.:: Análise de logs HijackThis! ::.

[Blue Zee]

Sinceramente não me parece.
A ser isso suspeito que terias muitos outros problemas.

 

[Aymar_Maury]

Sinceramente não me parece.
A ser isso suspeito que terias muitos outros problemas.

Ok. Entendido.

Vou então experimentar o Firefox com muitos tabs abertos e amanhã faço o relatório.

Obrigado desde já.

 

[Blue Zee]

OK, boa sorte.
Vamos ver o que dá o teste.

 

[Aymar_Maury]

OK, boa sorte.
Vamos ver o que dá o teste.

Peço desculpa por não ter respondido ainda com os resultados do teste, mas, por imprevistos pessoais, não tive essa possibilidade.

Espero poder fazer isso em breve.

Obrigado pela ajuda e paciência dispensada até agora.

 

[Blue Zee]

Não há problemas.
Fico expectativa de uma atualização da situação (positiva!).

 

[Aymar_Maury]

Finalmente tive mais tempo para tratar disto.

Hoje, utilizando o Chrome, a ver um vídeo do Youtube e com várias páginas abertas (30), o PC congelou outra vez e tive de fazer uma reinicialização. Fiz também um chkdsk (erro num index), seguido de um sfc /scannow (sem erros).

Depois, abri o Event Viewer e fui ao Administrative Events pesquisar erros. Fiquei incomodado com a quantidade que tive hoje. Por ordem de ocorrência (os repetidos estão correctos):

Warning (Server) 16:57:46 - The server service was unable to recreate the share User Name because the directory E:\Users\User Name no longer exists.  Please run "net share User Name /delete" to delete the share, or recreate the directory E:\Users\User Name.

Critical (Kernel-Power) 17:50:06 - The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Error (EventLog) 17:50:10 - The previous system shutdown at 17:46:25 on ‎06-‎01-‎2016 was unexpected.

Error (ServiceControlManager) 17:50:10 - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

Error (ServiceControlManager) 17:50:10 - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

Error (ServiceControlManager) 17:50:10 - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

Error (ServiceControlManager) 17:50:10 - The Network Store Interface Service service depends on the NSI proxy service driver. Service which failed to start because of the following error: A device attached to the system is not functioning.

Error (ServiceControlManager) 17:50:10 - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

Error (ServiceControlManager) 17:50:10 - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

Error (ServiceControlManager) 17:50:10 - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

Error (ServiceControlManager) 17:50:10 - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

Error (ServiceControlManager) 17:50:10 - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

Error (ServiceControlManager) 17:50:10 - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

Error (ServiceControlManager) 17:50:10 - The following boot-start or system-start driver(s) failed to load: AFD CSC

Warning (WinLogOn) 17:50:19 - The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Error (DistributedCOM) 17:50:19 - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

Error (DistributedCOM) 17:50:24 - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error (DistributedCOM) 17:50:25 - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error (DistributedCOM) 17:50:25 - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

Error (ServiceControlManager) 17:50:25 - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Error (ServiceControlManager) 17:50:26 - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Error (ServiceControlManager) 17:50:26 - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Error (ServiceControlManager) 17:50:26 - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Error (ServiceControlManager) 17:50:26 - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Error (ServiceControlManager) 17:50:26 - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Error (ServiceControlManager) 17:50:26 - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Error (ServiceControlManager) 17:50:26 - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Warning (Kernel-EventTracing) 17:54:33 - The maximum file size for session "ReadyBoot" has been reached. As a result, events might be lost (not logged) to file "C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl". The maximum files size is currently set to 20971520 bytes.

Error (Kernel-EventTracing) 17:54:33 - Session "ReadyBoot" stopped due to the following error: 0xC0000188

Warning (Kernel-EventTracing) 17:56:56 - The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Warning (Kernel-EventTracing) 17:56:56 - The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Warning (Server) 18:01:20 - The server service was unable to recreate the share User Name because the directory E:\Users\User Name no longer exists.  Please run "net share User Name /delete" to delete the share, or recreate the directory E:\Users\User Name.

Warning (Kernel-EventTracing) 18:05:08 - The maximum file size for session "ReadyBoot" has been reached. As a result, events might be lost (not logged) to file "C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl". The maximum files size is currently set to 20971520 bytes.

Error (Kernel-EventTracing) 18:05:08 - Session "ReadyBoot" stopped due to the following error: 0xC0000188

Warning (Kernel-EventTracing) 18:10:54 - The backing-file for the real-time session "WDC.BE95A9B1-DE15-4B78-B923-A12AB70BE951" has reached its maximum size. As a result, new events will not be logged to this session until space becomes available. This error is often caused by starting a trace session in real-time mode without having any real-time consumers.

Instalei o Firefox (64bit), importei Bookmarks e, até agora, não tive problema com várias páginas abertas ao mesmo tempo (30). Mas ainda é cedo.

De qualquer forma, não fico nada descansado com estes erros no Event Viewer...

 

[Blue Zee]

Boas!

Tens que passar o teu problema para aqui:
Dúvidas e Suporte Técnico - Windows

Boa sorte!

 

[Aymar_Maury]

Boas!

Tens que passar o teu problema para aqui:
Dúvidas e Suporte Técnico - Windows

Boa sorte!

Ok. Obrigado pela ajuda.

 

[UseIt]

Já agora qual foi o tópico que criaste para continuar a acompanhar?

Thx

 

[Blue Zee]

Está aqui:
Estabilidade de Sistema

 

[mbarbedo]

@Blue Zee já estava com saudades tuas e aproveitei para correr o HijackThis no meu pc. Não que tenha algum problema chato mas apenas porque já não o fazia há mais de um par de anos (salvo erro), por conseguinte queria saber se há alguma coisa para eliminar que esteja a mais. Expecialmente coisas que estejam a correr em background, para além do Clipube e do 3RVX penso não precisar de mais nada a correr e a arancar sozinho.
Por exemplo vejo uma data de linhas sobre o Internet Explorer mas já nem sequer tenho isso instalado. O SO é o Windows 10 Home.

O único problema que tenho neste pc é que ocasionalmente levo com ecrãs azuis (netio.sys salvo erro) mas isso acho que tem a ver com os drivers da placa de vídeo que não os atualizo porque as versões mais recentes dão cabo da reprodução de vídeo. Mas só acontece quando tenho vídeo a correr no Kodi e mais alguma coisa está a usar a placa de vídeo, pelo que pude reparar. Nada de muito relevante.

Já agora posso remover todas as entradas referentes a programas que já não tenha instalados, por exemplo como o Bluestacks?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:01:04, on sáb, 09/04/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\#TRALHA\ClipCube-1.2.1\ClipCube.exe
C:\Program Files (x86)\3RVX3-B7\3RVX.exe
C:\Users\P\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\ChomikBox\chomikbox.exe
C:\Users\P\Desktop\Atalhos\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>;smtp-mail.outlook.com;smtp.googlemail.com;smtp.mail.comrest.cyberghostvpn.com;localhost;127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: (no name) - {43D9786F-A485-683B-9B5B-ACC97ABC17FC} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKCU\..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
O4 - HKCU\..\Run: [Shapeshifter] "C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flamefusion\Shapeshifter\Shapeshifter.appref-ms"
O4 - HKCU\..\Run: [ClipCube] C:\#TRALHA\ClipCube-1.2.1\ClipCube.exe
O4 - HKCU\..\Run: [BaiduYunDetect] "C:\Users\P\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\P\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Google Photos Backup] "C:\Users\P\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" /autostart
O4 - Startup: 3RVX.exe.lnk = C:\Program Files (x86)\3RVX3-B7\3RVX.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: MEGAsync.lnk = C:\ProgramData\MEGAsync\MEGAsync.exe
O8 - Extra context menu item: Nova nota - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.ma-config.com
O15 - Trusted Zone: http://*.touslesdrivers.com
O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{5c8d50df-5a91-4aec-91d5-df452e7767fc}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AndServMgr - American Megatrends Inc. - C:\Program Files\AMI\DuOS\AndServMgr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: BaiduYunUtility - Unknown owner - C:\Users\P\AppData\Roaming\baidu\BaiduYunGuanjia\YunUtilityService.exe
O23 - Service: Serviço de Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberGhost 5 Client Service (CGVPNCliService) - CyberGhost S.R.L - C:\Program Files\CyberGhost 5\Service.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: COM+ Leg Service (COMLegService) - Unknown owner - C:\Program Files (x86)\Legendas-3.4\srvlegendas.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Serviço Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: PAExec - Power Admin LLC - C:\WINDOWS\PAExec.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: sopcastp2p - Unknown owner - C:\Program Files (x86)\SopCast\srvany.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: TTService - TorrentsTime - C:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @oem60.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\WINDOWS\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10794 bytes

 

[Blue Zee]

Boas @mbarbedo.
Por aqui?

Como de certo já sabes, o HJT não funciona corretamente em sistemas 64 bits.
Haverá muita coisa que não aparece no log.

Para controlares o que arranca com o Windows sugiro sempre configurar diretamente o programa e tirar o pisco ou desativar a opção de arranque com o Windows.

Fiquei curioso quando referes que o Bluestacks não está instalado.
Não tens esta pasta no sistema?
C:\Program Files (x86)\BlueStacks

Se ainda tens a desinstalação não foi totalmente conseguida.
Sugiro reinstales e depois uses o Geek Uninstaller gratuito para desinstalar.
Deve resolver.

Feito isto e se ainda ficares com algumas coisas no arranque que queiras limpar, sugiro então o WinPatrol também grátis.
Permite controlar isso e muito mais:

Selecionas o programas que não queres que arranque com o Windows e clicas Disable.
Não uses Remove.

Dá uma vista de olhos.
Se precisares de ajuda ou tiveres dúvidas, não hesites em colocá-las.

Cheers.

 

[mbarbedo]

Mestre @Blue Zee, mais uma vez te agradeço o teu tempo, a tua sabedoria e a tua amabilidade! Sempre incansável!

Sobre o Bluestacks, não tenho qualquer entrada ou pasta dele no pc. Normalmente para desinstalar programas uso o Revo Unistaller porque há muito descobri que se desinstalavam os programas mas a maioria deixava sempre um rasto para trás, fosse uma entrada no registo, uns ficheiros de configuração ou umas pastas.

Esqueço-me sempre que o HJT não funciona bem em 64 bits, salvo erro já deve ser a terceira vez que me dizes isso mas acaba sempre por me passar... Raio de memória de passarinho que eu tenho!

Já tenho os programas que recomendas a instalar e vou dar umas voltas neles. Mais uma vez te agradeço imenso por tudo!

 

[Blue Zee]

Se precisares de alguma ajuda, manda.

Relativamente ao Revo Uninstaller só a versão paga suporta 64 bits.

Se não tens a pasta Bluestacks podes limpar isso com o HJT.

Vai resolver.

 

[mbarbedo]

Sim em tempos comprei o Revo porque de facto o programa é bastante bom, ou pelo menos assim dá essa impressão. Aquele scan após a desinstalação para procurar entradas de registos e pastas deixadas pelos programas é extremamente útil.

Vou então limpar a entrada do Bluestacks.

Mais uma vez o meu enorme agradecimento por tudo!

 

[hedera]

o meu PC está muito lento, a abrir programas e alguns ficam a moer e não respondem.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:05:13, on 23-08-2016
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16800)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [CertificateImport] C:\Program Files\Cartão de Cidadão\PtEidTrayApplet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4A799AC-03DE-47DA-9878-BB35A40B89B8}: NameServer = 87.103.113.139,87.103.113.171
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: Serviço Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Liant RMUC Service (RMUCService) - Liant Software Corporation - c:\pmrexerm\rmucs.exe

--
End of file - 5064 bytes

 

[Blue Zee]

Nada de evidentemente errado.

Tenta isto:
Limpeza simples de adware, PUP e similares

Tens desfragmentado o disco (apenas se não for SSD)?

 

[Aymar_Maury]

Cá volto eu a pedir ajuda, para uma chatice naquele PC que estava já a funcionar bem: Vários problemas, mesma origem?


Depois da situação ter sido aparentemente resolvida, o PC esteve dois dias a funcionar bem. Hoje começou a "pendurar" outra vez na inicialização do Windows. Safe Mode + sfc /scannow + chkdsk /f e nada de problemas. À terceira vez lá entrou e, por precaução, inspeccionei-o com o HitmanPro (só encontrou cookies), tentei com o NPE (não carregava o driver para rootkits) e KVRT (dois PUPS). Lá reinicializei em Safe Mode para ele carregar o driver do NPE e lá consegui que ele funcionasse quando carregou em modo normal (não encontrou nada).

Depois fui para o ADWCleaner + JRT + SC-Cleaner. Os logs estão aqui em baixo:

# AdwCleaner v6.010 - Logfile created 30/08/2016 at 15:56:37
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-30.1 [Server]
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (X86)
# Username : Jorge Teixeira - JAGT-PC
# Running from : C:\Users\Jorge Teixeira\Downloads\Software de Segurança\AdwCleaner6.0.1.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd


***** [ Web browsers ] *****

[-] [C:\Users\Jorge Teixeira\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fcfenmboojpjinhpgggodefccipikbpd


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C2].txt - [1028 Bytes] - [30/08/2016 15:56:37]
C:\AdwCleaner\AdwCleaner[C3].txt - [1631 Bytes] - [08/11/2015 23:40:14]
C:\AdwCleaner\AdwCleaner[R0].txt - [1253 Bytes] - [05/10/2013 15:29:43]
C:\AdwCleaner\AdwCleaner[R1].txt - [1028 Bytes] - [20/02/2014 01:55:20]
C:\AdwCleaner\AdwCleaner[R2].txt - [1100 Bytes] - [06/04/2014 23:54:04]
C:\AdwCleaner\AdwCleaner[S0].txt - [1328 Bytes] - [05/10/2013 18:07:22]
C:\AdwCleaner\AdwCleaner[S1].txt - [1162 Bytes] - [06/04/2014 23:55:32]
C:\AdwCleaner\AdwCleaner[S3].txt - [1893 Bytes] - [19/08/2016 18:20:38]
C:\AdwCleaner\AdwCleaner[S4].txt - [1503 Bytes] - [08/11/2015 23:36:42]
C:\AdwCleaner\AdwCleaner[S5].txt - [1928 Bytes] - [30/08/2016 15:51:41]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1758 Bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows Vista (TM) Home Premium x86
Ran by Jorge Teixeira (Administrator) on 30-08-2016 at 15:21:07,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 13

Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\Jorge Teixeira\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RGW2EA4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jorge Teixeira\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GOWWIF9T (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jorge Teixeira\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1XHZX0B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jorge Teixeira\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VT47QHQE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jorge Teixeira\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W66ZX5N0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jorge Teixeira\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLO3XMMX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RGW2EA4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GOWWIF9T (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1XHZX0B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VT47QHQE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W66ZX5N0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLO3XMMX (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\21907283 (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30-08-2016 at 15:31:08,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Shortcut Cleaner 1.4.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
http://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows Vista (TM) Home Premium Service Pack 2
Program started at: 08/30/2016 04:27:05 PM.

Scanning for registry hijacks:

* No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Jorge Teixeira\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Jorge Teixeira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Jorge Teixeira\Desktop\

Searching C:\Users\Public\Desktop\


0 bad shortcuts found.

Program finished at: 08/30/2016 04:27:09 PM
Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s)

Aqui está o log actual do HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:39:26, on 30-08-2016
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16811)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avpui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIIJE.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conime.exe
C:\Windows\System32\Notepad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Jorge Teixeira\Downloads\Software de Segurança\HijackThis (1).exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {03993315-5CE9-4F00-8790-D14A94F1D91A} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll
O3 - Toolbar: Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIIJE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-402 403 405 406 Series" /EF "HKCU"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun (User 'Sistema')
O4 - HKUS\.DEFAULT\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun (User 'Default user')
O4 - Startup: Iniciação Rápida do Microsoft Office OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Serviço do Kaspersky Anti-Virus 16.0.1 (AVP16.0.1) - AO Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Seiko Epson Corporation - C:\Windows\system32\EscSvc.exe
O23 - Service: Serviço Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 9046 bytes

Haverá razões para preocupação ou está o PC limpo? Será isto Hardware ou simplesmente o Vista a precisar de reinstalação, para ficar limpinho?

Já agora, como funciona o DDS da BleepingComputer? É como o HJT?

 

[Blue Zee]

Nada de evidentemente errado, mas tens muita coisa a arrancar com o Windows o que pode explicar alguma preguiça mais do que a normal do Vista.

Analisa as entradas O4 no log do HJT e desativa o que puderes nas configurações dos respetivos programas.

Depois dessa limpeza testa de novo.

 

[Aymar_Maury]

Nada de evidentemente errado, mas tens muita coisa a arrancar com o Windows o que pode explicar alguma preguiça mais do que a normal do Vista.

Analisa as entradas O4 no log do HJT e desativa o que puderes nas configurações dos respetivos programas.

Depois dessa limpeza testa de novo.

Ok. Vou tentar. Mas o maior problema é a estabilidade e erros que tem dado.

Numa das ocasiões em que liguei o PC, hoje, sempre que tentava ligar um programa, aparecia uma janela com a mensagem:

"............exe - Bad image. The aplication or DLL c:\program files\............\............dll is not a valid Windows image"

Fui procurar informação sobre isso e encontrei um thread da BleepingComputer em que foi interpretado que era claramente uma infecção. >Usaram DDS, ComboFix, etc... para o limpar.

Daí, ter ficado alertado para a possibilidade de uma infecção e ter ido fazer análises com programas de segurança.