Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

PROTECTOR -N

[Arquivado] Infectado pelo vírus "Consumer-Feedback.Net"

Recommended Posts

Seque log do hijackThis

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:49:00, on 14/02/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal
Running processes:
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\ProgramData\MovieMode\up\2.6.78\MovieMode.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\ProgramData\Updater\updater.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\RHelpers\FireFoxHelper\FireFoxHelper.exe
C:\ProgramData\RHelpers\IEHelper\IeHelper.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/?pc=UP97&ocid=UP97DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [HD Audio Driver] C:\windows\explorer.exe "C:\Users\nozyeg\AppData\Roaming\Realtek\RAVCpl32.exe"
O4 - HKLM\..\Run: [updater] C:\ProgramData\Updater\Updater.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [updater] C:\ProgramData\Updater\updater.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\Run: [updater] C:\ProgramData\Updater\Updater.exe (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [updater] C:\ProgramData\Updater\Updater.exe (User 'Default user')
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O15 - Trusted Zone: http://www.caixa.gov.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8463C21-C988-4842-841E-8340E6E692F8}: NameServer = 0.0.0.0
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Unknown owner - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
O23 - Service: Movie Mode (MovieMode) - GenTechnologies Apps, LLC - C:\ProgramData\MovieMode\up\2.6.78\MovieModeService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) - Orolix Desenvolvimento de Software LTDA. - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 14938 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá.

 

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:

http://www.bleepingcomputer.com/download/adwcleaner/

 

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

 

Remova adwares e toolbars maliciosas com o Adwcleaner

 

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[s0].txt

 

Ficamos na espera.

Compartilhar este post


Link para o post
Compartilhar em outros sites
# AdwCleaner v4.112 - Logfile created 11/03/2015 at 12:16:29

# Updated 09/03/2015 by Xplode

# Database : 2015-03-05.1 [server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : nozyeg - GEYZON-PC

# Running from : C:\Users\nozyeg\Downloads\AdwCleaner.exe

# Option : Cleaning


***** [ Services ] *****


Service Deleted : MovieMode


***** [ Files / Folders ] *****


Folder Deleted : C:\ProgramData\baidu

Folder Deleted : C:\ProgramData\BetterSoft

Folder Deleted : C:\ProgramData\Browser

Folder Deleted : C:\ProgramData\MovieMode

Folder Deleted : C:\ProgramData\RHelpers

Folder Deleted : C:\ProgramData\StarApp

Folder Deleted : C:\ProgramData\Updater

Folder Deleted : C:\ProgramData\SearchDeals2

Folder Deleted : C:\ProgramData\savensHare

Folder Deleted : C:\Program Files (x86)\Browser

Folder Deleted : C:\Program Files (x86)\FlvPlayer

Folder Deleted : C:\Program Files (x86)\v9

Folder Deleted : C:\Program Files (x86)\SaveShare

Folder Deleted : C:\Users\Convidado\AppData\Local\Browser

Folder Deleted : C:\Users\Convidado\AppData\Local\MovieMode

Folder Deleted : C:\Users\nozyeg\AppData\Local\MovieMode

Folder Deleted : C:\Users\nozyeg\AppData\LocalLow\HPAppData

Folder Deleted : C:\Users\nozyeg\AppData\Roaming\baidu

Folder Deleted : C:\Users\nozyeg\AppData\Roaming\UpdaterEX

File Deleted : C:\Users\nozyeg\AppData\Roaming\Mozilla\Firefox\Profiles\tt1byrrs.default\searchplugins\WebSearch.xml

File Deleted : C:\Users\nozyeg\AppData\Roaming\Mozilla\Firefox\Profiles\61flkjah.default\user.js

File Deleted : C:\Users\nozyeg\AppData\Roaming\Mozilla\Firefox\Profiles\tt1byrrs.default\user.js

File Deleted : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

File Deleted : C:\Users\nozyeg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

File Deleted : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

File Deleted : C:\Users\nozyeg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

File Deleted : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage

File Deleted : C:\Users\nozyeg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage

File Deleted : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

File Deleted : C:\Users\nozyeg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

File Deleted : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage

File Deleted : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal

File Deleted : C:\Users\nozyeg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

File Deleted : C:\Users\nozyeg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage


***** [ Scheduled tasks ] *****



***** [ Shortcuts ] *****



***** [ Registry ] *****


Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [updater]

Key Deleted : HKLM\SOFTWARE\Classes\AppID\DynConIE.DLL

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [updater]

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecb

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_703c874a

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{384997EE-E3BE-49C4-9ECA-C62B7C08128A}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\UpdaterEX

Key Deleted : HKCU\Software\AppDataLow\SProtector

Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE

Key Deleted : HKCU\Software\AppDataLow\Software\lyrixeeker

Key Deleted : HKLM\SOFTWARE\SP Global

Key Deleted : HKLM\SOFTWARE\SProtector

Key Deleted : HKLM\SOFTWARE\Baidu

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Desk 365

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MovieMode

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62D82EC1-0D3A-DF54-8E3E-07E1337A5311}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro


***** [ Web browsers ] *****


-\\ Internet Explorer v11.0.9600.17631



-\\ Mozilla Firefox v26.0 (pt-BR)


[tt1byrrs.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");

[tt1byrrs.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.searchesplace.info/?pid=512&r=2013/08/09&hid=3585564879&lg=EN&cc=BR&unqvl=30&l=1&q=");

[tt1byrrs.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");

[tt1byrrs.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");

[tt1byrrs.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");

[tt1byrrs.default\prefs.js] - Line Deleted : 100%;height:300%;position:absolute;left:0;top:0\");a.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">';b.sty[...]

[tt1byrrs.default\prefs.js] - Line Deleted : endmedia.com cpxinteractive media-servers doubleclick brealtime.com adnxs.com yieldmanager yieldads adserverplus exoclick.com vitalads zedo.com mshft pop.billi edomz realpopbid bestadbid directdisplay[...]

[tt1byrrs.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://websearch.searchesplace.info/?pid=512&r=2013/08/09&hid=3585564879&lg=EN&cc=BR&unqvl=30&l=1&q=");


-\\ Google Chrome v40.0.2214.115


[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://br.ask.com/web?q={searchTerms}


*************************


AdwCleaner[R0].txt - [9025 bytes] - [11/03/2015 12:04:33]

AdwCleaner[s0].txt - [8872 bytes] - [11/03/2015 12:16:29]


########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8931 bytes] ##########


Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu antivírus para evitar conflitos.

 

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:

http://www.hijackthis.nl/smeenk/

 

Salve-o no Desktop (Área de Trabalho).

 

Para executá-lo corretamente siga as dicas deste tutorial:

 

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

 

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Zoek.exe v5.0.0.0 Updated 13-March-2015

Tool run by nozyeg on 14/03/2015 at 1:14:12,97.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\nozyeg\Downloads\zoek.exe [scan all users] [script inserted]


==== System Restore Info ======================


14/03/2015 01:21:11 Zoek.exe System Restore Point Created Successfully.


==== Reset Hosts File ======================


# Copyright © 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host


# localhost name resolution is handled within DNS itself.

127.0.0.1 localhost

::1 localhost


==== Empty Folders Check ======================


C:\PROGRA~2\GUM7F01.tmp deleted successfully

C:\PROGRA~2\Netscape deleted successfully

C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully

C:\PROGRA~3\Oracle deleted successfully

C:\Users\nozyeg\AppData\Roaming\TP deleted successfully

C:\Users\nozyeg\AppData\Local\CrashDumps deleted successfully

C:\Users\nozyeg\AppData\Local\Intel WiDi deleted successfully


==== Deleting CLSID Registry Keys ======================



==== Deleting CLSID Registry Values ======================



==== Deleting Services ======================



==== FireFox Fix ======================


Deleted from C:\Users\CONVID~1\AppData\Roaming\Mozilla\Firefox\Profiles\vrrn383e.default\prefs.js:


Added to C:\Users\CONVID~1\AppData\Roaming\Mozilla\Firefox\Profiles\vrrn383e.default\prefs.js:

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");


Deleted from C:\Users\CONVID~1\AppData\Roaming\Nvu\Profiles\b18fywlt.default\prefs.js:


Added to C:\Users\CONVID~1\AppData\Roaming\Nvu\Profiles\b18fywlt.default\prefs.js:

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");


Deleted from C:\Users\nozyeg\AppData\Roaming\Mozilla\Firefox\Profiles\tt1byrrs.default\prefs.js:



Added to C:\Users\nozyeg\AppData\Roaming\Mozilla\Firefox\Profiles\tt1byrrs.default\prefs.js:

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");


Deleted from C:\Users\nozyeg\AppData\Roaming\Netscape\Navigator\Profiles\lnf6af7p.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com.br/");


Added to C:\Users\nozyeg\AppData\Roaming\Netscape\Navigator\Profiles\lnf6af7p.default\prefs.js:

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");


Deleted from C:\Users\nozyeg\AppData\Roaming\Nvu\Profiles\ln0v1ff4.default\prefs.js:


Added to C:\Users\nozyeg\AppData\Roaming\Nvu\Profiles\ln0v1ff4.default\prefs.js:

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");


Deleted from C:\Users\nozyeg\AppData\Roaming\Mozilla\Firefox\Profiles\61flkjah.default\prefs.js:


Added to C:\Users\nozyeg\AppData\Roaming\Mozilla\Firefox\Profiles\61flkjah.default\prefs.js:

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");


ProfilePath: C:\Users\CONVID~1\AppData\Roaming\Mozilla\Firefox\Profiles\vrrn383e.default


user.js not found

---- FireFox user.js and prefs.js backups ----


prefs_032015_0207_.backup


ProfilePath: C:\Users\CONVID~1\AppData\Roaming\Nvu\Profiles\b18fywlt.default


user.js not found

---- FireFox user.js and prefs.js backups ----


prefs_032015_0207_.backup


ProfilePath: C:\Users\nozyeg\AppData\Roaming\Mozilla\Firefox\Profiles\tt1byrrs.default


user.js not found

---- Lines browser.startup.page removed from prefs.js ----

user_pref("browser.startup.page", 1);

---- Lines extensions.Wg4hI3q_ removed from prefs.js ----

user_pref("extensions.Wg4hI3q_.epoch", "1376669317");

user_pref("extensions.Wg4hI3q_.scode", "if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.s


---- Lines extensions.creJrM removed from prefs.js ----

user_pref("extensions.creJrM.epoch", "1376669317");

user_pref("extensions.creJrM.scode", "if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var a=function(){try{jQu


---- FireFox user.js and prefs.js backups ----


prefs_032015_0207_.backup


ProfilePath: C:\Users\nozyeg\AppData\Roaming\Netscape\Navigator\Profiles\lnf6af7p.default


user.js not found

---- FireFox user.js and prefs.js backups ----


prefs_032015_0207_.backup


ProfilePath: C:\Users\nozyeg\AppData\Roaming\Nvu\Profiles\ln0v1ff4.default


user.js not found

---- FireFox user.js and prefs.js backups ----


prefs_032015_0207_.backup


ProfilePath: C:\Users\nozyeg\AppData\Roaming\Mozilla\Firefox\Profiles\61flkjah.default


user.js not found

---- FireFox user.js and prefs.js backups ----



==== Deleting Files \ Folders ======================


C:\PROGRA~2\GUM7F01.tmp not found

C:\PROGRA~2\Netscape not found

C:\Users\nozyeg\.android deleted

C:\Users\nozyeg\AppData\Roaming\WB.CFG deleted

C:\PROGRA~3\FileSplitUpLoad.dll deleted

C:\PROGRA~3\boost_interprocess deleted

C:\PROGRA~3\SearchNewTab deleted

C:\PROGRA~3\InstallMate deleted

C:\Users\nozyeg\Downloads\adt-bundle-windows-x86_64-20130219 (1).zip deleted

C:\Users\nozyeg\Downloads\SoftonicDownloader_para_facebook-password-dump.exe deleted

C:\Users\nozyeg\Downloads\SoftonicDownloader_para_hypercam.exe deleted

C:\Users\nozyeg\Downloads\SoftonicDownloader_para_magical-jelly-bean-keyfinder.exe deleted

C:\Users\nozyeg\Downloads\SoftonicDownloader_para_notepad.exe deleted

C:\Users\nozyeg\Downloads\SoftonicDownloader_para_nvu.exe deleted

C:\Users\nozyeg\Downloads\SoftonicDownloader_para_safari.exe deleted

C:\Users\nozyeg\Downloads\SoftonicDownloader_para_winzip.exe deleted

C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted

C:\windows\SysNative\config\systemprofile\Searches deleted

C:\windows\Syswow64\sho601B.tmp deleted

C:\Users\nozyeg\Documents\Add-in Express deleted

C:\Users\nozyeg\AppData\Roaming\unins000.exe deleted

C:\Users\nozyeg\AppData\Roaming\unins001.exe deleted

C:\Users\nozyeg\Downloads\AllWebMenusSetup.exe deleted

C:\Users\nozyeg\AppData\Roaming\Mozilla\Firefox\Profiles\61flkjah.default\extensions\abs@avira.com deleted

"C:\PROGRA~3\Package Cache" deleted


==== Firefox Start and Search pages ======================


ProfilePath: C:\Users\CONVID~1\AppData\Roaming\Mozilla\Firefox\Profiles\vrrn383e.default

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");


ProfilePath: C:\Users\CONVID~1\AppData\Roaming\Nvu\Profiles\b18fywlt.default

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");


ProfilePath: C:\Users\nozyeg\AppData\Roaming\Mozilla\Firefox\Profiles\tt1byrrs.default

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");


ProfilePath: C:\Users\nozyeg\AppData\Roaming\Netscape\Navigator\Profiles\lnf6af7p.default

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");


ProfilePath: C:\Users\nozyeg\AppData\Roaming\Nvu\Profiles\ln0v1ff4.default

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");


ProfilePath: C:\Users\nozyeg\AppData\Roaming\Mozilla\Firefox\Profiles\61flkjah.default

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");


==== Firefox Extensions Registry ======================


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [11/02/2015 10:17]

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\nozyeg\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [15/09/2014 11:58]


==== Firefox Extensions ======================


ProfilePath: C:\Users\CONVID~1\AppData\Roaming\Nvu\Profiles\b18fywlt.default

- Undetermined - %ProfilePath%\extensions\installed-extensions.txt

- Nvu default - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}


ProfilePath: C:\Users\nozyeg\AppData\Roaming\Mozilla\Firefox\Profiles\tt1byrrs.default

- GBBD Caixa Economica Federal - C:\Users\nozyeg\AppData\Local\GAS Tecnologia\GBBD\cef\xpi

- GBBD Banco do Brasil - C:\Users\nozyeg\AppData\Local\GAS Tecnologia\GBBD\bb\xpi


ProfilePath: C:\Users\nozyeg\AppData\Roaming\Netscape\Navigator\Profiles\lnf6af7p.default

- Undetermined - C:\Program Files (x86)\Netscape\Navigator 9\extensions\netscape9migrator@flock.com

- Undetermined - C:\Program Files (x86)\Netscape\Navigator 9\extensions\netstripe@netscape.com


ProfilePath: C:\Users\nozyeg\AppData\Roaming\Nvu\Profiles\ln0v1ff4.default

- Undetermined - %ProfilePath%\extensions\installed-extensions.txt

- Nvu default - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}


AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}


==== Firefox Plugins ======================


Profilepath: C:\Users\nozyeg\AppData\Roaming\Mozilla\Firefox\Profiles\61flkjah.default

BFD1CDA328C83054154DD05EA233F79B - C:\Users\nozyeg\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil

3CD19649B2C3023D65E67C056457A2BC - C:\Users\nozyeg\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin

15E298B5EC5B89C5994A59863969D9FF - C:\windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System


Profilepath: C:\Users\nozyeg\AppData\Roaming\Mozilla\Firefox\Profiles\tt1byrrs.default

BFD1CDA328C83054154DD05EA233F79B - C:\Users\nozyeg\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil

3CD19649B2C3023D65E67C056457A2BC - C:\Users\nozyeg\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin

FF7BE908352D36D50E308F49162FEA32 - C:\Users\nozyeg\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil



==== Chromium Look ======================


Google Chrome Version: 40.0.2214.115 (Possible outdated, latest Stable version: 41.0.2272.89)


HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

flliilndjeohchalpbbcdekjklbdgfkk - No path found[]

gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[10/02/2015 23:03]


HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

nnjbodopomfddehlalfilheomcahbpei - C:\Users\nozyeg\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[14/08/2014 12:44]


Google Docs - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Avast Online Security - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

Google Wallet - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

Google Docs - nozyeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - nozyeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - nozyeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - nozyeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Avast Online Security - nozyeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

Google Wallet - nozyeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

GBBD Caixa Economica Federal - nozyeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei

GBBD Caixa Economica Federal - nozyeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi

Gmail - nozyeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia


==== Chromium Fix ======================


C:\Users\nozyeg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully

C:\Users\nozyeg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully

C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultfriendfinder.com_0.localstorage deleted successfully

C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultfriendfinder.com_0.localstorage-journal deleted successfully


==== Set IE to Default ======================


Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]



New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]



==== All HKCU SearchScopes ======================


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{06661B2E-AEE5-47DD-9A1D-FC06314929FE} Google Url="https://www.google.com/search?q={searchTerms}"


==== Reset Google Chrome ======================


C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\nozyeg\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

C:\Users\nozyeg\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully


==== shortcuts on Users Desktops ======================


C:\Users\Convidado\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Convidado\Desktop\Notepad++.lnk - C:\Program Files (x86)\Notepad++\notepad++.exe

C:\Users\Convidado\Desktop\Nvu.lnk - C:\Program Files (x86)\Nvu\nvu.exe

C:\Users\Convidado\Desktop\Paciência - Atalho.lnk -

C:\Users\Convidado\Desktop\QuickSender.lnk - C:\Program Files\QuickSender\QuickSender.exe

C:\Users\nozyeg\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\nozyeg\Desktop\HiJackThis.lnk - C:\Users\nozyeg\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\nozyeg\Desktop\Notepad++.lnk - C:\Program Files (x86)\Notepad++\notepad++.exe

C:\Users\nozyeg\Desktop\QuickSender.lnk - C:\Program Files\QuickSender\QuickSender.exe

C:\Users\nozyeg\Desktop\SendBlaster 3.lnk - C:\Program Files (x86)\SendBlaster3\sendblaster3.exe

C:\Users\nozyeg\Desktop\Financeira do Trabalhador\I.R.I.S. Resource Center.lnk -

C:\Users\nozyeg\Desktop\Nova pasta (2)\Carnê-Leão 2012.lnk -

C:\Users\nozyeg\Desktop\Nova pasta (2)\CodeBlocks.lnk - C:\Program Files (x86)\CodeBlocks\codeblocks.exe

C:\Users\nozyeg\Desktop\Nova pasta (2)\Fotosizer.lnk - C:\Program Files (x86)\Fotosizer\Fotosizer.exe

C:\Users\nozyeg\Desktop\Nova pasta (2)\Receitanet 1.03 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe

C:\Users\nozyeg\Desktop\Nova pasta (2)\SPO 2012\NOTAS\04 -ABRIL - 2012\Documentos - Atalho.lnk - C:\Users\nozyeg\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms

C:\Users\nozyeg\Desktop\Nova pasta (3)\Adobe Creative Cloud.lnk - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=HomePanel_BL --appletVersion=1.0

C:\Users\nozyeg\Desktop\Nova pasta (3)\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe

C:\Users\nozyeg\Desktop\Nova pasta (3)\AllWebMenus 5 PRO.lnk - C:\Program Files (x86)\Likno Software\AllWebMenus5\AllWebMenus.exe

C:\Users\nozyeg\Desktop\Nova pasta (3)\Central de Soluções HP.lnk -

C:\Users\nozyeg\Desktop\Nova pasta (3)\Easy Settings.lnk - C:\Program Files (x86)\Samsung\Easy Settings\ControlCenter.exe

C:\Users\nozyeg\Desktop\Nova pasta (3)\Easy Software Manager.lnk - C:\Program Files (x86)\Samsung\Easy Software Manager\SoftwareManager.exe

C:\Users\nozyeg\Desktop\Nova pasta (3)\Easy Support Center.lnk - C:\Program Files (x86)\Samsung\Easy Support Center\SSCMain.exe

C:\Users\nozyeg\Desktop\Nova pasta (3)\Free Web Buttons.lnk - C:\Program Files (x86)\Free-Web-Buttons.com\free-web-buttons.exe

C:\Users\nozyeg\Desktop\Nova pasta (3)\Gerenciador de software do V9 PC Doctor.lnk - C:\Program Files (x86)\V9\PcDoctor\KSafe.exe -do:ui_softmgr

C:\Users\nozyeg\Desktop\Nova pasta (3)\HP Officejet 4500 G510a-f - Atalho.lnk -

C:\Users\nozyeg\Desktop\Nova pasta (3)\HyperCam 3.lnk - C:\Program Files (x86)\HyperCam 3\SMM_HyperCam.exe

C:\Users\nozyeg\Desktop\Nova pasta (3)\Intel® WiDi.lnk - C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe

C:\Users\nozyeg\Desktop\Nova pasta (3)\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -

C:\Users\nozyeg\Desktop\Nova pasta (3)\Jogos.lnk - C:\Program Files (x86)\V9\PcDoctor\KSafe.exe -do:ui_Game

C:\Users\nozyeg\Desktop\Nova pasta (3)\LogoMaker.lnk - C:\Program Files (x86)\Studio V5\LogoMaker\LogoMaker.exe

C:\Users\nozyeg\Desktop\Nova pasta (3)\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\nozyeg\Desktop\Nova pasta (3)\Multimedia POP.lnk - C:\Program Files\Samsung\MultimediaPOP\MultimediaPOP.exe

C:\Users\nozyeg\Desktop\Nova pasta (3)\Nvu.lnk - C:\Program Files (x86)\Nvu\nvu.exe

C:\Users\nozyeg\Desktop\Nova pasta (3)\OpenOffice.org 3.4.1.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Users\nozyeg\Desktop\Nova pasta (3)\Receitanet 1.04 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe

C:\Users\nozyeg\Desktop\Nova pasta (3)\Safari.lnk - C:\windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe

C:\Users\nozyeg\Desktop\Nova pasta (3)\Skype.lnk - C:\windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe

C:\Users\nozyeg\Desktop\Nova pasta (3)\TIM Communicator.lnk - C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe

C:\Users\nozyeg\Desktop\Nova pasta (3)\Total Video Converter.lnk - C:\Program Files (x86)\Total Video Converter\tvcshell.exe

C:\Users\nozyeg\Desktop\Nova pasta (3)\Total Video Player.lnk - C:\Program Files (x86)\Total Video Converter\tvp.exe

C:\Users\nozyeg\Desktop\Nova pasta (3)\V9 PC Doctor.lnk - C:\Program Files (x86)\V9\PcDoctor\KSafe.exe

C:\Users\nozyeg\Desktop\Nova pasta (3)\X2X Free Video Audio Merger.lnk - C:\Program Files (x86)\X2Xsoft\Free Video Audio Merger\VideoAudioMerger.exe


==== shortcuts on All Users Desktop ======================


C:\Users\Public\Desktop\Avast Internet Security.lnk - C:\Program Files\AVAST Software\Avast\avastui.exe

C:\Users\Public\Desktop\Avast SafeZone.lnk - C:\Program Files\AVAST Software\Avast\avastui.exe /sfzonebrowser

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\Users\Public\Desktop\FOX E-mail Extrator.lnk - C:\Program Files (x86)\FOX E-mail Extrator\FOX E-mail Extrator.exe


==== shortcuts in Users Start Menu ======================


C:\Users\nozyeg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\nozyeg\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe


==== shortcuts in All Users Start Menu ======================


C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast SafeZone.lnk - C:\Program Files\AVAST Software\Avast\avastui.exe /sfzonebrowser

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Java Mission Control.lnk - C:\Program Files\Java\jdk1.7.0_21\bin\jmc.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012\Visual Studio Tools\Developer Command Prompt for VS2012.lnk - C:\windows\system32\cmd.exe /k ""C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\Tools\VsDevCmd.bat""


==== shortcuts in Quick Launch ======================


C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\windows\system32\calc.exe

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\windows\system32\mspaint.exe

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Welcome Center.lnk - C:\windows\system32\rundll32.exe C:\windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Software Launcher.lnk - C:\Program Files (x86)\Samsung\Software Launcher\Software Launcher.exe

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\windows\explorer.exe

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\nozyeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk - C:\windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe

C:\Users\nozyeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CodeBlocks.lnk - C:\Program Files (x86)\CodeBlocks\codeblocks.exe

C:\Users\nozyeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Fotosizer.lnk - C:\Program Files (x86)\Fotosizer\Fotosizer.exe

C:\Users\nozyeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\nozyeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\nozyeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\nozyeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\nozyeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\windows\system32\control.exe

C:\Users\nozyeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\- Play Games -.lnk - C:\Program Files (x86)\WildGames\onplay\onplay.exe "C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsole-wt.exe" /src startmenuoem

C:\Users\nozyeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Media Center.lnk - C:\windows\ehome\ehshell.exe

C:\Users\nozyeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft PowerPoint 2010.lnk - C:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\pptico.exe

C:\Users\nozyeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Safari.lnk - C:\windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe

C:\Users\nozyeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Samsung Recovery Solution 5.lnk - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Manager1.exe

C:\Users\nozyeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\VS Express for Desktop.lnk - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe

C:\Users\nozyeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CodeBlocks.lnk - C:\Program Files (x86)\CodeBlocks\codeblocks.exe

C:\Users\nozyeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\eclipse.lnk - C:\Users\nozyeg\Documents\GEYZON\Desenvolvimento Mobile\adt-bundle-windows-x86_64-20130219\eclipse\eclipse.exe

C:\Users\nozyeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\nozyeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\nozyeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Safari.lnk - C:\windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe

C:\Users\nozyeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Software Launcher.lnk - C:\Program Files (x86)\Samsung\Software Launcher\Software Launcher.exe

C:\Users\nozyeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VS Express for Desktop.lnk - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe

C:\Users\nozyeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\windows\explorer.exe

C:\Users\nozyeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1


==== Reset IE Proxy ======================


Value(s) before fix:

"ProxyEnable"=dword:00000000


Value(s) after fix:

"ProxyEnable"=dword:00000000


==== Deleting Registry Keys ======================


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1E3CA1C4-1E90-401B-8CC0-911DF018D8D8} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{592D5E96-63DF-2AAA-D2A4-268319EC1598} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{69214124-A32C-FB61-BBE6-268633093618} deleted successfully

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

HKEY_CURRENT_USER\Software\Policies\Google deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchDeals2 deleted successfully


==== Empty IE Cache ======================


C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Convidado\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Convidado\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Convidado\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Convidado\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\nozyeg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\nozyeg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully


==== Empty FireFox Cache ======================


C:\Users\Convidado\AppData\Local\Mozilla\Firefox\Profiles\vrrn383e.default\Cache will be emptied at reboot


==== Empty Chrome Cache ======================


C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\nozyeg\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully


==== Empty All Flash Cache ======================


Flash Cache Emptied Successfully


==== Empty All Java Cache ======================


Java Cache cleared successfully


==== C:\zoek_backup content ======================


C:\zoek_backup (files=488 folders=251 2569418276 bytes)


==== Empty Temp Folders ======================


C:\Users\Convidado\AppData\Local\Temp emptied successfully

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\nozyeg\AppData\Local\Temp will be emptied at reboot

C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\windows\Temp will be emptied at reboot


==== After Reboot ======================


==== Empty Temp Folders ======================


C:\windows\Temp successfully emptied

C:\Users\nozyeg\AppData\Local\Temp successfully emptied


==== Empty Recycle Bin ======================


C:\$RECYCLE.BIN successfully emptied


==== EOF on 14/03/2015 at 9:11:46,77 ======================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do < ZHPCleaner > < NicolasCoolman.jpg> ( ... de Nicolas Coolman )

 

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPCleaner para baixá-lo, tal como mostra a imagem abaixo:

 

tutorial_do_zhpcleaner_2.jpg

 

Para executá-lo corretamente siga as dicas desta postagem:

 

Tutorial completo do ZHPCleaner

 

Após a utilização dele, copie todo o conteúdo do seu relatório ZHPCleaner.txt e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
~ ZHPCleaner v2015.3.21.134 by Nicolas Coolman (22/03/2015)

~ Run by nozyeg (Administrator) (22/03/2015 10:28:23)



~ State version : Version OK

~ Type : Reparo

~ Report : C:\Users\nozyeg\Desktop\ZHPCleaner.txt

~ Quarantine : C:\Users\nozyeg\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt

~ UAC : Deactivate

~ Boot Mode : Normal (Normal boot)

~ Windows 7, 64-bit Service Pack 1 (Build 7601)



---\\ Serviços (0)

~ Nenhum ítem malicioso foi encontrado.



---\\ Navegadores de Internet (0)

~ Nenhum ítem malicioso foi encontrado.



---\\ Arquivo hosts (2)

SUBSTITUIDO:

Número de redirecionamentos encontrados 1/22



---\\ Tarefas automáticas agendadas. (1)

SUPRIMIDO tarefas: [AutoKMS] [C:\windows\Tasks\AutoKMS.job] (Trojan.AutoKMS)



---\\ Explorer ( Arquivos, Pastas) (14)

MOVIDO pasta: C:\Users\nozyeg\AppData\Roaming\unins000.exe [ - Setup/Uninstall] (Adware.Pirrit)

MOVIDO pasta: C:\windows\Tasks\AutoKMS.job (Trojan.AutoKMS)

MOVIDO pasta: C:\windows\AutoKMS\AutoKMS.exe [CODYQX4 & Bosh - AutoKMS] (Trojan.AutoKMS)

MOVIDO pasta: C:\windows\AutoKMS\AutoKMS.ini (Trojan.AutoKMS)

MOVIDO pasta: C:\windows\AutoKMS\AutoKMS.log (Trojan.AutoKMS)

MOVIDO arquivo: C:\windows\AutoKMS (Trojan.AutoKMS)

MOVIDO pasta: C:\windows\Prefetch\AUTOKMS.EXE-7CC2D49E.pf (Trojan.AutoKMS)

MOVIDO pasta: C:\windows\Prefetch\MOVIEMODE.EXE-AD8171C3.pf (PUP.MovieMode)

MOVIDO pasta: C:\windows\Prefetch\MOVIEMODE64.EXE-32E39175.pf (PUP.MovieMode)

MOVIDO pasta: C:\windows\SysWOW64\MovieMode.48CA2AEFA22D.2.6.78.dll (PUP.MovieMode)

MOVIDO pasta: C:\windows\SysWOW64\MovieMode.48CA2AEFA22D.dll (PUP.MovieMode)

MOVIDO pasta: C:\Users\nozyeg\Downloads\FLVPlayerSetup.exe (PUP.FLVPlayer)

MOVIDO pasta*: C:\Users\nozyeg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.topsimilarsites.com_0.localstorage (Adware.SimilarSites)

MOVIDO pasta*: C:\Users\nozyeg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.topsimilarsites.com_0.localstorage-journal (Adware.SimilarSites)



---\\ Registro ( Chaves, Valores, Dados ) (3)

SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [iTool] (Toolbar.Ask)

SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\AppID\SECMAN.DLL [] (Trojan.Camec)

SUBSTITUIDO dados: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B8463C21-C988-4842-841E-8340E6E692F8}\\NameServer [0.0.0.0 (Not File)][] (Hijacker.Browser)




---\\ Resultado de reparação

~ Reparação efectuada com sucesso

~ Este navegador está faltando ! (Opera Software)



---\\ Estatísticas

~ Items scan : 89498

~ Items encontrado : 1

~ Items réparo : 18



End of clean at 10:58:30

===================

ZHPCleaner-[R]-22032015-10_58_30.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do Malwarebytes em um destes links abaixo:

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

http://downloads.malwarebytes.org/mbam-download.php

 

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

 

Tutorial do Malwarebytes Anti-Malware

 

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.