Ertel

Novato
  • Content count

    25
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Ertel

  • Rank
    Novato

Contact Methods

  • ICQ
    0
  1. Boa tarde, ok Sam... Muito obrigado por sua ajuda, vou pedir para a moderação fechar o tópico já que o problema foi solucionado...
  2. Outro detalhe Sam, o PC parece ter ficado um pouco mais rápido, mas o consumo de memória continua alto... para abrir o Mozilla levou em torno de 2 min. após ter esperado o equipamento ligar e iniciar tudo com calma... Acha que pode ser por ter instalado na máquina o Win 7 Ultimate 64 Bit SP1, com um Dual Core E5300 2.60 Ghz, 2 GB de ram e dois Hds? Se não me engano a máquina foi adquirida em 2011, inseri o HD depois de um notebook para ficar de slave, é que não lembro dele ser lento assim... No "msconfig" já tinha desabilitado várias coisas também. Obrigado por sua ajuda até aqui!
  3. Bom dia Sam, quanto ao Security Chek... vou deixar no PC, vi que alguns plugins do Mozilla não habilitam o botão de atualizar depois de clicar em "Verificar atualizações dos plugins". Também deixarei instalado o Unchecky... Quanto as atualizações do Windows não conheço todas, meu Windows 7 digamos... que é diferente. Obrigado pelo suporte!
  4. Boa Tarde Sam, desculpe a demora na resposta... Percebi que o computador está melhor. Obrigado pelo suporte até aqui...
  5. Boa noite Sam, muito obrigado por sua ajuda até aqui! SecurityCheck by glax24 & Severnyj v.1.4.0.40 [21.05.16] WebSite: www.safezone.cc DateLog: 20.07.2016 21:45:14 Path starting: C:\Users\Ertel\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: Ertel VersionXML: 3.22is-20.07.2016 ___________________________________________________________________________ Windows 7(6.1.7601) Service Pack 1 (x64) Ultimate Lang: Portuguese(0416) Installation date OS: 16.10.2010 00:33:05 LicenseStatus: Windows(R) 7, Ultimate edition The machine is permanently activated. Boot Mode: Normal Default Browser: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe SystemDrive: C: FS: [NTFS] Capacity: [31.6 Gb] Used: [27.9 Gb] Free: [3.7 Gb] ------------------------------- [ Windows ] ------------------------------- Internet Explorer 10.0.9200.16798 Warning! Download Update Online installation. Last version available when Windows update is enabled throught the Internet. User Account Control enabled Notify of download and installation Date install updates: 2014-02-26 19:08:27 Windows Update (wuauserv) - The service is running Central de Segurança (wscsvc) - The service is running Registro remoto (RemoteRegistry) - The service has stopped Descoberta SSDP (SSDPSRV) - The service is running Serviços de Área de Trabalho Remota (TermService) - The service has stopped Windows Remote Management (WS-Management) (WinRM) - The service has stopped ------------------------------ [ MS Office ] ------------------------------ Microsoft Office 2007 v.12.0.6612.1000 ---------------------------- [ Antivirus_WMI ] ---------------------------- Panda Free Antivirus (enabled) ---------------------------- [ Firewall_WMI ] ----------------------------- Panda Firewall --------------------------- [ AntiSpyware_WMI ] --------------------------- Panda Free Antivirus (enabled) Windows Defender (enabled and out of date) ---------------------- [ AntiVirusFirewallInstall ] ----------------------- Panda Free Antivirus v.8.21.00 ESET Online Scanner v3 -------------------------- [ SecurityUtilities ] -------------------------- Malwarebytes Anti-Malware versão 2.2.1.1043 v.2.2.1.1043 --------------------------- [ OtherUtilities ] ---------------------------- Arquivo do WinRAR VLC media player 1.1.5 v.1.1.5 Warning! Download Update --------------------------------- [ IM ] ---------------------------------- Skype™ 7.0 v.7.0.100 Warning! Download Update ^Optional update.^ --------------------------------- [ P2P ] --------------------------------- µTorrent v.3.4.5.41712 Warning! P2P-client. -------------------------------- [ Java ] --------------------------------- JavaFX 2.1.1 v.2.1.1 Warning! This software is no longer supported. Please uninstall it and use Java SE 8 (jre-8u102-windows-i586.exe). Java 8 Update 91 v.8.0.910.14 Warning! Download Update Uninstall old version and install new one (jre-8u102-windows-i586.exe). --------------------------- [ AdobeProduction ] --------------------------- Adobe Flash Player 18 ActiveX v.18.0.0.232 Warning! Download Update Adobe Flash Player 22 NPAPI v.22.0.0.192 Warning! Download Update Adobe Shockwave Player 12.0 v.12.0.7.148 Warning! Download Update Adobe Acrobat Reader DC - Português v.15.017.20050 ------------------------------- [ Browser ] ------------------------------- Google Chrome v.51.0.2704.106 Mozilla Firefox 47.0.1 (x86 pt-BR) v.47.0.1 --------------------------- [ RunningProcess ] ---------------------------- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe v.47.0.1.6018 ------------------ [ AntivirusFirewallProcessServices ] ------------------- C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe v.4.0.0.647 Panda Protection Service (NanoServiceMain) - The service is running C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe v.4.0.0.785 Panda Product Service (PSUAService) - The service is running C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe v.4.0.0.638 Panda Devices Agent (PandaAgent) - The service is running C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe v.1.3.7.0 Windows Defender (WinDefend) - The service is running ---------------------------- [ UnwantedApps ] ----------------------------- SpyHunter v.4.1.11 Warning! Suspected demo version of anti-spyware or optimization program - scareware or badware. Uninstallation recommended. Possible you became a victim of fraud or social engineering. Skype Click to Call v.7.3.16540.9015 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems. TuneUp Utilities 2014 (pt-BR) v.14.0.1000.94 << Hidden Warning! Suspected demo version of anti-spyware or optimization program - scareware or badware. Uninstallation recommended. Possible you became a victim of fraud or social engineering. SpyHunter 4 Service (SpyHunter 4 Service) - The service has stopped ----------------------------- [ End of Log ] ------------------------------
  6. Boa noite Sam, logo abaixo está o log gerado pelo FRST64. Obrigado! Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 18-07-2016 Executado por Ertel (2016-07-18 22:26:48) Run:1 Executando a partir de C:\Users\Ertel\Desktop Perfis Carregados: Ertel (Perfis Disponíveis: Ertel) Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** start CreateRestorePoint: HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO HKU\S-1-5-21-2611119225-1588002784-2716068434-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} SearchScopes: HKU\S-1-5-21-2611119225-1588002784-2716068434-1000 -> Backup.Old.DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} FF SearchPlugin: C:\Users\Ertel\AppData\Roaming\Mozilla\Firefox\Profiles\jp6nqlrr.default\searchplugins\pesquisa-alot.xml [2012-09-03] Shortcut: C:\Users\Ertel\AppData\Local\Microsoft\Windows\GameExplorer\{1D94B407-AF94-489A-AE20-4A73033ED820}\SupportTasks\1\Suporte.lnk -> hxxp://www.ea.com/tech_support/index.html/ (Nenhum Arquivo) Shortcut: C:\Users\Ertel\AppData\Local\Microsoft\Windows\GameExplorer\{1D94B407-AF94-489A-AE20-4A73033ED820}\SupportTasks\0\Mais Jogos da Microsoft.lnk -> hxxp://www.thesims.com/us/ (Nenhum Arquivo) AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\Windows\System32:64A9B432_Bb.gbp [2] AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1434] AlternateDataStreams: C:\ProgramData\Temp:D287FACF [206] AlternateDataStreams: C:\ProgramData\Temp:D3A96964 [242] EmptyTemp: end ***************** Ponto de Restauração criado com sucesso. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => chave removido (a) com sucesso. "HKU\S-1-5-21-2611119225-1588002784-2716068434-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => chave removido (a) com sucesso. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => valor removido (a) com sucesso. HKU\S-1-5-21-2611119225-1588002784-2716068434-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => valor removido (a) com sucesso. C:\Users\Ertel\AppData\Roaming\Mozilla\Firefox\Profiles\jp6nqlrr.default\searchplugins\pesquisa-alot.xml => movido com sucesso C:\Users\Ertel\AppData\Local\Microsoft\Windows\GameExplorer\{1D94B407-AF94-489A-AE20-4A73033ED820}\SupportTasks\1\Suporte.lnk => movido com sucesso C:\Users\Ertel\AppData\Local\Microsoft\Windows\GameExplorer\{1D94B407-AF94-489A-AE20-4A73033ED820}\SupportTasks\0\Mais Jogos da Microsoft.lnk => movido com sucesso C:\Program Files (x86)\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removido (a) com sucesso.. C:\Windows\System32 => ":64A9B432_Bb.gbp" ADS removido (a) com sucesso.. C:\Windows\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso.. C:\ProgramData\Temp => ":D287FACF" ADS removido (a) com sucesso.. C:\ProgramData\Temp => ":D3A96964" ADS removido (a) com sucesso.. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5317560 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 527819 B Edge => 0 B Chrome => 1846672 B Firefox => 34285374 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 33058 B Public => 0 B ProgramData => 0 B systemprofile => 33186 B systemprofile32 => 33058 B LocalService => 33125 B NetworkService => 36183 B Ertel => 439321 B RecycleBin => 0 B EmptyTemp: => 48.6 MB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 22:27:52 ====
  7. Boa noite Sam, o que tinha em meu PC estava incompleto mesmo, anexo os dois novos logs. Obrigado! Addition.txt FRST.txt
  8. Boa tarde Sam, anexo os logs abaixo... Obrigado! Addition.txt FRST.txt
  9. Boa tarde Sam, obrigado pela ajuda até aqui. Segue o log abaixo: ZA-Scan V1.0.0.5 Updated 30-09-2015 Tool run by Ertel on 14/07/2016 at 1:00:38,82. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\Ertel\Desktop\ZA-Scan.exe Script used: C:\Users\Ertel\Desktop\zascript.txt ==== System Restore Info ====================== 14/07/2016 01:07:13 Zoek.exe System Restore Point Created Successfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\Ertel\AppData\Roaming\Mozilla\Firefox\Profiles\6712q8jt.default\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); Added to C:\Users\Ertel\AppData\Roaming\Mozilla\Firefox\Profiles\6712q8jt.default\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); Deleted from C:\Users\Ertel\AppData\Roaming\Mozilla\Firefox\Profiles\jp6nqlrr.default\prefs.js: Added to C:\Users\Ertel\AppData\Roaming\Mozilla\Firefox\Profiles\jp6nqlrr.default\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ==== Deleting Files \ Folders ====================== C:\ProgramData\Coolyou not found ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Ertel\AppData\Roaming\Mozilla\Firefox\Profiles\6712q8jt.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ProfilePath: C:\Users\Ertel\AppData\Roaming\Mozilla\Firefox\Profiles\jp6nqlrr.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\Ertel\AppData\Roaming\Mozilla\Firefox\Profiles\jp6nqlrr.default - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} ==== Firefox Plugins ====================== Profilepath: C:\Users\Ertel\AppData\Roaming\Mozilla\Firefox\Profiles\jp6nqlrr.default F3B0E300AFC94E1A775A2D935A7D384F - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll - Shockwave for Director / Shockwave for Director 05F4E9B3912EA16B04C5928758E8AA75 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll - Shockwave Flash C426F7E678D6E539041847556059D5E8 - C:\Users\Ertel\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll - Google Update ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fjgmebajmdnpikkfkjfjhnjmgedljoec - C:\ProgramData\Coolyou\fjgmebajmdnpikkfkjfjhnjmgedljoec.crx[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 17:22] Chrome Web Store Payments - Ertel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Reset Google Chrome ====================== C:\Users\Ertel\AppData\Local\Google\Chrome\User Data\Default\browsermngrpreferences was reset successfully C:\Users\Ertel\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Ertel\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully C:\Users\Ertel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Ertel\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\Ertel\Desktop\Google Chrome.lnk - C:\Users\Ertel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ertel\Desktop\IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk - C:\Users\Ertel\Desktop\IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk - C:\Users\Ertel\Desktop\IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk - C:\Users\Ertel\Desktop\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk - C:\Users\Ertel\Desktop\IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk - C:\Users\Ertel\Desktop\Rosetta Stone Version 3.lnk - C:\Windows\Installer\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}\MainIcon.exe C:\Users\Ertel\Desktop\SpyHunter.lnk - C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe C:\Users\Ertel\Desktop\uTorrent - Atalho.lnk - D:\uTorrent.exe C:\Users\Ertel\Desktop\ZHPCleaner.lnk - C:\Users\Ertel\AppData\Roaming\ZHP\ZHPCleaner.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Amcap.lnk - C:\Windows\AMCap.exe C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe C:\Users\Public\Desktop\Panda Free Antivirus.lnk - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe C:\Users\Public\Desktop\Receitanet 1.04 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Ertel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Users\Ertel\AppData\Local\Google\Chrome\Application\chrome.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_91\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_91\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus\Ajuda.lnk - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe /URL:WebHelp C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus\Ideias e soluções.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus\Panda Free Antivirus.lnk - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus\Suporte técnico on-line.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security\Panda USB Vaccine\Panda USB Vaccine.lnk - C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe /resident /shownow C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security\Panda USB Vaccine\Uninstall Panda USB Vaccine.lnk - C:\Program Files (x86)\Panda USB Vaccine\unins000.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Ertel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Ertel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 8.lnk - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe C:\Users\Ertel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\Ertel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Users\Ertel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ertel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe C:\Users\Ertel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Rosetta Stone Version 3.lnk - C:\Windows\Installer\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}\MainIcon.exe C:\Users\Ertel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6DB37A08-E4DA-6B99-3829-3A8B449E4BDD} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fjgmebajmdnpikkfkjfjhnjmgedljoec deleted successfully HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ertel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Ertel\AppData\Local\Mozilla\Firefox\Profiles\jp6nqlrr.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Ertel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Ertel\AppData\Local\Temp will be emptied at reboot C:\Users\Public\AppData\Local\temp emptied successfully C:\Users\USURIO~1\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Ertel\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 14/07/2016 at 8:44:55,00 ======================
  10. Bom dia Sam, não sei porque saiu riscado o último logo daquela minha resposta... Qualquer coisa posso anexar os "txt" as respostas. Obrigado! ZA-Scan V1.0.0.5 Updated 31-December-2015 Tool run by Ertel on 13/07/2016 at 9:14:10,40. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Ertel\Desktop\ZA-Scan.exe [Z-Analyse Scan] ==== Running Processes ====================== C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe C:\Windows\Pixart\Pac7302\Monitor.exe C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Users\Ertel\Desktop\ZA-Scan.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Users\Ertel\AppData\Local\Temp\ZAScan.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe ==== Services(whitelist) ====================== Powered by E Dev R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe R2 - [GbpSv] - Gbp Service - c:\progra~2\gbplugin\gbpsv.exe R2 - [NanoServiceMain] - Panda Protection Service - c:\program files (x86)\panda security\panda security protection\psanhost.exe R2 - [PandaAgent] - Panda Devices Agent - c:\program files (x86)\panda security\panda devices agent\agentsvc.exe R2 - [PSUAService] - Panda Product Service - c:\program files (x86)\panda security\panda security protection\psuaservice.exe R2 - [Warsaw Technology] - Warsaw Technology - c:\program files\diebold\warsaw\core.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe R3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe S2 - [gupdate] - Google Update Service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe S2 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe S3 - [aspnet_state] - Serviço de estado do ASP.NET - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [ehRecvr] - Serviço Receptor do Windows Media Center - c:\windows\ehome\ehrecvr.exe S3 - [ehSched] - Serviço Agendador do Windows Media Center - c:\windows\ehome\ehsched.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [FLEXnet Licensing Service 64] - FLEXnet Licensing Service 64 - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice64.exe S3 - [FLEXnet Licensing Service] - FLEXnet Licensing Service - c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe S3 - [gupdatem] - Serviço do Google Update (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe S3 - [Microsoft Office Groove Audit Service] - Microsoft Office Groove Audit Service - d:\office12\grooveauditservice.exe S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files (x86)\common files\microsoft shared\office12\odserv.exe S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe S3 - [PerfHost] - Host de DLL de Contador de Desempenho - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe S3 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe S4 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe S4 - [c2cautoupdatesvc] - Skype Click to Call Updater - c:\program files (x86)\skype\toolbars\autoupdate\skypec2cautoupdatesvc.exe S4 - [c2cpnrsvc] - Skype Click to Call PNR Service - c:\program files (x86)\skype\toolbars\pnrsvc\skypec2cpnrsvc.exe S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe S4 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe S4 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe S4 - [SpyHunter 4 Service] - SpyHunter 4 Service - c:\progra~2\enigma~1\spyhun~1\sh4ser~1.exe ==== Drivers(whitelist) ====================== Powered by E Dev R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys R3 - [srv] - Driver SMB 1.xxx do Servidor - C:\Windows\system32\Drivers\srv.sys R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\Windows\system32\Drivers\srv2.sys R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys R0 - [atapi] - Canal de IDE - C:\Windows\system32\Drivers\atapi.sys R0 - [CLFS] - Log Comum (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x] R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys R0 - [Disk] - Driver de disco - C:\Windows\system32\Drivers\Disk.sys R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\Windows\system32\Drivers\fvevol.sys R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys R0 - [intelide] - intelide - C:\Windows\system32\Drivers\intelide.sys R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\Windows\system32\Drivers\mountmgr.sys R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys R0 - [NDIS] - Driver do Sistema NDIS - C:\Windows\system32\Drivers\NDIS.sys R0 - [partmgr] - Gerenciador de Partições - C:\Windows\system32\Drivers\partmgr.sys R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys R0 - [storflt] - Driver de Filtro de Aceleração do Barramento da Máquina Virtual do Disco - C:\Windows\system32\Drivers\storflt.sys [x] R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\Windows\system32\Drivers\Tcpip.sys R0 - [vdrvroot] - Driver de enumerador da unidade virtual Microsoft - C:\Windows\system32\Drivers\vdrvroot.sys R0 - [vmbus] - Barramento da Máquina Virtual - C:\Windows\system32\Drivers\vmbus.sys R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\Windows\system32\Drivers\volmgrx.sys R0 - [volsnap] - Volumes de armazenamento - C:\Windows\system32\Drivers\volsnap.sys R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\Windows\system32\Drivers\tdx.sys R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys S0 - [gbpddreg] - Gbpddreg svc - C:\Windows\system32\Drivers\gbpddreg.sys [x] S0 - [GbpKm] - Gbp KernelMode - C:\Windows\system32\Drivers\GbpKm.sys [x] S0 - [sptd] - sptd - C:\Windows\system32\Drivers\sptd.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2611119225-1588002784-2716068434-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\Ertel\AppData\Local\Google\Update\GoogleUpdate.exe /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PSUAMain"="C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe /LaunchSysTray" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\Ertel\AppData\Local\Google\Update\GoogleUpdate.exe /c" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "PAC7302_Monitor"="C:\Windows\PixArt\PAC7302\Monitor.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Reader Speed Launcher" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Diebold - Warsaw] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Diebold - Warsaw" "hkey"="HKLM" "command"="C:\\Program Files\\Diebold\\Warsaw\\core.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EADM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EADM" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Origin\\Origin.exe\" -AutoStart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUS EPM tray] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EaseUS EPM tray" "hkey"="HKLM" "command"="D:\\EaseUS Partition Master 9.3.0\\bin\\EpmNews.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Facebook Update" "hkey"="HKCU" "command"="\"C:\\Users\\Ertel\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\Ertel\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GrooveMonitor" "hkey"="HKLM" "command"="\"D:\\Office12\\GrooveMonitor.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBKeyScan] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NBKeyScan" "hkey"="HKLM" "command"="\"D:\\Program Files (x86)\\Nero 8\\Nero BackItUp\\NBKeyScan.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroFilterCheck" "hkey"="HKLM" "command"="C:\\Windows\\system32\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PWRISOVM.EXE] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PWRISOVM.EXE" "hkey"="HKLM" "command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE -startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Sidebar" "hkey"="HKLM" "command"="\"C:\\Program Files\\Windows Sidebar\\sidebar.exe\" /autoRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify" "hkey"="HKCU" "command"="\"C:\\Users\\Ertel\\AppData\\Roaming\\Spotify\\Spotify.exe\" -autostart -minimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify Web Helper" "hkey"="HKCU" "command"="\"C:\\Users\\Ertel\\AppData\\Roaming\\Spotify\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Ertel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^StartUp^Counter-Strike 1.6 Config.lnk] "path"="C:\\Users\\Ertel\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\Counter-Strike 1.6 Config.lnk" "backup"="C:\\Windows\\pss\\Counter-Strike 1.6 Config.lnk.Startup" "backupExtension"=".Startup" "command"="D:\\Program Files (x86)\\Counter-Strike 1.6\\cstrike\\config.exe " "item"="Counter-Strike 1.6 Config" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\bthserv] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\c2cautoupdatesvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\c2cpnrsvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MozillaMaintenance] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SpyHunter 4 Service] ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24/10/2015 11:19] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24/10/2015 11:19] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2611119225-1588002784-2716068434-1000Core.job --a------ C:\Users\Ertel\AppData\Local\Google\Update\GoogleUpdate.exe [11/09/2015 09:12] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2611119225-1588002784-2716068434-1000UA.job --a------ C:\Users\Ertel\AppData\Local\Google\Update\GoogleUpdate.exe [11/09/2015 09:12] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2611119225-1588002784-2716068434-1000Core" [C:\Users\Ertel\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2611119225-1588002784-2716068434-1000UA" [C:\Users\Ertel\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\PandaUSBVaccine" ["C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe"] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{D9C9010F-0B52-4DF8-AF6D-F632AA026119}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{1CE48AF4-A5A1-45B7-A7D1-B80F3750BDD1}" [D:\Tiago\rosetta stone\Rosetta Stone Version3.exe] "C:\Windows\SysNative\tasks\{2346C0F5-0AB5-47B5-888D-9EB7D373A52D}" [D:\Andr‚\Ntreev USA\Pangya\update.exe] "C:\Windows\SysNative\tasks\{A8D0B738-6DF1-4D8F-9DED-6ED3103EC52A}" [D:\Andr‚\Ntreev USA\Pangya\update.exe] "C:\Windows\SysNative\tasks\{ACC6FBFA-71CB-45E2-9CD6-7066D5997D8A}" [D:\Andr‚\Ntreev USA\Pangya\update.exe] "C:\Windows\SysNative\tasks\{B4E8CB0D-41C6-47A2-AB84-D4A70382DA5B}" [D:\Andr‚\Ntreev USA\Pangya\update.exe] "C:\Windows\SysNative\tasks\{BF0AC6D8-09CF-4A67-A685-D63E3D26C5E8}" [G:\SIMS4\The SIMS 4 Free CD Key Keygen Downloader__3687_i1859951592_il1853559.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Ertel\AppData\Roaming\Mozilla\Firefox\Profiles\6712q8jt.default user_pref("browser.search.defaultenginename", "Search"); ProfilePath: C:\Users\Ertel\AppData\Roaming\Mozilla\Firefox\Profiles\jp6nqlrr.default user_pref("browser.startup.homepage", "http://news.google.com.br/nwshp?hl=pt-BR&tab=wn"); ==== Firefox Extensions Registry ====================== [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Ertel\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Ertel\AppData\Roaming\Mozilla\Firefox\Profiles\6712q8jt.default - Modulo de Seguranca - Banco do Brasil - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} ProfilePath: C:\Users\Ertel\AppData\Roaming\Mozilla\Firefox\Profiles\jp6nqlrr.default - Modulo de Seguranca - Banco do Brasil - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} ==== Firefox Plugins ====================== Profilepath: C:\Users\Ertel\AppData\Roaming\Mozilla\Firefox\Profiles\jp6nqlrr.default F3B0E300AFC94E1A775A2D935A7D384F - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll - Shockwave for Director / Shockwave for Director 05F4E9B3912EA16B04C5928758E8AA75 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll - Shockwave Flash C426F7E678D6E539041847556059D5E8 - C:\Users\Ertel\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll - Google Update ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fjgmebajmdnpikkfkjfjhnjmgedljoec - C:\ProgramData\Coolyou\fjgmebajmdnpikkfkjfjhnjmgedljoec.crx[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 17:22] Chrome Web Store Payments - Ertel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes "Backup.Old.DefaultScope"="{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes "Backup.Old.DefaultScope"="{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}" HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC ==== HijackThis Entries ====================== R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll ==== EOF on 13/07/2016 at 9:33:05,59 ======================
  11. Boa tarde Sam, no programa ZHPCleaner em um momento da varredura perguntou se eu havia criado um server e mostrou um IP, cliquei duas vezes em "não"... Acabei não "printando" para postar aqui, mas encontrei no log abaixo a infecção. Após este está o criado clicando em Relatório (no fim da verificação não criou o log) e os demais. ~ ZHPCleaner v2016.7.12.84 by Nicolas Coolman (2016/08/12) ~ Run by Ertel (Administrator) (12/07/2016 16:58:45) ~ Site : http://www.nicolascoolman.com ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Scanner ~ Report : C:\Users\Ertel\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Ertel\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\\ Serviços (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Navegadores de Internet (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Arquivo hosts (1) ~ O arquivo hosts é legítimo (1) ---\\ Tarefas automáticas agendadas. (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Explorer ( Arquivos, Pastas) (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Registro ( Chaves, Valores, Dados ) (2) ENCONTRADO dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DC6A0269-72F2-471C-BC20-1773BB2D46F8}\\DhcpNameServer [Bad : 187.109.224.19] =>Hijacker.Browser ENCONTRADO dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 187.109.224.19] =>Hijacker.Browser ---\\ Resumo dos elementos encontrados na sua estação de trabalho (1) http://www.nicolascoolman.fr/hijacker-browser/ =>Hijacker.Browser -------------------------------------------------------------------------------------------- ~ ZHPCleaner v2016.7.12.84 by Nicolas Coolman (2016/08/12) ~ Run by Ertel (Administrator) (12/07/2016 17:07:19) ~ Site : http://www.nicolascoolman.com ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Reparo ~ Report : C:\Users\Ertel\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Ertel\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\\ Serviços (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Navegadores de Internet (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Arquivo hosts (1) ~ O arquivo hosts é legítimo (1) ---\\ Tarefas automáticas agendadas. (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Explorer ( Arquivos, Pastas) (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Registro ( Chaves, Valores, Dados ) (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Dodatkowe oczyszczenie. (11) ~ Chave de registro Tracing Supprimido (9) ~ Remover os relatórios antigos ZHPCleaner. (2) ---\\ Resultado de reparação Reparação efectuada com sucesso ~ Este navegador está faltando ! (Opera Software) ---\\ Estatísticas ~ Items scan : 649 ~ Items encontrado : 0 ~ items cancelados : 0 ~ Items réparo : 0 ~ End of clean in 00h00mn22s ~==================== ZHPCleaner-[R]-04052016-15_03_35.txt ZHPCleaner-[R]-12072016-17_07_41.txt ZHPCleaner--12072016-17_06_23.txt --------------------------------------------------------------------------------------------------------- # AdwCleaner v5.201 - Relatório criado 12/07/2016 às 13:01:26 # Atualizado 30/06/2016 por ToolsLib # Banco de dados : 2016-07-12.1 [Servidor] # Sistema operacional : Windows 7 Ultimate Service Pack 1 (X64) # Usuário : Ertel - ERTEL-PC # Executando de : C:\Users\Ertel\Desktop\AdwCleaner.exe # Opção : Limpar # Apoio : https://toolslib.net/forum ***** [ Serviços ] ***** ***** [ Pastas ] ***** ***** [ Arquivos ] ***** ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Atalhos ] ***** ***** [ Tarefas agendadas ] ***** ***** [ Registro ] ***** ***** [ Navegadores ] ***** [-] [C:\Users\Ertel\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Excluído : br.ask.com ************************* :: Chaves "Tracing" excluídas :: Configurações Winsock restauradas ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [881 bytes] - [12/07/2016 13:01:26] C:\AdwCleaner\AdwCleaner[S1].txt - [927 bytes] - [12/07/2016 12:56:43] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1025 bytes] ########## ------------------------------------------------------------------------------------------------------------------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.7 (07.03.2016) Operating System: Windows 7 Ultimate x64 Ran by Ertel (Administrator) on 12/07/2016 at 15:26:18,93 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 8 Successfully deleted: C:\Users\Ertel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTR7F2GQ (Temporary Internet Files Folder) Successfully deleted: C:\Users\Ertel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPGUGWAG (Temporary Internet Files Folder) Successfully deleted: C:\Users\Ertel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRC6OVQ4 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Ertel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UYW1KVX5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTR7F2GQ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPGUGWAG (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRC6OVQ4 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UYW1KVX5 (Temporary Internet Files Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 12/07/2016 at 16:02:34,18 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Obrigado pela ajuda Sam, até...
  12. Boa noite Sam, uns meses atrás tinha recebido ajuda do Ciro Mota, para a limpeza do notebook de meu pai. Alguns dos programas usados para o notebook, usei neste PC... Mas o equipamento continua lento demais em alguns momentos. Anexo o log de hoje que não detectou nenhuma ameaça e o do dia 04-05-16 que foram encontradas e removidas se for ajudar. Foi meu erro não ter esperado um mês para abrir o tópico e ter feito alguns procedimentos sozinho, o que pode atrapalhar agora a limpeza total do computador... Desculpa. Obrigado! malware 04-05-16.txt Malwarebytes.txt
  13. Olá, meu equipamento tem apresentado extrema lentidão em alguns momentos de uso, acredito que esteja infectado... Anexei os logs... Muito Obrigado! FSS.txt MbrScan.log ZA-Scan.txt
  14. Boa noite Ciro, se são normais aqueles processos ao abrir o Chrome acredito que está tudo ok agora com o notebook... Após realizar esta última etapa que me indicou o Windows atualizou normalmente. Muito Obrigado pela sua ajuda, se não fosse você, bem provável que faria o recovery ou formataria o equipamento, bem melhor aprender essas etapas e evoluir mais ainda nessa área. Irei fazer o que solicitou, para fechar o tópico. Obrigado
  15. Boa noite Ciro, muito obrigado pela sua ajuda. De todos estes últimos procedimentos que me passou, somente as atualizações do Windows que não saem do 0%... tentarei outras vezes ainda atualizar. O que continua acontecendo é a abertura de vários processos do "chrome.exe" que levam o processador a trabalhar de 60% até 100% se abrir qualquer outro software do notebook. Se puder indicar novamente algum scan para verificar o que pode estar acontecendo ou um novo software para a varredura ficarei no aguardo. Pois acredito que ainda tenha algo errado, porque fica bem lento o equipamento, até vou anexar a print do processo que te falei e uma última coisa, tens algum anti-vírus para indicar? Dos pagos ou free, para eu indicar ao meu pai... Obrigado, boa noite.