Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

karoline  ferreira

[Resolvido] Adwares no computador!

Recommended Posts

Boa tarde!! Por favor me ajude, sem querer cliquei em um link e baixei muitos vírus no meu notebook, ja passei um programa chamado SpyHunter só que acho que ainda tem virus. Se puderem me ajudar agradeço.



Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:52:21, on 02/11/2014

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16575)

Boot mode: Normal


Running processes:

C:\Trend Micro\HiJackThis\HiJackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1414873380&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5DCB01445

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1414873380&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5DCB01445




R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: (no name) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


--

End of file - 5629 bytes


Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! karoline ferreira

 

> Desinstale: SpyHunter

>

> Baixe: < AdwCleaner_Logo2_zps580bcd78.jpg > ( ... par Xplode )
>
> Ou daqui: < AdwCleaner >
> Ao acessar,clique em "Download Now".
>
> Salve-o no desktop!
< Executar_Administrador.jpg >
> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.
AdwCleaner_Examinar_zps828ed634.jpg
> Ps: Dê início ao scan,clicando em "Examinar".
< AdwCleaner_Limpar_zps06005ae9.jpg >
> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatório".
> Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite!!!

Segue a baixo o relatório.

 

 

 

< C:\AdwCleaner\AdwCleaner[s0].txt >

 

 

# AdwCleaner v3.311 - Relatório criado 02/11/2014 às 23:55:35

# Atualizado 30/09/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate (64 bits)
# Usuário : User - USER-PC
# Executando de : C:\Users\User\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
[#] Serviço Deletada : IePluginServices
***** [ Arquivos / Pastas ] *****
[!] Pasta Deletada : C:\ProgramData\374311380
[!] Pasta Deletada : C:\ProgramData\IePluginServices
[!] Pasta Deletada : C:\ProgramData\WindowsMangerProtect
[!] Pasta Deletada : C:\Program Files (x86)\globalUpdate
[!] Pasta Deletada : C:\Program Files (x86)\predm
[!] Pasta Deletada : C:\Program Files (x86)\Probit Software
[!] Pasta Deletada : C:\Users\User\AppData\Local\globalUpdate
[!] Pasta Deletada : C:\Users\User\Documents\Optimizer Pro
[!] Pasta Deletada : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qw3vfgd5.default\Extensions\faststartff@gmail.com
Arquivo Deletada : C:\Windows\System32\log\iSafeKrnlCall.log
Arquivo Deletada : C:\Users\User\AppData\Roaming\LiveSupport.exe_log.txt
Arquivo Deletada : C:\Users\User\AppData\Roaming\regsvr32.exe_log.txt
Arquivo Deletada : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qw3vfgd5.default\user.js
***** [ Tarefas ] *****
Tarefa Deletedo : LaunchSignup
***** [ Atalhos ] *****
***** [ Registro ] *****
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\JFileManager_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\JFileManager_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\LiveSupport_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\livesupport_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\vopackage_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\vopackage_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wpm_v20_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wpm_v20_RASMANCS
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Chave Deletedo : HKCU\Software\GlobalUpdate
Chave Deletedo : HKCU\Software\Optimizer Pro
Chave Deletedo : HKCU\Software\SupHpUISoft
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\DynConIE
Chave Deletedo : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chave Deletedo : HKLM\SOFTWARE\GlobalUpdate
Chave Deletedo : HKLM\SOFTWARE\omiga-plusSoftware
Chave Deletedo : HKLM\SOFTWARE\SupDp
Chave Deletedo : HKLM\SOFTWARE\SupTab
Chave Deletedo : HKLM\SOFTWARE\supWindowsMangerProtect
Chave Deletedo : HKLM\SOFTWARE\Tutorials
***** [ Navegadores ] *****
-\\ Internet Explorer v9.0.8112.16575
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]
-\\ Mozilla Firefox v33.0.2 (x86 pt-BR)
[ Arquivo : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qw3vfgd5.default\prefs.js ]
Linha deletada : user_pref("browser.search.defaultenginename", "omiga-plus");
Linha deletada : user_pref("extensions.crossrider.bic", "1496d3d5aa895295964831de884412dd");
-\\ Google Chrome v38.0.2125.111
[ Arquivo : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [8034 octets] - [02/11/2014 23:49:40]
AdwCleaner[s0].txt - [6314 octets] - [02/11/2014 23:55:35]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6374 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! karoline ferreira

 

> Baixe: < 1268r49.png > ( ... by Oleg N. Scherbakov )
> Salve-o no desktop!
> Desabilite seu antivírus!
> Para Windows 7,clique direito em JRT.exe e execute-o ...
Executar_Administrador.jpg
jrtcmdsm.jpg
> Aguarde a conclusão e poste o relatório. ( JRT.txt )
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia!!! DigRam...

 

Segue a baixo o relatório JRT.

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 7 Ultimate x64
Ran by User on 03/11/2014 at 10:05:40,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qw3vfgd5.default\minidumps [17 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/11/2014 at 10:16:37,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! karoline ferreira

 

> Baixe: < ZHPCleaner_zps71d274df.jpg > ( ... de Nicolas Coolman )
> Estando na página,clique 53cb8e11d3f80.jpg
> Salve-a no desktop!
> Execute-a e ao abrir,clique "J'accept/I Agree".
ZHPCleaner_Tous_zpsae2ad662.jpg
> Para correções mais abrangentes,marque todas as opções disponíveis.
> Clique Réparer.
> Clique Rapport.
> Poste o relatório!
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites
Bom dia!!! DigRam...


Segue a baixo o poste o relatório do ZHPCleaner.





~ ZHPCleaner v2014.11.2.204 by Nicolas Coolman (02/11/2014)

~ Run by User (Administrator) (03/11/2014 11:03:05)



~ State version : Updated version

~ Type : Repair

~ Report : C:\Users\User\Desktop\ZHPCleaner.txt

~ Quarantine : C:\Users\User\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt

~ UAC : Activate

~ Windows 7, 64-bit (Build 7600)



---\\ Services (0)

~ No malicious items found.



---\\ Browser Internet (1)

REPLACED Chrome URL: "hxxp://www.google.com.br/"]



---\\ Hosts file (1)

~ The hosts file is legitimate (21)



---\\ Scheduled automatic tasks. (0)

~ No malicious items found.



---\\ Explorer ( Files, Folders) (4)

MOVED: C:\Windows\Prefetch\5555-1001_NEWPLAYER.EXE-E974A743.pf (Adware.NewPlayer)

MOVED: C:\Windows\Prefetch\JFILEMANAGER.EXE-5A3DE263.pf (PUP.JFileManager)

MOVED: C:\Windows\Prefetch\JFILEMANAGERSETUP.EXE-F01F17E7.pf (PUP.JFileManager)

MOVED: C:\Windows\Prefetch\MYPC BACKUP.EXE-98FB306F.pf (PUP.MyPCBackup)



---\\ Registry ( Keys, Values, Datas) (7)

DELETED: HKCR\CLSID\{47216CC9-40D4-448A-9D03-F812B577E97B} [NeroSearchQuerySourceSettings Class] (PUP.Datamngr)

DELETED: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} [shopperReports.dll] (Adware.ShopperReports)

DELETED: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} [shoppingReport.dll] (Adware.ShoppingReport)

DELETED: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} [babylonToolbar.dll] (PUP.Babylon)

DELETED: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} [babylonToolbar.dll] (PUP.Babylon)

DELETED: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} [babylonToolbarTlbr.dll] (PUP.Babylon)

DELETED: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} [shoppingReport.dll] (Adware.ShoppingReport)




---\\ Result of repair

~ Repair carried out successfully

~ No browser found (Opera Software)



End of clean at 11:08:53

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! karoline ferreira

 

> Poste novo relatório do HijackThis.

> Tudo OK? :)

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa tarde !!! DigRam


Que bom muito obrigada mesmo pela ajuda. :kiss:

Segue o novo relatório doHijackThis.



Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:25:35, on 03/11/2014

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16575)

Boot mode: Normal


Running processes:

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe

C:\Users\User\AppData\Roaming\IMVUClient\IMVUClient.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Trend Micro\HiJackThis\HiJackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


--

End of file - 5558 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! karoline ferreira

 

> Vamos remover as ferramentas que foram utilizadas na desinfecção!
> Baixe: < delfix_108_zps75ef8ba4.jpg > ( ... de Xplode )
DelFix_Download_zpsb5d944c7.jpg
> Estando na página,clique em Download Now.
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.
DelFix_RCL_zpscdf4940b.jpg
> Remover ferramentas de desinfecção
> Criar backup do registro
> Limpar pontos da restauração do sistema
> Com estas caixinhas marcadas,clique Executar!
> Reinicie o computador ao concluir!
> Seus logs estão limpos!
> Tudo Ok?
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde!! Dig Ram...

 

O meu notebook aparentemente esta tudo normal, ta funcionando normal....Obrigada pela ajuda :)

Segue em baixo o post do DelFix.

 

# DelFix v10.8 - Relatório criado 03/11/2014 às 13:51:53
# Atualizado 29/07/2014 por Xplode
# Usuário : User - USER-PC
# Sistema Operacional : Windows 7 Ultimate (64 bits)
~ Removendo ferramentas de desinfecção ...
Removido : C:\AdwCleaner
Removido : C:\Users\User\AppData\Roaming\ZHP
Removido : C:\HijackThis.msi
Removido : C:\Users\User\Desktop\AdwCleaner.exe
Removido : C:\Users\User\Desktop\JRT.exe
Removido : C:\Users\User\Desktop\HiJackThis.lnk
Removido : C:\Users\User\Desktop\ZHPCleaner.exe
Removido : HKLM\SOFTWARE\AdwCleaner
Removido : HKLM\SOFTWARE\TrendMicro\Hijackthis
~ Criando backup do registro ... OK
~ Limpando pontos da restauração do sistema ...
Novo ponto de restauração criado !
########## - EOF - ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.