[Resolvido] Virus Computador Lento!

[karoline ferreira 0]

Boa tarde, por favor alguém me ajude!

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:09:20, on 29/03/2015

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16575)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe

C:\Users\User\AppData\Roaming\IMVUClient\IMVUClient.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://br.search.yahoo.com/yhs/search?hspart=nzn&hsimp=yhs-bund2&p={searchTerms}

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1421329033&from=slbnew&uid=ST500LM012XHN-M500MBB_S2SKJ5DCB01445&q={searchTerms}

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1421329033&from=slbnew&uid=ST500LM012XHN-M500MBB_S2SKJ5DCB01445&q={searchTerms}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

O4 - Startup: 8A0.lnk = C:\ProgramData\{9fccf94e-f34e-fb5d-9fcc-cf94ef34e53b}\8A0.exe

O4 - Startup: therebels.neckel72.rar.lnk = C:\ProgramData\{1dc232a5-b87f-c238-1dc2-232a5b87ca96}\therebels.neckel72.rar.exe

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: http://www.bb.com.br

O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - SysTool PasSame LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8279 bytes

[karoline ferreira 0]

Boa noite Caedurodrigues, tudo bom? Outra coisa que esqueci de comentar nesse poste é que toda vez que entro no navegador chrome e estou numa pagina automaticamente ele me direciona pra sites não confiavel :/.

 

Segue em baixo os relatórios!

 

 

# AdwCleaner v4.200 - Arquivo de log criado 29/03/2015 às 18:51:21

# Atualizado 29/03/2015 por Xplode

# Base de dados : 2015-03-29.1 [servidor]

# Sistema operacional : Windows 7 Ultimate (x64)

# Usuário : User - USER-PC

# Executando de : C:\Users\User\Downloads\adwcleaner_4.200.exe

# Opção : Verificar

***** [ Serviços ] *****

Serviço Encontrado : WindowsMangerProtect

***** [ Arquivos / Pastas ] *****

Arquivo Encontrado : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml

Pasta Encontrado : C:\Program Files (x86)\globalUpdate

Pasta Encontrado : C:\Program Files (x86)\predm

Pasta Encontrado : C:\ProgramData\baidu

Pasta Encontrado : C:\ProgramData\WindowsMangerProtect

Pasta Encontrado : C:\Users\User\AppData\Local\globalUpdate

***** [ Tarefas agendadas ] *****

Tarefa Encontrado : PostPoneInstall

Tarefa Encontrado : Run_Bobby_Browser

Tarefa Encontrado : 10a8c395-834e-462f-aafd-a9f73267108a-2

Tarefa Encontrado : 10a8c395-834e-462f-aafd-a9f73267108a-5

Tarefa Encontrado : 10a8c395-834e-462f-aafd-a9f73267108a-5_user

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Encontrado : HKCU\Software\AppDataLow\Software\Crossrider

Chave Encontrado : HKCU\Software\AppDataLow\Software\DynConIE

Chave Encontrado : HKCU\Software\BoBrowser

Chave Encontrado : HKCU\Software\GlobalUpdate

Chave Encontrado : HKCU\Software\InstalledBrowserExtensions

Chave Encontrado : HKCU\Software\Mozilla\Extends

Chave Encontrado : HKCU\Software\TutoTag

Chave Encontrado : [x64] HKCU\Software\BoBrowser

Chave Encontrado : [x64] HKCU\Software\GlobalUpdate

Chave Encontrado : [x64] HKCU\Software\InstalledBrowserExtensions

Chave Encontrado : [x64] HKCU\Software\TutoTag

Chave Encontrado : HKLM\SOFTWARE\Clara

Chave Encontrado : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Chave Encontrado : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Chave Encontrado : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Chave Encontrado : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Chave Encontrado : HKLM\SOFTWARE\InstalledBrowserExtensions

Chave Encontrado : HKLM\SOFTWARE\mystartsearchSoftware

Chave Encontrado : HKLM\SOFTWARE\supWindowsMangerProtect

Chave Encontrado : HKLM\SOFTWARE\Tutorials

Chave Encontrado : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect

Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Chave Encontrado : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

Dados Encontrado : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1421329033&from=slbnew&uid=ST500LM012XHN-M500MBB_S2SKJ5DCB01445

Valor Encontrado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]

Valor Encontrado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16575

Configuração Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1421329033&from=slbnew&uid=ST500LM012XHN-M500MBB_S2SKJ5DCB01445&q={searchTerms}

Configuração Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1421329033&from=slbnew&uid=ST500LM012XHN-M500MBB_S2SKJ5DCB01445&q={searchTerms}

Configuração Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1421329033&from=slbnew&uid=ST500LM012XHN-M500MBB_S2SKJ5DCB01445&q={searchTerms}

Configuração Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1421329033&from=slbnew&uid=ST500LM012XHN-M500MBB_S2SKJ5DCB01445&q={searchTerms}

-\\ Mozilla Firefox v36.0.4 (x86 pt-BR)

-\\ Google Chrome v41.0.2272.101

*************************

AdwCleaner[R0].txt - [4553 bytes] - [29/03/2015 18:51:21]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4612 bytes] ##########

=========================================================================================

Relatório: JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.7 (03.28.2015:1)

OS: Windows 7 Ultimate x64

Ran by User on 29/03/2015 at 19:05:38,42

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu security"

~~~ FireFox

Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\v9jddqhj.default-1421442021546\minidumps [4 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 29/03/2015 at 19:17:29,21

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[karoline ferreira 0]

Olá Caedurodrigues..

Segue o relatório executado a partir da área de trabalho.

 

 

# AdwCleaner v4.200 - Arquivo de log criado 30/03/2015 às 00:36:23

# Atualizado 29/03/2015 por Xplode

# Base de dados : 2015-03-29.1 [servidor]

# Sistema operacional : Windows 7 Ultimate (x64)

# Usuário : User - USER-PC

# Executando de : C:\Users\User\Downloads\adwcleaner_4.200.exe

# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

***** [ Tarefas agendadas ] *****

***** [ Atalhos ] *****

***** [ Registro ] *****

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16575

-\\ Mozilla Firefox v36.0.4 (x86 pt-BR)

-\\ Google Chrome v41.0.2272.101

*************************

AdwCleaner[R0].txt - [4731 bytes] - [29/03/2015 18:51:21]

AdwCleaner[R1].txt - [920 bytes] - [30/03/2015 00:23:22]

AdwCleaner[R2].txt - [1036 bytes] - [30/03/2015 00:34:30]

AdwCleaner[s0].txt - [3806 bytes] - [29/03/2015 18:59:08]

AdwCleaner[s1].txt - [976 bytes] - [30/03/2015 00:31:39]

AdwCleaner[s2].txt - [956 bytes] - [30/03/2015 00:36:23]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1014 bytes] ##########

[karoline ferreira 0]

Bom dia CaeduRodrigues.

Relatorio que vocês esta pedindo.

 

# AdwCleaner v4.200 - Arquivo de log criado 29/03/2015 às 18:59:08

# Atualizado 29/03/2015 por Xplode

# Base de dados : 2015-03-29.1 [servidor]

# Sistema operacional : Windows 7 Ultimate (x64)

# Usuário : User - USER-PC

# Executando de : C:\Users\User\Downloads\adwcleaner_4.200.exe

# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Excluído : WindowsMangerProtect

***** [ Arquivos / Pastas ] *****

[!] Pasta Excluído : C:\ProgramData\baidu

[!] Pasta Excluído : C:\ProgramData\WindowsMangerProtect

[!] Pasta Excluído : C:\Program Files (x86)\globalUpdate

[!] Pasta Excluído : C:\Program Files (x86)\predm

[!] Pasta Excluído : C:\Users\User\AppData\Local\globalUpdate

Arquivo Excluído : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml

***** [ Tarefas agendadas ] *****

Tarefa Apagado : PostPoneInstall

Tarefa Apagado : Run_Bobby_Browser

Tarefa Apagado : 10a8c395-834e-462f-aafd-a9f73267108a-2

Tarefa Apagado : 10a8c395-834e-462f-aafd-a9f73267108a-5

Tarefa Apagado : 10a8c395-834e-462f-aafd-a9f73267108a-5_user

***** [ Atalhos ] *****

***** [ Registro ] *****

Valor Apagado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]

Valor Apagado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]

Chave Apagado : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect

Chave Apagado : HKCU\Software\Mozilla\Extends

Chave Apagado : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Chave Apagado : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Chave Apagado : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Dados Restaurado : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command

Chave Apagado : HKCU\Software\GlobalUpdate

Chave Apagado : HKCU\Software\InstalledBrowserExtensions

Chave Apagado : HKCU\Software\TutoTag

Chave Apagado : HKCU\Software\BoBrowser

Chave Apagado : HKCU\Software\AppDataLow\Software\Crossrider

Chave Apagado : HKCU\Software\AppDataLow\Software\DynConIE

Chave Apagado : HKLM\SOFTWARE\InstalledBrowserExtensions

Chave Apagado : HKLM\SOFTWARE\supWindowsMangerProtect

Chave Apagado : HKLM\SOFTWARE\Tutorials

Chave Apagado : HKLM\SOFTWARE\Clara

Chave Apagado : HKLM\SOFTWARE\mystartsearchSoftware

Chave Apagado : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16575

Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

Configuração Restaurado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Configuração Restaurado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

-\\ Mozilla Firefox v36.0.4 (x86 pt-BR)

-\\ Google Chrome v41.0.2272.101

*************************

AdwCleaner[R0].txt - [4731 bytes] - [29/03/2015 18:51:21]

AdwCleaner[s0].txt - [3643 bytes] - [29/03/2015 18:59:08]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3702 bytes] ##########

[karoline ferreira 0]

Boa Noite Caedurodrigues.

 

o poste ZHPDiag.

http://www.cjoint.com/15ma/ECFdDzAB8L5.htm

 

 

Abraço!

[karoline ferreira 0]

Boa Noite CaeduRodrigues!

 

Segue o relatório ZHPFix.

 

 

 

Rapport de ZHPFix 2015.3.18.4 par Nicolas Coolman, Update du 18/03/2015

Fichier d'export Registre :

Run by User at 31/03/2015 18:41:18

High Elevated Privileges : OK

Windows 7 Ultimate Edition, 64-bit (Build 7600)

Reciclagem vazia (00mn 30s)

Prefetcher vazio

========== Processo memória ==========

ELIMINA REINICIAR: Memory Process: C:\Windows\AutoKMS.exe

========== Chaves do Registo ==========

ELIMINÉ: HKCU\Software\AppDataLow\Software\GenericAddon

ELIMINÉ: HKCU\Software\Baidu Security

ELIMINÉ:³ HKLM\Software\Baidu Security

ELIMINÉ:³ HKLM\Software\Wow6432Node\Baidu Security

ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos

ELIMINÉ:³ HKLM\Software\Wow6432Node\DownloaderAssistant

ELIMINÉ:³ HKLM\Software\Classes\AppID\secman.DLL

========== Valores do Registo ==========

Ausente Valor Perfil Padrão: FirewallRaz :

Ausente Valor Perfil Domínio FirewallRaz :

Nenhum valor presente na chave de exceções do registo (FirewallRaz)

========== Pastas ==========

Nenhuma pasta CLSID local utilizador vazia

ELIMINÉ Temporários windows (38)

ELIMINÉ Flash Cookies (0)

========== Ficheiros ==========

ELIMINA REINICIAR: c:\windows\tasks\hvwvgl.job

ELIMINA REINICIAR: c:\windows\tasks\yqkqqn.job

ELIMINÉ Temporários windows (54) (6.994.709 octets)

ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========

ELIMINÉ: HVWVGL

ELIMINÉ: HVWVGL

ELIMINÉ: TP

ELIMINÉ: TP

ELIMINÉ: YQKQQN

ELIMINÉ: YQKQQN

ELIMINÉ: {619DEAE9-95EA-438B-BBB2-537B5B4EED3B}

========== Restauração Sistema ==========

Nenhum ponto de restauro do sistema foi criado

========== Recapitulativo ==========

1 : Processo memória

7 : Chaves do Registo

3 : Valores do Registo

3 : Pastas

4 : Ficheiros

7 : Tarefa planificada

1 : Restauração Sistema

End of clean in 01mn 11s

========== Caminho do ficheiro do relatório ==========

C:\Users\User\AppData\Roaming\ZHP\ZHPFix[R1].txt - 31/03/2015 18:41:48 [1875]

[karoline ferreira 0]

Boa Noite CaeduRodrigues!

O meu Pc esta travando muito quando vou utilizar internet, as paginas ficam travando no caso do Chrome ainda esta direcionando para web sites maliciosos, já pelo mozilla travando demais.

 

Segue abaixo o Anexo Zoek.

 

 

Zoek.exe v5.0.0.0 Updated 02-April-2015

Tool run by User on 03/04/2015 at 18:34:27,69.

Microsoft Windows 7 Ultimate 6.1.7600 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\User\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

03/04/2015 18:41:29 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Users\User\AppData\Roaming\PhotoScape deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3801029790-2799878285-4124920567-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12D3EA3E-71AF-4857-9265-50E559DFA62C} deleted successfully

HKEY_USERS\S-1-5-21-3801029790-2799878285-4124920567-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3C59C46A-4191-4168-9EFA-26443148D29} deleted successfully

HKEY_USERS\S-1-5-21-3801029790-2799878285-4124920567-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88DE8D99-470F-43B8-A247-9247116451E6} deleted successfully

HKEY_USERS\S-1-5-21-3801029790-2799878285-4124920567-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99C26E58-4FE0-4C26-8B2D-841A7C242BCD} deleted successfully

HKEY_USERS\S-1-5-21-3801029790-2799878285-4124920567-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A5B55F7-9FDC-44EE-A7D1-88CB1FC35C4B} deleted successfully

HKEY_USERS\S-1-5-21-3801029790-2799878285-4124920567-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F37856E-F3AA-4368-93D1-D7E189B1B5} deleted successfully

HKEY_USERS\S-1-5-21-3801029790-2799878285-4124920567-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ECA468E-30F5-4B53-AF4F-18CDD24CCD91} deleted successfully

HKEY_USERS\S-1-5-21-3801029790-2799878285-4124920567-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F49CBAC3-E788-42C1-A049-23CF1B76C93} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Users\User\AppData\Roaming\IMVUClient deleted

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\therebels.neckel72.rar.lnk deleted

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\8A0.lnk deleted

C:\Users\User\AppData\Roaming\appdataFr2.bin deleted

C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Hotspot Shield deleted

C:\PROGRA~3\Package Cache deleted

"C:\Users\User\AppData\Roaming\HVWVGL" deleted

"C:\Windows\tasks\HVWVGL.job" deleted

"C:\Windows\SysNative\tasks\HVWVGL" deleted

"C:\Users\User\AppData\Roaming\TP" deleted

"C:\Windows\tasks\TP.job" deleted

"C:\Windows\SysNative\tasks\TP" deleted

"C:\Users\User\AppData\Roaming\YQKQQN" deleted

"C:\Windows\tasks\YQKQQN.job" deleted

"C:\Windows\SysNative\tasks\YQKQQN" deleted

"C:\PROGRA~3\{1dc232a5-b87f-c238-1dc2-232a5b87ca96}\2f52c0e4020767a6" not deleted

"C:\PROGRA~3\{1dc232a5-b87f-c238-1dc2-232a5b87ca96}\e2af66b125d38072" not deleted

"C:\PROGRA~3\{9fccf94e-f34e-fb5d-9fcc-cf94ef34e53b}\735c7d741428c34a" not deleted

"C:\PROGRA~3\{9fccf94e-f34e-fb5d-9fcc-cf94ef34e53b}\bea1db2133fc249e" not deleted

"C:\PROGRA~3\{1dc232a5-b87f-c238-1dc2-232a5b87ca96}" not deleted

"C:\PROGRA~3\{9fccf94e-f34e-fb5d-9fcc-cf94ef34e53b}" not deleted

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\User\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [27/03/2015 18:26]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 17:22]

==== Chromium Startpages ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Preferences

"startup_urls": [ "https://www.google.com.br/" ]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="https://br.search.yahoo.com/yhs/search?hspart=nzn&hsimp=yhs-bund2&p={searchTerms}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.google.com"

"Search Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.google.com"

"Search Page"="http://www.google.com"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences was reset successfully

C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences.bad was reset successfully

C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Secure Preferences was reset successfully

C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Preferences was reset successfully

C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Secure Preferences was reset successfully

C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data was reset successfully

C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Web Data was reset successfully

C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Web Data-journal was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\User\Desktop\adwcleaner_4.200 - Atalho.lnk - C:\Users\User\Downloads\adwcleaner_4.200.exe

C:\Users\User\Desktop\HiJackThis.lnk - C:\Users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\User\Desktop\JRT - Atalho.lnk - C:\Users\User\Downloads\JRT.exe

C:\Users\User\Desktop\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe

==== shortcuts in Users Start Menu ======================

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk - C:\Users\User\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Uninstall.lnk - C:\Users\User\AppData\Roaming\IMVUClient\Uninstall.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\Uninstall PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\uninstall.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies\Uninstall Kies.lnk - C:\Program Files (x86)\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe /removeonly

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.0.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk - C:\Program Files (x86)\ManyCam\ManyCam.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Program Files (x86)\Nero\Nero8\Nero Home\NeroHome.exe -ScParameter=65

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe -ScParameter=65

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory="Profile 3"

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk - C:\Windows\system32\notepad.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Welcome Center.lnk - C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\v9jddqhj.default-1421442021546\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully

C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1805 folders=49 219975036 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\User\AppData\Local\Temp will be emptied at reboot

C:\Users\USURIO~1\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\User\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~3\{1dc232a5-b87f-c238-1dc2-232a5b87ca96}\2f52c0e4020767a6" not found

"C:\PROGRA~3\{1dc232a5-b87f-c238-1dc2-232a5b87ca96}\e2af66b125d38072" not found

"C:\PROGRA~3\{9fccf94e-f34e-fb5d-9fcc-cf94ef34e53b}\735c7d741428c34a" not found

"C:\PROGRA~3\{9fccf94e-f34e-fb5d-9fcc-cf94ef34e53b}\bea1db2133fc249e" not found

"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\PROGRA~3\{1dc232a5-b87f-c238-1dc2-232a5b87ca96}" not found

"C:\PROGRA~3\{9fccf94e-f34e-fb5d-9fcc-cf94ef34e53b}" not found

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 03/04/2015 at 20:50:51,87 ======================

Abraços :)

[karoline ferreira 0]

Boa tarde CaeduRodrigues!!

 

Segue abaixo o Relatório.

 

 

~ ZHPCleaner v2015.4.3.154 by Nicolas Coolman (04/04/2015)

~ Run by User (Administrator) (04/04/2015 15:17:13)

~ Forum : http://forum.nicolascoolman.fr

~ Facebook : https://www.facebook.com/nicolascoolman1

~ State version : Version OK

~ Type : Scanner

~ Report : C:\Users\User\Desktop\ZHPCleaner.txt

~ Quarantine : C:\Users\User\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt

~ UAC : Activate

~ Boot Mode : Normal (Normal boot)

~ Windows 7, 64-bit (Build 7600)

---\\ Serviços (0)

~ Nenhum ítem malicioso foi encontrado.

---\\ Navegadores de Internet (0)

~ Nenhum ítem malicioso foi encontrado.

---\\ Arquivo hosts (1)

~ O arquivo hosts é legítimo (1)

---\\ Tarefas automáticas agendadas. (0)

~ Nenhum ítem malicioso foi encontrado.

---\\ Explorer ( Arquivos, Pastas) (2)

ENCONTRADO arquivo: C:\Program Files\Enigma Software Group\SpyHunter (PUP.EnigmaSoftware)

ENCONTRADO arquivo: C:\Program Files\Enigma Software Group (PUP.EnigmaSoftware)

---\\ Registro ( Chaves, Valores, Dados ) (5)

ENCONTRADO dados: HKCR\BaiduSparkHTML\Shell\Open\Command\\Default [bad :

 ]  (Broken.OpenCommand)

ENCONTRADO chave: [X64] HKLM\SOFTWARE\Classes\AppID\SECMAN.DLL [] (Trojan.Camec)

ENCONTRADO chave: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Techgile [] (PUP.Techgile)

ENCONTRADO chave: [X64] HKLM\SOFTWARE\Wow6432Node\DownloaderAssistant [1414873675] (PUP.Salus)

ENCONTRADO chave: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\SECMAN.DLL [] (Trojan.Camec)

---\\ Resultado de reparação

~ Eventuais reparações feita

~ Este navegador está faltando ! (Google Chrome)

~ Este navegador está faltando ! (Opera Software)

---\\ Estatísticas

~ Items scan : 65893

~ Items encontrado : 7

~ Items réparo : 0

End of clean at 15:43:46

===================

ZHPCleaner-[R]-03112014-11_08_53.txt

ZHPCleaner-[R]-03112014-11_20_35.txt

ZHPCleaner-[s]-03112014-11_15_06.txt

ZHPCleaner-[s]-04042015-15_43_46.txt

Abraços ^_^

[karoline ferreira 0]

Boa Noite CaeduRodrigues!Segue

abaixo o relatório.

 

~ ZHPCleaner v2015.4.4.155 by Nicolas Coolman (04/04/2015)

~ Run by User (Administrator) (04/04/2015 20:22:46)

~ Forum : http://forum.nicolascoolman.fr

~ Facebook : https://www.facebook.com/nicolascoolman1

~ State version : Version OK

~ Type : Reparo

~ Report : C:\Users\User\Desktop\ZHPCleaner.txt

~ Quarantine : C:\Users\User\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt

~ UAC : Activate

~ Boot Mode : Normal (Normal boot)

~ Windows 7, 64-bit (Build 7600)

---\\ Serviços (0)

~ Nenhum ítem malicioso foi encontrado.

---\\ Navegadores de Internet (0)

~ Nenhum ítem malicioso foi encontrado.

---\\ Arquivo hosts (1)

~ O arquivo hosts é legítimo (1)

---\\ Tarefas automáticas agendadas. (0)

~ Nenhum ítem malicioso foi encontrado.

---\\ Explorer ( Arquivos, Pastas) (2)

MOVIDO arquivo: C:\Program Files\Enigma Software Group\SpyHunter (PUP.EnigmaSoftware)

MOVIDO arquivo: C:\Program Files\Enigma Software Group (PUP.EnigmaSoftware)

---\\ Registro ( Chaves, Valores, Dados ) (4)

SUPRIMIDO dados: HKCR\BaiduSparkHTML\Shell\Open\Command\\Default [bad :

 ]  (Broken.OpenCommand)

SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\AppID\SECMAN.DLL [] (Trojan.Camec)

SUPRIMIDO chave*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Techgile [] (PUP.Techgile)

SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\DownloaderAssistant [1414873675] (PUP.Salus)

---\\ Resultado de reparação

~ Reparação efectuada com sucesso

~ Este navegador está faltando ! (Google Chrome)

~ Este navegador está faltando ! (Opera Software)

---\\ Estatísticas

~ Items scan : 65949

~ Items encontrado : 0

~ Items réparo : 6

End of clean at 20:51:05

===================

ZHPCleaner-[R]-03112014-11_08_53.txt

ZHPCleaner-[R]-03112014-11_20_35.txt

ZHPCleaner-[R]-04042015-20_51_05.txt

ZHPCleaner-[s]-03112014-11_15_06.txt

ZHPCleaner-[s]-04042015-15_43_46.txt

[karoline ferreira 0]

Boa tarde CaeduRodrigues!

Segue o links a abaixo :

 

FRST:

http://www.cjoint.com/15av/EDftVjAphXc.htm

 

Addition:

http://www.cjoint.com/15av/EDftYYaRTBv.htm

 

Abraços :thumbsup:

[karoline ferreira 0]

Boa Noite CaeduRodrigues!

 

Depois que instalei de novo o chrome não fui mais direcionada para outras paginas maliciosas, o mozila está funiconando bem sem travar, os navegadores estão funcionando bem melhor.

 

Segue abaixo o Fixlog :

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015

Ran by User at 2015-04-05 20:41:06 Run:2

Running from C:\Users\User\Desktop

Loaded Profiles: User (Available profiles: User)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

start

CreateRestorePoint:

CloseProcesses:

HKLM-x32\...\Run: [gmsd_br_90] => [X]

HKU\S-1-5-21-3801029790-2799878285-4124920567-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...q={searchTerms}

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2015-03-21]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2015-03-21]

S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]

S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil64.sys [X]

C:\Users\User\AppData\Local\Temp\InstallIMVU_518.0.exe

C:\Users\User\AppData\Local\Temp\SkypeSetup.exe

Task: {074A3D2C-68C1-40DF-ADD6-180FF33519FA} - \YQKQQN No Task File <==== ATTENTION

Task: {A435A8F4-4F42-4AB0-9AB4-BE750EDCC109} - \TP No Task File <==== ATTENTION

Task: {B26FFDF1-6A79-420A-9745-DD452CC7C830} - \HVWVGL No Task File <==== ATTENTION

Task: {B7EA9B4B-593F-4BC0-B0F2-C63CC2AC8D2C} - System32\Tasks\{619DEAE9-95EA-438B-BBB2-537B5B4EED3B} => pcalua.exe -a C:\Users\User\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=tugs <==== ATTENTION

CMD: bitsadmin /reset /allusers

CMD: ipconfig /flushdns

EmptyTemp:

end

*****************

Restore point was successfully created.

Processes closed successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_br_90 => value deleted successfully.

HKU\S-1-5-21-3801029790-2799878285-4124920567-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKU\S-1-5-21-3801029790-2799878285-4124920567-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully.

"HKU\S-1-5-21-3801029790-2799878285-4124920567-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Web" => Key deleted successfully.

HKCR\CLSID\Web => Key not found.

"HKU\S-1-5-21-3801029790-2799878285-4124920567-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.

HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => Key not found.

C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml => Moved successfully.

C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml => Moved successfully.

BprotectEx => Service deleted successfully.

PCFApiUtil => Service deleted successfully.

C:\Users\User\AppData\Local\Temp\InstallIMVU_518.0.exe => Moved successfully.

C:\Users\User\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{074A3D2C-68C1-40DF-ADD6-180FF33519FA}" => Key Deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{074A3D2C-68C1-40DF-ADD6-180FF33519FA}" => Key Deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YQKQQN" => Key Deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A435A8F4-4F42-4AB0-9AB4-BE750EDCC109}" => Key Deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A435A8F4-4F42-4AB0-9AB4-BE750EDCC109}" => Key Deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TP" => Key Deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B26FFDF1-6A79-420A-9745-DD452CC7C830}" => Key Deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B26FFDF1-6A79-420A-9745-DD452CC7C830}" => Key Deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HVWVGL" => Key Deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7EA9B4B-593F-4BC0-B0F2-C63CC2AC8D2C}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7EA9B4B-593F-4BC0-B0F2-C63CC2AC8D2C}" => Key deleted successfully.

C:\Windows\System32\Tasks\{619DEAE9-95EA-438B-BBB2-537B5B4EED3B} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{619DEAE9-95EA-438B-BBB2-537B5B4EED3B}" => Key deleted successfully.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7600 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {A7C82243-8906-435D-9086-5ACFEC3CDF02}.

0 out of 1 jobs canceled.

========= End of CMD: =========

========= ipconfig /flushdns =========

Configura��o de IP do Windows

Libera��o do Cache do DNS Resolver bem-sucedida.

========= End of CMD: =========

EmptyTemp: => Removed 20.2 MB temporary data.

The system needed a reboot.

==== End of Fixlog 20:42:38 ====

Abraços :bye:

[karoline ferreira 0]

Boa Noite CaeduRodrigues!!

 

Hoje aconteceu uma coisa que nunca tinha acontecido no PC, ele travou totalmente e ficou uma tela branca transparente como tivesse carregando, mas naõ destravou de jeito nenhum, desliguei o pc de maneira errada.

 

Segue embaixo o Log Checkup:

 

 

Results of screen317's Security Check version 0.99.99

Windows 7 x64 (UAC is enabled)

Out of date service pack!!

Internet Explorer 11

``````````````Antivirus/Firewall Check:``````````````

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Adobe Flash Player 16.0.0.305 Flash Player out of Date!

Mozilla Firefox (37.0.1)

Google Chrome (41.0.2272.118)

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: =

````````````````````End of Log``````````````````````

Abraços :flores:

[karoline ferreira 0]

Boa Noite CaeduRodrigues!

 

Segue abaixo o log ESET:

 

 

 

C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir a variant of Win32/ELEX.BH potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\zoek_backup\C_Users_User_AppData_Roaming_HUQXD.exe.vir a variant of Win32/Toolbar.CrossRider.AX potentially unwanted application deleted - quarantined

C:\FRST\Quarantine\C\zoek_backup\C_Users_User_AppData_Roaming_QNPUPZN.exe.vir a variant of Win32/Toolbar.CrossRider.AX potentially unwanted application deleted - quarantined

C:\Users\User\AppData\Roaming\ZHP\Quarantine\autokms.exe.VIR a variant of MSIL/HackKMS.A potentially unsafe application deleted - quarantined

C:\Users\User\Desktop\PACOTE\driver_booster_setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined

C:\Users\User\Desktop\PACOTE\FoxitReader502.0718_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined

C:\Users\User\Desktop\PACOTE\Nero\Nero-8.1.1.4_ptb_trial.exe Win32/Toolbar.AskSBar potentially unwanted application deleted - quarantined

C:\Users\User\Desktop\PACOTE\Office 2010\Ativador Office 2010\Ativador.exe a variant of MSIL/HackKMS.A potentially unsafe application deleted - quarantined

C:\Windows\AutoKMS.exe a variant of MSIL/HackKMS.A potentially unsafe application deleted - quarantined

C:\zoek_backup\C_Users_User_AppData_Roaming_HVWVGL.vir JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined

C:\zoek_backup\C_Users_User_AppData_Roaming_TP.vir JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined

C:\zoek_backup\C_Users_User_AppData_Roaming_YQKQQN.vir JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined

C:\zoek_backup\C_PROGRA~3_{1dc232a5-b87f-c238-1dc2-232a5b87ca96}\therebels.neckel72.rar.exe a variant of Win32/Adware.MultiPlug.GD application cleaned by deleting - quarantined

C:\zoek_backup\C_PROGRA~3_{9fccf94e-f34e-fb5d-9fcc-cf94ef34e53b}\8A0.exe a variant of Win32/Adware.MultiPlug.GD application cleaned by deleting - quarantined

Abraços :joia:

[karoline ferreira 0]

Boa Noite CaeduRodrigues!

 

Esta bem melhor sim, muito obrigada pela ajuda!

 

Segue abaixo o relatório:

 

# DelFix v10.9 - Relatório criado 14/04/2015 às 19:51:43

# Atualizado 27/02/2015 por Xplode

# Usuário : User - USER-PC

# Sistema Operacional : Windows 7 Ultimate (64 bits)

~ Removendo ferramentas de desinfecção ...

Removido : C:\FRST

Removido : C:\zoek_backup

Removido : C:\AdwCleaner

Removido : C:\Program Files (x86)\ZHPDiag

Removido : C:\Program Files (x86)\Trend Micro\Hijackthis

Removido : C:\PhysicalDisk0_MBR.bin

Removido : C:\zoek-results.log

Removido : C:\Users\User\Desktop\Addition.txt

Removido : C:\Users\User\Desktop\adwcleaner_4.200 - Atalho.lnk

Removido : C:\Users\User\Desktop\esetsmartinstaller_enu.exe

Removido : C:\Users\User\Desktop\Fixlog.txt

Removido : C:\Users\User\Desktop\FRST.txt

Removido : C:\Users\User\Desktop\FRST64.exe

Removido : C:\Users\User\Desktop\JRT - Atalho.lnk

Removido : C:\Users\User\Desktop\JRT.txt

Removido : C:\Users\User\Desktop\HiJackThis.lnk

Removido : C:\Users\User\Desktop\hijackthis.log

Removido : C:\Users\User\Desktop\SecurityCheck.exe

Removido : C:\Users\User\Desktop\ZHPCleaner.exe

Removido : C:\Users\User\Desktop\ZHPCleaner.lnk

Removido : C:\Users\User\Desktop\ZHPCleaner.txt

Removido : C:\Users\User\Desktop\ZHPDiag.txt

Removido : C:\Users\User\Desktop\ZHPFixReport.txt

Removido : C:\Users\User\Desktop\zoek.exe

Removido : C:\Users\User\Downloads\adwcleaner_4.200.exe

Removido : C:\Users\User\Downloads\JRT.exe

Removido : C:\Users\User\Downloads\HijackThis.msi

Removido : HKLM\SOFTWARE\AdwCleaner

Removido : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Criando backup do registro ... OK

~ Limpando pontos da restauração do sistema ...

Novo ponto de restauração criado !

~ Redefinindo configurações do sistema ... OK

########## - EOF - ##########

Abraços :joia: