[Resolvido] Virus Computador Lento!

[karoline ferreira 0]

Boa Noite CaeduRodrigues!

 

Depois que instalei de novo o chrome não fui mais direcionada para outras paginas maliciosas, o mozila está funiconando bem sem travar, os navegadores estão funcionando bem melhor.

 

Segue abaixo o Fixlog :

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015

Ran by User at 2015-04-05 20:41:06 Run:2

Running from C:\Users\User\Desktop

Loaded Profiles: User (Available profiles: User)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

start

CreateRestorePoint:

CloseProcesses:

HKLM-x32\...\Run: [gmsd_br_90] => [X]

HKU\S-1-5-21-3801029790-2799878285-4124920567-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...q={searchTerms}

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2015-03-21]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2015-03-21]

S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]

S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil64.sys [X]

C:\Users\User\AppData\Local\Temp\InstallIMVU_518.0.exe

C:\Users\User\AppData\Local\Temp\SkypeSetup.exe

Task: {074A3D2C-68C1-40DF-ADD6-180FF33519FA} - \YQKQQN No Task File <==== ATTENTION

Task: {A435A8F4-4F42-4AB0-9AB4-BE750EDCC109} - \TP No Task File <==== ATTENTION

Task: {B26FFDF1-6A79-420A-9745-DD452CC7C830} - \HVWVGL No Task File <==== ATTENTION

Task: {B7EA9B4B-593F-4BC0-B0F2-C63CC2AC8D2C} - System32\Tasks\{619DEAE9-95EA-438B-BBB2-537B5B4EED3B} => pcalua.exe -a C:\Users\User\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=tugs <==== ATTENTION

CMD: bitsadmin /reset /allusers

CMD: ipconfig /flushdns

EmptyTemp:

end

*****************

Restore point was successfully created.

Processes closed successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_br_90 => value deleted successfully.

HKU\S-1-5-21-3801029790-2799878285-4124920567-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKU\S-1-5-21-3801029790-2799878285-4124920567-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully.

"HKU\S-1-5-21-3801029790-2799878285-4124920567-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Web" => Key deleted successfully.

HKCR\CLSID\Web => Key not found.

"HKU\S-1-5-21-3801029790-2799878285-4124920567-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.

HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => Key not found.

C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml => Moved successfully.

C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml => Moved successfully.

BprotectEx => Service deleted successfully.

PCFApiUtil => Service deleted successfully.

C:\Users\User\AppData\Local\Temp\InstallIMVU_518.0.exe => Moved successfully.

C:\Users\User\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{074A3D2C-68C1-40DF-ADD6-180FF33519FA}" => Key Deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{074A3D2C-68C1-40DF-ADD6-180FF33519FA}" => Key Deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YQKQQN" => Key Deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A435A8F4-4F42-4AB0-9AB4-BE750EDCC109}" => Key Deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A435A8F4-4F42-4AB0-9AB4-BE750EDCC109}" => Key Deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TP" => Key Deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B26FFDF1-6A79-420A-9745-DD452CC7C830}" => Key Deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B26FFDF1-6A79-420A-9745-DD452CC7C830}" => Key Deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HVWVGL" => Key Deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7EA9B4B-593F-4BC0-B0F2-C63CC2AC8D2C}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7EA9B4B-593F-4BC0-B0F2-C63CC2AC8D2C}" => Key deleted successfully.

C:\Windows\System32\Tasks\{619DEAE9-95EA-438B-BBB2-537B5B4EED3B} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{619DEAE9-95EA-438B-BBB2-537B5B4EED3B}" => Key deleted successfully.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7600 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {A7C82243-8906-435D-9086-5ACFEC3CDF02}.

0 out of 1 jobs canceled.

========= End of CMD: =========

========= ipconfig /flushdns =========

Configura��o de IP do Windows

Libera��o do Cache do DNS Resolver bem-sucedida.

========= End of CMD: =========

EmptyTemp: => Removed 20.2 MB temporary data.

The system needed a reboot.

==== End of Fixlog 20:42:38 ====

Abraços :bye:

[caedurodrigues 19]

Boa noite karoline ferreira,

 

• Baixe: <> (by screen317)

• Salve-a na Dektop (Área de Trabalho)

• Dê um duplo clique para executar o SecurityCheck !

• Na janela que abrirá pressione qualquer tecla para continuar. Aguarde enquanto a ferramenta faz o exame.

• Ao término, abrirá um log, o checkup.txt.

• Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

Um grande abraço. :thumbsup:

[karoline ferreira 0]

Boa Noite CaeduRodrigues!!

 

Hoje aconteceu uma coisa que nunca tinha acontecido no PC, ele travou totalmente e ficou uma tela branca transparente como tivesse carregando, mas naõ destravou de jeito nenhum, desliguei o pc de maneira errada.

 

Segue embaixo o Log Checkup:

 

 

Results of screen317's Security Check version 0.99.99

Windows 7 x64 (UAC is enabled)

Out of date service pack!!

Internet Explorer 11

``````````````Antivirus/Firewall Check:``````````````

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Adobe Flash Player 16.0.0.305 Flash Player out of Date!

Mozilla Firefox (37.0.1)

Google Chrome (41.0.2272.118)

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: =

````````````````````End of Log``````````````````````

Abraços :flores:

[caedurodrigues 19]

Boa noite karoline ferreira,

 

 

• Baixe:<> <(...by eset.com)>

• Salve-a na Área de trabalho !

• Desabilite seu antivírus e execute o arquivo esetsmartinstaller_enu.exe.

• Aceite o contrato e marque: "Yes, I accept the Terms of Use"

• Clique: "Start".

• Marque as caixinhas como na imagem acima

• Clique "Change" e marque a caixa "Computador", de OK !

• Clique: "Start" >> Aguarde! ( Pode durar algumas horas,esse scan... )

• Ao concluir,clique em "List of found threats".

• Clique em "Export to text file" e salve o relatório no desktop.

• Clique "Back" >> "Finish".

• Poste o Relatório!

Um grande abraço. :thumbsup:

[karoline ferreira 0]

Boa Noite CaeduRodrigues!

 

Segue abaixo o log ESET:

 

 

 

C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir a variant of Win32/ELEX.BH potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\zoek_backup\C_Users_User_AppData_Roaming_HUQXD.exe.vir a variant of Win32/Toolbar.CrossRider.AX potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\zoek_backup\C_Users_User_AppData_Roaming_QNPUPZN.exe.vir a variant of Win32/Toolbar.CrossRider.AX potentially unwanted application deleted - quarantined

C:\Users\User\AppData\Roaming\ZHP\Quarantine\autokms.exe.VIR a variant of MSIL/HackKMS.A potentially unsafe application deleted - quarantined

C:\Users\User\Desktop\PACOTE\driver_booster_setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined

C:\Users\User\Desktop\PACOTE\FoxitReader502.0718_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined

C:\Users\User\Desktop\PACOTE\Nero\Nero-8.1.1.4_ptb_trial.exe Win32/Toolbar.AskSBar potentially unwanted application deleted - quarantined

C:\Users\User\Desktop\PACOTE\Office 2010\Ativador Office 2010\Ativador.exe a variant of MSIL/HackKMS.A potentially unsafe application deleted - quarantined

C:\Windows\AutoKMS.exe a variant of MSIL/HackKMS.A potentially unsafe application deleted - quarantined

C:\zoek_backup\C_Users_User_AppData_Roaming_HVWVGL.vir JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined

C:\zoek_backup\C_Users_User_AppData_Roaming_TP.vir JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined

C:\zoek_backup\C_Users_User_AppData_Roaming_YQKQQN.vir JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined

C:\zoek_backup\C_PROGRA~3_{1dc232a5-b87f-c238-1dc2-232a5b87ca96}\therebels.neckel72.rar.exe a variant of Win32/Adware.MultiPlug.GD application cleaned by deleting - quarantined

C:\zoek_backup\C_PROGRA~3_{9fccf94e-f34e-fb5d-9fcc-cf94ef34e53b}\8A0.exe a variant of Win32/Adware.MultiPlug.GD application cleaned by deleting - quarantined

Abraços :joia:

[caedurodrigues 19]

Boa noite karoline, Ainda há algum problema com o PC ? Caso não, siga os passos abaixo para encerrar o tópico.

Agora vamos remover as ferramentas utilizadas na desinfecção.

• Baixe: <> (...par Xplode)
• Salve-a na sua área de trabalho.
• Dê dois cliques no delfix.exe para executá-lo.
• Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo delfix.exe,depois clique em:
  
  
• Marque as caixinhas, de acordo com a imagem.
• Clique no botão Executar.
• Reinicie o computador!
• Tudo OK ?

Um grande abraço.

 

[karoline ferreira 0]

Boa Noite CaeduRodrigues!

 

Esta bem melhor sim, muito obrigada pela ajuda!

 

Segue abaixo o relatório:

 

# DelFix v10.9 - Relatório criado 14/04/2015 às 19:51:43

# Atualizado 27/02/2015 por Xplode

# Usuário : User - USER-PC

# Sistema Operacional : Windows 7 Ultimate (64 bits)

~ Removendo ferramentas de desinfecção ...

Removido : C:\FRST

Removido : C:\zoek_backup

Removido : C:\AdwCleaner

Removido : C:\Program Files (x86)\ZHPDiag

Removido : C:\Program Files (x86)\Trend Micro\Hijackthis

Removido : C:\PhysicalDisk0_MBR.bin

Removido : C:\zoek-results.log

Removido : C:\Users\User\Desktop\Addition.txt

Removido : C:\Users\User\Desktop\adwcleaner_4.200 - Atalho.lnk

Removido : C:\Users\User\Desktop\esetsmartinstaller_enu.exe

Removido : C:\Users\User\Desktop\Fixlog.txt

Removido : C:\Users\User\Desktop\FRST.txt

Removido : C:\Users\User\Desktop\FRST64.exe

Removido : C:\Users\User\Desktop\JRT - Atalho.lnk

Removido : C:\Users\User\Desktop\JRT.txt

Removido : C:\Users\User\Desktop\HiJackThis.lnk

Removido : C:\Users\User\Desktop\hijackthis.log

Removido : C:\Users\User\Desktop\SecurityCheck.exe

Removido : C:\Users\User\Desktop\ZHPCleaner.exe

Removido : C:\Users\User\Desktop\ZHPCleaner.lnk

Removido : C:\Users\User\Desktop\ZHPCleaner.txt

Removido : C:\Users\User\Desktop\ZHPDiag.txt

Removido : C:\Users\User\Desktop\ZHPFixReport.txt

Removido : C:\Users\User\Desktop\zoek.exe

Removido : C:\Users\User\Downloads\adwcleaner_4.200.exe

Removido : C:\Users\User\Downloads\JRT.exe

Removido : C:\Users\User\Downloads\HijackThis.msi

Removido : HKLM\SOFTWARE\AdwCleaner

Removido : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Criando backup do registro ... OK

~ Limpando pontos da restauração do sistema ...

Novo ponto de restauração criado !

~ Redefinindo configurações do sistema ... OK

########## - EOF - ##########

Abraços :joia:

[caedurodrigues 19]

Boa noite karoline ferreira,

 

:joia: Fico feliz que o problema tenha sido resolvido.

Só para finalizar siga estes tutoriais abaixo, por gentileza:

Excluindo erros e otimizando seu PC com o CCleaner

Elimine arquivos inúteis de seu PC com o PureRa

_______________________________________________________________________________________________________________________

< Cartilha de Segurança > << Link!

> Leia as várias dicas que estão contidas na Cartilha de Segurança e fique livre de infecções.

> Necessitando nova verificação para este computador, basta abrir um Novo Tópico" e relatar o problema.

_______________________________________________________________________________________________________________________

Foi um prazer ajudar. Conte sempre conosco!

[caedurodrigues 19]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.