \94A46359-5537-4201-BEFD-1EC63DFD0943 No Task File <==== ATTENTION
Task: {DED27AF3-B3B6-4962-8598-BB91D16BC102} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:B755D674
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:B755D674
AlternateDataStreams: C:\Users\Usuario\Downloads\xjzsurveyremoverpermissionkeygeneratoractivationkey__7934_il3082014.exe:typelib
C:\Users\Usuario\jagex_cl_runescape_LIVE.dat
C:\Users\Usuario\random.dat
SubSystems: [Windows] ==> Baidu
emptytemp:
Hosts:
end
*****************

HKU\S-1-5-21-1144292019-2563834070-1988740619-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock" => Key deleted successfully.
"HKCR\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}" => Key deleted successfully.
"HKU\S-1-5-21-1144292019-2563834070-1988740619-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{e0301295-ab3e-4af3-979f-3d453c5f9f48} => value deleted successfully.
npggsvc => Service deleted successfully.
catchme => Service deleted successfully.
EagleX64 => Service deleted successfully.
korzgsio => Service deleted successfully.
MBAMSwissArmy => Service deleted successfully.
MpKslbddcd41f => Service deleted successfully.
npkycryp => Service deleted successfully.
Spring => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
uvpbvnsp => Service deleted successfully.
VGPU => Service deleted successfully.
X6va012 => Service deleted successfully.
X6va015 => Service deleted successfully.
X6va016 => Service deleted successfully.
X6va022 => Service deleted successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Usuario\Downloads\zoek.exe => Moved successfully.
C:\Users\Usuario\Desktop\JRT.txt => Moved successfully.
C:\Users\Usuario\Desktop\hijackthis2.txt => Moved successfully.
C:\Users\Usuario\Desktop\HiJackThis.lnk => Moved successfully.
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis => Moved successfully.
C:\Program Files (x86)\HiJackThis => Moved successfully.
C:\ComboFix.txt => Moved successfully.
C:\Windows\PEV.exe => Moved successfully.
C:\Windows\MBR.exe => Moved successfully.
C:\Windows\NIRCMD.exe => Moved successfully.
C:\Windows\SWREG.exe => Moved successfully.
C:\Windows\SWSC.exe => Moved successfully.
C:\Windows\sed.exe => Moved successfully.
C:\Windows\grep.exe => Moved successfully.
C:\Windows\zip.exe => Moved successfully.
C:\Qoobox => Moved successfully.
C:\Users\Usuario\Downloads\ComboFix.exe => Moved successfully.
C:\Users\Usuario\Downloads\JRT.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Usuario\Downloads\adwcleaner_4.106.exe => Moved successfully.
C:\Users\Usuario\Downloads\HijackThis.msi => Moved successfully.
C:\Users\Usuario\Desktop\avgrep.txt => Moved successfully.
C:\Users\Usuario\Documents\contradição.txt => Moved successfully.
C:\Users\Usuario\Documents\contasnetflix.txt => Moved successfully.
C:\Users\Usuario\Downloads\WDR (1).zip => Moved successfully.
C:\Users\Usuario\Downloads\WDR.zip => Moved successfully.
C:\Users\Usuario\Downloads\DxDiag.txt => Moved successfully.
C:\Users\Usuario\Documents\xhm.txt => Moved successfully.
C:\Users\Usuario\Documents\dados cadastrais games.txt => Moved successfully.
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C0C02}) (Version: 12.12.2.83 - APN, LLC) <==== ATTENTION => Error: No automatic fix found for this entry.
uTorrentBar_PT Toolbar (HKLM-x32\...\uTorrentBar_PT Toolbar) (Version: 6.11.2.6 - uTorrentBar_PT) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{99A9ECA1-B0C2-43FD-9A68-BEA15AC6A7DC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99A9ECA1-B0C2-43FD-9A68-BEA15AC6A7DC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\94A46359-5537-4201-BEFD-1EC63DFD0943" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DED27AF3-B3B6-4962-8598-BB91D16BC102}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DED27AF3-B3B6-4962-8598-BB91D16BC102}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => Key deleted successfully.
C:\ProgramData\Temp => ":B755D674" ADS removed successfully.
"C:\Users\Todos os Usuários\Temp" => ":B755D674" ADS not found.
C:\Users\Usuario\Downloads\xjzsurveyremoverpermissionkeygeneratoractivationkey__7934_il3082014.exe => ":typelib" ADS removed successfully.
C:\Users\Usuario\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Usuario\random.dat => Moved successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 267.8 MB temporary data.

The system needed a reboot.

==== End of Fixlog 10:44:35 ====

DigRam · Dezembro 26, 2014

/!\ Bom Dia! Felipe Augusto de Godoy /!\

> Caso não haja mais problemas,remova as ferramentas que foram utilizadas na desinfecção!

> Baixe: <

> ( ... de Xplode )

> Estando na página,clique em Download Now.

> Salve-a em um local conveniente! ( desktop! )

> Feche aplicativos que estejam abertos.

> Remover ferramentas de desinfecção

> Criar backup do registro

> Limpar pontos da restauração do sistema

> Com estas caixinhas marcadas,clique Executar!

> Reinicie o computador ao concluir!

> Tudo Ok?

A+

Felipe Augusto de Godoy · Dezembro 26, 2014

Vou testar o computador em modo normal para ver se o problema foi corrigido e edito o post aqui daqui a pouco.

@EDIT

Continua a mesma coisa... Programas iniciados abro internet e tal, passa 5 minutos trava. Não sei o que mais fazer... A propósito, você achou alguma coisa nos logs?

DigRam · Dezembro 26, 2014

Boa Tarde! Felipe Augusto de Godoy

Não vi nenhuma praga,que cause o problema que o incomoda.

Baixe: Windows Repair (... de Tweaking.com)

Descompacte-o ao desktop ou Program Fies(x86).

Na pasta Tweaking.com-Windows Repair,execute o Repair_Windows.

Clique na aba "Step 2". ( Check File System )

Clique "Do It" >> Sim.

Haverá reboot. << Aguarde!

Ao reiniciar,haverá um Check Disk. << Aguarde!

Execute o Windows Repair.

Clique na aba "Step 3". ( System File Check )

Clique "Do It".

É possível que seja solicitado o CD/DVD da instalação Windows.

Neste caso,teremos a reinicialização do PC.

Execute o Windows Repair.

Clique na aba "Step 4". ( Registry Backup & System Restore )

Em System Restore,clique Create. << Aguarde!

Em Registry Backup,clique Backup. << Aguarde!

O ponto de restauração que foi criado,chama-se: Tweaking.com-Windows Repair.

O backup do registro estará em: C:\Reg_Backup\Data_Hora

Clique na aba "Start Repairs".

Clique "Start".

Selecione: Restart/Shutdown System When Finished

Marque: Restart System

Clique "Start".

Aguarde a conclusão!

O computador será reiniciado!

A+

Felipe Augusto de Godoy · Dezembro 26, 2014

Boa tarde DigRam, o programa deu uma mudada na interface. Não estou conseguindo achar algumas coisas. Se puder refazer o post e mudar as imagens eu agradeceria!!

@EDIT

Foram adicionadas apenas algumas funções novas e mudou a cor da interface. Estou conseguindo realizar os procedimentos, daqui a pouco posto o resultado.

DigRam · Dezembro 26, 2014

Olá! Felipe Augusto de Godoy

Foram adicionadas apenas algumas funções novas e mudou a cor da interface. Estou conseguindo realizar os procedimentos, daqui a pouco posto o resultado.

> O canned está desatualizado e espero que em 2015,esteja de acordo com a realidade.

> Fico aguardando os resultados!

A+

Felipe Augusto de Godoy · Dezembro 26, 2014

Desculpa a demora, estava realizando os testes. Bom, após o término dos mesmos o computador reiniciou e não ligava mais por motivos de estar entrando em modo de texto na hora do boot. Aí usei a opção de "reparar computador" no boot e reparei a inicialização. Estou no modo normal agora com rede. Estou aguardando ver se vai travar novamente, daqui a pouco edito e posto o resultado.

@EDIT

Infelizmente continua mesma coisa...

Eu vou tentar instalar o SO por cima e ver se o problema resolve.

@EDIT2

Falhei miseravelmente em tentar instalar por cima. Versão incompatível, estou sem o CD original aqui :/

O que mais posso tentar ainda?

Arquivado

[Resolvido] Pc congelando com 10 a 15 minutos de uso

Recommended Posts

Felipe Augusto de Godoy 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Felipe Augusto de Godoy 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Felipe Augusto de Godoy 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Felipe Augusto de Godoy 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Felipe Augusto de Godoy 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Felipe Augusto de Godoy 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Felipe Augusto de Godoy 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Felipe Augusto de Godoy 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Felipe Augusto de Godoy 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Felipe Augusto de Godoy 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Felipe Augusto de Godoy 0