Inicialização lenta

Seguinte, o pc de uns 3 dias pra cá, ficou lento pra iniciar, demora na tela que aparece a marca da placa mãe, depois na tela do logo do windows fica mais um tempão e depois que inicializa.
Passei o ZHP Cleaner achando que resolveria mas continuou do mesmo jeito.

o sh4service.exe é um vírus?

tentei desinstalar o spyhunter e não aparece no painel de controle, em programas

Boa Tarde! Sil C San

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > << Link!

/!\ Poste o log do HijackThis,segundo a [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] /!\

A+

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:19:24, on 14/11/2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal

Running processes:
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\USB Disk Security\USBGuard.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Diebold\Warsaw\core.exe
C:\Users\Sil Speed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sil Speed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sil Speed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sil Speed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\Sil Speed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sil Speed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sil Speed\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (file missing)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [USB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Diebold - Warsaw] C:\Program Files (x86)\Diebold\Warsaw\core.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Sil Speed\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-21-2647670610-476177939-1705394977-1023\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2647670610-476177939-1705394977-1023\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.itau.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\SysWOW64\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files (x86)\Diebold\Warsaw\core.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11478 bytes

ZA-Scan V1.0.0.3 Updated 05-November-2014
Tool run by Sil Speed on 14/11/2014 at 18:25:17,96.
Microsoft Windows 7 Ultimate 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Sil Speed\Downloads\ZA-Scan.exe [Z-Analyse Scan]

==== Running Processes ======================

C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Windows\SysWOW64\nvSCPAPISvr.exe
C:\Program Files (x86)\Diebold\Warsaw\core.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\USB Disk Security\USBGuard.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Diebold\Warsaw\core.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\Sil Speed\Downloads\HijackThis.exe
C:\Users\Sil Speed\Downloads\ZA-Scan.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\SILSPE~1\AppData\Local\Temp\ZAScan.exe

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2647670610-476177939-1705394977-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Sil Speed\AppData\Local\Google\Update\GoogleUpdate.exe /c"

[HKEY_USERS\S-1-5-21-2647670610-476177939-1705394977-1023\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG-Secure-Search-Update_JUNE2013_TB"="C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe /PROMPT /CMPID=JUNE2013_TB"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-2647670610-476177939-1705394977-1023\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HDAudDeck"="C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r"
"USB Security"="C:\Program Files (x86)\USB Disk Security\USBGuard.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"Diebold - Warsaw"="C:\Program Files (x86)\Diebold\Warsaw\core.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Sil Speed\AppData\Local\Google\Update\GoogleUpdate.exe /c"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="C:\Windows\PixArt\PAC7302\Monitor.exe"
"FAHConsole"="C:\Program Files\File Association Helper\FAHConsole.exe"
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BlueStacks Agent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BlueStacks Agent"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\BlueStacks\\HD-Agent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Lite"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Sil Speed\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe\""


==== Startup Folders ======================

2011-12-28 23:58:59 1361 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10/09/2014 15:30]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/04/2013 12:02]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/04/2013 12:02]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2647670610-476177939-1705394977-1000Core.job --a------ C:\Users\Sil Speed\AppData\Local\Google\Update\GoogleUpdate.exe [20/10/2014 17:49]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2647670610-476177939-1705394977-1000UA.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2647670610-476177939-1705394977-1001Core.job --a------ :C:\Users\Bel\AppData\LoC:al\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2647670610-476177939-1705394977-1001UA.job --a------ C:\Users\Bel\AppData\Local\Google\Update\GoogleUpdate.exe [19/10/2014 12:49]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2647670610-476177939-1705394977-1000Core" [C:\Users\Sil Speed\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2647670610-476177939-1705394977-1000UA" [C:\Users\Sil Speed\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2647670610-476177939-1705394977-1001Core" [C:\Users\Bel\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2647670610-476177939-1705394977-1001UA" [C:\Users\Bel\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\{7CE0A407-D9DB-43BB-AB2C-113EC9B1A93A}" ["c:\program files (x86)\mozilla firefox\firefox.exe"]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [14/11/2014 16:29]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886D}"="C:\Users\Sil Speed\AppData\Local\GAS Tecnologia\GBBD\cef\xpi" [14/11/2014 16:25]

==== Firefox Extensions ======================

ProfilePath: C:\Users\CONVID~1\AppData\Roaming\Mozilla\Firefox\Profiles\yoxta379.default
- Undetermined - %ProfilePath%\extensions\staged

ProfilePath: C:\Users\SILSPE~1\AppData\Roaming\Mozilla\Firefox\Profiles\iegipifq.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- ColorfulTabs - %ProfilePath%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
- Guardiao Itau Unibanco - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}
- Pink Fox - %ProfilePath%\extensions\{e7348bc0-16f6-11de-8c30-0800200c9a66}
- NASA Night Launch - %ProfilePath%\extensions\nasanightlaunch@example.com.xpi
- Noia-4 temahanterare - %ProfilePath%\extensions\Noia4Options@ArisT2.xpi
- Brisk V1 - %ProfilePath%\extensions\qimasood@gmail.com.xpi
- Utopia FFSE White Options - %ProfilePath%\extensions\utopia_ffse_white_options@[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
- Utopia FFSE White - %ProfilePath%\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}.xpi
- FXChrome - %ProfilePath%\extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi
- Noia 4 - %ProfilePath%\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Sil Speed\AppData\Roaming\Mozilla\Firefox\Profiles\iegipifq.default
B0ADE55ACE2B4EC8C821D54464F54112 - C:\Users\Sil Speed\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal
F6419D3B99616C80C947B9D7B427348B - C:\Users\Sil Speed\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll - Guardião Itaú 30 horas
5174E3BE46B2CCCDAF9CEB5B622CEA9B - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll - Shockwave for Director / Shockwave for Director
EAF8BBB88F9785622403499D9BCEE610 - C:\Users\Sil Speed\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal
B8CFF778A75C685AAC275BFC00BB8FD8 - C:\Users\Sil Speed\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll - Guardião Itaú 30 horas


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[01/08/2014 14:02]

Google Docs - Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - Sil Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Sil Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Sil Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Sil Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Sil Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Sil Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Avast Online Security - Sil Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - Sil Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Sil Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Mysearchdial Url="http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=wnzp_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0B0CyD0F0FyEyEyBtCyE0CtBzy0DyD0AtN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0B0DyBtBtDzytAtGyCtCyEzztG0F0ByCyBtGtB0E0EzztGtA0EtAtC0D0E0D0AyBtCyC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0F0Ezy0AzyyDzytG0AtAyD0CtGyCyDtAyCtG0AtDtCyCtGyBtCyDyC0DyB0C0EyBtD0Ezy2Q&cr=2036755323&ir="

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (file missing)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (file missing)

==== EOF on 14/11/2014 at 18:27:10,78 ======================

Boa Noite! Sil C San

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >  < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] > ( ... de Nicolas Coolman )
> Ou [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] << Link!
> Salve-o no disco local! ( C ou D )
> Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Clique "COMPLETA" e aguarde a conclusão!
> Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt ) 
> Ps: Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

> Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > 

> Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Ou anexe-o |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| << Link!

> Maiores informações: < |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| > << Hospedagem!

A+

anexo

joram escreveu:Disponibilize o relatório em Cjoint.com

> O espaço para o anexo está limitado. Procure enviar pelos meios que lhe disponibilizei.

A+

Olá! Sil C San

> Não veio! Leia àcima.

A+

Boa Noite! Sil C San

> Desinstale: < Spybot - Search & Destroy >
>
> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyCLSID
EmptyTemp
EmptyFlash
SS - | Auto 25/04/2014 1738200 |  (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
SS - | Auto 25/04/2014 2081752 |  (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
SR - | Auto 25/04/2014 171928 |  (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O2 - BHO: (no name) [64Bits] - {5C255C8A-E604-49b4-9D64-90988571CECB} Chave orfã O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (...) --  (.not file.)     
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) . (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) . (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O41 - Driver:  ({55685567-4840-4a91-962b-49a412e9485a}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys
O42 - Logiciel: SpyHunter - (.Enigma Software Group USA, LLC.) [HKLM][64Bits] -- {ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}
O42 - Logiciel: Spybot - Search & Destroy - (.Safer-Networking Ltd..) [HKLM][64Bits] -- {B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1
O43 - CFD: 14/11/2014 - 18:15:28 - [] ----D C:\Program Files (x86)\PokerStars
O43 - CFD: 14/11/2014 - 16:25:30 - [] ----D C:\Program Files (x86)\Spybot - Search & Destroy 2
O43 - CFD: 21/10/2014 - 12:58:21 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 14/11/2014 - 16:25:32 - [] ----D C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 14/11/2014 - 16:25:35 - [] ----D C:\Users\Sil Speed\AppData\Local\PokerStars
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [Enabled] .(.Safer-Networking Ltd..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" [Enabled] .(.Safer-Networking Ltd..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" [Enabled] .(.Safer-Networking Ltd..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" [Enabled] .(.Safer-Networking Ltd..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O45 - LFCP:[MD5.3201C6E97B82DDAB246AE63BA2143CBC] - 14/11/2014 - 17:12:04 ---A- - C:\Windows\Prefetch\SPYHUNTER4.EXE-7BD5E907.pf
O45 - LFCP:[MD5.C90B198EE1D37E1066D9374B2614839F] - 14/11/2014 - 14:32:31 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA31.EXE-C5554ED8.pf
O53 - SMSR:HKLM\...\startupreg\SDTray  [Key] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O58 - SDL:27/05/2014 - 16:14:06 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys   [61112]
O64 - Services: CurCS - 27/05/2014 - C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys ({55685567-4840-4a91-962b-49a412e9485a}Gw64)  .(.StdLib - StdLib.) - LEGACY_{55685567-4840-4A91-962B-49A412E9485A}GW64
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Mysearchdial) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[MD5.14BF59D9687F453D209F7780D14F3E17] [SPRF][24/09/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Sil Speed\AppData\Roaming\unins000.exe   [720082]
[MD5.169180F02ABCECA5DE72FC5EEBC861BB] [SPRF][21/10/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Sil Speed\AppData\Roaming\unins001.exe   [730322]
[HKLM\Software\Wow6432Node\SupDp]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SupTab_Setup302_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SupTab_Setup302_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\webget_setup_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\webget_setup_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wpm_v18_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wpm_v18_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AVG-Secure-Search-Update_JUNE2013_TB_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AVG-Secure-Search-Update_JUNE2013_TB_RASMANCS
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate]
C:\Users\Sil Speed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
ServiceStop:SDScannerService
ServiceStop:SDUpdateService
ServiceStop:SDWSCService
ServiceStop:{55685567-4840-4a91-962b-49a412e9485a}Gw64

> Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!

A+

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Sil Speed at 14/11/2014 19:39:27
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit (Build 7600)

Reciclagem vazia (00mn 04s)
Prefetcher vazio

========== Estado dos serviços ==========
{55685567-4840-4A91-962B-49A412E9485A}GW64 Parado
SDScannerService Parado
SDUpdateService Parado
SDWSCService Parado
{55685567-4840-4a91-962b-49a412e9485a}Gw64 Parado

========== Chaves do Registo ==========
ELIMINÉ Driver Key: {55685567-4840-4a91-962b-49a412e9485a}Gw64
ELIMINÉ:* StartupReg: SDTray
ELIMINÉ: SearchScopes :{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
ELIMINÉ: HKLM\Software\Wow6432Node\SupDp
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SupTab_Setup302_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SupTab_Setup302_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\webget_setup_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\webget_setup_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wpm_v18_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wpm_v18_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AVG-Secure-Search-Update_JUNE2013_TB_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AVG-Secure-Search-Update_JUNE2013_TB_RASMANCS
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}
ELIMINÉ:* HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate

========== Valores do Registo ==========
ELIMINÉ: FirewallRaz (SP) : C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
ELIMINÉ: FirewallRaz (SP) : C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ AAKE KeyValue: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
ELIMINÉ AAKE KeyValue: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (1)
ELIMINÉ Flash Cookies (0)
ELIMINÉ: C:\Program Files (x86)\PokerStars
ELIMINÉ: C:\Program Files (x86)\Spybot - Search & Destroy 2
ELIMINÉ: C:\ProgramData\boost_interprocess
ELIMINÉ: C:\ProgramData\Spybot - Search & Destroy
ELIMINÉ: C:\Users\Sil Speed\AppData\Local\PokerStars
ELIMINÉ: c:\users\sil speed\appdata\roaming\microsoft\windows\start menu\programs\spyhunter

========== Ficheiros ==========
ELIMINÉ Temporários windows (2) (140.474 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ: c:\windows\prefetch\spyhunter4.exe-7bd5e907.pf
ELIMINÉ: c:\windows\prefetch\wisecustomcalla31.exe-c5554ed8.pf
ELIMINA REINICIAR: c:\windows\system32\drivers\{55685567-4840-4a91-962b-49a412e9485a}gw64.sys


========== Recapitulativo ==========
14 : Chaves do Registo
5 : Valores do Registo
9 : Pastas
5 : Ficheiros
5 : Estado dos serviços


End of clean in 01mn 33s

========== Caminho do ficheiro do relatório ==========
C:\Users\Sil Speed\AppData\Roaming\ZHP\ZHPFix[R1].txt - 23/02/2014 11:43:30 [2187]

Boa Noite! Sil C San

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... par Xplode )
>
> Ou daqui: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ao acessar,clique em "Download Now".
>
> Salve-o no desktop!

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >

> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ps: Dê início ao scan,clicando em "Examinar". 

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >

> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatório".
> Poste: < C:\AdwCleaner\AdwCleaner[S0].txt > 

A+

# AdwCleaner v4.101 - Relatório criado 14/11/2014 às 12:58:39
# Atualizado 09/11/2014 por Xplode
# Database : 2014-11-13.1 [Live]
# Sistema Operacional : Windows 7 Ultimate (64 bits)
# Usuário : Sil Speed - SILSPEED-PC
# Executando de : C:\Users\Sil Speed\Downloads\adwcleaner_4.101.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : {55685567-4840-4a91-962b-49a412e9485a}Gw64

***** [ Arquivos / Pastas ] *****

Arquivo Deletada : C:\Windows\System32\\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys

***** [ Tarefas ] *****

Tarefa Deletedo : DealPlyUpdate
Tarefa Deletedo : SaveSense

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{44FC7A33-2E5C-48DC-B6F5-B81E8005D122}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27CE191D-733B-4450-AFCD-096D105288C3}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Chave Deletedo : HKLM\SOFTWARE\SupDp

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.7600.16912


-\\ Mozilla Firefox v31.0 (x86 pt-BR)

[32156bwz.default\prefs.js] - Linha deletada : user_pref("extensions.irmysearch.aflt", "wnzp_14_12_ff");
[32156bwz.default\prefs.js] - Linha deletada : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0B0CyD0F0FyEyEyBtCyE0CtBzy0DyD0AtN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0B0DyBtBtDzytAtGyCtCyEzzt[...]
[32156bwz.default\prefs.js] - Linha deletada : user_pref("extensions.irmysearch.cr", "2036755323");
[32156bwz.default\prefs.js] - Linha deletada : user_pref("extensions.irmysearch.instlRef", "140305_a");
[iegipifq.default\prefs.js] - Linha deletada : user_pref("extensions.irmysearch.aflt", "wnzp_14_12_ff");
[iegipifq.default\prefs.js] - Linha deletada : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0B0CyD0F0FyEyEyBtCyE0CtBzy0DyD0AtN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0B0DyBtBtDzytAtGyCtCyEzzt[...]
[iegipifq.default\prefs.js] - Linha deletada : user_pref("extensions.irmysearch.cr", "2036755323");
[iegipifq.default\prefs.js] - Linha deletada : user_pref("extensions.irmysearch.instlRef", "140305_a");

-\\ Google Chrome v

[C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*************************

AdwCleaner[R0].txt - [32158 octets] - [22/02/2014 19:14:44]
AdwCleaner[R1].txt - [20631 octets] - [29/05/2014 14:54:09]
AdwCleaner[R2].txt - [3322 octets] - [14/11/2014 12:56:30]
AdwCleaner[S0].txt - [30244 octets] - [22/02/2014 19:15:44]
AdwCleaner[S1].txt - [18203 octets] - [29/05/2014 14:55:05]
AdwCleaner[S2].txt - [3150 octets] - [14/11/2014 12:58:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3210 octets] ##########
# AdwCleaner v4.101 - Relatório criado 14/11/2014 às 19:53:58
# Atualizado 09/11/2014 por Xplode
# Database : 2014-11-13.1 [Live]
# Sistema Operacional : Windows 7 Ultimate (64 bits)
# Usuário : Sil Speed - SILSPEED-PC
# Executando de : C:\Users\Sil Speed\Downloads\adwcleaner_4.101.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Tarefas ] *****

Tarefa Deletedo : SaveSense

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{44FC7A33-2E5C-48DC-B6F5-B81E8005D122}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27CE191D-733B-4450-AFCD-096D105288C3}

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.7600.16912


-\\ Mozilla Firefox v31.0 (x86 pt-BR)

[32156bwz.default\prefs.js] - Linha deletada : user_pref("extensions.irmysearch.aflt", "wnzp_14_12_ff");
[32156bwz.default\prefs.js] - Linha deletada : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0B0CyD0F0FyEyEyBtCyE0CtBzy0DyD0AtN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0B0DyBtBtDzytAtGyCtCyEzzt[...]
[32156bwz.default\prefs.js] - Linha deletada : user_pref("extensions.irmysearch.cr", "2036755323");
[32156bwz.default\prefs.js] - Linha deletada : user_pref("extensions.irmysearch.instlRef", "140305_a");
[iegipifq.default\prefs.js] - Linha deletada : user_pref("extensions.irmysearch.aflt", "wnzp_14_12_ff");
[iegipifq.default\prefs.js] - Linha deletada : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0B0CyD0F0FyEyEyBtCyE0CtBzy0DyD0AtN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0B0DyBtBtDzytAtGyCtCyEzzt[...]
[iegipifq.default\prefs.js] - Linha deletada : user_pref("extensions.irmysearch.cr", "2036755323");
[iegipifq.default\prefs.js] - Linha deletada : user_pref("extensions.irmysearch.instlRef", "140305_a");

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [32158 octets] - [22/02/2014 19:14:44]
AdwCleaner[R1].txt - [20631 octets] - [29/05/2014 14:54:09]
AdwCleaner[R2].txt - [6270 octets] - [14/11/2014 12:56:30]
AdwCleaner[R3].txt - [1147 octets] - [14/11/2014 15:40:49]
AdwCleaner[R4].txt - [1356 octets] - [14/11/2014 15:44:43]
AdwCleaner[S0].txt - [30244 octets] - [22/02/2014 19:15:44]
AdwCleaner[S1].txt - [18203 octets] - [29/05/2014 14:55:05]
AdwCleaner[S2].txt - [6078 octets] - [14/11/2014 12:58:39]
AdwCleaner[S3].txt - [1412 octets] - [14/11/2014 15:46:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [6198 octets] ##########

Boa Noite! Sil C San

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Abra a ferramenta AdwCleaner e clique em "Desinstalar".
> Confirme a solicitação!

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Oleg N. Scherbakov )

> Salve-o no desktop!
> Desabilite seu antivírus!
> Para Windows 7,clique direito em JRT.exe e execute-o ... 

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Aguarde a conclusão e poste o relatório. ( JRT.txt )

A+

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Ultimate x64
Ran by Sil Speed on 14/11/2014 at 20:25:19,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update webget
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util webget



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu security"
Successfully deleted: [Folder] "C:\Program Files (x86)\baidu security"



~~~ FireFox

Emptied folder: C:\Users\Sil Speed\AppData\Roaming\mozilla\firefox\profiles\iegipifq.default\minidumps [31 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/11/2014 at 20:30:34,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Boa Noite! Sil C San

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by techsupportall.com )
> Salve-a no desktop!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Execute o arquivo Adware-Removal-Tool-v3.9.1.exe <<

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Dê início a verificação,clicando em Scan.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Ao concluir seu prescan,clique OK.
> Ps: Cada guia irá mostrar o que será removido!

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Clique "Next" >> Aguarde!

< Computador >> Windows (C:) >> Program Files >> Adware-Removal-Tool >> Reports >> Repair_Logs_2014_11_dia_h_min_seg.txt <<

> Poste o relatório! 

Abs!

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v3.9
Time: 2014_11_14_20_46_19
OS: Windows 7 - 64 Bit
Account Name: Sil Speed
U0L0S4

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

Deleted - File - C:\program files (x86)\Image-Line\FL Studio 11\Data\Patches\Plugin presets\Generators\Wasp\PadSoftelectroVibe.fst
Deleted - File - C:\program files (x86)\Winamp\Plugins\Milkdrop2\presets\stahlregen + geiss + shifter - babylon.milk
Deleted - Folder - C:\Users\Sil Speed\Appdata\Roaming\Mozilla\Firefox\Profilesiegipifq.default\extensions\staged\sitefinder@sitefinder.com
Deleted - RegistryKey - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2647670610-476177939-1705394977-1000\Software\Avast Software\WRC\SearchRules:ask.com

\\ Finished

Boa Noite! Sil C San

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Old Timer Tools )

> Salve-o no desktop.
> Para Windows Vista ou 7,execute OTC.exe como administrador.

> Clique: [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >> Yes.

> Aceite reboot!
> Informe! Tudo OK?

A+

Cara, acho que fiz tudo certo, mas tá igual, demora pra inicializar. Coisa que fazia em menos de 1 minuto leva uns cinco.

Sil C San escreveu:Cara, acho que fiz tudo certo, mas tá igual, demora pra inicializar. Coisa que fazia em menos de 1 minuto leva uns cinco.

Boa Noite! Sil C San

> Já desmarcou programas que inicializam com o Windows,lá no msconfig?
> Deixe,apenas o Antivírus!

A+

Deixei mas mesmo assim demorou.

Boa Noite! Sil C San

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Salve-o no desktop!
> Desabilite seu antivírus e execute o arquivo esetsmartinstaller_enu.exe <<
> Aceite o contrato e marque: "YES, I accept the Terms of Use"
> Clique: "Start"

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]


> Em "Computer scan settings",marque:

<*> Enable detection of potentially unwanted applications

> Em "Hide advanced settings",marque:

<1> Scan archives
<2> Scan for potentially unsafe applications
<3> Enable Anti-Stealth technology
<4> Remove found threats

> Clique em "Advanced settings".
> Clique "Change" e marque a caixa "Computador".
> Clique: "Start" >> Aguarde! ( Pode durar algumas horas,esse scan... )
> Ao concluir,clique em "List of found threats".
> Clique em "Export to text file" e salve o relatório no desktop.
> Clique "Back" >> "Finish".
> Poste o relatório!

A+

----------------
Relatório Eset
----------------
C:\Program Files\Adware-Removal-Tool\ARTP3.exe MSIL/FakeTool.PS trojan
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Speed\Blog\Nova pasta\ZipSetup.exe a variant of Win32/TrojanDownloader.FakeNSIS.A trojan
C:\Speed\Diversos\CDX6.rar a variant of Win32/Keygen.AU potentially unsafe application
C:\Speed\Diversos\Corel Draw X5 Keygen [2010] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] a variant of Win32/Keygen.AF potentially unsafe application
C:\Speed\Diversos\Corel Draw X5 with Keygen\Keygen.exe a variant of Win32/Keygen.AF potentially unsafe application
C:\Speed\Programas\SoftonicDownloader_para_unlocker.exe Win32/SoftonicDownloader.G potentially unwanted application
C:\Users\Sil Speed\Downloads\822-ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Sil Speed\Downloads\big-rig-europe-demo-baixaki-32-bits.exe a variant of Win32/InstallCore.BY potentially unwanted application
C:\Users\Sil Speed\Downloads\ccleaner-4094471-32-bits.exe a variant of Win32/InstallCore.BY potentially unwanted application
C:\Users\Sil Speed\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Sil Speed\Downloads\disk-defrag-setup.exe Win32/InstallMonetizer.AQ potentially unwanted application
C:\Users\Sil Speed\Downloads\folder-lock-722-32-bits.exe Win32/InstallCore.MI potentially unwanted application
C:\Users\Sil Speed\Downloads\Free3GPVideoConverter.exe Win32/OpenCandy potentially unsafe application
C:\Users\Sil Speed\Downloads\german-truck-simulator-132-baixaki-32-bits.exe a variant of Win32/InstallCore.BY potentially unwanted application
C:\Users\Sil Speed\Downloads\Setup-MsgPlus-510.exe a variant of Win32/MessengerPlus.A potentially unwanted application
C:\Users\Sil Speed\Downloads\SoftonicDownloader_for_lock-a-folder.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application
C:\Users\Sil Speed\Downloads\SoftonicDownloader_para_folder-lock.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application
C:\Users\Sil Speed\Downloads\WinZipSetup_v1.0.4.18285_542.exe a variant of Win32/Injected.F trojan
C:\Users\Sil Speed\Downloads\youtube_downloader_hd_setup.exe Win32/OpenCandy potentially unsafe application
C:\Users\Sil Speed\Downloads\FL Studio Producer Edition 11.0.4+Plugins Bundle R2R [ChingLiu]\flstudio_11.0.4.exe Win32/OpenCandy potentially unsafe application
-------
####

ComboFix 14-11-15.01 - Sil Speed 14/11/2014 23:40:09.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.3839.2586 [GMT -2:00]
Executando de: c:\users\Sil Speed\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sil Speed\AppData\Roaming\unins000.exe
c:\users\Sil Speed\AppData\Roaming\unins001.exe
c:\windows\IsUn0416.exe
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NEWDRIVER
-------\Service_NEWDRIVER
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2014-10-15 to 2014-11-15 ))))))))))))))))))))))))))))
.
.
2014-11-15 02:19 . 2014-11-15 02:19 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{663DEEFB-F3A8-4043-8F32-42CB354F9CC5}\offreg.dll
2014-11-15 02:15 . 2014-11-15 02:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-11-15 02:15 . 2014-11-15 02:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-14 23:50 . 2014-11-14 23:50 -------- d-----w- c:\program files (x86)\ESET
2014-11-14 22:46 . 2014-11-14 22:46 290304 ----a-w- c:\windows\SysWow64\subinacl.exe
2014-11-14 22:46 . 2014-11-14 22:46 -------- d-----w- c:\program files\Adware-Removal-Tool
2014-11-14 22:46 . 2014-11-14 22:46 -------- d-----w- c:\program files\Common Files\Microsoft
2014-11-14 15:12 . 2014-11-14 20:43 512 ----a-w- C:\PhysicalDisk0_MBR.bin
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-10 17:30 . 2012-05-11 00:08 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-10 17:30 . 2011-12-27 00:28 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-01 4085896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files (x86)\GbPlugin\gbiehuni.dll" [2014-08-12 1760312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2014-08-12 17:20 1736008 ------w- c:\program files (x86)\GbPlugin\gbiehcef.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2014-08-12 17:19 1760312 ------w- c:\program files (x86)\GbPlugin\gbiehuni.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BdApiUtil;BdApiUtil;c:\program files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys;c:\program files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [x]
R3 BdCameraProtect;BdCameraProtect;c:\program files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys;c:\program files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 Bfilter;Baidu Antivirus Minifilter Driver;c:\windows\System32\drivers\Bfilter.sys;c:\windows\SYSNATIVE\drivers\Bfilter.sys [x]
S1 Bfmon;Baidu FS Monitor Driver;c:\windows\System32\drivers\Bfmon.sys;c:\windows\SYSNATIVE\drivers\Bfmon.sys [x]
S1 Bprotect;Baidu Protect;c:\windows\System32\drivers\Bprotect.sys;c:\windows\SYSNATIVE\drivers\Bprotect.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\SysWOW64\nvSCPAPISvr.exe;c:\windows\SysWOW64\nvSCPAPISvr.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 Warsaw Technology;Warsaw Technology;c:\program files (x86)\Diebold\Warsaw\core.exe;c:\program files (x86)\Diebold\Warsaw\core.exe [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - WS2IFSL
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 17:30]
.
2014-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-11 14:02]
.
2014-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-11 14:02]
.
2014-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2647670610-476177939-1705394977-1000Core.job
- c:\users\Sil Speed\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 19:49]
.
2014-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2647670610-476177939-1705394977-1000UA.job
- c:\users\Sil Speed\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 19:49]
.
2014-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2647670610-476177939-1705394977-1001Core.job
- c:\users\Bel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-02 14:49]
.
2014-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2647670610-476177939-1705394977-1001UA.job
- c:\users\Bel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-02 14:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-01 16:02 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mDefault_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mDefault_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mSearch Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: caixa.gov.br\imagem
Trusted Zone: caixa.gov.br\imagem2
Trusted Zone: caixa.gov.br\internetbanking
Trusted Zone: caixa.gov.br\internetbankingpf
Trusted Zone: caixa.gov.br\www
Trusted Zone: itau.com.br
Trusted Zone: itau.com.br\bankline
Trusted Zone: itau.com.br\clickbanking
Trusted Zone: itau.com.br\guardiao
Trusted Zone: itau.com.br\www
Trusted Zone: itaupersonnalite.com.br\www
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Sil Speed\AppData\Roaming\Mozilla\Firefox\Profiles\iegipifq.default\
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0416.EXE
AddRemove-PokerStars - c:\program files (x86)\PokerStars\PokerStarsUninstall.exe
AddRemove-{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1 - c:\users\Sil Speed\AppData\Roaming\unins001.exe
AddRemove-{70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1 - c:\users\Sil Speed\AppData\Roaming\unins000.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Tempo para conclusão: 2014-11-15 00:22:48 - Máquina reiniciou
ComboFix-quarantined-files.txt 2014-11-15 02:22
.
Pré-execução: 888.127.860.736 bytes disponíveis
Pós execução: 887.696.797.696 bytes disponíveis
.
- - End Of File - - 1806C7DF1B4F85A88CC1D425F332182A
A36C5E4F47E84449FF07ED3517B43A31