[Resolvido] Virus Computador Lento!

[karoline ferreira 0]

Boa tarde, por favor alguém me ajude!

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:09:20, on 29/03/2015

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16575)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe

C:\Users\User\AppData\Roaming\IMVUClient\IMVUClient.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://br.search.yahoo.com/yhs/search?hspart=nzn&hsimp=yhs-bund2&p={searchTerms}

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1421329033&from=slbnew&uid=ST500LM012XHN-M500MBB_S2SKJ5DCB01445&q={searchTerms}

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1421329033&from=slbnew&uid=ST500LM012XHN-M500MBB_S2SKJ5DCB01445&q={searchTerms}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

O4 - Startup: 8A0.lnk = C:\ProgramData\{9fccf94e-f34e-fb5d-9fcc-cf94ef34e53b}\8A0.exe

O4 - Startup: therebels.neckel72.rar.lnk = C:\ProgramData\{1dc232a5-b87f-c238-1dc2-232a5b87ca96}\therebels.neckel72.rar.exe

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: http://www.bb.com.br

O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - SysTool PasSame LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8279 bytes

[caedurodrigues 19]

Boa noite karoline ferreira,

 

• Baixe: <> (...par Xplode)

• Ou aqui >>AdwCleaner<<

• Salve-a na sua Desktop (área de trabalho).

• Feche todos os programas e navegadores de internet abertos.

• Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo AdwCleaner.exe,depois clique em:

• Clique em Examinar, para iniciar o escaneamento!

• Ao término, clique em limpar

• Copie o log ou clique "Relatório".

• Poste: >>C:\AdwCleaner\AdwCleaner [s0].txt<<

Baixe:<> <(...by Oleg N. Scherbakov)>

Salve-o no desktop!

Desabilite seu antivírus!

Para Windows 7, clique direito em JRT.exe e execute-o como

Aguarde a conclusão e poste o relatório. ( JRT.txt )

Um grande abraço.

 

[karoline ferreira 0]

Boa noite Caedurodrigues, tudo bom? Outra coisa que esqueci de comentar nesse poste é que toda vez que entro no navegador chrome e estou numa pagina automaticamente ele me direciona pra sites não confiavel :/.

 

Segue em baixo os relatórios!

 

 

# AdwCleaner v4.200 - Arquivo de log criado 29/03/2015 às 18:51:21

# Atualizado 29/03/2015 por Xplode

# Base de dados : 2015-03-29.1 [servidor]

# Sistema operacional : Windows 7 Ultimate (x64)

# Usuário : User - USER-PC

# Executando de : C:\Users\User\Downloads\adwcleaner_4.200.exe

# Opção : Verificar

***** [ Serviços ] *****

Serviço Encontrado : WindowsMangerProtect

***** [ Arquivos / Pastas ] *****

Arquivo Encontrado : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml

Pasta Encontrado : C:\Program Files (x86)\globalUpdate

Pasta Encontrado : C:\Program Files (x86)\predm

Pasta Encontrado : C:\ProgramData\baidu

Pasta Encontrado : C:\ProgramData\WindowsMangerProtect

Pasta Encontrado : C:\Users\User\AppData\Local\globalUpdate

***** [ Tarefas agendadas ] *****

Tarefa Encontrado : PostPoneInstall

Tarefa Encontrado : Run_Bobby_Browser

Tarefa Encontrado : 10a8c395-834e-462f-aafd-a9f73267108a-2

Tarefa Encontrado : 10a8c395-834e-462f-aafd-a9f73267108a-5

Tarefa Encontrado : 10a8c395-834e-462f-aafd-a9f73267108a-5_user

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Encontrado : HKCU\Software\AppDataLow\Software\Crossrider

Chave Encontrado : HKCU\Software\AppDataLow\Software\DynConIE

Chave Encontrado : HKCU\Software\BoBrowser

Chave Encontrado : HKCU\Software\GlobalUpdate

Chave Encontrado : HKCU\Software\InstalledBrowserExtensions

Chave Encontrado : HKCU\Software\Mozilla\Extends

Chave Encontrado : HKCU\Software\TutoTag

Chave Encontrado : [x64] HKCU\Software\BoBrowser

Chave Encontrado : [x64] HKCU\Software\GlobalUpdate

Chave Encontrado : [x64] HKCU\Software\InstalledBrowserExtensions

Chave Encontrado : [x64] HKCU\Software\TutoTag

Chave Encontrado : HKLM\SOFTWARE\Clara

Chave Encontrado : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Chave Encontrado : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Chave Encontrado : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Chave Encontrado : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Chave Encontrado : HKLM\SOFTWARE\InstalledBrowserExtensions

Chave Encontrado : HKLM\SOFTWARE\mystartsearchSoftware

Chave Encontrado : HKLM\SOFTWARE\supWindowsMangerProtect

Chave Encontrado : HKLM\SOFTWARE\Tutorials

Chave Encontrado : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect

Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Chave Encontrado : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

Dados Encontrado : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1421329033&from=slbnew&uid=ST500LM012XHN-M500MBB_S2SKJ5DCB01445

Valor Encontrado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]

Valor Encontrado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16575

Configuração Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1421329033&from=slbnew&uid=ST500LM012XHN-M500MBB_S2SKJ5DCB01445&q={searchTerms}

Configuração Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1421329033&from=slbnew&uid=ST500LM012XHN-M500MBB_S2SKJ5DCB01445&q={searchTerms}

Configuração Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1421329033&from=slbnew&uid=ST500LM012XHN-M500MBB_S2SKJ5DCB01445&q={searchTerms}

Configuração Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1421329033&from=slbnew&uid=ST500LM012XHN-M500MBB_S2SKJ5DCB01445&q={searchTerms}

-\\ Mozilla Firefox v36.0.4 (x86 pt-BR)

-\\ Google Chrome v41.0.2272.101

*************************

AdwCleaner[R0].txt - [4553 bytes] - [29/03/2015 18:51:21]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4612 bytes] ##########

=========================================================================================

Relatório: JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.7 (03.28.2015:1)

OS: Windows 7 Ultimate x64

Ran by User on 29/03/2015 at 19:05:38,42

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu security"

~~~ FireFox

Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\v9jddqhj.default-1421442021546\minidumps [4 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 29/03/2015 at 19:17:29,21

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[caedurodrigues 19]

Boa noite karoline ferreira, execute novamente a AdwCleaner, e a partir da área de trabalho. E como foi solicitado execute-a primeiramente na Opção : Verificar, e logo após na Opção: Limpar. Fico aguardando.

[karoline ferreira 0]

Olá Caedurodrigues..

Segue o relatório executado a partir da área de trabalho.

 

 

# AdwCleaner v4.200 - Arquivo de log criado 30/03/2015 às 00:36:23

# Atualizado 29/03/2015 por Xplode

# Base de dados : 2015-03-29.1 [servidor]

# Sistema operacional : Windows 7 Ultimate (x64)

# Usuário : User - USER-PC

# Executando de : C:\Users\User\Downloads\adwcleaner_4.200.exe

# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

***** [ Tarefas agendadas ] *****

***** [ Atalhos ] *****

***** [ Registro ] *****

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16575

-\\ Mozilla Firefox v36.0.4 (x86 pt-BR)

-\\ Google Chrome v41.0.2272.101

*************************

AdwCleaner[R0].txt - [4731 bytes] - [29/03/2015 18:51:21]

AdwCleaner[R1].txt - [920 bytes] - [30/03/2015 00:23:22]

AdwCleaner[R2].txt - [1036 bytes] - [30/03/2015 00:34:30]

AdwCleaner[s0].txt - [3806 bytes] - [29/03/2015 18:59:08]

AdwCleaner[s1].txt - [976 bytes] - [30/03/2015 00:31:39]

AdwCleaner[s2].txt - [956 bytes] - [30/03/2015 00:36:23]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1014 bytes] ##########

[caedurodrigues 19]

Bom dia karoline ferreira, poste esse relatório da AdwCleaner abaixo:

 

>>AdwCleaner[s0].txt - [3806 bytes] - [29/03/2015 18:59:08]<<

 

 

• Baixe: <ZHPDiag ><> ( ...Nicolas Coolman)
• Salve-o no Disco local (C ou D).
• Desabilite seu antivírus, e execute ZHPDiag.exe para instalar.
  
• Execute o ícone do pergaminho!
  
• Clique na opção "COMPLETA" e aguarde a conclusão.
• Clique OK e,ao concluir, poste o relatório! ( ZHPDiag.txt )
• Obs: O relatório por ser extenso deve ser postado em um desses sites:
• Acesse: <>
• Ou acesse:<>
• Maiores informações:<Link> << Hospedagem !

Um grande abraço. :thumbsup:

 

 

[karoline ferreira 0]

Bom dia CaeduRodrigues.

Relatorio que vocês esta pedindo.

 

# AdwCleaner v4.200 - Arquivo de log criado 29/03/2015 às 18:59:08

# Atualizado 29/03/2015 por Xplode

# Base de dados : 2015-03-29.1 [servidor]

# Sistema operacional : Windows 7 Ultimate (x64)

# Usuário : User - USER-PC

# Executando de : C:\Users\User\Downloads\adwcleaner_4.200.exe

# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Excluído : WindowsMangerProtect

***** [ Arquivos / Pastas ] *****

[!] Pasta Excluído : C:\ProgramData\baidu

[!] Pasta Excluído : C:\ProgramData\WindowsMangerProtect

[!] Pasta Excluído : C:\Program Files (x86)\globalUpdate

[!] Pasta Excluído : C:\Program Files (x86)\predm

[!] Pasta Excluído : C:\Users\User\AppData\Local\globalUpdate

Arquivo Excluído : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml

***** [ Tarefas agendadas ] *****

Tarefa Apagado : PostPoneInstall

Tarefa Apagado : Run_Bobby_Browser

Tarefa Apagado : 10a8c395-834e-462f-aafd-a9f73267108a-2

Tarefa Apagado : 10a8c395-834e-462f-aafd-a9f73267108a-5

Tarefa Apagado : 10a8c395-834e-462f-aafd-a9f73267108a-5_user

***** [ Atalhos ] *****

***** [ Registro ] *****

Valor Apagado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]

Valor Apagado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]

Chave Apagado : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect

Chave Apagado : HKCU\Software\Mozilla\Extends

Chave Apagado : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Chave Apagado : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Chave Apagado : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Dados Restaurado : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command

Chave Apagado : HKCU\Software\GlobalUpdate

Chave Apagado : HKCU\Software\InstalledBrowserExtensions

Chave Apagado : HKCU\Software\TutoTag

Chave Apagado : HKCU\Software\BoBrowser

Chave Apagado : HKCU\Software\AppDataLow\Software\Crossrider

Chave Apagado : HKCU\Software\AppDataLow\Software\DynConIE

Chave Apagado : HKLM\SOFTWARE\InstalledBrowserExtensions

Chave Apagado : HKLM\SOFTWARE\supWindowsMangerProtect

Chave Apagado : HKLM\SOFTWARE\Tutorials

Chave Apagado : HKLM\SOFTWARE\Clara

Chave Apagado : HKLM\SOFTWARE\mystartsearchSoftware

Chave Apagado : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16575

Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

Configuração Restaurado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Configuração Restaurado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

-\\ Mozilla Firefox v36.0.4 (x86 pt-BR)

-\\ Google Chrome v41.0.2272.101

*************************

AdwCleaner[R0].txt - [4731 bytes] - [29/03/2015 18:51:21]

AdwCleaner[s0].txt - [3643 bytes] - [29/03/2015 18:59:08]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3702 bytes] ##########

[caedurodrigues 19]

Boa tarde karoline ferreira, execute a ferramenta ZHPDiag solicitada no #post 6 e poste o relatório. Um grande abraço.

[karoline ferreira 0]

Boa Noite Caedurodrigues.

 

o poste ZHPDiag.

http://www.cjoint.com/15ma/ECFdDzAB8L5.htm

 

 

Abraço!

[caedurodrigues 19]

Bom dia karoline ferreira,

 

• Execute este script na ferramenta ZHPFix.

• Copie estas informações que estão em vermelho para o Bloco de notas.

• Com o Bloco de notas aberto, faça: ctrl+a >> ctrl+c.

• À seguir, minimize o Bloco de notas.

Script ZHPFix

SysRestore

O4 - HKLM\..\Wow6432Node\Run: [gmsd_br_90] Chave orfã

[MD5.00000000000000000000000000000000] [APT] [HVWVGL] (...) -- C:\Users\User\AppData\Roaming\HVWVGL.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [TP] (...) -- C:\Users\User\AppData\Roaming\TP.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [YQKQQN] (...) -- C:\Users\User\AppData\Roaming\YQKQQN.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{619DEAE9-95EA-438B-BBB2-537B5B4EED3B}] (...) -- C:\Users\User\AppData\Roaming\omiga-plus\UninstallManager.exe (.not file.) [0] =>Hijacker.OmigaPlus

O39 - APT: HVWVGL - (...) -- C:\Windows\Tasks\HVWVGL.job [1334]

O39 - APT: HVWVGL - (...) -- C:\Windows\System32\Tasks\HVWVGL [1334]

O39 - APT: YQKQQN - (...) -- C:\Windows\Tasks\YQKQQN.job [1334]

O39 - APT: YQKQQN - (...) -- C:\Windows\System32\Tasks\YQKQQN [1334]

[HKCU\Software\AppDataLow\Software\GenericAddon] =>PUP.GenericAddon

[HKCU\Software\Baidu Security]

[HKLM\Software\Baidu Security]

[HKLM\Software\Wow6432Node\Baidu Security]

[HKLM\Software\Wow6432Node\Baidu_Drp_pos]

[HKLM\Software\Wow6432Node\DownloaderAssistant] =>PUP.Salus

O43 - CFD: 05/03/2015 - 12:13:31 - [] ----D C:\ProgramData\boost_interprocess

O67 - Shell Spawning: <.html> <BaiduSparkHTML>[HKLM\..\open\Command] (.Not Key.)

[HKLM\Software\Classes\AppID\secman.DLL] =>PUP.Babylon

[HKCU\Software\AppDataLow\Software\GenericAddon] =>PUP.GenericAddon^

[HKLM\Software\Wow6432Node\DownloaderAssistant] =>PUP.Salus^

C:\Windows\AutoKMS.exe =>Trojan.Keygen

EmptyClsid

FirewallRaz

EmptyPrefetch

EmptyTemp

EmptyFlash

• Abra a ferramenta ZHPFix. <>

• Clique em IMPORTAÇÃO > OK

• Clique "GO".

• Poste o Relatório!

Um grande abraço. :thumbsup:

< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >

[karoline ferreira 0]

Boa Noite CaeduRodrigues!

 

Segue o relatório ZHPFix.

 

 

 

Rapport de ZHPFix 2015.3.18.4 par Nicolas Coolman, Update du 18/03/2015

Fichier d'export Registre :

Run by User at 31/03/2015 18:41:18

High Elevated Privileges : OK

Windows 7 Ultimate Edition, 64-bit (Build 7600)

Reciclagem vazia (00mn 30s)

Prefetcher vazio

========== Processo memória ==========

ELIMINA REINICIAR: Memory Process: C:\Windows\AutoKMS.exe

========== Chaves do Registo ==========

ELIMINÉ: HKCU\Software\AppDataLow\Software\GenericAddon

ELIMINÉ: HKCU\Software\Baidu Security

ELIMINÉ:³ HKLM\Software\Baidu Security

ELIMINÉ:³ HKLM\Software\Wow6432Node\Baidu Security

ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos

ELIMINÉ:³ HKLM\Software\Wow6432Node\DownloaderAssistant

ELIMINÉ:³ HKLM\Software\Classes\AppID\secman.DLL

========== Valores do Registo ==========

Ausente Valor Perfil Padrão: FirewallRaz :

Ausente Valor Perfil Domínio FirewallRaz :

Nenhum valor presente na chave de exceções do registo (FirewallRaz)

========== Pastas ==========

Nenhuma pasta CLSID local utilizador vazia

ELIMINÉ Temporários windows (38)

ELIMINÉ Flash Cookies (0)

========== Ficheiros ==========

ELIMINA REINICIAR: c:\windows\tasks\hvwvgl.job

ELIMINA REINICIAR: c:\windows\tasks\yqkqqn.job

ELIMINÉ Temporários windows (54) (6.994.709 octets)

ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========

ELIMINÉ: HVWVGL

ELIMINÉ: HVWVGL

ELIMINÉ: TP

ELIMINÉ: TP

ELIMINÉ: YQKQQN

ELIMINÉ: YQKQQN

ELIMINÉ: {619DEAE9-95EA-438B-BBB2-537B5B4EED3B}

========== Restauração Sistema ==========

Nenhum ponto de restauro do sistema foi criado

========== Recapitulativo ==========

1 : Processo memória

7 : Chaves do Registo

3 : Valores do Registo

3 : Pastas

4 : Ficheiros

7 : Tarefa planificada

1 : Restauração Sistema

End of clean in 01mn 11s

========== Caminho do ficheiro do relatório ==========

C:\Users\User\AppData\Roaming\ZHP\ZHPFix[R1].txt - 31/03/2015 18:41:48 [1875]

[caedurodrigues 19]

Boa noite karoline ferreira, informe como está o PC.

• Baixe:<zoek.exe> (...by Smeenk)

• Salve na sua Desktop (Área de trabalho) !

• Execute o arquivo Zoek.exe.

• Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo Zoek.exe, depois clique em

• Selecione as linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar!

createsrpoint;

autoclean;

emptyalltemp;

iedefaults;

shortcutfix;

ffdefaults;

chrdefaults;

emptyfolderscheck;delete

• Clique com o direito em qualquer parte branca do Zoek e escolha a opção colar.

• Clique , aguarde o scan. Ao final abrirá o bloco de notas com o relatório.

• Uma cópia também será salva no seu disco local com o nome zoek-results.txt.

• Anexe o zoek-results.txt na sua próxima resposta.

Um grande abraço. :thumbsup:

[karoline ferreira 0]

Boa Noite CaeduRodrigues!

O meu Pc esta travando muito quando vou utilizar internet, as paginas ficam travando no caso do Chrome ainda esta direcionando para web sites maliciosos, já pelo mozilla travando demais.

 

Segue abaixo o Anexo Zoek.

 

 

Zoek.exe v5.0.0.0 Updated 02-April-2015

Tool run by User on 03/04/2015 at 18:34:27,69.

Microsoft Windows 7 Ultimate 6.1.7600 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\User\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

03/04/2015 18:41:29 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Users\User\AppData\Roaming\PhotoScape deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3801029790-2799878285-4124920567-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12D3EA3E-71AF-4857-9265-50E559DFA62C} deleted successfully

HKEY_USERS\S-1-5-21-3801029790-2799878285-4124920567-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3C59C46A-4191-4168-9EFA-26443148D29} deleted successfully

HKEY_USERS\S-1-5-21-3801029790-2799878285-4124920567-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88DE8D99-470F-43B8-A247-9247116451E6} deleted successfully

HKEY_USERS\S-1-5-21-3801029790-2799878285-4124920567-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99C26E58-4FE0-4C26-8B2D-841A7C242BCD} deleted successfully

HKEY_USERS\S-1-5-21-3801029790-2799878285-4124920567-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A5B55F7-9FDC-44EE-A7D1-88CB1FC35C4B} deleted successfully

HKEY_USERS\S-1-5-21-3801029790-2799878285-4124920567-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F37856E-F3AA-4368-93D1-D7E189B1B5} deleted successfully

HKEY_USERS\S-1-5-21-3801029790-2799878285-4124920567-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ECA468E-30F5-4B53-AF4F-18CDD24CCD91} deleted successfully

HKEY_USERS\S-1-5-21-3801029790-2799878285-4124920567-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F49CBAC3-E788-42C1-A049-23CF1B76C93} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Users\User\AppData\Roaming\IMVUClient deleted

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\therebels.neckel72.rar.lnk deleted

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\8A0.lnk deleted

C:\Users\User\AppData\Roaming\appdataFr2.bin deleted

C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Hotspot Shield deleted

C:\PROGRA~3\Package Cache deleted

"C:\Users\User\AppData\Roaming\HVWVGL" deleted

"C:\Windows\tasks\HVWVGL.job" deleted

"C:\Windows\SysNative\tasks\HVWVGL" deleted

"C:\Users\User\AppData\Roaming\TP" deleted

"C:\Windows\tasks\TP.job" deleted

"C:\Windows\SysNative\tasks\TP" deleted

"C:\Users\User\AppData\Roaming\YQKQQN" deleted

"C:\Windows\tasks\YQKQQN.job" deleted

"C:\Windows\SysNative\tasks\YQKQQN" deleted

"C:\PROGRA~3\{1dc232a5-b87f-c238-1dc2-232a5b87ca96}\2f52c0e4020767a6" not deleted

"C:\PROGRA~3\{1dc232a5-b87f-c238-1dc2-232a5b87ca96}\e2af66b125d38072" not deleted

"C:\PROGRA~3\{9fccf94e-f34e-fb5d-9fcc-cf94ef34e53b}\735c7d741428c34a" not deleted

"C:\PROGRA~3\{9fccf94e-f34e-fb5d-9fcc-cf94ef34e53b}\bea1db2133fc249e" not deleted

"C:\PROGRA~3\{1dc232a5-b87f-c238-1dc2-232a5b87ca96}" not deleted

"C:\PROGRA~3\{9fccf94e-f34e-fb5d-9fcc-cf94ef34e53b}" not deleted

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\User\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [27/03/2015 18:26]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 17:22]

==== Chromium Startpages ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Preferences

"startup_urls": [ "https://www.google.com.br/" ]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="https://br.search.yahoo.com/yhs/search?hspart=nzn&hsimp=yhs-bund2&p={searchTerms}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.google.com"

"Search Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.google.com"

"Search Page"="http://www.google.com"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences was reset successfully

C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences.bad was reset successfully

C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Secure Preferences was reset successfully

C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Preferences was reset successfully

C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Secure Preferences was reset successfully

C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data was reset successfully

C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Web Data was reset successfully

C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Web Data-journal was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\User\Desktop\adwcleaner_4.200 - Atalho.lnk - C:\Users\User\Downloads\adwcleaner_4.200.exe

C:\Users\User\Desktop\HiJackThis.lnk - C:\Users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\User\Desktop\JRT - Atalho.lnk - C:\Users\User\Downloads\JRT.exe

C:\Users\User\Desktop\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe

==== shortcuts in Users Start Menu ======================

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk - C:\Users\User\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Uninstall.lnk - C:\Users\User\AppData\Roaming\IMVUClient\Uninstall.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\Uninstall PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\uninstall.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies\Uninstall Kies.lnk - C:\Program Files (x86)\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe /removeonly

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.0.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk - C:\Program Files (x86)\ManyCam\ManyCam.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Program Files (x86)\Nero\Nero8\Nero Home\NeroHome.exe -ScParameter=65

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe -ScParameter=65

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory="Profile 3"

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk - C:\Windows\system32\notepad.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Welcome Center.lnk - C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\v9jddqhj.default-1421442021546\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully

C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1805 folders=49 219975036 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\User\AppData\Local\Temp will be emptied at reboot

C:\Users\USURIO~1\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\User\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~3\{1dc232a5-b87f-c238-1dc2-232a5b87ca96}\2f52c0e4020767a6" not found

"C:\PROGRA~3\{1dc232a5-b87f-c238-1dc2-232a5b87ca96}\e2af66b125d38072" not found

"C:\PROGRA~3\{9fccf94e-f34e-fb5d-9fcc-cf94ef34e53b}\735c7d741428c34a" not found

"C:\PROGRA~3\{9fccf94e-f34e-fb5d-9fcc-cf94ef34e53b}\bea1db2133fc249e" not found

"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\PROGRA~3\{1dc232a5-b87f-c238-1dc2-232a5b87ca96}" not found

"C:\PROGRA~3\{9fccf94e-f34e-fb5d-9fcc-cf94ef34e53b}" not found

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 03/04/2015 at 20:50:51,87 ======================

Abraços :)

[caedurodrigues 19]

Boa noite karoline ferreira,

• Baixe:<> (...by Nicolas Coolman)

• Na página, clique

• Salve-a na Desktop (Área de trabalho)

• Execute ZHPCleaner.exe.

• Clique "Eu"

• Clique Scanner.

• Aguarde a Conclusão !

• Clique Relatório.

• Poste o log de diagnóstico.

Um grande abraço. :thumbsup:

[karoline ferreira 0]

Boa tarde CaeduRodrigues!!

 

Segue abaixo o Relatório.

 

 

~ ZHPCleaner v2015.4.3.154 by Nicolas Coolman (04/04/2015)

~ Run by User (Administrator) (04/04/2015 15:17:13)

~ Forum : http://forum.nicolascoolman.fr

~ Facebook : https://www.facebook.com/nicolascoolman1

~ State version : Version OK

~ Type : Scanner

~ Report : C:\Users\User\Desktop\ZHPCleaner.txt

~ Quarantine : C:\Users\User\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt

~ UAC : Activate

~ Boot Mode : Normal (Normal boot)

~ Windows 7, 64-bit (Build 7600)

---\\ Serviços (0)

~ Nenhum ítem malicioso foi encontrado.

---\\ Navegadores de Internet (0)

~ Nenhum ítem malicioso foi encontrado.

---\\ Arquivo hosts (1)

~ O arquivo hosts é legítimo (1)

---\\ Tarefas automáticas agendadas. (0)

~ Nenhum ítem malicioso foi encontrado.

---\\ Explorer ( Arquivos, Pastas) (2)

ENCONTRADO arquivo: C:\Program Files\Enigma Software Group\SpyHunter (PUP.EnigmaSoftware)

ENCONTRADO arquivo: C:\Program Files\Enigma Software Group (PUP.EnigmaSoftware)

---\\ Registro ( Chaves, Valores, Dados ) (5)

ENCONTRADO dados: HKCR\BaiduSparkHTML\Shell\Open\Command\\Default [bad :

 ]  (Broken.OpenCommand)

ENCONTRADO chave: [X64] HKLM\SOFTWARE\Classes\AppID\SECMAN.DLL [] (Trojan.Camec)

ENCONTRADO chave: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Techgile [] (PUP.Techgile)

ENCONTRADO chave: [X64] HKLM\SOFTWARE\Wow6432Node\DownloaderAssistant [1414873675] (PUP.Salus)

ENCONTRADO chave: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\SECMAN.DLL [] (Trojan.Camec)

---\\ Resultado de reparação

~ Eventuais reparações feita

~ Este navegador está faltando ! (Google Chrome)

~ Este navegador está faltando ! (Opera Software)

---\\ Estatísticas

~ Items scan : 65893

~ Items encontrado : 7

~ Items réparo : 0

End of clean at 15:43:46

===================

ZHPCleaner-[R]-03112014-11_08_53.txt

ZHPCleaner-[R]-03112014-11_20_35.txt

ZHPCleaner-[s]-03112014-11_15_06.txt

ZHPCleaner-[s]-04042015-15_43_46.txt

Abraços ^_^

[caedurodrigues 19]

Boa tarde karoline ferreira, execute novamente o ZHPCleaner, e clique em Reparar. Poste o relatório. Um grande abraço.

[karoline ferreira 0]

Boa Noite CaeduRodrigues!Segue

abaixo o relatório.

 

~ ZHPCleaner v2015.4.4.155 by Nicolas Coolman (04/04/2015)

~ Run by User (Administrator) (04/04/2015 20:22:46)

~ Forum : http://forum.nicolascoolman.fr

~ Facebook : https://www.facebook.com/nicolascoolman1

~ State version : Version OK

~ Type : Reparo

~ Report : C:\Users\User\Desktop\ZHPCleaner.txt

~ Quarantine : C:\Users\User\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt

~ UAC : Activate

~ Boot Mode : Normal (Normal boot)

~ Windows 7, 64-bit (Build 7600)

---\\ Serviços (0)

~ Nenhum ítem malicioso foi encontrado.

---\\ Navegadores de Internet (0)

~ Nenhum ítem malicioso foi encontrado.

---\\ Arquivo hosts (1)

~ O arquivo hosts é legítimo (1)

---\\ Tarefas automáticas agendadas. (0)

~ Nenhum ítem malicioso foi encontrado.

---\\ Explorer ( Arquivos, Pastas) (2)

MOVIDO arquivo: C:\Program Files\Enigma Software Group\SpyHunter (PUP.EnigmaSoftware)

MOVIDO arquivo: C:\Program Files\Enigma Software Group (PUP.EnigmaSoftware)

---\\ Registro ( Chaves, Valores, Dados ) (4)

SUPRIMIDO dados: HKCR\BaiduSparkHTML\Shell\Open\Command\\Default [bad :

 ]  (Broken.OpenCommand)

SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\AppID\SECMAN.DLL [] (Trojan.Camec)

SUPRIMIDO chave*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Techgile [] (PUP.Techgile)

SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\DownloaderAssistant [1414873675] (PUP.Salus)

---\\ Resultado de reparação

~ Reparação efectuada com sucesso

~ Este navegador está faltando ! (Google Chrome)

~ Este navegador está faltando ! (Opera Software)

---\\ Estatísticas

~ Items scan : 65949

~ Items encontrado : 0

~ Items réparo : 6

End of clean at 20:51:05

===================

ZHPCleaner-[R]-03112014-11_08_53.txt

ZHPCleaner-[R]-03112014-11_20_35.txt

ZHPCleaner-[R]-04042015-20_51_05.txt

ZHPCleaner-[s]-03112014-11_15_06.txt

ZHPCleaner-[s]-04042015-15_43_46.txt

[caedurodrigues 19]

Boa noite karoline ferreira,

 

• Baixe:<> (...by Farbar)

• Ou aqui:<Farbar Recovery Scan Tool 64-bits>

• Salve-a na Área de trabalho !

• Execute a ferramenta ! Clique "Yes" >> "Scan".

• Verifique se as caixinhas em "Whitelist" estão assinaladas.

• Em "Optional Scan",deixe marcada a checkbox "Addition.txt".

• Será gerado o relatório! (FRST.txt)

• Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.

• Acesse: <>

• Ou acesse:<>

• Maiores informações:<Link> << Hospedagem !

Um grande abraço. :thumbsup:

[karoline ferreira 0]

Boa tarde CaeduRodrigues!

Segue o links a abaixo :

 

FRST:

http://www.cjoint.com/15av/EDftVjAphXc.htm

 

Addition:

http://www.cjoint.com/15av/EDftYYaRTBv.htm

 

Abraços :thumbsup:

[caedurodrigues 19]

Boa tarde karoline ferreira, desinstale e reinstale o Google Chrome, pois você tem uma versão de desenvolvimento instalada em seu PC. Informe como está o PC. Os redirecionamentos continuam ?

 

>>CHR dev: Chrome dev build detected! <======= ATTENTION<<

• Copie estas informações que estão em vermelho,para o Bloco de Notas.

• Salve-a com o nome fixlist.txt

• Salve-a no mesmo local em que se encontra a FRST

start

CreateRestorePoint:

CloseProcesses:

HKLM-x32\...\Run: [gmsd_br_90] => [X]

HKU\S-1-5-21-3801029790-2799878285-4124920567-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://br.search.yahoo.com/yhs/search?hspart=nzn&hsimp=yhs-bund2&p={searchTerms}

HKU\S-1-5-21-3801029790-2799878285-4124920567-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = https://br.search.yahoo.com/yhs/web?hspart=nzn&hsimp=yhs-bund2

SearchScopes: HKU\S-1-5-21-3801029790-2799878285-4124920567-1000 -> Web URL = https://br.search.yahoo.com/yhs/search?hspart=nzn&hsimp=yhs-bund2&p={searchTerms}

SearchScopes: HKU\S-1-5-21-3801029790-2799878285-4124920567-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2015-03-21]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2015-03-21]

S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]

S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil64.sys [X]

C:\Users\User\AppData\Local\Temp\InstallIMVU_518.0.exe

C:\Users\User\AppData\Local\Temp\SkypeSetup.exe

Task: {074A3D2C-68C1-40DF-ADD6-180FF33519FA} - \YQKQQN No Task File <==== ATTENTION

Task: {A435A8F4-4F42-4AB0-9AB4-BE750EDCC109} - \TP No Task File <==== ATTENTION

Task: {B26FFDF1-6A79-420A-9745-DD452CC7C830} - \HVWVGL No Task File <==== ATTENTION

Task: {B7EA9B4B-593F-4BC0-B0F2-C63CC2AC8D2C} - System32\Tasks\{619DEAE9-95EA-438B-BBB2-537B5B4EED3B} => pcalua.exe -a C:\Users\User\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=tugs <==== ATTENTION

CMD: bitsadmin /reset /allusers

CMD: ipconfig /flushdns

EmptyTemp:

end

• Execute FRST/FRST64 >> Clique "Fix". << Aguarde!

• Poste o relatório! (Fixlog.txt)

Um grande abraço. :thumbsup:

< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >