[Arquivado] Notebook Lento CPU 100%

EMD · Julho 24, 2015

Olá pessoal.

Parabéns pela iniciativa.

Faz um tempo que acompanho os foruns, mas só agora decidi participar.

Tenho um AMD Athlon dual core x2 ql 62 2 Ghz

1.75 RAM

Win 7 Professional 32 bits

Sei que não é lá estas coisas, mas não era pra estar consumindo tanta memória "injustificadamente"

As vezes só ficar ligado ou apenas abrir o navegador vai pra 100% de CPU e chega a 98, 99º

Segue alguns logs que fiz ontem:

# AdwCleaner v4.208 - Relatório criado 22/07/2015 às 19:01:02

# Atualizado 09/07/2015 por Xplode

# Base de dados : 2015-07-15.1 [servidor]

# Sistema operacional : Windows 7 Professional Service Pack 1 (x86)

# Usuário : Jana - JANA-PC

# Executando de : C:\Users\Jana\Desktop\adwcleaner_4.208.exe

# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

***** [ Tarefas agendadas ] *****

***** [ Atalhos ] *****

***** [ Registro ] *****

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16421

-\\ Mozilla Firefox v38.0.1 (x86 pt-BR)

-\\ Google Chrome v

[C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Apagado [search Provider] : hxxp://br.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [8527 bytes] - [26/05/2015 17:05:20]

AdwCleaner[R1].txt - [1001 bytes] - [22/07/2015 18:42:15]

AdwCleaner[R2].txt - [1064 bytes] - [22/07/2015 18:45:09]

AdwCleaner[R3].txt - [1239 bytes] - [22/07/2015 18:59:33]

AdwCleaner[s0].txt - [8348 bytes] - [26/05/2015 17:24:47]

AdwCleaner[s1].txt - [1119 bytes] - [22/07/2015 18:56:12]

AdwCleaner[s2].txt - [1155 bytes] - [22/07/2015 19:01:02]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1214 bytes] ##########

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 19:12:29, on 22/07/2015

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

CHROME: 43.0.2357.81

FIREFOX: 38.0.1 (x86 pt-BR)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

C:\Program Files\Hotkey\Hotkey.exe

C:\Users\Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Jana\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Jana\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-18\..\Run: [MotoCast] "C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk" (User 'SISTEMA')

O4 - HKUS\.DEFAULT\..\Run: [MotoCast] "C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk" (User 'Default user')

O4 - Startup: Dropbox.lnk = Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: Hotkey.lnk = C:\Program Files\Hotkey\Hotkey.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Motorola Mobility LLC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: PowerBiosServer - Unknown owner - C:\Program Files\Hotkey\PowerBiosServer.exe

O23 - Service: PST Service - Motorola - C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--

End of file - 5298 bytes

~ Relatório do ZHPDiag v2015.4.6.36 - Nicolas Coolman (29/03/2015)

~ Iniciado por Jana (22/07/2015 19:18:12)

~ Facebook : https://www.facebook.com/nicolascoolman1

~ Endereço do Webforum : http://forum.nicolascoolman.fr

~ Tradução pelo utilizador

~ Estatuto da versão : Nova Versão disponivel

~ Lista Branca : Ativado pelo programa

~ Elevação dos Privilégios : OK

~ Controle de Conta de Utilizador : Deactivate by user

---\\ Navegadores Internet

MSIE: Internet Explorer v9.0.8112.16421

MFIE: Mozilla Firefox 38.0.1

GCIE: Google Chrome v43.0.2357.81 (Defaut)

---\\ Informações sobre os produtos Windows

~ Langage: Portugais

Windows Server License Manager Script : OK

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)

---\\ Softwares de proteçao do sistema

Malwarebytes Anti-Malware versão 2.1.8.1057

Microsoft Security Essentials v1.0.2498.0

ESET Online Scanner v3

Windows Defender W7 (Deactivate)

---\\ Softwares d'optimização do sistema

CCleaner v4.15

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares

Adobe Flash Player 18 NPAPI

---\\ Informações sobre o sistema

~ Processor: x86 Family 17 Model 3 Stepping 1, AuthenticAMD

~ Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 1790 MB (26% free)

System Restore: Activé (Enable)

System drive C: has 9 GB (11%) free of 78 GB

---\\ Modo de conexão ao sistema

~ Computer Name: JANA-PC

~ User Name: Jana

~ All Users Names: Jana, HomeGroupUser$, Convidado, Administrador,

~ Unselected Option: 045,061,O62,065,066,080,O82,089

Logged in as Administrator

---\\ As variáveis de ambiente

~ System Unit : C:\

~ %AppZHP% : C:\Users\Jana\AppData\Roaming\ZHP\

~ %AppData% : C:\Users\Jana\AppData\Roaming\

~ %Desktop% : C:\Users\Jana\Desktop\

~ %Favorites% : D:\Jana\Favorites\

~ %LocalAppData% : C:\Users\Jana\AppData\Local\

~ %StartMenu% : C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos

C: Hard drive, Flash drive, Thumb drive (Free 9 Go of 78 Go)

D: Hard drive, Flash drive, Thumb drive (Free 219 Go of 388 Go)

E: CD-ROM drive (Free 0 Go of 1 Go)

---\\ Estado do Centro de Segurança do Windows

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date

~ Security Center: 43 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos

[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]

[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]

[MD5.44465367256D1C72B58F5ABAA19E7016] - (.Microsoft Corporation - Internet Extensions para Win32.) (.27/02/2012 - 22:11:07.) -- C:\Windows\System32\wininet.dll [1127424]

[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 03:17:56.) -- C:\Windows\System32\Winlogon.exe [286720]

[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 03:21:26.) -- C:\Windows\System32\sppcomapi.dll [193536]

[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]

[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]

[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]

[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.19/11/2010 - 23:38:12.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]

[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.19/11/2010 - 23:42:34.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]

[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 00:59:30.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]

[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]

[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]

[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]

[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.19/11/2010 - 23:39:46.) -- C:\Windows\system32\Drivers\netBT.sys [187904]

[MD5.81189C3D7763838E55C397759D49007A] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.11/03/2011 - 02:39:00.) -- C:\Windows\system32\Drivers\ntfs.sys [1211264]

[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]

[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]

[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 01:24:48.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]

[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]

[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.19/11/2010 - 23:39:18.) -- C:\Windows\system32\Drivers\tdx.sys [74752]

[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 03:30:18.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]

~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)

~ Mes images (My Pictures) : 2/123

~ Mes musiques (My Musics) : 4/89

~ Mes Favoris (My Favorites) : 1/22

~ Mes Documents (My Documents) : 4/67

~ Mon Bureau (My Desktop) : 2/6491

~ Menu demarrer (Programs) : 1/40

~ Hidden Files: Scanned in 00mn 06s

---\\ Processos lançados

[MD5.7E4963EE16B0436D38D15879830651F6] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1697064] [PID.2904]

[MD5.4BA2F5C784915385254DA091510B97F5] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.2952]

[MD5.D91F16AA4A6ED9FE00D1BF99D224932C] - (.Motorola Mobility LLC - MotoHelperAgent.) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe [694584] [PID.2988]

[MD5.25D3D9FDFAB47460852DF3DEAB5AF6EA] - (.No owner - HotKey.) -- C:\Program Files\Hotkey\Hotkey.exe [2553856] [PID.3048]

[MD5.820087CDD437E0307D94BF1E05B49422] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe [43871968] [PID.3060]

[MD5.072678E0D68E9C3A7960328671134C7B] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [54240] [PID.2452]

[MD5.ABFF2B3A80AA5348BE5E43EFD6B415D1] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe [6554424] [PID.3044]

[MD5.C4EF32C1C0473392EF4204890AF8E457] - (.Google Inc. - Google Chrome.) -- C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe [813896] [PID.1248]

[MD5.E96DD1ABAC2BE889CF521EA2192BFD1D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8196608] [PID.3340]

~ Processes Running: Scanned in 00mn 01s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)

C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Pasta de extensão do Google Chrome

~ Google Lines Browser: 5 Legitimates Filtered in 00mn 00s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)

P2 - FPN: [HKCU] [@octoshape.com/Octoshape Streaming Services,version=1.0] - (.Octoshape ApS - Octoshape embedded video plugin.) -- C:\Users\Jana\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll

~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)

~ Le fichier hôte est sain (The hosts file is clean) (22)

~ Hosts File: Scanned in 00mn 00s

---\\ Outras conexões do utilizador (04)

O4 - GS\Desktop [Jana]: uTorrentPortable - Atalho.lnk . (.PortableApps.com - uTorrent Portable (PortableApps.com Launche.) -- D:\Jana\Downloads\uTorrentPortable\uTorrentPortable.exe =>P2P.µTorrent

O4 - GS\Desktop [Jana]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Jana\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

~ Global Startup: 2 Legitimates Filtered in 00mn 04s

---\\ Aplicações iniciadas por registo & pastas (04)

O4 - HKLM\..\Run: [synTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKCU\..\Run: [Dropbox Update] . (.Dropbox, Inc. - Dropbox Update.) -- C:\Users\Jana\AppData\Local\Dropbox\Update\DropboxUpdate.exe

O4 - HKUS\.DEFAULT\..\Run: [MotoCast] . (...) -- C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk

O4 - HKUS\S-1-5-18\..\Run: [MotoCast] . (...) -- C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

O4 - HKUS\S-1-5-21-2879642822-4171143380-2997861222-1000\..\Run: [Dropbox Update] . (.Dropbox, Inc. - Dropbox Update.) -- C:\Users\Jana\AppData\Local\Dropbox\Update\DropboxUpdate.exe

~ Application: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)

O17 - HKLM\System\CCS\Services\Tcpip\..\{9F2D5156-C6EE-4973-A77B-6C6F83D3B644}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{A9F12E76-4C0B-4278-A8C1-091F399C7BE9}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{9F2D5156-C6EE-4973-A77B-6C6F83D3B644}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{A9F12E76-4C0B-4278-A8C1-091F399C7BE9}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{9F2D5156-C6EE-4973-A77B-6C6F83D3B644}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{A9F12E76-4C0B-4278-A8C1-091F399C7BE9}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)

O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation

O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation

~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)

O23 - Service: (PowerBiosServer) . (.No owner - PowerBiosServer.) - C:\Program Files\Hotkey\PowerBiosServer.exe

~ Services: 8 Legitimates Filtered in 00mn 07s

---\\ Tarefas planificadas automaticamente (039)

[MD5.7C6D524C78A1722AD987B9E47AC1FEE2] [APT] [DropboxUpdateTaskUserS-1-5-21-2879642822-4171143380-2997861222-1000Core] (.Dropbox, Inc..) -- C:\Users\Jana\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512]

[MD5.7C6D524C78A1722AD987B9E47AC1FEE2] [APT] [DropboxUpdateTaskUserS-1-5-21-2879642822-4171143380-2997861222-1000UA] (.Dropbox, Inc..) -- C:\Users\Jana\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512]

[MD5.860BEFC83B54E2ED11C075392CD685C9] [APT] [MotoCast Update] (...) -- C:\Program Files\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [182640]

[MD5.3102F06AE7F530BA7A1ED79E1CF5A03D] [APT] [Motorola Device Manager Engine] (...) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [196504]

[MD5.3102F06AE7F530BA7A1ED79E1CF5A03D] [APT] [Motorola Device Manager Initial Update] (...) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [196504]

[MD5.3102F06AE7F530BA7A1ED79E1CF5A03D] [APT] [Motorola Device Manager Update] (...) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [196504]

O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]

O39 - APT: DropboxUpdateTaskUserS-1-5-21-2879642822-4171143380-2997861222-1000Core - (.Dropbox, Inc..) -- C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2879642822-4171143380-2997861222-1000Core.job [974]

O39 - APT: DropboxUpdateTaskUserS-1-5-21-2879642822-4171143380-2997861222-1000Core - (.Dropbox, Inc..) -- C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2879642822-4171143380-2997861222-1000Core [974]

O39 - APT: DropboxUpdateTaskUserS-1-5-21-2879642822-4171143380-2997861222-1000UA - (.Dropbox, Inc..) -- C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2879642822-4171143380-2997861222-1000UA.job [1026]

O39 - APT: DropboxUpdateTaskUserS-1-5-21-2879642822-4171143380-2997861222-1000UA - (.Dropbox, Inc..) -- C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2879642822-4171143380-2997861222-1000UA [1026]

O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2879642822-4171143380-2997861222-1000Core [1022]

O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2879642822-4171143380-2997861222-1000UA [1074]

~ Scheduled Task: 15 Legitimates Filtered in 00mn 05s

---\\ Software instalados (042)

O42 - Logiciel: AMR Player 1.3 - (.www.amrplayer.com.) [HKLM] -- {2F881B56-CBDF-4EC6-A8D2-6412A879C66A}_is1

O42 - Logiciel: USB Debugging Driver - (.Invisibility Ltd.) [HKLM] -- {B61F9010-3474-11E4-8C21-0800200C9A66}

~ Logic: 17 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys

[HKCU\Software\GbAs]

[HKCU\Software\bioPDF]

[HKLM\Software\WafCX]

[HKLM\Software\a]

[HKLM\Software\bioPDF]

~ Key Software: 216 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 05/04/2013 - 09:57:01 - [] ----D C:\Program Files\AMR Player

O43 - CFD: 01/02/2013 - 14:22:09 - [] ----D C:\Program Files\bioPDF

O43 - CFD: 22/07/2014 - 20:41:07 - [0] ----D C:\Program Files\GUM6A17.tmp

O43 - CFD: 11/05/2015 - 15:23:05 - [] ----D C:\Program Files\Invisibility Ltd

O43 - CFD: 09/06/2012 - 09:11:49 - [] ----D C:\Program Files\LANcet Chat

O43 - CFD: 01/02/2013 - 14:22:20 - [] ----D C:\Program Files\Common Files\bioPDF

O43 - CFD: 02/11/2014 - 11:22:37 - [0] ----D C:\ProgramData\ProductData

O43 - CFD: 02/11/2014 - 11:21:21 - [0] ----D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}

O43 - CFD: 05/04/2013 - 09:57:01 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMR Player

O43 - CFD: 01/02/2013 - 14:22:22 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bioPDF

O43 - CFD: 14/07/2009 - 05:53:11 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC

O43 - CFD: 27/05/2012 - 19:10:45 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win2PDF

O43 - CFD: 11/05/2015 - 15:19:49 - [] ----D C:\Users\Jana\AppData\Roaming\JWrapper-RecordableActivator

O43 - CFD: 02/11/2014 - 11:23:47 - [] ----D C:\Users\Jana\AppData\Roaming\ProductData

O43 - CFD: 11/05/2015 - 15:19:52 - [] ----D C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RecordableActivator

~ 106 Dossier CLSID vide (CLSID Empty Folder)

~ Program Folder: 310 Legitimates Filtered in 00mn 04s

---\\ Chave do registo Shell MountPoints2 (MPSK) (O51)

O51 - MPSK:{5f12be08-8719-11e2-8f01-0090f5989709}\AutoRun\command. (...) -- F:\MotoCastSetup.exe (.not file.)

~ Keys: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)

O53 - SMSR:HKLM\...\startupreg\AirDroid 3 [Key] . (...) -- C:\Program Files\AirDroid\AirDroid.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\Wondershare Helper Compact.exe [Key] . (.Wondershare - Wondershare Studio.) -- C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

~ SMSR Keys: 6 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

~ MWPS: 16 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)

O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]

O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]

O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]

O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]

O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]

O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]

O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]

O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]

O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]

O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]

O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]

O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]

O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]

O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]

O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]

O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]

O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]

O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]

~ Drivers: 77 Legitimates Filtered in 00mn 01s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)

O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman

~ ADS: Scanned in 00mn 00s

---\\ Associações Shell Spawning (O67)

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)

~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com

O69 - SBI: SearchScopes [HKCU] {BC1071B8-DCCC-4DA8-B4D2-ED2700DBE298} [DefaultScope] - (Google) - http://www.google.com

~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)

[MD5.09B6F6FCCC35DBAFCB38CB3751FA7C2F] [sPRF][22/07/2015] (.No owner - AdwCleaner.) -- C:\Users\Jana\Desktop\adwcleaner_4.208.exe [2248704]

~ Files: 3 Legitimates Filtered in 00mn 00s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)

O87 - FAEL: "{49F96D33-2C0B-4A7F-9E4C-C6E62592F5B7}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Jana\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

O87 - FAEL: "{31C9700E-46D8-40B7-9037-FAA16869947E}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Jana\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

~ Firewall: 2 Legitimates Filtered in 00mn 02s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)

SS - | Demand 17/07/2015 268976 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

SS - | Auto 18/06/2015 1133880 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

SS - | Demand 14/05/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe

SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 07/07/2015 82128 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

SR - | Auto 18/08/2009 176128 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe

SR - | Auto 07/09/2012 87992 | (DeviceMonitorService) . (.Nero AG.) - C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe

SR - | Auto 25/03/2013 121144 | (Motorola Device Manager) . (.Motorola Mobility LLC.) - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

SR - | Auto 25/03/2010 17904 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

SR - | Auto 03/03/2010 32256 | (PowerBiosServer) . (...) - C:\Program Files\Hotkey\PowerBiosServer.exe

SR - | Auto 02/09/2011 65657 | (PST Service) . (.Motorola.) - C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe

SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 25s

---\\ Scâner Aditional (088)

Database Version : 13008 - (29/03/2015)

Clés trouvées (Keys found) : 0

Valeurs trouvées (Values found) : 2

Dossiers trouvés (Folders found) : 0

Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 227384 Items scanned in 00mn 42s

---\\ Informações complémentaires do módulos

~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Gestão do Proxy (R5)

~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Aplicações iniciadas por registo & pastas (04)

~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Chave do registo Shell MountPoints2 (MPSK) (O51)

~ AMI: 3 Legitimates Filtered in 00mn 00s

~ 834 Legitimates filtered by white list

End of the scan (394 lines in 02mn 23s)(0.6)

Grato

Eduardo

DigRam · Julho 27, 2015

/!\ Bom Dia! EMD /!\

> Aparentemente,não há malwares em potencial ocasionando este sintoma que reclamas.

> Baixe: <

SFTGC > ( ... de Pierre13 )

> Tendo dificuldades no download,utilize o navegador Internet Explorer.

> Salve-o no desktop!

> Para Windows Vista e 7,execute "SFTGC.exe" como administrador!

> Execute-o e clique "Go".

> Aguarde seu término,que é rápido.

> Poste o relatório! ( SFT.txt )

> Ps: De acordo com o tamanho do relatório,não poste-o diretamente!

> Acesse,para esta tarefa! <

>

> Baixe: < ZHPFix > << Link!

> Estando na página,clique: "Télécharger"

> Salve-o no desktop!

> Execute este script na ferramenta ZHPFix.

> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.

> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )

> À seguir,minimize o Bloco de Notas.

Script ZHPFix

EmptyPrefetch

EmptyClsid

EmptyFlash

EmptyTemp

FirewallRaz

ShortcutFix

HiddenFix