Ir ao conteúdo
  • Cadastre-se
mel1984

suspeita de programa espião no meu computador

Recommended Posts

olá amigo li e espero ter entendido certo desta vez , estou procurando ajuda , porque meu computador está cheio de vírus e programa espião, espero ter feito direitinho , pois preciso usar o computador para estudo.

 

 

ZA-Scan2.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro mel1984

 

O ZA-Scan deve ser executado da Área de Trabalho (Desktop), no entanto você executou da pasta:

Launched: C:\Users\Meline\Downloads\ZA-Scan.exe

Delete-o daí, baixe um novo para o Desktop, execute o ZA e poste o log.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro mel1984

 

O ZA-Scan deve ser executado da Área de Trabalho (Desktop), no entanto você executou da pasta:

Launched: C:\Users\Meline\Downloads\ZA-Scan.exe

Delete-o daí, baixe um novo para o Desktop, execute o ZA e poste o log.

Abraços :D

 

Olá amigo , espero ter feito certo dessa vez , pois estou cheia de vírus e preciso usar o computador para estudar , vou precisar assistir vídeos aulas para estudar e com vírus e programa espião não dá , me desculpe não ter mandado certo antes , espero que agora esteja certo , te agradeço muito e te peço mil desculpa e te peço também me ajude a limpar meu computador e colocar ele zerado sem vírus e programa espião.

 

abraços

 

 

 

 

 

ZA-Scan V1.0.0.4 Updated 04-May-2015
Tool run by Meline on 02/08/2015 at  0:39:55,00.
Microsoft Windows 7 Ultimate  6.1.7600  x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Meline\Desktop\ZA-Scan.exe [Z-Analyse Scan]
 
==== Running Processes ======================
 
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\srvany.exe
C:\Windows\KMService.exe
C:\Windows\system32\conhost.exe
C:\ProgramData\hKEVnKgv\mKJSvCKmO.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Users\Meline\Desktop\ZA-Scan.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Users\Meline\AppData\Local\Temp\ZAScan.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
 
==== Services and Drivers ======================
 
You do not have Microsoft .NET Framework 4.0(or higher) installed.
 
==== Startup Registry Enabled ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t"
"cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe"
"EnergyUtility"="C:\Program Files\Lenovo\Energy Management\utility.exe"
"Energy Management"="C:\Program Files\Lenovo\Energy Management\Energy Management.exe"
"IAStorIcon"="C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
"OnekeyStudio"="C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe"
"SpaceSoundPro"="C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
 
==== Startup Folders ======================
 
2015-07-28 22:21:29 876 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [29/07/2015 18:02]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [undetermined Task]
C:\Windows\tasks\Registry Optimizer_DEFAULT.job --a------ C:8C:\Program Files\WinZip Registry Optimizer\Winzipro.exe []
C:\Windows\tasks\Registry Optimizer_UPDATES.job --a------ C:\Program Files\WinZip Registry Optimizer\Winzipro.exe [10/07/2013 17:49]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\system32\tasks\ASP" ["C:\Program Files\RCP\systweakasp.exe"]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\Registry Optimizer" [C:\Program Files\WinZip Registry Optimizer\Winzipro.exe]
"C:\Windows\system32\tasks\Registry Optimizer_DEFAULT" [C:\Program Files\WinZip Registry Optimizer\Winzipro.exe]
"C:\Windows\system32\tasks\Registry Optimizer_UPDATES" [C:\Program Files\WinZip Registry Optimizer\Winzipro.exe]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\Meline\AppData\Roaming\Mozilla\Firefox\Profiles\dgqjtdom.default
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [29/07/2015 20:03]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\Meline\AppData\Roaming\Mozilla\Firefox\Profiles\dgqjtdom.default
- Default SearchProtected - %ProfilePath%\extensions\defsearchp@gmail.com
 
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
 
==== Chromium Look ======================
 
Google Chrome Version: 44.0.2403.125
Google Chrome Version: 44.0.2403.125
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[29/07/2015 20:03]
mkgngkfjklojelbbglcnmnjabdgldofo - No path found[]
 
Avast Online Security - Meline\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Hotword Shared Module - Meline\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Chrome Web Store Payments - Meline\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
==== Chromium Startpages ======================
 
C:\Users\Meline\AppData\Local\Google\Chrome\User Data\Default\Preferences
5796EE"},"default_search_provider":{"keyword":"233322230C1575AC320B1A47A65B6785DE23246BA1F0E56FE93CB919D0C770F2","name":"394F0A1C7E8F33859F10A3BA23F5539D523BA5BFE4D0E79C782ED1E31EB32E31","search_url":"FFB443B4D3ED3FE36FF76C32B5176BCD9279BE218CC8700224C593E7941DA0A6"},"default_search_provider_data":{"template_url_data":"2F4AE8B1EE7E143BAC4233ECB93C054A5EE2EC555FF4977A19D01BBE78493CA9"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"526B5541B97755BD8E720CC2B964FEEDA16DEB66BE24AC61F27BBAD1D7F934CD","bepbmhgboaologfdajaanbcjmnhjmhfn":"3B0C84D0E55D885481ED9C02BE0F0AFFA2ACFA288528A0F53050910964095165","eemcgdkfndhakfknompkggombfjjjeno":"DC7458CBE15CF19BAFF34753CB8C57F42C61CE9F35FABDC896FE261A097F35E9","ennkphjdgehloodpbhlhldgbnhmacadg":"EA5C646864CEAC3D972F26FF68252161763FA3E8AD283039E71A55038E781737","gfdkimpbcpahaombhbimeihdjnejgicl":"C8F4D1F104DE23078C509CFF42E11B882BEB0B189EDD00ADD3106ABDE433A9A5","gomekmidlodglbbmalcneegieacbdmki":"6BEB8F2631EDF703BA5A8EE9CA91C6E32AE55939EC4CA2819B4E9E7DCF0CEBF5","kmendfapggjehodndflmmgagdbamhnfd":"065FD329F7D1C2D4ECC41921763881B5818DBA8FF0D9E362270A76A0F1156AB2","lccekmodgklaepjeofjdjpbminllajkg":"1B357A8C657ECB91A1C7C2714C756A3905810A78421A931AD12143C591621214","mfehgcgbbipciphmccgaenjidiccnmng":"D4224FD6410C10CEB1116B67FD9C3A7994AE46D5B89895240B84ADF0A684AA79","mgndgikekgjfcpckkfioiadnlibdjbkf":"5A1B3B811B2C302463AAB0EDCF579A2FD5CF658647C9A4A4DEAB1629DEB78C38","mhjfbmdgcfjbbpaeojofohoefgiehjai":"C85E245D27DA340A2DEFBE32AE4ED3C470A041BC5F454EBBB01462DF8416BFB7","mkgngkfjklojelbbglcnmnjabdgldofo":"EC2CD387E79FCC24A22EEE7820798FD89AFB50D3B88D21D1E609DA8A2A4EC36B","nbpagnldghgfoolbancepceaanlmhfmd":"F3F30B2C3FCB1C5702C1F4E0A75ACDCCF494641F255D27B0E630410191AD7708","neajdppkdcdipfabeoofebfddakdcjhd":"95C04AFCF33646869A3173D5533FAD949BD017E08075D5351298299B6C6A22AA","nkeimhogjdpnpccoofpliimaahmaaome":"7440A54AF77394F3BABC8E4929FCAF93272CEB65CC9C6BE3D5EEBBF389CB0C0E","nmmhkkegccagdldgiimedpiccmgmieda":"7E947D7D943D81A44C1BE43FD08DF228ABF4BD09EADC93224D2586D28E4A5C1A","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"3750106A1CFA1A8F62CC2216BDFAB31B8A8B3817258A0095034F13BD07B9FAF5"}},"google":{"services":{"account_id":"E6A825CDD7FA85AB87F37FEAC37EA3379D2CF9321B0E67B4413D0D35BD30610D","last_username":"20F7BA777175F8FA0455A135C9B6A0463E7CDB75A13685E23FF8977BC42A1A26","username":"72FC69F1F64F2094E6FD8039FFC94C2E0C1BC09B3CA0231CBA540F76833D0E01"}},"homepage":"397AFDDE5EFF2C6424119E7BAD3102B64269C3DE6CE8773AFFE6C7B120798923","homepage_is_newtabpage":"B7EA5F5E1CFB3B7902C07BA930E4D6527C2F157B8670BC4E2AA1402FF671CEF6","pinned_tabs":"EF2480EED5E3FCB8A7C8F371892925DD2AD43BBA16C9DE69AC35CEF944129D3D","prefs":{"preference_reset_time":"FA50CB2FAE1019A80897F5FC2AB642DEB71312D26B69D5299A7532AC92A35431"},"profile":{"reset_prompt_memento":"F2332BFE90E81C2C62C11660B274C8128CE64C4391B699B69B12989DAB8E5B57"},"safebrowsing":{"incidents_sent":"E1CDB83508E3768531BAC1B8B8E53DD2A2242486DD2A829FBD22BE2724630B31"},"search_provider_overrides":"1BC846D30AAA5E32F538B50CCB6497ADB7B8169B3875295419BAAAFC90B00344","session":{"restore_on_startup":"ACF327A42C6FCC341AD4689ECDDCCAB204B66384D346935D2E5C38A6111EBCEE","startup_urls":"2C5F6A40720B1326AD1266AB223A12B672CE4478B65C43F3CEE52E4BE494C19A"},"software_reporter":{"prompt_reason":"1F44D7A094571A3EEC5CB1A0E1D4E9E097909C5BB7E27177F7EF25B9F8B03427","prompt_seed":"1665812273A354328EA39B3D7D12A7474767BEC0A71CBE3648CE506C2AF2308A","prompt_version":"0DC19CEE789A6C8098D09BCDBB88ABB71CBC501AE3F50F3965A952157B3CF9EE"},"sync":{"remaining_rollback_tries":"D49A8CD41D35B3EE01D6509930001C8A547FC9B52F2750F098163A87B9E364A3"}},"super_mac":"28C64FD264DECB811883CB52E811767F1C9963E6D27CA50B67BC1DDF1948971D"},"session":{"startup_urls":["https://www.google.com.br/]}}
 
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
 
==== HijackThis Entries ======================
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD5C78CC-30CE-4253-B520-897526045232}: NameServer = 8.8.8.8,8.8.4.4
 
==== EOF on 02/08/2015 at  0:40:22,58 ======================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro mel1984

 

Certíssimo... amigo, só peço que anexe os logs, salvo exceção. ;)

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!
# Etapa nº 1 #

Faça o download Junkware Removal Tool e salve em seu Desktop.
  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.



# Etapa nº 2 #

  • Clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
  • No final do scan será aberto um log com o resultado.
  • Caso algo seja detectado, clique então no botão Remover.
  • Novamente, no final do scan será aberto um log com o resultado.
  • Copie todo seu conteúdo e cole em sua próxima resposta.



# Etapa nº 3 #

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Baixe o Farbar Recovery Scan Tool e salve na sua área de trabalho.
32 bit (x86)ou 64 bit (x64)

Dê um duplo-clique para executar a ferramenta. Aceite o contrato e depois clique no botão Scan.

Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Anexe os logs na sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

log Malwarebytes

 

Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 7 Ultimate x86
Ran by Meline on 02/08/2015 at 21:52:07,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully deleted: [service] zupemuce [Reboot required]
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1446273252-3068772218-176991975-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AskPartnerNetwork
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\AskPartnerNetwork
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\windowsmangerprotect
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Program Files\gmsd_br_002030045 [Adware.EoRezo]
Successfully deleted: [Folder] C:\Program Files\predm
Successfully deleted: [Folder] C:\Program Files\winzip registry optimizer
Successfully deleted: [Folder] C:\ProgramData\breakingnewsalert
Successfully deleted: [Folder] C:\ProgramData\browser
Successfully deleted: [Folder] C:\ProgramData\ihprotectupdate
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\winzip registry optimizer
Successfully deleted: [Folder] C:\ProgramData\radio
Successfully deleted: [Folder] C:\Users\Meline\Appdata\Local\breakingnewsalert
Successfully deleted: [Folder] C:\Users\Meline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vopackage
Successfully deleted: [Folder] C:\Users\Meline\AppData\Roaming\nico mak computing
Successfully deleted: [Folder] C:\Users\Meline\AppData\Roaming\systweak
Successfully deleted: [Folder] C:\Users\Meline\AppData\Roaming\vopackage
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\Meline\AppData\Roaming\mozilla\firefox\profiles\dgqjtdom.default\user.js
Successfully deleted: [File] C:\Users\Meline\AppData\Roaming\mozilla\firefox\profiles\dgqjtdom.default\searchplugins\mystartsearch.xml
Successfully deleted: [File] C:\Users\Meline\AppData\Roaming\mozilla\firefox\profiles\dgqjtdom.default\searchplugins\sweet-page.xml
Successfully deleted the following from C:\Users\Meline\AppData\Roaming\mozilla\firefox\profiles\dgqjtdom.default\prefs.js
 
user_pref(browser.search.searchengine.alias, mystartsearch);
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.iconURL, hxxp://www.mystartsearch.com/web/favicon.ico);
user_pref(browser.search.searchengine.name, mystartsearch);
user_pref(browser.search.searchengine.ptid, slbnew);
user_pref(browser.search.searchengine.uid, SAMSUNGXHM321HI_S29RJ56ZB00482);
user_pref(browser.search.searchengine.url, hxxp://www.mystartsearch.com/web/?type=dspp&ts=1438138989&z=70aaf4475ab7c753723f4e8g0z0c5b0g3c6bbt7c2t&from=slbnew&uid=SAMSUNGXHM
user_pref(browser.startup.homepage, hxxp://www.mystartsearch.com/?type=hppp&ts=1438138989&z=70aaf4475ab7c753723f4e8g0z0c5b0g3c6bbt7c2t&from=slbnew&uid=SAMSUNGXHM321HI_S29RJ
user_pref(extensions.quick_start.enable_search1, false);
user_pref(extensions.quick_start.sd.closeWindowWithLastTab_prev_state, false);
 
 
 
~~~ Chrome
 
 
[C:\Users\Meline\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Meline\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Meline\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Meline\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/08/2015 at 22:23:21,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

log adwcleaner

 

# AdwCleaner v4.208 - Relatório criado 02/08/2015 às 22:39:12

# Atualizado 09/07/2015 por Xplode
# Base de dados : 2015-08-01.1 [servidor]
# Sistema operacional : Windows 7 Ultimate  (x86)
# Usuário : Meline - MELINE-PC
# Executando de : C:\Users\Meline\Desktop\adwcleaner_4.208.exe
# Opção : Limpar
 
***** [ Serviços ] *****
 
 
***** [ Arquivos / Pastas ] *****
 
Pasta Excluído : C:\Program Files\SpaceSondPro
Pasta Excluído : C:\Program Files\SpaceSoundPro
Pasta Excluído : C:\Users\Meline\AppData\Local\BreakingNewsAlert
Pasta Excluído : C:\Users\Meline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpaceSoundPro 1.0
Pasta Excluído : C:\Users\Meline\AppData\Roaming\Mozilla\Firefox\Profiles\dgqjtdom.default\Extensions\defsearchp@gmail.com
 
***** [ Tarefas agendadas ] *****
 
Tarefa Apagado : ASP
Tarefa Apagado : Registry Optimizer_UPDATES
Tarefa Apagado : Registry Optimizer
Tarefa Apagado : Registry Optimizer_DEFAULT
 
***** [ Atalhos ] *****
 
 
***** [ Registro ] *****
 
Valor Apagado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [defsearchp@gmail.com]
Valor Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [spaceSoundPro]
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\Web
Chave Apagado : HKCU\Software\HomeTab
Chave Apagado : HKCU\Software\simplytech
Chave Apagado : HKCU\Software\systweak
Chave Apagado : HKCU\Software\WajIEnhance
Chave Apagado : HKCU\Software\TNT2
Chave Apagado : HKCU\Software\WajIntEnhance
Chave Apagado : HKCU\Software\SearchProtectWS
Chave Apagado : HKCU\Software\Linkey
Chave Apagado : HKCU\Software\PRODUCTSETUP
Chave Apagado : HKCU\Software\Kromtech
Chave Apagado : HKCU\Software\AppDataLow\Software\DynConIE
Chave Apagado : HKLM\SOFTWARE\Conduit
Chave Apagado : HKLM\SOFTWARE\Iminent
Chave Apagado : HKLM\SOFTWARE\SearchProtect
Chave Apagado : HKLM\SOFTWARE\SupDp
Chave Apagado : HKLM\SOFTWARE\SupTab
Chave Apagado : HKLM\SOFTWARE\supWindowsMangerProtect
Chave Apagado : HKLM\SOFTWARE\sweet-pageSoftware
Chave Apagado : HKLM\SOFTWARE\systweak
Chave Apagado : HKLM\SOFTWARE\Tutorials
Chave Apagado : HKLM\SOFTWARE\mystartsearchSoftware
Chave Apagado : HKLM\SOFTWARE\IHProtect
Chave Apagado : HKLM\SOFTWARE\WajIntEnhance
Chave Apagado : HKLM\SOFTWARE\SpeedBit
Chave Apagado : HKLM\SOFTWARE\AIM Toolbar
Chave Apagado : HKLM\SOFTWARE\oursurfingSoftware
Chave Apagado : HKLM\SOFTWARE\FFPluginHp
Chave Apagado : HKLM\SOFTWARE\searchult
Chave Apagado : HKLM\SOFTWARE\SpaceSondPro
Chave Apagado : HKLM\SOFTWARE\SpaceSoundPro
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BreakingNewsAlert
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Registry Optimizer_is1
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpaceSoundPro
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v8.0.7600.16385
 
Configuração Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
 
-\\ Mozilla Firefox v39.0 (x86 pt-BR)
 
 
-\\ Google Chrome v44.0.2403.125
 
 
*************************
 
AdwCleaner[R0].txt - [5259 bytes] - [02/08/2015 22:34:04]
AdwCleaner[s0].txt - [4772 bytes] - [02/08/2015 22:39:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4831  bytes] ##########

olá amigo segue os log's anexados , espero ter feito certinho , gostaria de te agradecer imensamente , só quero estudar e ter minha privacidade , não quero prejudicar ninguém , programas espiões foram inventados pra ajudar e infelizmente tem gente que usa pra tentar prejudicar , enfim sou da paz , só quero paz e privacidade.

 

abraços

 

 

FRST.txt

Addition.txt

Shortcut.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro mel1984

 

# Etapa nº 1 #

 

Abra o Bloco de Notas e crie um arquivo chamado Fixlist.txt
Salve em sua Área de Trabalho (Desktop);
Copie todo o conteúdo abaixo e cole no aquivo criado acima:

CreateRestorePoint:CloseProcesses:GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =S3 catchme; \??\C:\Users\Meline\AppData\Local\Temp\catchme.sys [X]C:\Users\Meline\AppData\Local\Temp\catchme.sysCMD:ipconfig /flushdnsEmptyTemp:
Execute novamente o Farbar Recovery Scan Tool e clique no botão Fix;
Aguarde e poste o log em sua próxima resposta.

 

# Etapa nº 2 #

 

Baixe a Malwarebytes' Anti-Malware (MBAM).
 
Dê um duplo-clique no mbam-setup.exe para instalar o programa.

  • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas..
  • Clique em Configurações, clique em Detecção e proteção, marque Verificar por Rootkits.
  • Volte ao Painel e por fim clique em Verificar agora.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, se houver itens encontrados, clique no botão Mover todos para a Quarentena.
  • Clique em Aplicar ações.
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Logs de aplicativos na janela principal do programa.
  • Dê um duplo-clique no log. Utilize o formato .txt para exportar o log.
     
    2mwt7yh.jpg
     
  • NÃO USE O FORMATO .XML PARA EXPORTAR O LOG.
  • O log de Proteção é desnecessário para a análise, exporte sempre o log correto.
  • Anexe o log na sua próxima resposta.


NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×