Virus detectado pelo avast, mas pc continua lento

Avast encontrou virus mas pc lento

~ Relatório do ZHPDiag v2014.5.24.73 - Nicolas Coolman (24/05/2014)
~ Iniciado por Sil Speed (11/03/2015 18:39:18)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7600.16385 (Defaut)
MFIE: Mozilla Firefox 32.0.3

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit (Build 7600)
Windows Server License Manager Script : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.09

---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.1.2 =>P2P.µTorrent

---\\ Monitoramento dos softwares
Adobe Flash Player 16 NPAPI
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: AMD64 Family 16 Model 5 Stepping 2, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3839 MB (69% free)
System Restore: Activé (Enable)
System drive C: has 749 GB (80%) free of 931 GB

---\\ Modo de conexão ao sistema
~ Computer Name: SILSPEED-PC
~ User Name: Sil Speed
~ All Users Names: UpdatusUser, Sil Speed, HomeGroupUser$, Convidado, Bel, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Sil Speed\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Sil Speed\AppData\Roaming\
~ %Desktop% : C:\Users\Sil Speed\Desktop\
~ %Favorites% : C:\Users\Sil Speed\Favorites\
~ %LocalAppData% : C:\Users\Sil Speed\AppData\Local\
~ %StartMenu% : C:\Users\Sil Speed\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 749 Go of 931 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Windows Explorer.) (.26/02/2011 - 03:23:14.) -- C:\Windows\Explorer.exe [2870272]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F12CB8EFB15813723575EE94C6A76E8B] - (.Microsoft Corporation - Internet Extensions para Win32.) (.05/11/2011 - 02:26:29.) -- C:\Windows\System32\wininet.dll [1197568]
[MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:24:40.) -- C:\Windows\System32\Winlogon.exe [389632]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.6EF20DDF3172E97D69F596FB90602F29] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:44:02.) -- C:\Windows\system32\Drivers\AFD.sys [499712]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 21:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.378E0E0DFEA67D98AE6EA53ADBBD76BC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.11/03/2011 - 03:23:06.) -- C:\Windows\system32\Drivers\ntfs.sys [1657216]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 21:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/07/2009 - 21:18:02.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:45:55.) -- C:\Windows\system32\Drivers\volsnap.sys [294992]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes musiques (My Musics) : 1/17
~ Mes Favoris (My Favorites) : 1/24
~ Mes Documents (My Documents) : 1/2274
~ Mon Bureau (My Desktop) : 0/0
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 00mn 01s



---\\ Processos lançados
[MD5.1841BE26ACDFEFF72BC5E7FB938D3612] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [546104] [PID.840]
[MD5.26B558B2D31C7425B455B00E562EAD93] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896] [PID.1832]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7879168] [PID.3988]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Sil Speed\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Sil Speed\AppData\Roaming\Mozilla\Firefox\Profiles\iegipifq.default\prefs.js
M2 - MFEP: prefs.js [Sil Speed - iegipifq.default\{87F8774F-B485-47E2-A755-A40A8A5E8873}] [] Guardiao Itau Unibanco v2.12.3.8.210 (..)
M2 - MFEP: prefs.js [Sil Speed - iegipifq.default\{e7348bc0-16f6-11de-8c30-0800200c9a66}] [] Pink Fox v15.0.25.04.12 (..)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Sil Speed\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Sil Speed\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 14 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 9 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (...) -- (.not file.)
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Sil Speed]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Sil Speed\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Bel]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Bel]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 3 Legitimates Filtered in 00mn 02s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Sil Speed\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-21-2647670610-476177939-1705394977-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Sil Speed\AppData\Local\Google\Update\GoogleUpdate.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.caixa.gov.br
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itaupersonnalite.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BBDE602-C4C9-4959-9CCD-4F133F926F26}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6BBDE602-C4C9-4959-9CCD-4F133F926F26}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{6BBDE602-C4C9-4959-9CCD-4F133F926F26}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: Warsaw Technology (Warsaw Technology) . (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) - C:\Program Files (x86)\Diebold\Warsaw\core.exe
~ Services: 12 Legitimates Filtered in 00mn 07s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [BDRemovalTool] (...) -- C:\Users\Sil Speed\AppData\Local\Temp\BDRemovalTool\BDUARemovalTool.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2647670610-476177939-1705394977-1000Core [1042]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2647670610-476177939-1705394977-1000UA [1094]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2647670610-476177939-1705394977-1001Core [1018]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2647670610-476177939-1705394977-1001UA [1070]
~ Scheduled Task: 21 Legitimates Filtered in 00mn 02s



---\\ Software instalados (042)
O42 - Logiciel: Ares 2.1.7 - (.Ares Development Group.) [HKLM][64Bits] -- Ares
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM][64Bits] -- PokerStars
O42 - Logiciel: USB 1.3MP Camera - (.ANC.) [HKLM][64Bits] -- {A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}
O42 - Logiciel: Warsaw 1.3.1 - (.GAS Tecnologia.) [HKLM][64Bits] -- {20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1
~ Logic: 21 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]
[HKCU\Software\GbAs]
[HKCU\Software\LocK-A-FoLdeR]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\685D6D1C-D73A-4F37-B7E5E53660311DDB]
[HKLM\Software\Wow6432Node\ANC]
[HKLM\Software\Wow6432Node\Baidu Security]
~ Key Software: 293 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/12/2011 - 20:50:25 - [] ----D C:\Program Files (x86)\ANC
O43 - CFD: 15/01/2012 - 10:14:23 - [] ----D C:\Program Files (x86)\Ares
O43 - CFD: 01/12/2014 - 14:29:44 - [] ----D C:\Program Files (x86)\baidu
O43 - CFD: 01/12/2014 - 14:39:23 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 24/09/2014 - 14:05:51 - [] ----D C:\Program Files (x86)\Diebold
O43 - CFD: 02/03/2015 - 19:20:06 - [] ----D C:\Program Files (x86)\PokerStars
O43 - CFD: 01/12/2014 - 14:26:51 - [] ----D C:\Program Files (x86)\TBD
O43 - CFD: 01/12/2014 - 14:28:05 - [] ----D C:\ProgramData\Baidu
O43 - CFD: 01/12/2014 - 14:28:27 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 18/11/2014 - 09:05:42 - [0] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 02/12/2014 - 08:06:32 - [] ----D C:\ProgramData\hEqZIRMnKdi
O43 - CFD: 03/01/2012 - 18:35:31 - [] ----D C:\ProgramData\levelup downloader
O43 - CFD: 01/12/2014 - 14:27:56 - [] ----D C:\Users\Sil Speed\AppData\Roaming\Baidu
O43 - CFD: 01/12/2014 - 14:39:37 - [] ----D C:\Users\Sil Speed\AppData\Roaming\Baidu Security
O43 - CFD: 11/03/2015 - 17:50:38 - [] ----D C:\Users\Sil Speed\AppData\Roaming\maxsecurity
O43 - CFD: 02/12/2014 - 08:05:02 - [] ----D C:\Users\Sil Speed\AppData\Roaming\omiga-plus
O43 - CFD: 14/01/2015 - 14:20:39 - [] ----D C:\Users\Sil Speed\AppData\Local\Ares
O43 - CFD: 10/03/2015 - 20:45:34 - [] ----D C:\Users\Sil Speed\AppData\Local\PokerStars
O43 - CFD: 15/01/2012 - 10:14:03 - [0] ----D C:\Users\Sil Speed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ares
O43 - CFD: 15/11/2014 - 11:05:37 - [0] ----D C:\Users\Sil Speed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LocK-A-FoLdeR
~ Program Folder: 212 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.F95BD318C8DF83F8531B94892CC42E94] - 11/03/2015 - 18:37:12 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [3202212]
O44 - LFC:[MD5.FB205E34EF40D93CBC09A17D3CC40B95] - 11/03/2015 - 18:37:12 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [3883790]
~ Files: 7 Legitimates Filtered in 00mn 02s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Diebold - Warsaw [Key] . (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files (x86)\Diebold\Warsaw\core.exe
O53 - SMSR:HKLM\...\startupreg\FAHConsole [Key] . (.Nico Mak Computing - File Association Helper.) -- C:\Program Files\File Association Helper\FAHConsole.exe
~ SMSR Keys: 12 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:01/08/2014 - 13:02:38 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:01/08/2014 - 13:02:38 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:01/08/2014 - 13:02:38 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [224896] =>.ALWIL Software
O58 - SDL:21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624]
O58 - SDL:21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:08/11/2007 - 09:29:22 ---A- . (.PixArt Imaging Inc. - PAC7302.) -- C:\Windows\System32\Drivers\PAC7302.SYS [527872]
O58 - SDL:01/01/1601 - 03:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [834544]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:26/05/2013 - 12:05:35 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [16152]
~ Drivers: 62 Legitimates Filtered in 00mn 03s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 01/08/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 83 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Sil Speed\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Bel\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8CE077AE6D67FBC65412FD36BCEECD12] [SPRF][18/11/2014] (...) -- C:\Users\Sil Speed\AppData\Roaming\unins000.dat [31504]
[MD5.14BF59D9687F453D209F7780D14F3E17] [SPRF][18/11/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Sil Speed\AppData\Roaming\unins000.exe [720082]
[MD5.FA4EED263FA96C14B4527F3544658EF3] [SPRF][21/10/2014] (...) -- C:\Users\Sil Speed\AppData\Roaming\unins001.dat [16782]
[MD5.C1550D4064BA0E5B6353BA952055AE0D] [SPRF][16/11/2014] (...) -- C:\Program Files (x86)\BDPUARLauncher.exe [44753624]
~ Files: 10 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{3C884318-0A8C-433B-AB3E-63F7C9FA46E8}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{1F6C3879-5A8D-4C73-BDC2-B87F7E7796AF}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{FBEBD67F-8E8D-4D6B-9950-86815432CE00}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Sil Speed\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{DF34E3D4-6980-40E0-A449-1C1C3F015976}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Sil Speed\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 104 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 04/02/2015 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 17/10/2012 393080 | (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-Service.exe
SS - | Auto 11/04/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 11/04/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/02/2015 114288 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 11/12/2014 315496 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 01/08/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 17/10/2012 384888 | (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
SR - | Auto 21/07/2014 546104 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 31/01/2013 878368 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 19/02/2013 1259296 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 08/07/2009 239648 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Windows\SysWOW64\nvSCPAPISvr.exe
SR - | Auto 31/12/1999 27760 | (VIAKaraokeService) . (.VIA Technologies, Inc..) - C:\Windows\System32\viakaraokesrv.exe
SR - | Auto 12/07/2014 518968 | (Warsaw Technology) . (.GAS Tecnologia LTDA.) - C:\Program Files (x86)\Diebold\Warsaw\core.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 07s



---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:01/01/1601 - 03:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [834544]
~ Emulateurs: Scanned in 00mn 07s



---\\ Scâner Aditional (088)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 233237 Items scanned in 00mn 36s



---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s



~ 854 Legitimates filtered by white list
End of the scan (424 lines in 01mn 21s)(0)

/!\ Bom Dia! Sil C San /!\

> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
HiddenFix
C:\ProgramData\boost_interprocess
C:\Users\Sil Speed\AppData\Roaming\omiga-plus
[MD5.00000000000000000000000000000000] [APT] [BDRemovalTool] (...) -- C:\Users\Sil Speed\AppData\Local\Temp\BDRemovalTool\BDUARemovalTool.exe (.not file.) [0]
[MD5.14BF59D9687F453D209F7780D14F3E17] [SPRF][18/11/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Sil Speed\AppData\Roaming\unins000.exe [720082]
[HKCU\Software\superdownloads.com.br]
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (...) -- (.not file.)
O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM][64Bits] -- PokerStars
O43 - CFD: 02/03/2015 - 19:20:06 - [] ----D C:\Program Files (x86)\PokerStars
O43 - CFD: 10/03/2015 - 20:45:34 - [] ----D C:\Users\Sil Speed\AppData\Local\PokerStars
sysrestore

> Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >

A+

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Sil Speed at 12/03/2015 17:22:13
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit (Build 7600)

Reciclagem vazia (00mn 28s)
Prefetcher vazio

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\pokerstars\pokerstarsuninstall.exe

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PokerStars]
ELIMINÉ: HKCU\Software\superdownloads.com.br
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: Toolbar: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}

========== Pastas ==========
ELIMINÉ Temporários windows (78)
ELIMINÉ Flash Cookies (0)
ELIMINÉ: c:\programdata\boost_interprocess
ELIMINÉ: c:\users\sil speed\appdata\roaming\omiga-plus
ELIMINÉ: C:\Program Files (x86)\PokerStars
ELIMINÉ: C:\Users\Sil Speed\AppData\Local\PokerStars

========== Ficheiros ==========
ELIMINÉ Temporários windows (12) (1.261.556 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: BDRemovalTool

========== Pastas/Ficheiros ocultos restaurados ==========
Mes images (My Pictures) : 1 restaurados com sucesso
Ma musique (My Music) : 3 restaurados com sucesso
Ma Video (My Video) : 1 restaurados com sucesso
Mes Favoris (My Favorites) : 4 restaurados com sucesso
Mes Documents (My Documents) : 13 restaurados com sucesso
Mon Bureau (My Desktop) : 0
Menu demarrer (Programs) : 9 restaurados com sucesso
Dossier utilisateur (AppData) : 34 restaurados com sucesso
Programmes (Program Files) : 616 restaurados com sucesso

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
3 : Chaves do Registo
3 : Valores do Registo
6 : Pastas
2 : Ficheiros
1 : Softwares
1 : Tarefa planificada
681 : Pastas/Ficheiros ocultos restaurados
1 : Restauração Sistema


End of clean in 03mn 26s

========== Caminho do ficheiro do relatório ==========
C:\Users\Sil Speed\AppData\Roaming\ZHP\ZHPFix[R1].txt - 12/03/2015 17:22:43 [2291]

/!\ Boa Tarde! Sil C San /!\

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Farbar )

> No banner àcima,é para sistemas 32bits!

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > 

> No link àcima,é para sistemas 64bits!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
> Poste os relatórios! (FRST.txt + Addition.txt)

> Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > 

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ou clique "Copier le lien (*)" e cole o link ao seu Post.

A+

Sil C San escreveu:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> OK! Sil C San <

> Resta-lhe postar o relatório: FRST.txt 


A+

opa desculpa, achei que tivesse colocado os dois
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

/!\ Boa Noite! Sil C San /!\

> Abra o Editor do Registro e remova parte do valor em destaque!

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute" <<

> Abra "Session Manager".
> Selecione BootExecute >> Aperte Enter
> Na janela que surgir,remova apenas,a informação em vermelho: autocheck autochk * sdnclean64.exe
> Clique OK.

> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto!
> Salve-as na pasta Downloads! /!\ C:\Users\Sil Speed\Downloads /!\

start
CloseProcesses:
emptytemp:
(Nicolas Coolman) C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPFix.exe
CHR StartupUrls: Default -> "hxxp://www.grandepremio.com.br/", "hxxp://start.mysearchdial.com/?f=1&a=dsites0202&cd=2XzuyEtN2Y1L1Qzu0B0CyD0F0FyEyEyBtCyE0CtBzy0DyD0AtN0D0Tzu0CyBzzyEtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=480110471&ir=", "https://www.google.com.br/", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1417454848&from=slbnew&uid=395049983_1052498_BC2B9D5A"
U3 anbxey9k; C:\Windows\System32\Drivers\anbxey9k.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
2015-03-12 17:22 - 2015-03-12 17:22 - 00002375 _____ () C:\Users\Sil Speed\Desktop\ZHPFixReport.txt
2015-03-12 17:07 - 2015-03-12 17:16 - 00009261 _____ () C:\Windows\WindowsUpdate.log
2015-03-12 17:05 - 2015-03-12 17:05 - 00000056 _____ () C:\Windows\setupact.log
2015-03-12 17:05 - 2015-03-12 17:05 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-12 17:04 - 2015-03-12 17:04 - 00000344 _____ () C:\Windows\PFRO.log
2015-03-11 18:40 - 2015-03-11 18:40 - 00026287 _____ () C:\Users\Sil Speed\Desktop\ZHPDiag.txt
2015-03-11 18:39 - 2015-03-12 17:22 - 00000000 ____D () C:\Users\Sil Speed\AppData\Roaming\ZHP
2014-11-15 17:04 - 2014-11-15 17:05 - 0034371 _____ () C:\Program Files (x86)\Addition.txt
2014-11-16 11:07 - 2014-11-16 11:07 - 44753624 _____ () C:\Program Files (x86)\BDPUARLauncher.exe
2014-11-16 10:28 - 2014-11-16 10:30 - 0007906 _____ () C:\Program Files (x86)\Fixlog.txt
C:\Users\Sil Speed\AppData\Local\Temp\_unps.exe
end

> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!
> Na mensagem,clique Executar. 
> Poste o relatório! (Fixlog.txt)

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >

A+

Oi Joram, deu um branco agora. Aonde eu abro o editor?

achei!

deletei o bootExecut, acho que não era isso né

Abra "Session Manager".
aonde eu abro, no executar?

Sil C San escreveu:deletei o bootExecut, acho que não era isso né

/!\ Olá! Sil C San /!\

> Nunca lhe pedi para deletar o "BootExecute".
> Como pode interpretar dessa maneira?  

Sil C San escreveu:Abra "Session Manager".
aonde eu abro, no executar?

> De jeito nenhum! Basta,simplesmente,clicar na subchave "Session Manager".

A+

Pois é, acabei fazendo besteira, mas dá pra arrumar isso ou compliquei?

/!\ Olá! Sil C San /!\

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute" = REG_MULTI_SZ: autocheck autochk *

> Crie um arquivo de informações ao Registro,com estas informações àcima.
> Copie as informações ao Bloco de Notas e salve-as com o nome: bk.reg
> Em Arquivos do Tipo,escolha "Todos os arquivos".
> Ao concluir,vá ao arquivo e execute-o e confirme sua inserção ao Registro.
> Reinicie o computador!
>
> Copie estas informações que estão em vermelho,para o Bloco de Notas.

reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" > C:\look.txt
notepad C:\look.txt

> Salve-as com o nome NS.bat,em seu desktop.
> Em "Arquivos do tipo",coloque como "Todos os Arquivos".
> Execute-o com um duplo clique! >> Aguarde!
> Poste seu relatório texto,que contem informações do registro.

A+

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
CriticalSectionTimeout REG_DWORD 0x278d00
GlobalFlag REG_DWORD 0x0
HeapDeCommitFreeBlockThreshold REG_DWORD 0x0
HeapDeCommitTotalFreeThreshold REG_DWORD 0x0
HeapSegmentCommit REG_DWORD 0x0
HeapSegmentReserve REG_DWORD 0x0
ProcessorControl REG_DWORD 0x2
ResourceTimeoutCount REG_DWORD 0x9e340
ExcludeFromKnownDlls REG_MULTI_SZ
ObjectDirectories REG_MULTI_SZ \Windows\0\RPC Control
ProtectionMode REG_DWORD 0x1
NumberOfInitialSessions REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatCache
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Executive
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\I/O System
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Quota System
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\WPA

/!\ Olá! Sil C San /!\

> Parece que não houve a correção!
> Como está o computador? A lentidão permanece?

A+

Aparentemente está melhor. O arquivo que deletei deu pra corrigir?

Sil C San escreveu:Aparentemente está melhor. O arquivo que deletei deu pra corrigir?

/!\ Olá! Sil C San /!\

> Minha intuição diz que não! rsrs.. :cap_feceiro:

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
Winlogon\Notify\ GbPluginCef-x32: C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)
Winlogon\Notify\ GbPluginUni-x32: C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
----
----
BootExecute: autocheck autochk * sdnclean64.exe

> Execute,novamente,a FRST e poste seu relatório! ( FRST.txt )
> Se a informação Registry (Whitelisted),contiver a linha BootExecute: autocheck autochk *
> Podemos afirmar que houve a restauração!

A+

acho que não tem...

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
Winlogon\Notify\ GbPluginCef-x32: C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)
Winlogon\Notify\ GbPluginUni-x32: C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
HKU\S-1-5-21-2647670610-476177939-1705394977-1000\...\Run: [Google Update] => C:\Users\Sil Speed\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL No File
BootExecute:

/!\ Olá! Sil C San /!\

> Houve apenas a correção do valor deletado,mas os Dados do valor,ficou vazio.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Basta,então,manualmente,digitar os Dados do valor no campo.

autocheck autochk *

> Eis,àcima,os dados do valor a ser digitado.
> Dê o OK,ao concluir!
> Reinicie o computador e poste novo log da FRST.
> Ps: Poste,somente,o trecho que nos interessa.

A+

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
Winlogon\Notify\ GbPluginCef-x32: C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)
Winlogon\Notify\ GbPluginUni-x32: C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
HKU\S-1-5-21-2647670610-476177939-1705394977-1000\...\Run: [Google Update] => C:\Users\Sil Speed\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL No File
BootExecute:

O ultimo comando de renomear não sei se fiz o certo. Abri a linha mas depois era pra ir em editar/nov/chave?
Era pra renomear um que estava la?
acho que me perdi neste comando, desculpa

Sil C San escreveu:O ultimo comando de renomear não sei se fiz o certo. Abri a linha mas depois era pra ir em editar/nov/chave?
Era pra renomear um que estava la?
acho que me perdi neste comando, desculpa

/!\ Olá! Sil C San /!\

> Não precisa relatar que errou,pois o relatório da FRST veio com o mesmo problema.  :cap_feceiro:

> A operação é muito simples! Clique no valor BootExecute e no campo que surgir,digite os Dados do valor.

A+

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
Winlogon\Notify\ GbPluginCef-x32: C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)
Winlogon\Notify\ GbPluginUni-x32: C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
HKU\S-1-5-21-2647670610-476177939-1705394977-1000\...\Run: [Google Update] => C:\Users\Sil Speed\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL No File

==================== Internet (Whitelisted) ====================