Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Boa tarde!! Por favor me ajude, sem querer cliquei em um link e baixei muitos vírus no meu notebook, ja passei um programa chamado SpyHunter só que acho que ainda tem virus. Se puderem me ajudar agradeço.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:52:21, on 02/11/2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16575)
Boot mode: Normal
Running processes:
C:\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1414873380&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5DCB01445
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1414873380&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5DCB01445
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1414873380&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5DCB01445&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1414873380&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5DCB01445&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1414873380&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5DCB01445
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5629 bytes
Boa Noite!!!
Segue a baixo o relatório.
< C:\AdwCleaner\AdwCleaner[s0].txt >
*** [ Serviços ] ***
[#] Serviço Deletada : IePluginServices
*** [ Arquivos / Pastas ] ***
[!] Pasta Deletada : C:\ProgramData\374311380
[!] Pasta Deletada : C:\ProgramData\IePluginServices
[!] Pasta Deletada : C:\ProgramData\WindowsMangerProtect
[!] Pasta Deletada : C:\Program Files (x86)\globalUpdate
[!] Pasta Deletada : C:\Program Files (x86)\predm
[!] Pasta Deletada : C:\Program Files (x86)\Probit Software
[!] Pasta Deletada : C:\Users\User\AppData\Local\globalUpdate
[!] Pasta Deletada : C:\Users\User\Documents\Optimizer Pro
[!] Pasta Deletada : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qw3vfgd5.default\Extensions\faststartff@gmail.com
Arquivo Deletada : C:\Windows\System32\log\iSafeKrnlCall.log
Arquivo Deletada : C:\Users\User\AppData\Roaming\LiveSupport.exe_log.txt
Arquivo Deletada : C:\Users\User\AppData\Roaming\regsvr32.exe_log.txt
Arquivo Deletada : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qw3vfgd5.default\user.js
*** [ Tarefas ] ***
Tarefa Deletedo : LaunchSignup
*** [ Atalhos ] ***
*** [ Registro ] ***
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\JFileManager_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\JFileManager_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\LiveSupport_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\livesupport_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\vopackage_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\vopackage_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wpm_v20_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wpm_v20_RASMANCS
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Chave Deletedo : HKCU\Software\GlobalUpdate
Chave Deletedo : HKCU\Software\Optimizer Pro
Chave Deletedo : HKCU\Software\SupHpUISoft
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\DynConIE
Chave Deletedo : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chave Deletedo : HKLM\SOFTWARE\GlobalUpdate
Chave Deletedo : HKLM\SOFTWARE\omiga-plusSoftware
Chave Deletedo : HKLM\SOFTWARE\SupDp
Chave Deletedo : HKLM\SOFTWARE\SupTab
Chave Deletedo : HKLM\SOFTWARE\supWindowsMangerProtect
Chave Deletedo : HKLM\SOFTWARE\Tutorials
*** [ Navegadores ] ***
-\\ Internet Explorer v9.0.8112.16575
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]
-\\ Mozilla Firefox v33.0.2 (x86 pt-BR)
[ Arquivo : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qw3vfgd5.default\prefs.js ]
Linha deletada : user_pref("browser.search.defaultenginename", "omiga-plus");
Linha deletada : user_pref("extensions.crossrider.bic", "1496d3d5aa895295964831de884412dd");-\\ Google Chrome v38.0.2125.111
[ Arquivo : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [8034 octets] - [02/11/2014 23:49:40]
AdwCleaner[s0].txt - [6314 octets] - [02/11/2014 23:55:35]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6374 octets] ##########
Bom Dia! karoline ferreira
Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i48.tinypic.com/1268r49.png&key=be85c7a026af0cb092d2f868777759c6b4bd667a01f00e36e91558a667424520" alt="1268r49.png" /> > ( ... by Oleg N. Scherbakov )
Salve-o no desktop!
Desabilite seu antivírus!
Para Windows 7,clique direito em JRT.exe e execute-o ...
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />
/applications/core/interface/imageproxy/imageproxy.php?img=http://thisisudax.org/pictures/jrtcmdsm.jpg&key=dafd172ce0394f77bed0bea021bb61d74da53fbf85d19e1129e4d0a98f08edb3" alt="jrtcmdsm.jpg" />
Aguarde a conclusão e poste o relatório. ( JRT.txt )
A+
Bom dia!!! DigRam...
Segue a baixo o relatório JRT.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 7 Ultimate x64
Ran by User on 03/11/2014 at 10:05:40,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qw3vfgd5.default\minidumps [17 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/11/2014 at 10:16:37,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Bom Dia! karoline ferreira
Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHPCleaner_zps71d274df.jpg&key=dfc2cbaf1226075546950032c506270c0439c57203ca7c527f7221c835e7cf3f" alt="ZHPCleaner_zps71d274df.jpg" /> > ( ... de Nicolas Coolman )
Estando na página,clique /applications/core/interface/imageproxy/imageproxy.php?img=http://www.nicolascoolman.fr/wp-content/plugins/wpdm-download-button/images/53cb8e11d3f80.jpg&key=f22e14f8b88ac073f4ac557679cbd6389de0f76ac82b2205e2eabc90b05b4280" alt="53cb8e11d3f80.jpg" />
Salve-a no desktop!
Execute-a e ao abrir,clique "J'accept/I Agree".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPCleaner_Tous_zpsae2ad662.jpg&key=8b4849d5007434c317e90970a3351c9e3031bbefb01ed9802d54bb1d1596fa7a" alt="ZHPCleaner_Tous_zpsae2ad662.jpg" />
Para correções mais abrangentes,marque todas as opções disponíveis.
Clique Réparer.
Clique Rapport.
Poste o relatório!
A+
Bom dia!!! DigRam...
Segue a baixo o poste o relatório do ZHPCleaner.
~ ZHPCleaner v2014.11.2.204 by Nicolas Coolman (02/11/2014)
~ Run by User (Administrator) (03/11/2014 11:03:05)
~ WebSite : http://nicolascoolman.fr
~ Forum : http://forum.nicolascoolman.fr
~ State version : Updated version
~ Type : Repair
~ Report : C:\Users\User\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\User\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Windows 7, 64-bit (Build 7600)
---\\ Services (0)
~ No malicious items found.
---\\ Browser Internet (1)
REPLACED Chrome URL: "hxxp://www.google.com.br/"]
---\\ Hosts file (1)
~ The hosts file is legitimate (21)
---\\ Scheduled automatic tasks. (0)
~ No malicious items found.
---\\ Explorer ( Files, Folders) (4)
MOVED: C:\Windows\Prefetch\5555-1001_NEWPLAYER.EXE-E974A743.pf (Adware.NewPlayer)
MOVED: C:\Windows\Prefetch\JFILEMANAGER.EXE-5A3DE263.pf (PUP.JFileManager)
MOVED: C:\Windows\Prefetch\JFILEMANAGERSETUP.EXE-F01F17E7.pf (PUP.JFileManager)
MOVED: C:\Windows\Prefetch\MYPC BACKUP.EXE-98FB306F.pf (PUP.MyPCBackup)
---\\ Registry ( Keys, Values, Datas) (7)
DELETED: HKCR\CLSID\{47216CC9-40D4-448A-9D03-F812B577E97B} [NeroSearchQuerySourceSettings Class] (PUP.Datamngr)
DELETED: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} [shopperReports.dll] (Adware.ShopperReports)
DELETED: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} [shoppingReport.dll] (Adware.ShoppingReport)
DELETED: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} [babylonToolbar.dll] (PUP.Babylon)
DELETED: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} [babylonToolbar.dll] (PUP.Babylon)
DELETED: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} [babylonToolbarTlbr.dll] (PUP.Babylon)
DELETED: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} [shoppingReport.dll] (Adware.ShoppingReport)
---\\ Result of repair
~ Repair carried out successfully
~ No browser found (Opera Software)
End of clean at 11:08:53
Boa Tarde! karoline ferreira
Poste novo relatório do HijackThis.
Tudo OK? :)
A+
Boa tarde !!! DigRam
Que bom muito obrigada mesmo pela ajuda. :kiss:
Segue o novo relatório doHijackThis.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:25:35, on 03/11/2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16575)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
C:\Users\User\AppData\Roaming\IMVUClient\IMVUClient.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5558 bytes
Boa Tarde! karoline ferreira
Vamos remover as ferramentas que foram utilizadas na desinfecção!
Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/delfix_108_zps75ef8ba4.jpg&key=b39e23e6b61919a1a815c38e03726a9072afe4f3d0095f800f63e2e4ac1f671e" alt="delfix_108_zps75ef8ba4.jpg" /> > ( ... de Xplode )
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/DelFix_Download_zpsb5d944c7.jpg&key=c11cd63c68a67a8bcd0443a3fe0e716fc51d8e7a80122a3b6bf3a92bc1cfea40" alt="DelFix_Download_zpsb5d944c7.jpg" />
Estando na página,clique em Download Now.
Salve-a em um local conveniente! ( desktop! )
Feche aplicativos que estejam abertos.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/DelFix_RCL_zpscdf4940b.jpg&key=445a21c4b466a62330035b9f4c21e594031045c85368f309c5eb1deb786c08f9" alt="DelFix_RCL_zpscdf4940b.jpg" />
Remover ferramentas de desinfecção
Criar backup do registro
Limpar pontos da restauração do sistema
Com estas caixinhas marcadas,clique Executar!
Reinicie o computador ao concluir!
Seus logs estão limpos!
Tudo Ok?
A+
Boa tarde!! Dig Ram...
O meu notebook aparentemente esta tudo normal, ta funcionando normal....Obrigada pela ajuda :)
Segue em baixo o post do DelFix.
~ Removendo ferramentas de desinfecção ...
Removido : C:\AdwCleaner
Removido : C:\Users\User\AppData\Roaming\ZHP
Removido : C:\HijackThis.msi
Removido : C:\Users\User\Desktop\AdwCleaner.exe
Removido : C:\Users\User\Desktop\JRT.exe
Removido : C:\Users\User\Desktop\HiJackThis.lnk
Removido : C:\Users\User\Desktop\ZHPCleaner.exe
Removido : HKLM\SOFTWARE\AdwCleaner
Removido : HKLM\SOFTWARE\TrendMicro\Hijackthis
~ Criando backup do registro ... OK
~ Limpando pontos da restauração do sistema ...
Novo ponto de restauração criado !
########## - EOF - ##########
PROBLEMA RESOLVIDO
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Boa Noite! karoline ferreira
>
> >< /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" /> >
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/AdwCleaner_Examinar_zps828ed634.jpg&key=ab3daa6c25adcfd393aa42949dcd0177a1c4f1dba193cc7c9704843f6ef97402" alt="AdwCleaner_Examinar_zps828ed634.jpg" />
< /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Limpar_zps06005ae9.jpg&key=e03b122437ba41a51aeb80130d87464e234beda92d71d6cab1205ee84e50d78e" alt="AdwCleaner_Limpar_zps06005ae9.jpg" /> >
A+