Logo Hardware.com.br
Monica Gurzoni
Monica Gurzo... Membro Senior Registrado
299 Mensagens 15 Curtidas

[Resolvido] Sequestrador de navegação. Vírus?

#1 Por Monica Gurzo... 16/06/2014 - 10:01
Olá!
Meu navegador habitual é o Chrome e o IE uso eventualmente.

De repente, há dois dias, abri o Chrome e apareceu a página "istart.webssearches.com" e minhas páginas de inicialização desapareceram. No IE a mesma coisa.espantado.png:

Pesquisei esse site e vi que é um "sequestrador de navegadores". Uns dizem que é vírus, outros dizem que não. A princípio, parece que nada foi afetado no meu computador, apenas as páginas de inicialização.

Fui no Painel de Controle... Lá estava ele. Desinstalei.

Usei SpyHunter e este detectou e removeu umas 500 infecções vindas desse site.

No Chromer consegui configurar as páginas de inicialização e tudo voltou ao normal.

No IE já fiz de tudo e não consigo tirar esse site. Atualizei o IE, fui em extensões e complementos, confugurações avançadas, tudo... e essa coisa não desaparece raivoso.png

Quase nunca acesso o IE, mas não quero esse site lá.

Como arranco ele? Se necessário, eis o Log HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:51:24, on 16/06/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\BatteryManagerService\BatteryManagerService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Online Games Manager\ogmservice.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Technology Pack\Amazing Audio\AudioPower.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Technology Pack\Battery Manager\BatteryPower.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Monica\Downloads\Hijackthis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.br/webhp?gfe_rd=cr&ei=feCeU_XdHMGi8weuu4DACQ&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files\GbPlugin\gbiehuni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AudioPower] C:\Program Files\Technology Pack\Amazing Audio\AudioPower.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.itau.com.br
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginUni - C:\Program Files\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Battery Manager Service (BatteryManagerSrv) - Positivo Informática S.A - C:\Program Files\BatteryManagerService\BatteryManagerService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Program Files\Online Games Manager\ogmservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe

--
End of file - 10459 bytes
Responder
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#2 Por Power Max
16/06/2014 - 10:24
Oi Monica.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
http://www.bleepingcomputer.com/download/adwcleaner/

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Monica Gurzoni
Monica Gurzo... Membro Senior Registrado
299 Mensagens 15 Curtidas
#3 Por Monica Gurzo...
16/06/2014 - 12:50
Olá Power Max! smile.png

Aqui:

# AdwCleaner v3.212 - Relatório criado 16/06/2014 às 12:41:48
# Atualizado 05/06/2014 por Xplode
# Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)
# Usuário : Monica - MONICA-PC
# Executando de : C:\Users\Monica\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\ItsReadyApp
Pasta Deletada : C:\ProgramData\Trymedia
Pasta Deletada : C:\ProgramData\saveu net
Pasta Deletada : C:\Program Files\saveu net
Pasta Deletada : C:\Users\Administrador\AppData\Local\Chromatic Browser
Pasta Deletada : C:\Users\Administrador\AppData\Local\torch
Pasta Deletada : C:\Users\Convidado\AppData\Local\Chromatic Browser
Pasta Deletada : C:\Users\Convidado\AppData\Local\torch
Pasta Deletada : C:\Users\Monica\AppData\Local\Chromatic Browser
Pasta Deletada : C:\Users\Monica\AppData\Local\torch
Pasta Deletada : C:\Users\Monica\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Pasta Deletada : C:\Users\Monica\AppData\Roaming\SendSpace
Pasta Deletada : C:\Users\wangzhisong\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\iknklfefllicmngcjggcmaocoacgkfgh
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\iknklfefllicmngcjggcmaocoacgkfgh
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhlnlpiehpbieaooopapdbankpaklomd
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhlnlpiehpbieaooopapdbankpaklomd
Arquivo Deletada : C:\Users\Monica\daemonprocess.txt
Arquivo Deletada : C:\Windows\Tasks\04c35af6-9d42-4a64-a10d-6a2ddedf7e41-1.job
Arquivo Deletada : C:\Windows\System32\Tasks\04c35af6-9d42-4a64-a10d-6a2ddedf7e41-1
Arquivo Deletada : C:\Windows\Tasks\04c35af6-9d42-4a64-a10d-6a2ddedf7e41-11.job
Arquivo Deletada : C:\Windows\System32\Tasks\04c35af6-9d42-4a64-a10d-6a2ddedf7e41-11
Arquivo Deletada : C:\Windows\Tasks\04c35af6-9d42-4a64-a10d-6a2ddedf7e41-2.job
Arquivo Deletada : C:\Windows\System32\Tasks\04c35af6-9d42-4a64-a10d-6a2ddedf7e41-2
Arquivo Deletada : C:\Windows\Tasks\04c35af6-9d42-4a64-a10d-6a2ddedf7e41-3.job
Arquivo Deletada : C:\Windows\System32\Tasks\04c35af6-9d42-4a64-a10d-6a2ddedf7e41-3
Arquivo Deletada : C:\Windows\Tasks\04c35af6-9d42-4a64-a10d-6a2ddedf7e41-4.job
Arquivo Deletada : C:\Windows\System32\Tasks\04c35af6-9d42-4a64-a10d-6a2ddedf7e41-4
Arquivo Deletada : C:\Windows\Tasks\04c35af6-9d42-4a64-a10d-6a2ddedf7e41-5.job
Arquivo Deletada : C:\Windows\System32\Tasks\04c35af6-9d42-4a64-a10d-6a2ddedf7e41-5
Arquivo Deletada : C:\Windows\Tasks\04c35af6-9d42-4a64-a10d-6a2ddedf7e41-6.job
Arquivo Deletada : C:\Windows\System32\Tasks\04c35af6-9d42-4a64-a10d-6a2ddedf7e41-6
Arquivo Deletada : C:\Windows\Tasks\04c35af6-9d42-4a64-a10d-6a2ddedf7e41-7.job
Arquivo Deletada : C:\Windows\System32\Tasks\04c35af6-9d42-4a64-a10d-6a2ddedf7e41-7
Arquivo Deletada : C:\Windows\Tasks\0f35c805-0126-47dc-bc26-393cdbd9833d-1.job
Arquivo Deletada : C:\Windows\System32\Tasks\0f35c805-0126-47dc-bc26-393cdbd9833d-1
Arquivo Deletada : C:\Windows\Tasks\0f35c805-0126-47dc-bc26-393cdbd9833d-11.job
Arquivo Deletada : C:\Windows\System32\Tasks\0f35c805-0126-47dc-bc26-393cdbd9833d-11
Arquivo Deletada : C:\Windows\Tasks\0f35c805-0126-47dc-bc26-393cdbd9833d-2.job
Arquivo Deletada : C:\Windows\System32\Tasks\0f35c805-0126-47dc-bc26-393cdbd9833d-2
Arquivo Deletada : C:\Windows\Tasks\0f35c805-0126-47dc-bc26-393cdbd9833d-3.job
Arquivo Deletada : C:\Windows\System32\Tasks\0f35c805-0126-47dc-bc26-393cdbd9833d-3
Arquivo Deletada : C:\Windows\Tasks\0f35c805-0126-47dc-bc26-393cdbd9833d-4.job
Arquivo Deletada : C:\Windows\System32\Tasks\0f35c805-0126-47dc-bc26-393cdbd9833d-4
Arquivo Deletada : C:\Windows\Tasks\0f35c805-0126-47dc-bc26-393cdbd9833d-5.job
Arquivo Deletada : C:\Windows\System32\Tasks\0f35c805-0126-47dc-bc26-393cdbd9833d-5
Arquivo Deletada : C:\Windows\Tasks\0f35c805-0126-47dc-bc26-393cdbd9833d-6.job
Arquivo Deletada : C:\Windows\System32\Tasks\0f35c805-0126-47dc-bc26-393cdbd9833d-6
Arquivo Deletada : C:\Windows\Tasks\0f35c805-0126-47dc-bc26-393cdbd9833d-7.job
Arquivo Deletada : C:\Windows\System32\Tasks\0f35c805-0126-47dc-bc26-393cdbd9833d-7

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\Monica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Desinfectada : C:\Users\Monica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registro ] *****

[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5A5E2528-7EFD-48DD-8107-C7652153EB6F}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3240A0BF-B551-425F-8388-F39551396738}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A5E2528-7EFD-48DD-8107-C7652153EB6F}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3240A0BF-B551-425F-8388-F39551396738}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CA2AF47D-0CA3-4D22-BAB4-3D9DD8F0C05F}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA2AF47D-0CA3-4D22-BAB4-3D9DD8F0C05F}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2FD36073-5F70-4657-BB75-9781989CF5CD}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FD36073-5F70-4657-BB75-9781989CF5CD}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D202BF3-74B8-42E2-ADE8-65651A7F669C}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D202BF3-74B8-42E2-ADE8-65651A7F669C}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A395C515-D5EF-499D-BE68-D0D15571A1F6}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A395C515-D5EF-499D-BE68-D0D15571A1F6}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A429AF7C-B77B-4C79-AF2A-BDB5A9221C16}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A429AF7C-B77B-4C79-AF2A-BDB5A9221C16}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{69A4189E-165C-4E1B-AC7C-A5871A2061EF}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69A4189E-165C-4E1B-AC7C-A5871A2061EF}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A87B6FED-215D-4BC7-9B9D-2F897443F570}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A3BE132-C0EB-47DD-8BE2-444330FB18AE}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A87B6FED-215D-4BC7-9B9D-2F897443F570}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9A3BE132-C0EB-47DD-8BE2-444330FB18AE}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{378B0459-7042-4678-B4E5-6751F79F3B62}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{378B0459-7042-4678-B4E5-6751F79F3B62}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C756202E-6886-4A34-B40B-3B39147A9325}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C756202E-6886-4A34-B40B-3B39147A9325}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8959A744-C9B5-4012-B2BC-4A84074B0C1E}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8959A744-C9B5-4012-B2BC-4A84074B0C1E}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0FE605B5-293B-42B6-9B45-1A59800811EC}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FE605B5-293B-42B6-9B45-1A59800811EC}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5B01192E-2539-4B61-93FF-85FD56486D4C}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B01192E-2539-4B61-93FF-85FD56486D4C}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1A988739-7F90-48FC-8617-233126115BCB}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A988739-7F90-48FC-8617-233126115BCB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{916e5338}
Chave Deletedo : HKCU\Software\installedbrowserextensions
Chave Deletedo : HKCU\Software\RegisteredApplicationsEx
Chave Deletedo : HKCU\Software\Trymedia Systems
Chave Deletedo : HKLM\Software\Trymedia Systems

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Google Chrome v35.0.1916.153

[ Arquivo : C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : hxxp://br.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1468 octets] - [22/04/2014 17:29:00]
AdwCleaner[R1].txt - [11404 octets] - [16/06/2014 12:38:35]
AdwCleaner[S0].txt - [10555 octets] - [16/06/2014 12:41:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10616 octets] ##########


Que faço agora?de_olho.gif
arkGreen">arkOrange">


Naldo Volpe
Naldo Volpe Cyber Highlander Registrado
20.8K Mensagens 3.5K Curtidas
#4 Por Naldo Volpe
16/06/2014 - 13:06
Pode continuar fazendo o Procedimento abaixo, depois o Power Max continua fazendo a análise:

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe Imagem e salve no desktop.

Dê um duplo-clique para executar o urple">Junkware Removal Tool (JRT).

*** Usuários do Windows Vista ou Windows 7 Clique com o direito sobre o arquivo JRT.exe, depois clique em Imagem.

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta
Brazilian Game Player:| Brawl Stars BR |
- Atenção:Não seja um idiota, não saia de casa sem máscara.!.
- Continue utilizando máscara em ambientes abertos e fechados.!.
- A Pandemia não acabou, não faça festas / não faça aglomeração / 
não fique em lugares com muitas pessoas próximas /
Brasil: +22.590 novos casos. Situação atual. | Japão: +53.911 novos casos | Cachaceiro L detonando o Brasil |
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#6 Por Power Max
16/06/2014 - 15:26
Oi Monica.

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
http://www.hijackthis.nl/smeenk/

veja.png Para executá-lo corretamente siga as dicas deste tutorial:

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Monica Gurzoni
Monica Gurzo... Membro Senior Registrado
299 Mensagens 15 Curtidas
#7 Por Monica Gurzo...
16/06/2014 - 17:23
Log do Zoek!
(Por favor, depois me oriente o que fazer com os JRTs que estão na Área de Trabalho...)

Zoek.exe v5.0.0.0 Updated 16-June-2014
Tool run by Monica on 16/06/2014 at 16:12:37,29.
Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Monica\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

16/06/2014 16:18:31 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\Monica\AppData\Roaming\AlawarEntertainment deleted
C:\PROGRA~2\boost_interprocess deleted
C:\PROGRA~2\InstallMate deleted
C:\Users\Monica\AppData\Local\cache deleted
C:\Windows\system32\tasks\Baidu PC Faster Update deleted
C:\Users\wangzhisong deleted
C:\Windows\System32\sho2E2.tmp deleted
C:\Users\Monica\AppData\Roaming\unins000.exe deleted
C:\Users\Monica\Videos\abril 18 - 19 2014.mp4.exe deleted
"C:\PROGRA~2\1d5ff0a25adfdabb\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted
"C:\PROGRA~2\1d5ff0a25adfdabb\{7DD5E91C-3864-77EC-7635-D14910C2A03E}" deleted
"C:\PROGRA~2\1d5ff0a25adfdabb\{7DD5E91C-3864-77EC-7635-D14910C2A03E}.old" deleted
"C:\PROGRA~2\1d5ff0a25adfdabb\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}" deleted
"C:\PROGRA~2\1d5ff0a25adfdabb" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [03/03/2014 14:36]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886D}"="C:\Users\Monica\AppData\Local\GAS Tecnologia\GBBD\cef\xpi" [23/04/2014 10:39]

==== Chrome Look ======================

Alexa Traffic Rank - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
saeve net - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iknklfefllicmngcjggcmaocoacgkfgh
YoutubeAdblocker - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhlnlpiehpbieaooopapdbankpaklomd
Alexa Traffic Rank - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
saeve net - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iknklfefllicmngcjggcmaocoacgkfgh
YoutubeAdblocker - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhlnlpiehpbieaooopapdbankpaklomd
Alexa Traffic Rank - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
saeve net - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iknklfefllicmngcjggcmaocoacgkfgh
YoutubeAdblocker - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhlnlpiehpbieaooopapdbankpaklomd
Alexa Traffic Rank - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
saeve net - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iknklfefllicmngcjggcmaocoacgkfgh
YoutubeAdblocker - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhlnlpiehpbieaooopapdbankpaklomd
Alexa Traffic Rank - Monica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
saeve net - Monica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iknklfefllicmngcjggcmaocoacgkfgh
YoutubeAdblocker - Monica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhlnlpiehpbieaooopapdbankpaklomd
Google Docs - Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Alexa Traffic Rank - Monica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
saeve net - Monica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iknklfefllicmngcjggcmaocoacgkfgh
YoutubeAdblocker - Monica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhlnlpiehpbieaooopapdbankpaklomd

==== Chrome Fix ======================

C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhlnlpiehpbieaooopapdbankpaklomd deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhlnlpiehpbieaooopapdbankpaklomd deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhlnlpiehpbieaooopapdbankpaklomd deleted successfully
C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhlnlpiehpbieaooopapdbankpaklomd deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhlnlpiehpbieaooopapdbankpaklomd deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhlnlpiehpbieaooopapdbankpaklomd deleted successfully
C:\Users\Monica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhlnlpiehpbieaooopapdbankpaklomd deleted successfully
C:\Users\Monica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhlnlpiehpbieaooopapdbankpaklomd deleted successfully
C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lhlnlpiehpbieaooopapdbankpaklomd_0.localstorage deleted successfully
C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel deleted successfully
C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel deleted successfully
C:\Users\Monica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel deleted successfully
C:\Users\Monica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel deleted successfully
C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage deleted successfully
C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iknklfefllicmngcjggcmaocoacgkfgh deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\iknklfefllicmngcjggcmaocoacgkfgh deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iknklfefllicmngcjggcmaocoacgkfgh deleted successfully
C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iknklfefllicmngcjggcmaocoacgkfgh deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\iknklfefllicmngcjggcmaocoacgkfgh deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iknklfefllicmngcjggcmaocoacgkfgh deleted successfully
C:\Users\Monica\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iknklfefllicmngcjggcmaocoacgkfgh deleted successfully
C:\Users\Monica\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iknklfefllicmngcjggcmaocoacgkfgh deleted successfully
C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iknklfefllicmngcjggcmaocoacgkfgh_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{92001F8A-C36B-473A-91E7-5BE0C81CF2B3} PSafe ClikSeguro Url="http://clikseguro.com/Search.aspx?cx=017847565674971774939%3Aktp_l5v6i2u&ie=ISO-8859-1&q={searchTerms}"
{9B6DF44E-3601-45A4-8772-7E073E5A5B7D} (www.google.com) Google Url="https://www.google.com/search?q={searchTerms}"
{A695504F-3683-4E53-A615-2778760C5F77} Unknown Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1748585246-2572997590-2566434535-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A695504F-3683-4E53-A615-2778760C5F77} deleted successfully

==== Deleting CLSID Registry Values ======================


==== shortcuts on Users Desktops ======================

C:\Users\Monica\Desktop\Big City Adventure(TM) - London Premium Edition.lnk - C:\Zylom Games\Big City Adventure(TM) - London Premium Edition\BigCityAdventureLondon.exe
C:\Users\Monica\Desktop\Gardenscapes - Mansion Makeover Premium Edition.lnk - C:\Zylom Games\Gardenscapes - Mansion Makeover Premium Edition\Gardenscapes Mansion Makeover.exe
C:\Users\Monica\Desktop\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\Monica\Desktop\PhotoScape - Atalho.lnk - C:\Users\Monica\Downloads\PhotoScape\PhotoScape.exe
C:\Users\Monica\Desktop\Romance of Rome.lnk - C:\Zylom Games\Romance of Rome\RomanceofRome.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\LibreOffice 4.0.lnk - C:\Program Files\LibreOffice 4.0\program\soffice.exe
C:\Users\Public\Desktop\Video Search.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe /VIDEOSEARCH

==== shortcuts in Users Start Menu ======================

C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Monica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Monica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Monica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Users\Monica\Downloads\PhotoScape\PhotoScape.exe
C:\Users\Monica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Monica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Monica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\SpyHunter.lnk - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Users\Monica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Monica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Monica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\Monica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Monica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Mail.lnk - C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Users\Monica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\714c8545-b239-4232-ad3c-3a033d317e7a deleted successfully

==== Empty IE Cache ======================

C:\Users\Monica\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Monica\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URT1YET1 will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=217 folders=76 36514943 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Monica\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Reset Hosts File ======================

Hosts File Reset Successfully

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Monica\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Monica\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URT1YET1" not found

==== EOF on 16/06/2014 at 17:19:28,57 ======================
arkGreen">arkOrange">


Monica Gurzoni
Monica Gurzo... Membro Senior Registrado
299 Mensagens 15 Curtidas
#10 Por Monica Gurzo...
19/06/2014 - 21:39
Power Max disse:
Tente agora executar o Junkware Removal Tool conforme o Naldo te passou e poste o relatório dele.

Se não for possível executar, me avise.




Oi! Aqui:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Starter x86
Ran by Monica on 19/06/2014 at 21:20:40,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Empty Folder] C:\Users\Monica\appdata\local\{3AF71028-4D69-4EFF-BCCB-F55AE4346128}
Successfully deleted: [Empty Folder] C:\Users\Monica\appdata\local\{6AC6D289-943B-4AE5-8089-318175CEBE28}
Successfully deleted: [Empty Folder] C:\Users\Monica\appdata\local\{98EB03A4-EFB5-4118-87D7-33F9B205DCA2}
Successfully deleted: [Empty Folder] C:\Users\Monica\appdata\local\{9E7E2ADD-6F6B-4445-88C5-4865AF8F0019}
Successfully deleted: [Empty Folder] C:\Users\Monica\appdata\local\{DE4F49BE-B495-4F9B-B905-25D72BDEF884}
Successfully deleted: [Empty Folder] C:\Users\Monica\appdata\local\{FECF1B41-CD65-4511-8746-0B580E6795A7}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/06/2014 at 21:32:28,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
arkGreen">arkOrange">


Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#11 Por Power Max
19/06/2014 - 22:10
veja.png Faça o download do < ZHPDiag > < 4560c2e838537857a70e37b22927665a> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

90e0e014f9a2043a4ae5f120f0fffe38

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Monica Gurzoni
Monica Gurzo... Membro Senior Registrado
299 Mensagens 15 Curtidas
#12 Por Monica Gurzo...
20/06/2014 - 14:09
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

(Apareceram 2 blocos de nota... Mas, acho que o correto é o que tem mais tempo)
Não consigo colar e enviar porque o texto é muito longo.

Posso dividir em duas respostas?

Não vão me punir por enviar duas respostas... confuso.png ?
arkGreen">arkOrange">


Monica Gurzoni
Monica Gurzo... Membro Senior Registrado
299 Mensagens 15 Curtidas
#14 Por Monica Gurzo...
20/06/2014 - 14:35
Power Max disse:
Hospede ele no site cjoint.com e depois poste o link do arquivo hospedado.



Não consigo raivoso.png

A página em dl.sinoadv.com diz:

Atenção!
Sua versão do Java está Desatualizada. Há Riscos de Segurança.
Por favor Atualize Agora

Clico em fechar, vai para outra página e faz o download do Java. E o Avast bloqueia dizendo que é uma ameaça, movendo para quarentena.

Não consigo sair da pagina, do site, nada... Fechei o navegador e voltei pra cá...
arkGreen">arkOrange">


Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#15 Por Power Max
20/06/2014 - 16:57
veja.png Sugiro que desinstale o Mcafee Security Scan Plus e Spyhunter que são desnecessários.
____________________________________________________________

veja.png Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

Escolhendo Programas que Iniciam com o PC

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
___________________________________________________

veja.png Acesse o site https://www.virustotal.com e envie estes arquivos destacados em negrito abaixo para serem analisados (um de cada vez):

C:\Users\Monica\Downloads\uk-logomaker-2-web-full.exe
C:\Program Files\Zylom Games\UninstallPlugin.exe

Assim que a análise de cada um deles for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste estes links em sua próxima resposta juntamente com os outros logs pedidos nesta postagem.

Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:

Analise arquivos e links suspeitos de forma online e totalmente gratuita
__________________________________________________________

veja.png Faça o download do Usbfix neste link (ao acessar a página clique no botão representado nesta imagem (na parte inferior direita da página) para baixá-lo:
Imagem

Utilize o USBFix conforme é mostrado nesta postagem:

Tutorial do USBFix
____________________________________________________________

veja.png Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

veja.png Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o log (relatório) do Usbfix que estará em C:\UsbFix.txt e os links das análises dos arquivos no site Virus Total.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Responder Tópico
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal