[Resolvido] movie mode e superfish

[bruna pereira 0]

Bom dia, estou com um sério problema no pc da empresa que trabalho, ele está infectado com um adware chamado movie mode e superfish, ja baixei o adwcleaner, ele detecta, faço a limpeza, reinicio o pc e quando abro novamente o navegador vem um monte de propaganda, passo novamente o adwcleaner ele acusa a infecção. Já desinstalei o chorme e instalei novamente mais o problema persiste, sem contar que quando estou navegando abre paginas me pedindo para instalar java, por favor alguem pode me ajudar? Uso o avast de anti virus que esta sempre atualizado.

[Power Max 54]

Oi Bruna.

 

Desative temporariamente seu antivírus para evitar conflitos.

 

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:

http://www.hijackthis.nl/smeenk/

 

:seta: Para executá-lo corretamente siga as dicas deste tutorial:

 

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

 

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

[bruna pereira 0]

como desativo o antivirus, confesso que sou leiga nisso, meu sistema é windows xp , o pc é em rede e tenho muitos programas internos, não tem problema né?

[Power Max 54]

Qual é o seu antivirus? normalmente para desativar o antivirus é só clicar sobre o ícone dele (que normalmente está ao lado do relógio do Windows) e escolher a opção de desativá-lo.

[bruna pereira 0]

ja tentei isso, pois pensei mesmo ser assim, uso avast

consegui

[Power Max 54]

Ok, fico no aguardo do relatório do Zoek quando ele terminar a limpeza dele.

[bruna pereira 0]

escreveu isso assim que terminou de baixar o programa c:\DOCUME~1\x\CONFIG~1\Temp\zoek.hta não é um aplicativo win 32 válido

Zoek.exe v5.0.0.0 Updated 29-07-2014

Tool run by x on qua 30/07/2014 at 11:31:50,03.

Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Documents and Settings\x\Meus documentos\Downloads\zoek.exe [scan all users] [script inserted]

===== Runcheck 11:37:57,12 =====

--- Create Environment Variables 11:37:58,75

--- Create System Restore Point 11:38:04,48

--- Checking Input 11:38:15,68

--- Reset Hosts File 11:38:19,46

--- AU AppData Check 11:38:20,18

--- Remove From Windows Installer 11:38:21,12

--- IE Startpage Check 11:39:15,06

--- Program Files DB Check 11:39:23,64

[Power Max 54]

O Zoek está ainda fazendo a limpeza dele. Espere até ele terminar e aí ele vai reiniciar o PC e depois disto você posta o relatório completo dele.

[bruna pereira 0]

desculpe tem mais coisas

Zoek.exe v5.0.0.0 Updated 29-07-2014

Tool run by x on qua 30/07/2014 at 11:31:50,03.

Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Documents and Settings\x\Meus documentos\Downloads\zoek.exe [scan all users] [script inserted]

===== Runcheck 11:37:57,12 =====

--- Create Environment Variables 11:37:58,75

--- Create System Restore Point 11:38:04,48

--- Checking Input 11:38:15,68

--- Reset Hosts File 11:38:19,46

--- AU AppData Check 11:38:20,18

--- Remove From Windows Installer 11:38:21,12

--- IE Startpage Check 11:39:15,06

--- Program Files DB Check 11:39:23,64

--- C:\Documents and Settings\Convidado\Dados de aplicativos DB Check 11:40:00,18

--- C:\Documents and Settings\Default User\Dados de aplicativos DB Check 11:40:00,18

--- C:\Documents and Settings\LocalService\Dados de aplicativos DB Check 11:40:00,18

--- C:\Documents and Settings\LogMeInRemoteUser\Dados de aplicativos DB Check 11:40:00,18

--- C:\Documents and Settings\NetworkService\Dados de aplicativos DB Check 11:40:00,18

--- C:\Documents and Settings\x\Dados de aplicativos DB Check 11:40:00,18

--- C:\WINDOWS\system32\config\systemprofile\Dados de aplicativos DB Check 11:40:00,18

--- C:\Documents and Settings\x DB Check 11:41:34,53

--- C:\DOCUME~1\ALLUSE~1\DADOSD~1 DB Check 11:41:49,21

--- C:\Documents and Settings\All Users\Menu Iniciar\Programas DB Check 11:41:49,82

--- C:\Documents and Settings\x\Menu Iniciar\Programas DB Check 11:41:56,20

--- Tasks DB Check 11:42:00,18

--- Tasks2 DB Check 11:42:02,60

--- Documents DB Check 11:42:19,98

--- Documents2 DB Check 11:42:23,98

--- C:\Documents and Settings\All Users\Desktop DB Check 11:42:25,37

--- C:\Documents and Settings\x\Desktop DB Check 11:42:27,68

--- Services DB Check 11:42:34,73

--- FF prefs.js DB Check 11:42:56,14

--- Del by CLSID 11:42:58,25

[Power Max 54]

Preste atenção por gentileza no que eu te passei:

 

O Zoek está ainda fazendo a limpeza dele. Espere até ele terminar e aí ele vai reiniciar o PC e depois disto você posta o relatório completo dele.

[bruna pereira 0]

Agora sim

 

 

Zoek.exe v5.0.0.0 Updated 29-07-2014

Tool run by x on qua 30/07/2014 at 11:31:50,03.

Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Documents and Settings\x\Meus documentos\Downloads\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

30/7/2014 11:38:14 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright © 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WindowsMangerProtect deleted successfully

==== Deleting Files \ Folders ======================

C:\DOCUME~1\ALLUSE~1\DADOSD~1\InstallMate deleted

C:\WINDOWS\SET3.tmp deleted

C:\WINDOWS\SET4.tmp deleted

C:\WINDOWS\SET8.tmp deleted

C:\WINDOWS\wininit.ini deleted

C:\WINDOWS\System32\SET126.tmp deleted

C:\WINDOWS\System32\SET12A.tmp deleted

C:\WINDOWS\System32\SET12B.tmp deleted

C:\WINDOWS\System32\SET132.tmp deleted

C:\WINDOWS\System32\InstallUtil.InstallLog deleted

C:\WINDOWS\System32\searchplugins deleted

C:\WINDOWS\System32\Extensions deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"wrc@avast.com"="C:\Arquivos de programas\AVAST Software\Avast\WebRep\FF" [08/07/2014 11:23]

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{72ae1cde-60d2-4b59-a362-8cd2d9fc9755}"="C:\Arquivos de programas\ViewPassword\136.xpi" []

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

gomekmidlodglbbmalcneegieacbdmki - C:\Arquivos de programas\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[08/07/2014 11:23]

jmojojliiicbbihpjmiepllaiflnjobc - C:\Arquivos de programas\ViewPassword\136.crx[]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://www.google.com"

"Search Bar"="http://www.google.com"

"Use Search Asst"="yes"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.google.com"

"Search Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]

"Default"="http://www.google.com"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"Default"="http://www.google.com"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://www.google.com"

"SearchAssistant"="http://www.google.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

"Use Search Asst"="no"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-725345543-1580436667-1801674531-1003\Software\mozilla\Firefox\Extensions\{72ae1cde-60d2-4b59-a362-8cd2d9fc9755} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Documents and Settings\x\Desktop\Atalho para adwcleaner_3.301.lnk - C:\Documents and Settings\x\Meus documentos\Downloads\adwcleaner_3.301.exe

C:\Documents and Settings\x\Desktop\Atalho para Check List Ferramentas.lnk - C:\Documents and Settings\x\Meus documentos\doc. manutenção\check list ferramentas.xls

C:\Documents and Settings\x\Desktop\Atalho para histórico de SS.lnk -

C:\Documents and Settings\x\Desktop\Atalho para histórico de tempo trabalhado.lnk -

C:\Documents and Settings\x\Desktop\Atalho para material x fornecedor.lnk - C:\Documents and Settings\x\Meus documentos\doc. manutenção\material x fornecedor.xls

C:\Documents and Settings\x\Desktop\Atalho para planilha de controle do almoxarifado.lnk - C:\Documents and Settings\x\Meus documentos\planilha de controle do almoxarifado

C:\Documents and Settings\x\Desktop\Atalho para RELATORIO ROLAMENTOS.lnk - C:\Documents and Settings\x\Meus documentos\doc. manutenção\RELATORIO ROLAMENTOS.xls

C:\Documents and Settings\x\Desktop\Atalho para solicitações em aberto.lnk -

C:\Documents and Settings\x\Desktop\Microsoft Office Excel 2003.lnk - C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

C:\Documents and Settings\x\Desktop\Microsoft Office Word 2003.lnk - C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

C:\Documents and Settings\x\Desktop\Outlook Express.lnk - C:\Arquivos de programas\Outlook Express\msimn.exe

C:\Documents and Settings\x\Desktop\simonini.lnk - Z:\Simonini\simonini.exe

==== shortcuts on All Users Desktop ======================

C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AcroRd32.exe

C:\Documents and Settings\All Users\Desktop\avast Free Antivirus.lnk -

C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\All Users\Desktop\Skype.lnk - C:\WINDOWS\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe

==== shortcuts in Users Start Menu ======================

C:\Documents and Settings\Convidado\Menu Iniciar\Programas\Assistência remota.lnk -

C:\Documents and Settings\Convidado\Menu Iniciar\Programas\Acessórios\Bloco de notas.lnk -

C:\Documents and Settings\Convidado\Menu Iniciar\Programas\Acessórios\Prompt de comando.lnk -

C:\Documents and Settings\Convidado\Menu Iniciar\Programas\Acessórios\Sincronizar.lnk -

C:\Documents and Settings\Convidado\Menu Iniciar\Programas\Acessórios\Tour do Windows XP.lnk -

C:\Documents and Settings\Convidado\Menu Iniciar\Programas\Acessórios\Windows Explorer.lnk -

C:\Documents and Settings\Convidado\Menu Iniciar\Programas\Acessórios\Acessibilidade\Gerenciador de utilitários.lnk -

C:\Documents and Settings\Convidado\Menu Iniciar\Programas\Acessórios\Acessibilidade\Lente de aumento.lnk -

C:\Documents and Settings\Convidado\Menu Iniciar\Programas\Acessórios\Acessibilidade\Teclado virtual.lnk -

C:\Documents and Settings\Default User\Menu Iniciar\Programas\Assistência remota.lnk -

C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Bloco de notas.lnk -

C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Prompt de comando.lnk -

C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Sincronizar.lnk -

C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Tour do Windows XP.lnk -

C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Windows Explorer.lnk -

C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Acessibilidade\Gerenciador de utilitários.lnk -

C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Acessibilidade\Lente de aumento.lnk -

C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Acessibilidade\Teclado virtual.lnk -

C:\Documents and Settings\LogMeInRemoteUser\Menu Iniciar\Programas\Assistência remota.lnk -

C:\Documents and Settings\LogMeInRemoteUser\Menu Iniciar\Programas\Acessórios\Prompt de comando.lnk -

C:\Documents and Settings\LogMeInRemoteUser\Menu Iniciar\Programas\Acessórios\Sincronizar.lnk -

C:\Documents and Settings\LogMeInRemoteUser\Menu Iniciar\Programas\Acessórios\Tour do Windows XP.lnk -

C:\Documents and Settings\LogMeInRemoteUser\Menu Iniciar\Programas\Acessórios\Windows Explorer.lnk -

C:\Documents and Settings\LogMeInRemoteUser\Menu Iniciar\Programas\Acessórios\Acessibilidade\Gerenciador de utilitários.lnk -

C:\Documents and Settings\LogMeInRemoteUser\Menu Iniciar\Programas\Acessórios\Acessibilidade\Lente de aumento.lnk -

C:\Documents and Settings\LogMeInRemoteUser\Menu Iniciar\Programas\Acessórios\Acessibilidade\Teclado virtual.lnk -

C:\Documents and Settings\x\Menu Iniciar\Programas\Assistência remota.lnk -

C:\Documents and Settings\x\Menu Iniciar\Programas\Internet Explorer.lnk - C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\x\Menu Iniciar\Programas\Acessórios\Bloco de notas.lnk -

C:\Documents and Settings\x\Menu Iniciar\Programas\Acessórios\Prompt de comando.lnk -

C:\Documents and Settings\x\Menu Iniciar\Programas\Acessórios\Sincronizar.lnk -

C:\Documents and Settings\x\Menu Iniciar\Programas\Acessórios\Tour do Windows XP.lnk -

C:\Documents and Settings\x\Menu Iniciar\Programas\Acessórios\Windows Explorer.lnk -

C:\Documents and Settings\x\Menu Iniciar\Programas\Acessórios\Acessibilidade\Gerenciador de utilitários.lnk -

C:\Documents and Settings\x\Menu Iniciar\Programas\Acessórios\Acessibilidade\Lente de aumento.lnk -

C:\Documents and Settings\x\Menu Iniciar\Programas\Acessórios\Acessibilidade\Teclado virtual.lnk -

C:\Documents and Settings\x\Menu Iniciar\Programas\Acessórios\Ferramentas do Sistema\Internet Explorer (Sem Complementos).lnk -

==== shortcuts in All Users Start Menu ======================

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Adobe Reader XI.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico

C:\Documents and Settings\All Users\Menu Iniciar\Programas\LogMeIn Client.lnk - C:\Arquivos de programas\LogMeIn\Ignition\LMIIgnition.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\LogMeIn Control Panel.lnk - C:\Arquivos de programas\LogMeIn\x86\LogMeInToolkit.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Acessibilidade\Assistente de acessibilidade.lnk -

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Comunicações\Assistente de configuração de rede.lnk -

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Comunicações\Assistente para Configuração de Rede sem Fio.lnk -

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Comunicações\Assistente para novas conexões.lnk -

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Comunicações\Conexões de rede.lnk -

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Entretenimento\Controle de volume.lnk -

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Entretenimento\Gravador de som.lnk -

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Assistente para transferência de arquivos e configurações.lnk -

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Backup.lnk -

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Central de Segurança.lnk -

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Desfragmentador de disco.lnk -

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Limpeza de disco.lnk -

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Mapa de caracteres.lnk -

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Tarefas agendadas.lnk -

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Desempenho.lnk - C:\WINDOWS\system32\perfmon.msc /s

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Diretiva de segurança local.lnk -

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Fontes de dados (ODBC).lnk - C:\WINDOWS\system32\odbcad32.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Gerenciamento do computador.lnk - C:\WINDOWS\system32\compmgmt.msc /s

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Serviços.lnk -

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Visualizar eventos.lnk - C:\WINDOWS\system32\eventvwr.msc /s

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Arquivos de programas\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe

==== shortcuts in Quick Launch ======================

C:\Documents and Settings\Convidado\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o Navegador Internet Explorer.lnk - C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\x\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\x\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o Navegador Internet Explorer.lnk - C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\x\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Arquivos de programas\Windows Media Player\wmplayer.exe /prefetch:1

==== Reset IE Proxy ======================

Value(s) before fix:

"ProxyEnable"=dword:00000000

Value(s) after fix:

"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8B218A19-065D-169C-C95E-1E4C614F0282} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jmojojliiicbbihpjmiepllaiflnjobc deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Convidado\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\Default User\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\LocalService\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\LogMeInRemoteUser\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\x\Configurações locais\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\x\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=18 folders=5 7120096 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied

C:\DOCUME~1\x\CONFIG~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== EOF on qua 30/07/2014 at 11:49:09,79 ======================

[Power Max 54]

Baixe o programa Junkware Removal Tool no link abaixo:

http://thisisudax.org/downloads/JRT.exe

 

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

 

Tutorial do Junkware Removal Tool

 

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

 

Ficamos na espera.

[bruna pereira 0]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Microsoft Windows XP x86

Ran by x on qua 30/07/2014 at 13:01:24,39

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411591114}

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on qua 30/07/2014 at 13:06:39,04

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[bruna pereira 0]

power max cade vc??? nadinha aqui de melhorar :(

[Power Max 54]

Desculpe-me, agora que vi sua resposta.

______________________________________________

 

:seta: Faça o download do Malwarebytes em um destes links abaixo:

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

http://downloads.malwarebytes.org/mbam-download.php

 

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

 

Tutorial do Malwarebytes Anti-Malware

 

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

 

Ficamos no aguardo.

[bruna pereira 0]

Malwarebytes Anti-Malware

www.malwarebytes.org

Protection, 28/7/2014 10:05:41, SYSTEM, ALUMINIO-02, Protection, Malware Protection, Starting,

Protection, 28/7/2014 10:05:41, SYSTEM, ALUMINIO-02, Protection, Malware Protection, Started,

Protection, 28/7/2014 10:05:41, SYSTEM, ALUMINIO-02, Protection, Malicious Website Protection, Starting,

Protection, 28/7/2014 10:05:55, SYSTEM, ALUMINIO-02, Protection, Malicious Website Protection, Started,

Update, 28/7/2014 10:06:20, SYSTEM, ALUMINIO-02, Manual, Rootkit Database, 2014.2.20.1, 2014.7.17.1,

Error, 28/7/2014 10:06:38, SYSTEM, ALUMINIO-02, Manual, 0,

Error, 28/7/2014 10:06:38, SYSTEM, ALUMINIO-02, Manual, 0,

Protection, 28/7/2014 10:06:51, SYSTEM, ALUMINIO-02, Protection, Refresh, Starting,

Protection, 28/7/2014 10:06:51, SYSTEM, ALUMINIO-02, Protection, Malicious Website Protection, Stopping,

Protection, 28/7/2014 10:06:51, SYSTEM, ALUMINIO-02, Protection, Malicious Website Protection, Stopped,

Protection, 28/7/2014 10:07:03, SYSTEM, ALUMINIO-02, Protection, Refresh, Success,

Protection, 28/7/2014 10:07:03, SYSTEM, ALUMINIO-02, Protection, Malicious Website Protection, Starting,

Protection, 28/7/2014 10:07:18, SYSTEM, ALUMINIO-02, Protection, Malicious Website Protection, Started,

Protection, 28/7/2014 10:14:49, SYSTEM, ALUMINIO-02, Protection, Malicious Website Protection, Stopping,

Protection, 28/7/2014 10:14:49, SYSTEM, ALUMINIO-02, Protection, Malicious Website Protection, Stopped,

Protection, 28/7/2014 10:14:49, SYSTEM, ALUMINIO-02, Protection, Malware Protection, Stopping,

Protection, 28/7/2014 10:14:50, SYSTEM, ALUMINIO-02, Protection, Malware Protection, Stopped,

(end)

[Power Max 54]

Siga as dicas abaixo para acessar o Log (relatório) do Malwarebytes:

 

Para isto abra o Malwarebytes > Clique no botão Histórico > Clique em Logs de Aplicativos > E dê um duplo clique com o botão esquerdo do mouse sobre o Log de Verificação mais atual para abri-lo. Isto é mostrado nesta imagem:

 

 

Na próxima tela que surgirá clique no botão Exportar > e clique na opção Arquivo texto (*.txt):

 

 

Na outra tela que vai aparecer dê um nome para este relatório (como LOG por exemplo) > Clique em Área de Trabalho (para que ele seja salvo no seu Desktop) > Clique em Salvar:

 

 

Clique em OK na próxima mensagem que aparece:

 

 

Depois disto é só postar este log do Malwarebytes em sua próxima resposta.

[bruna pereira 0]

as propagandas continuam :(

[Power Max 54]

estou esperando você postar o relatório do Malwarebytes da forma que te passei na resposta acima.

[bruna pereira 0]

www.malwarebytes.org

Protection, 30/7/2014 15:26:41, SYSTEM, ALUMINIO-02, Protection, Malware Protection, Starting,

Protection, 30/7/2014 15:26:41, SYSTEM, ALUMINIO-02, Protection, Malware Protection, Started,

Protection, 30/7/2014 15:26:41, SYSTEM, ALUMINIO-02, Protection, Malicious Website Protection, Starting,

Protection, 30/7/2014 15:26:55, SYSTEM, ALUMINIO-02, Protection, Malicious Website Protection, Started,

Update, 30/7/2014 15:27:17, SYSTEM, ALUMINIO-02, Manual, Rootkit Database, 2014.2.20.1, 2014.7.17.1,

Update, 30/7/2014 15:28:44, SYSTEM, ALUMINIO-02, Manual, Malware Database, 2014.3.4.9, 2014.7.30.6,

Protection, 30/7/2014 15:28:46, SYSTEM, ALUMINIO-02, Protection, Refresh, Starting,

Protection, 30/7/2014 15:28:46, SYSTEM, ALUMINIO-02, Protection, Malicious Website Protection, Stopping,

Protection, 30/7/2014 15:28:46, SYSTEM, ALUMINIO-02, Protection, Malicious Website Protection, Stopped,

Protection, 30/7/2014 15:29:01, SYSTEM, ALUMINIO-02, Protection, Refresh, Success,

Protection, 30/7/2014 15:29:01, SYSTEM, ALUMINIO-02, Protection, Malicious Website Protection, Starting,

Protection, 30/7/2014 15:29:25, SYSTEM, ALUMINIO-02, Protection, Malicious Website Protection, Started,

Protection, 30/7/2014 15:41:19, SYSTEM, ALUMINIO-02, Protection, Malicious Website Protection, Stopping,

Protection, 30/7/2014 15:41:19, SYSTEM, ALUMINIO-02, Protection, Malicious Website Protection, Stopped,

Protection, 30/7/2014 15:41:19, SYSTEM, ALUMINIO-02, Protection, Malicious Website Protection, Starting,

Detection, 30/7/2014 15:41:26, x, ALUMINIO-02, Protection, Malware Protection, File, Adware.MovieMode, C:\Documents and Settings\All Users\Dados de aplicativos\ZZEaywOvoM\dat\mZeISUtU.exe, Quarantine, [703ef8ad1b600f27fc03c5a61ee35fa1]

Protection, 30/7/2014 15:41:42, SYSTEM, ALUMINIO-02, Protection, Malicious Website Protection, Started,

Protection, 30/7/2014 15:47:02, SYSTEM, ALUMINIO-02, Protection, Malware Protection, Starting,

Protection, 30/7/2014 15:47:03, SYSTEM, ALUMINIO-02, Protection, Malware Protection, Started,

Protection, 30/7/2014 15:47:03, SYSTEM, ALUMINIO-02, Protection, Malicious Website Protection, Starting,

Protection, 30/7/2014 15:47:06, SYSTEM, ALUMINIO-02, Protection, Malicious Website Protection, Started,

(end)

Malwarebytes Anti-Malware

www.malwarebytes.org

Data de Verificação: 30/7/2014

Hora da Verificação: 15:28:46

Logfile: log2.txt

Administrador: Sim

Versão: 2.00.2.1012

Malware Database: v2014.07.30.06

Rootkit Database: v2014.07.17.01

Licença: Trial

Proteção de Malware: Enabled

Proteção de Site Malicioso: Enabled

Self-protection: Desabilitado

OS: Windows XP Service Pack 3

CPU: x86

Sistema de Arquivo: NTFS

Usuário: x

Tipo da Verificação: Verificar Ameaça

Resultado: Completado

Arquivos Verificados: 342631

Tempo Decorrido: 11 min, 44 seg

Memória: Enabled

Inicialização: Enabled

Filesystem: Enabled

Arquivos: Enabled

Rootkits: Desabilitado

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processos: 1

Adware.MovieMode, C:\Documents and Settings\All Users\Dados de aplicativos\ZZEaywOvoM\ObqfaHyPE.exe, 272, Delete-on-Reboot, [9618545189f28ea81de272f93ac7db25]

Módulos: 1

PUP.Optional.MovieMode.A, C:\Documents and Settings\All Users\Dados de aplicativos\ZZEaywOvoM\dat\azCCsoMJ.dll, Delete-on-Reboot, [ebc3ffa64c2f70c6a5d19216d72db14f],

Chaves de Registro: 6

Adware.MovieMode, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ObqfaHyPE, Quarantined, [9618545189f28ea81de272f93ac7db25],

PUP.Optional.Snapdo.T, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [9717d6cf265591a55de4f1aa45bd946c],

PUP.Optional.Snapdo.T, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, Quarantined, [9717d6cf265591a55de4f1aa45bd946c],

PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-4.8, Quarantined, [e8c6564ff58660d636c2f4f6639fb050],

PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, Quarantined, [1d91dfc6b3c83cfa24aec2527a8ade22],

PUP.Optional.PlusHD.A, HKU\S-1-5-21-725345543-1580436667-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-4.8, Quarantined, [6a44b1f42d4e9f97f2068268b0527888],

Valores de Registro: 3

PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_br_29, Quarantined, [9618970e6615cc6ac896b52faa5813ed],

Adware.EoRezo, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|upfst_br_29.exe, C:\Documents and Settings\x\Configurações locais\Dados de aplicativos\fst_br_29\upfst_br_29.exe -runhelper, Quarantined, [b2fce9bc9ddebf776205ba70bd47a45c]

PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, MYSTART, Quarantined, [1d91dfc6b3c83cfa24aec2527a8ade22]

Dados do Registro: 14

PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[515d45605b20b0865d49575d6f95cf31]

PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[dad4f0b5700b5ed8bdebefc5f11319e7]

PUP.Optional.Snapdo, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=BR&userid=ac29347d-3fdc-8dea-1e46-49f77adc65b9&searchtype=hp&installDate=17/12/2013, Good: (www.google.com), Bad: (http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=BR&userid=ac29347d-3fdc-8dea-1e46-49f77adc65b9&searchtype=hp&installDate=17/12/2013),Replaced,[0ea05d48f883c37310466b4eb54fc53b]

PUP.Optional.Snapdo, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=BR&userid=ac29347d-3fdc-8dea-1e46-49f77adc65b9&searchtype=ds&q={searchTerms}&installDate=17/12/2013, Good: (www.google.com), Bad: (http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=BR&userid=ac29347d-3fdc-8dea-1e46-49f77adc65b9&searchtype=ds&q={searchTerms}&installDate=17/12/2013),Replaced,[e1cd188dc2b97abcb3a182371fe543bd]

PUP.Optional.Snapdo, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=BR&userid=ac29347d-3fdc-8dea-1e46-49f77adc65b9&searchtype=ds&q={searchTerms}&installDate=17/12/2013, Good: (www.google.com), Bad: (http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=BR&userid=ac29347d-3fdc-8dea-1e46-49f77adc65b9&searchtype=ds&q={searchTerms}&installDate=17/12/2013),Replaced,[ac02792c1467a98d1e37cbeed72dcc34]

PUP.Optional.Snapdo, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=BR&userid=ac29347d-3fdc-8dea-1e46-49f77adc65b9&searchtype=ds&q={searchTerms}&installDate=17/12/2013, Good: (www.google.com), Bad: (http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=BR&userid=ac29347d-3fdc-8dea-1e46-49f77adc65b9&searchtype=ds&q={searchTerms}&installDate=17/12/2013),Replaced,[3777ccd9e497bd79bb9cfdbca75d6f91]

PUP.Optional.Snapdo, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=BR&userid=ac29347d-3fdc-8dea-1e46-49f77adc65b9&searchtype=ds&q={searchTerms}&installDate=17/12/2013, Good: (www.google.com), Bad: (http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=BR&userid=ac29347d-3fdc-8dea-1e46-49f77adc65b9&searchtype=ds&q={searchTerms}&installDate=17/12/2013),Replaced,[7b33b6ef90eb1f17f860d8e18a7a47b9]

PUP.Optional.SnapDo.A, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=BR&userid=ac29347d-3fdc-8dea-1e46-49f77adc65b9&searchtype=ds&q={searchTerms}&installDate=17/12/2013, Good: (www.google.com), Bad: (http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=BR&userid=ac29347d-3fdc-8dea-1e46-49f77adc65b9&searchtype=ds&q={searchTerms}&installDate=17/12/2013),Replaced,[c0ee277eec8f2610836d02ad897b5fa1]

PUP.Optional.Snapdo, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=BR&userid=ac29347d-3fdc-8dea-1e46-49f77adc65b9&searchtype=hp&installDate=17/12/2013, Good: (www.google.com), Bad: (http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=BR&userid=ac29347d-3fdc-8dea-1e46-49f77adc65b9&searchtype=hp&installDate=17/12/2013),Replaced,[634bb1f4e19ab77f560003b606fe15eb]

PUP.Optional.Snapdo, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=BR&userid=ac29347d-3fdc-8dea-1e46-49f77adc65b9&searchtype=ds&q={searchTerms}&installDate=17/12/2013, Good: (www.google.com), Bad: (http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=BR&userid=ac29347d-3fdc-8dea-1e46-49f77adc65b9&searchtype=ds&q={searchTerms}&installDate=17/12/2013),Replaced,[fbb3a4017b005cda153f5a5f20e4e719]

PUP.Optional.Snapdo, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=BR&userid=ac29347d-3fdc-8dea-1e46-49f77adc65b9&searchtype=ds&q={searchTerms}&installDate=17/12/2013, Good: (www.google.com), Bad: (http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=BR&userid=ac29347d-3fdc-8dea-1e46-49f77adc65b9&searchtype=ds&q={searchTerms}&installDate=17/12/2013),Replaced,[743a70356b100531bc99e3d67d874cb4]

PUP.Optional.Snapdo, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=BR&userid=ac29347d-3fdc-8dea-1e46-49f77adc65b9&searchtype=ds&q={searchTerms}&installDate=17/12/2013, Good: (www.google.com), Bad: (http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=BR&userid=ac29347d-3fdc-8dea-1e46-49f77adc65b9&searchtype=ds&q={searchTerms}&installDate=17/12/2013),Replaced,[c9e5b8ed2c4fee48391ee7d213f1cd33]

PUP.Optional.Snapdo, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=BR&userid=ac29347d-3fdc-8dea-1e46-49f77adc65b9&searchtype=ds&q={searchTerms}&installDate=17/12/2013, Good: (www.google.com), Bad: (http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=BR&userid=ac29347d-3fdc-8dea-1e46-49f77adc65b9&searchtype=ds&q={searchTerms}&installDate=17/12/2013),Replaced,[515df8adf08b91a58ecab900d430cf31]

PUP.Optional.SnapDo.A, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=BR&userid=ac29347d-3fdc-8dea-1e46-49f77adc65b9&searchtype=ds&q={searchTerms}&installDate=17/12/2013, Good: (www.google.com), Bad: (http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=BR&userid=ac29347d-3fdc-8dea-1e46-49f77adc65b9&searchtype=ds&q={searchTerms}&installDate=17/12/2013),Replaced,[e3cb92135229989e3bb5eac55da756aa]

Pastas: 0

(No malicious items detected)

Arquivos: 6

Adware.MovieMode, C:\Documents and Settings\All Users\Dados de aplicativos\ZZEaywOvoM\ObqfaHyPE.exe, Delete-on-Reboot, [9618545189f28ea81de272f93ac7db25],

PUP.Optional.MovieMode.A, C:\Documents and Settings\All Users\Dados de aplicativos\ZZEaywOvoM\dat\azCCsoMJ.dll, Delete-on-Reboot, [ebc3ffa64c2f70c6a5d19216d72db14f],

Adware.MovieMode, C:\Documents and Settings\All Users\Dados de aplicativos\ZZEaywOvoM\dat\mZeISUtU.exe, Delete-on-Reboot, [26883570453691a507f8d695f40d3fc1],

PUP.Optional.SweetIM, C:\WINDOWS\Installer\38ccb7.msi, Quarantined, [397533724635ce68e790588602025ba5],

PUP.Optional.Superfish.A, C:\Documents and Settings\x\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [1a94a5007209c0769309d80758aabf41],

PUP.Optional.Superfish.A, C:\Documents and Settings\x\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [2b834f56ccaf39fddbc1f5ea4bb77e82],

Physical Sectors: 0

(No malicious items detected)

(end)

era isso?