[Resolvido] &nbspGoogle Chrome aparecendo anúncio adwords ""Ad

[Spyder.RV 0]

Bom dia, meu Chrome tá mostrando anúncios que não existem nas páginas, comprovei isso acessando de outros navegadores e não tem o anúncio.

E o próprio Anúncio o Adwords coloca a inscrição Ad not from this site, vejam a figura abaixo:


Já tentei várias ferramentas de remoção sem sucesso... não detectam nada.

 

Editado:

• Também ficavam abrindo popups de propaganda mas já fazem uns 2 dias que não aparecem.

Abaixo o log do hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:27:46, on 24/10/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16521)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Zend Server CE\Apache2\bin\ApacheMonitor.exe
C:\Users\Wemerson\AppData\Local\Skillbrains\lightshot\4.4.2.10\LightShot.exe
C:\Zend Server CE\ZendServer\bin\zendcontroller.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oquefazernainternet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=incore_pay_hp_01_hao123_br
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oquefazernainternet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazernainternet.com/q/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, enhanced for Bing and MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [LightShot] C:\Users\Wemerson\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: Dropbox.lnk = C:\Users\Wemerson\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Apache Web Server Monitor.lnk = C:\Zend Server CE\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Zend Controller.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apache2.2-Zend - Apache Software Foundation - C:\Zend Server CE\Apache2\bin\httpd.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HideMyIpSRV - Hide My IP - C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL_ZendServer51 - Unknown owner - C:\Zend.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zend Deployment (ZendDeployment) - Zend Technologies Ltd. - C:\Zend Server CE\ZendServer\bin\zdd.exe
O23 - Service: Zend Java Bridge (ZendJavaBridge) - Zend Technologies Ltd. - C:\Zend Server CE\ZendServer\bin\JavaServer.exe

--
End of file - 11396 bytes

[DigRam 144]

Boa Tarde! Spyder.RV

 

|- Abra a ferramenta HijackThis.
|- Clique "Do a system scan only".

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

 

|- Marque estas entradas,em destaque,e clique "Fix Checked" >> Sim!
|- Reinicie...feche a ferramenta e baixe o AdwCleaner.

 

 

|- Baixe: < > ( ... par Xplode )

|- Ao acessar,clique na imagem: < >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como

 

 

|- Ps: Dê início à ferramenta,clicando em "Scan".
|- Clique "Clean",caso fique disponível,para cada guia acessada em "Results".

|- Clique nas setinhas laterais,para ter acesso às guias "Firefox" ou "Chrome". < >
|- Ao concluir,clique "Report".

< C:\AdwCleaner\AdwCleaner[s0].txt > ou < C:\AdwCleaner\AdwCleaner[s1].txt > ;S2, S3;...

|- Poste todos os relatórios que estarão em C:\AdwCleaner <<

 

A+

[Spyder.RV 0]

Opa, obrigado pelo retorno.

Seguem os relatorios:

# AdwCleaner v3.010 - Relatório criado 24/10/2013 às 14:29:27
# Atualizado 20/10/2013 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)
# Usuário : Wemerson - WEMERSON-PC
# Executando de : D:\Dados do PC\Wemerson\Downloads\adwcleaner.exe
# Opção : Examinar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Encontrada : HKCU\Software\Conduit
Chave Encontrada : [x64] HKCU\Software\Conduit
Chave Encontrada : HKLM\Software\Conduit
Chave Encontrada : HKLM\Software\PIP
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16521


-\\ Mozilla Firefox v24.0 (pt-BR)

[ Arquivo : C:\Users\Wemerson\AppData\Roaming\Mozilla\Firefox\Profiles\1cicd47u.default\prefs.js ]

Linha encontrada : user_pref("extensions.skipscreen.divshareactive", false);
Linha encontrada : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir)/.*|hxxp://.*depositfiles.com/(([a-z]{2})/files/|auth-).*|hxxp://(www.)*digg.com/(.{5}|.{6})$|hxxp:[...]

-\\ Google Chrome v30.0.1599.101

[ Arquivo : C:\Users\Wemerson\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1365 octets] - [24/10/2013 14:29:27]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1425 octets] ##########

 

# AdwCleaner v3.010 - Relatório criado 24/10/2013 às 14:31:42
# Atualizado 20/10/2013 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)
# Usuário : Wemerson - WEMERSON-PC
# Executando de : D:\Dados do PC\Wemerson\Downloads\adwcleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\PIP

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16521


-\\ Mozilla Firefox v24.0 (pt-BR)

[ Arquivo : C:\Users\Wemerson\AppData\Roaming\Mozilla\Firefox\Profiles\1cicd47u.default\prefs.js ]

Linha deletada : user_pref("extensions.skipscreen.divshareactive", false);
Linha deletada : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir)/.*|hxxp://.*depositfiles.com/(([a-z]{2})/files/|auth-).*|hxxp://(www.)*digg.com/(.{5}|.{6})$|hxxp:[...]

-\\ Google Chrome v30.0.1599.101

[ Arquivo : C:\Users\Wemerson\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1513 octets] - [24/10/2013 14:29:27]
AdwCleaner[s0].txt - [1367 octets] - [24/10/2013 14:31:42]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1427 octets] ##########

[DigRam 144]

Boa Tarde! Spyder.RV

 

|- Baixe: < ZHPDiag2.exe > < > ( ... de Nicolas Coolman )

|- Salve-o no disco local! ( C ou D )
|- Execute o ícone do pergaminho. ( ZHPDiag )

 

|- Clique: "CONFIGURE"

 

|- Clique: "Options" >> "All" >> OK

 

|- Clique: "CONFIGURE" >> "Full Analysis"
|- Aguarde a conclusão!
|- Caso ocorra travamentos e não possa obter o log,aborte a verificação completa e faça a customizada.
|- Volte a janela principal da ferramenta.

 

 

|- Clique "SEARCH" e aguarde a conclusão!
|- Ou clique "Options" >> "None".

 

 

|- Marque,apenas,a opção "Additional Scan (O88)".

~ Unselected Option:

O1,039,O40,O41,O42,O43,O44,O45,O46,O47,
O48,O49,O50,O51,O52,O53,O54,O55,O56,O57,
O58,O59,O60,O61,O62,O63,O64,O65,O66,O67,
O68,O69,O80,O81,O82,O83,O84,O85,O86,O87,
O89,O90,O91,O92
####

 

|- Desta forma,estas opções serão desabilitadas!

 

 

|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Se o log for extenso,envie-o à Pjjoint.malekal.

 

|- Ou acesse: < >

 

|- Maiores informações: < |Link| >

 

A+

[Spyder.RV 0]

Segue o log do ZHPDiad2.

 

http://pjjoint.malekal.com/files.php?read=20131024_l6h15m15p15y12

[DigRam 144]

Boa Noite! Spyder.RV

|- Copie estas informações,logo abaixo,para o Bloco de Notas.

|- Estando com o Bloco de Notas aberto,execute: ctrl+a >> ctrl+c

script zhpfix

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com

[MD5.774D05FE35417E2806B958C65CAAD4F3] [sPRF][14/10/2013] (...) -- C:\Users\Wemerson\AppData\Local\Temp\9b3c3e61-a827-460a-909c-8016c195cfde.exe [1725824]

[MD5.AC8ED637C6D7D6EF13F73B43D2E80C9E] [sPRF][14/10/2013] (...) -- C:\Users\Wemerson\AppData\Local\Temp\converter.exe [2414]

[MD5.3B32CAA07D672F8A2E0DF5CB3A873F45] [sPRF][22/06/2012] (...) -- C:\Users\Wemerson\AppData\Local\Temp\ESGScanner.sys [22704]

[MD5.9FF765D961D3C51E709781AA4061C5BB] [sPRF][14/10/2013] (...) -- C:\Users\Wemerson\AppData\Local\Temp\SHSetup.exe [46974032] =>Crapware.SpyHunter

O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Orphan key

O41 - Driver: (BdfNdisf) . (. - .) - c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys (.not file.)

O41 - Driver: (bdftdif) . (. - .) - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys (.not file.)

O44 - LFC:[MD5.444BCB3A3FCF8389296C49467F27E1D6] - 17/10/2013 - 22:26:25 ---A- . (...) -- C:\Windows\v3.log [2]

O53 - SMSR:HKLM\...\startupreg\Eazuzy [Key] . (...) -- C:\Users\Wemerson\AppData\Roaming\Eazuzy.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\1 [Key] . (...) -- C:\Users\Wemerson\AppData\Local\Temp\hide my ip patch.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\tsiVideo [Key] . (...) -- C:\Users\Wemerson\AppData\Local\Temp\tsiVi132.dll (.not file.)

O61 - LFC: 22/10/2013 - 15:00:41 ---A- . (...) -- C:\Users\Wemerson\AppData\Local\Google\Chrome\User Data\Local State~RF19cac1e.TMP [45400]

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified =>PUA.StartShow ^

C:\Users\Wemerson\AppData\Local\Temp\SHSetup.exe =>Crapware.SpyHunter^

emptytemp

emptyflash

emptyclsid

firewallraz

sysrestore

|- Execute ZHPFix >> Clique: IMPORTAÇÃO >> OK.

|- Clique "GO".

|- Poste o relatório!

A+

[Spyder.RV 0]

Boa noite. Segue o relatório:

 

Rapport de ZHPFix 2013.10.21.17 par Nicolas Coolman, Update du 21/10/2013

Fichier d'export Registre :

Run by Wemerson at 25/10/2013 01:07:17

High Elevated Privileges : OK

Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 02s)

========== Processo memória ==========

ELIMINÉ: Memory Process: C:\Users\Wemerson\AppData\Local\Temp\9b3c3e61-a827-460a-909c-8016c195cfde.exe

ELIMINÉ: Memory Process: C:\Users\Wemerson\AppData\Local\Temp\converter.exe

ELIMINÉ: Memory Process: C:\Users\Wemerson\AppData\Local\Temp\SHSetup.exe

========== Chaves do Registo ==========

ELIMINÉ Driver Key: BdfNdisf

ELIMINÉ Driver Key: bdftdif

ELIMINÉ:* StartupReg: Eazuzy

ELIMINÉ:* StartupReg: 1

ELIMINÉ:* StartupReg: tsiVideo

========== Valores do Registo ==========

ELIMINÉ: Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93}

Ausente Valor Perfil Padrão: FirewallRaz :

Ausente Valor Perfil Domínio FirewallRaz :

========== Elementos dos dados do Registo ==========

ELIMINÉ: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page

ELIMINÉ: R1 Search Page =

SUBSTITUI Value Start_ShowMyGames : Good (1) - Bad (0)

========== Pastas ==========

Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========

ELIMINÉ: C:\Users\Wemerson\AppData\Local\Temp\ESGScanner.sys

ELIMINÉ: c:\windows\v3.log

ELIMINÉ: c:\users\wemerson\appdata\local\google\chrome\user data\local state~rf19cac1e.tmp

ELIMINÉ Temporários windows (0) (0 octets)

ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========

Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========

3 : Processo memória

5 : Chaves do Registo

3 : Valores do Registo

3 : Elementos dos dados do Registo

1 : Pastas

5 : Ficheiros

1 : Restauração Sistema

End of clean in 01mn 08s

========== Caminho do ficheiro do relatório ==========

C:\Users\Wemerson\AppData\Roaming\ZHP\ZHPFix[R1].txt - 24/10/2013 15:45:59 [603]

C:\Users\Wemerson\AppData\Roaming\ZHP\ZHPFix[R2].txt - 25/10/2013 01:07:20 [2023]

[DigRam 144]

Bom Dia! Spyder.RV

|- Baixe: < zoek > ( ... by Smeenk )

|- Ou aqui! < zoek.exe >

|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.

emptychrcache;
hijackthis;
chrdefaults;
iedefaults;
autoclean;
emptyalltemp;

|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

|- Surgirão estas informações,pedindo-lhe que aguarde o relatório.



|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<

A+

 

[Spyder.RV 0]

Bom dia... Segue log do zoek

 

Zoek.exe Version 4.0.0.5 Updated 22-October-2013

Tool run by Wemerson on 25/10/2013 at 10:46:06,77.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: D:\Dados do PC\Wemerson\Desktop\zoek\zoek.exe [script inserted]

==== Older Logs ======================

C:\zoek-results2013-10-25-122926.log 420 bytes

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Users\Wemerson\renew.bat deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"content_blocker@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com" [18/10/2013 12:35]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Wemerson\AppData\Roaming\Mozilla\Firefox\Profiles\1cicd47u.default

- Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi

- Australis - %ProfilePath%\extensions\Australis@SoapyHamHocks.xpi

- Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi

- SkipScreen - %ProfilePath%\extensions\SkipScreen@SkipScreen.xpi

- Web Developer - %ProfilePath%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Wemerson\AppData\Roaming\Mozilla\Firefox\Profiles\1cicd47u.default

4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash

D4BD9F86123C87ECA570418B69326F99 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.170.2

15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx[29/08/2013 16:09]

hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx[29/08/2013 16:09]

jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx[29/08/2013 16:09]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

iahagolkpaghhinaljhjihagjgomdokb - C:\Users\Wemerson\AppData\Local\Alexa\atbpg-bY8cnr-1.3.crx[29/05/2013 16:47]

Google Translate - Wemerson - Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb

MeasureIt - Wemerson - Default\Extensions\aonjhmdcgbgikgjapjckfkefpphjpgma

Translator - Wemerson - Default\Extensions\baphblbjhblgjocinamnmbpceogpfedo

Read Later Fast - Wemerson - Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji

Vimeo™ Download Videos - Wemerson - Default\Extensions\geeljcibkkackafmeepgadbfgmpjmdeg

Climatempo - Wemerson - Default\Extensions\hdpadclmjnppejbenfgklgaganbefgad

AngularJS Batarang - Wemerson - Default\Extensions\ighdmehidhipcmcojjgiloacoafjmpfk

HTML5 Web Development IDE - Wemerson - Default\Extensions\kheidghjolippfddjfloeinafjkcgcic

Chrome In-App Payments service - Wemerson - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Feed Intent Viewer - Wemerson - Default\Extensions\oceapojkdgeophkjdijkpbjifdnfimdh

LogMeIn - Wemerson - Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon

Intel\u00AE XDK - Wemerson - Default\Extensions\onmkoldigcfmebcinpmineoadckalllb

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.dell.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="http://google.fr"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="http://google.fr"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{EFA27348-E879-4907-9783-B1D0956D3E33} O que fazer na internet? Url="http://www.oquefazernainternet.com/q/{searchTerms}"

==== Reset Google Chrome ======================

C:\Users\Wemerson\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\Wemerson\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, enhanced for Bing and MSN

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [LightShot] C:\Users\Wemerson\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-21-1118846666-3358091151-14487094-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-1118846666-3358091151-14487094-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Startup: Dropbox.lnk = C:\Users\Wemerson\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: Apache Web Server Monitor.lnk = C:\Zend Server CE\Apache2\bin\ApacheMonitor.exe

O4 - Global Startup: Zend Controller.lnk = ?

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apache2.2-Zend - Apache Software Foundation - C:\Zend Server CE\Apache2\bin\httpd.exe

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HideMyIpSRV - Hide My IP - C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: MySQL_ZendServer51 - Unknown owner - C:\Zend.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Zend Deployment (ZendDeployment) - Zend Technologies Ltd. - C:\Zend Server CE\ZendServer\bin\zdd.exe

O23 - Service: Zend Java Bridge (ZendJavaBridge) - Zend Technologies Ltd. - C:\Zend Server CE\ZendServer\bin\JavaServer.exe

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Wemerson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Wemerson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Wemerson\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\Wemerson\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Wemerson\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 25/10/2013 at 12:01:07,98 ======================

[DigRam 144]

Boa Tarde! Spyder.RV

 

|- Remova as ferramentas que foram empregadas,com o DelFix.

 

-/-

 

|- Baixe: |DelFix| ( ... de Xplode )

 

|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

 

 

|- Execute-a!
|- Com as 3 checkbox marcadas!
|- Clique "Run".
|- Tudo Ok? O problema permanece?

 

At+

[Spyder.RV 0]

Boa tarde.

Ufa... até que enfim essa praga saiu!

Muito obrigado!

 

Uma dúvida... meu notebook tava com o google chrome sincronizado com o chrome aqui e agora tá apresentando o mesmo problema, provavelmente foi contaminado também né?

 

Eu me precavi e antes de começar a desinfecção eu retirei o notebook da sincronização do chrome com esse pc...

 

Tenho que abrir outro post para o notebook também ?

[DigRam 144]

Boa Noite! Spyder.RV

 

Uma dúvida... meu notebook tava com o google chrome sincronizado com o chrome aqui e agora tá apresentando o mesmo problema, provavelmente foi contaminado também né?

 

Eu me precavi e antes de começar a desinfecção eu retirei o notebook da sincronização do chrome com esse pc...

 

Tenho que abrir outro post para o notebook também ?

 

|- Sim! Abra outro Tópico e poste o log do HijackThis,referente ao seu Notebook.

 

Abs!

 

xxxxxxxxxxxxxxxxxxxxxxxxxxx
PROBLEMA RESOLVIDO

 

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.