Remoção de vírus

Olá Magnus Fuchs.

Desative temporariamente seu antivirus para evitar conflitos.

Faça o download do < ZHPDiag > <
NicolasCoolman.jpg
> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo.

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
 
Rafael, não consigo utilizar esse programa, ja desabilitei o anti virus, mas durante a instalação sempre da erro
 
Olá Magnus Fuchs. Então pode remover o ZHPDiag e siga esta outra dica abaixo:

Baixe o Farbar Recovery Scan Tool e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 64-Bit Version

Execute o Farbar seguindo as dicas deste tutorial:

Analise importantes áreas do Windows com Farbar Recovery Scan Tool (versão 64 bits)

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste o conteúdo destes dois relatórios em sua próxima resposta.
 
Olá senhores, boa noite!
Sou novato aqui, e gostaria de solicitar humildemente sua ajuda!

Já tentei um pouco de tudo que eu sabia, outro tanto de coisas que li na internet, e eis que nada resolveu meu problema.
Minha situação:

Formatei o pc no domingo, pois o disco local de 80GB queimou.
Como utilizo outros discos para salvar os dados não houve problema, instalei o S.O. em outro HD novo e pude restaurar meus dados com sucesso. Porém agora, em meus navegadores, telas de jogo e afins, fica aparecendo um pop-up quadradinho em forma de propaganda!

Nos navegadores imaginei ser possível consertar e nada, e agora apareceu no jogo que eu jogo (que tecnicamente era seguro :megusta:)
Em anexo a tela dos anúncios que aparecem.
(Me desculpem por ser a do jogo, mas foi uma das únicas que consegui).

(O anexo falhou, segue link: http://prntscr.com/7htth0 )


Abaixo, ZHP Diag:
~ Relatório do ZHPDiag v2015.6.16.57 - Nicolas Coolman (16/06/2015)
~ Iniciado por Kiri (16/06/2015 20:49:15)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Endereço do Webforum : http://www.forum.nicolascoolman.fr
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17843
MFIE: Mozilla Firefox 38.0.5 (Defaut)
GCIE: Google Chrome v43.0.2357.124

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)

---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 2.1.6.1022
ESET Online Scanner v3
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v5.00

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares

---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 6 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047 MB (29% free)
System Restore: Activé (Enable)
System drive C: has 435 GB (93%) free of 466 GB

---\\ Modo de conexão ao sistema
~ Computer Name: KIRI-PC
~ User Name: Kiri
~ All Users Names: Kiri, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Kiri\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Kiri\AppData\Roaming\
~ %Desktop% : C:\Users\Kiri\Desktop\
~ %Favorites% : C:\Users\Kiri\Favorites\
~ %LocalAppData% : C:\Users\Kiri\AppData\Local\
~ %StartMenu% : C:\Users\Kiri\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 435 Go of 466 Go)
D: Hard drive, Flash drive, Thumb drive (Free 108 Go of 298 Go)
E: Hard drive, Flash drive, Thumb drive (Free 120 Go of 932 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.05/11/2012 - 21:28:42.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4EB138060BAE0DBAB1A3B71A3141FE7] - (.Microsoft Corporation - Internet Extensions para Win32.) (.13/06/2015 - 19:34:25.) -- C:\Windows\System32\wininet.dll [1950720]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 18:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.05/11/2012 - 21:30:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 18:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 18:29:49.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/4
~ Mon Bureau (My Desktop) : 1/5
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.7E212E742BF06BF678AE35E9C1B74B8F] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe [6212920] [PID.2488]
[MD5.D9133D4157664B1E2ACFC2CD56CCB599] - (.NVIDIA Corporation - NVIDIA Backend.) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2754704] [PID.2852]
[MD5.4389ED042AC91E0166FC1697D29157EA] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1818440] [PID.3852]
[MD5.3C8939A06F10D49E27A271FE6479E22A] - (.Dolby Laboratories - Dolby Axon Launcher.) -- C:\Program Files\DolbyAxon\AxonLauncher.exe [638664] [PID.4088]
[MD5.4DDA5C1029E43465604147B3E712701F] - (.Dolby Laboratories - Dolby Axon Desktop Client.) -- C:\Program Files\DolbyAxon\Axon.exe [4319432] [PID.2240]
[MD5.F20F58FB23958985BB6CB2C3CB6B3F56] - (.No owner - PVP.net Patcher Kernel.) -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe [1301688] [PID.3448]
[MD5.B964BF11F8C3A61289E9F02A0566A401] - (.No owner - Riot Client Patcher.) -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.247\deploy\LoLLauncher.exe [2360312] [PID.2148]
[MD5.C0FF40C1986F8C65D0E016BC94011A19] - (.No owner - LoL Patcher.) -- C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.31\deploy\LoLPatcher.exe [3924472] [PID.3712]
[MD5.98962B8CD73A882ADD39E16B4D13885C] - (.No owner - LoL Patcher.) -- C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.31\deploy\LoLPatcherUx.exe [3111416] [PID.2368]
[MD5.923FE895B22B22A9CA03C72F3D15CE20] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [376944] [PID.5040]
[MD5.E7B58CE9BD61BF575E2880088F4E5447] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8218112] [PID.3540]
~ Processes Running: Scanned in 00mn 10s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Kiri\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\buscape.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\ddg.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\mercadolivre.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\wikipedia-br.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo-br.xml
~ Firefox Browser: 21 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 6 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA Backend.) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{85A85BDD-4F46-412C-BCB0-6238C1EC0115}: DhcpNameServer = 89.248.166.149 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{85A85BDD-4F46-412C-BCB0-6238C1EC0115}: DhcpNameServer = 89.248.166.149 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{85A85BDD-4F46-412C-BCB0-6238C1EC0115}: DhcpNameServer = 89.248.166.149 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.248.166.149 8.8.8.8
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.2A5C656B0A364580E578B26EAE2EE889] [APT] [klcp_update] (...) -- C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1173504]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1048]
~ Scheduled Task: 5 Legitimates Filtered in 00mn 31s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/06/2015 - 15:17:08 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 12/04/2011 - 01:56:10 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
~ Program Folder: 109 Legitimates Filtered in 00mn 02s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.A35E7311D73A5DD7AB288AFB0E12448C] - 13/06/2015 - 17:17:16 ---A- . (...) -- C:\Windows\cmudax3.ini [2754]
O44 - LFC:[MD5.EAEB7D25A3FB2FA3F03E45213217123F] - 13/06/2015 - 17:17:17 ----- . (.No owner - Vista Driver Installer.) -- C:\Windows\System32\CmiInstallResAll.dll [303104]
O44 - LFC:[MD5.87FC5BBFD23372CFA4B7F155E8E03B3E] - 13/06/2015 - 17:29:36 ----- . (...) -- C:\Windows\cmaudio.ini [20333]
O44 - LFC:[MD5.5DAEA8C85B19807534DAE044237A86AF] - 13/06/2015 - 18:07:52 ---A- . (...) -- C:\Windows\System32\nvcompiler.dll [37741712]
O44 - LFC:[MD5.F063AC083FB9DAF9C4DAA518FC35CE06] - 13/06/2015 - 18:07:53 ---A- . (...) -- C:\Windows\System32\nvinfo.pb [26142]
O44 - LFC:[MD5.0554D656B9DCAE7E3DA72659DFACB67A] - 13/06/2015 - 19:09:44 ---A- . (.No owner - ffdshow VFW.) -- C:\Windows\System32\ff_vfw.dll [112128]
O44 - LFC:[MD5.F8EE5F45C3CDA622ECE61386D2024D3B] - 13/06/2015 - 19:10:01 ---A- . (...) -- C:\Windows\System32\xvidcore.dll [655872]
O44 - LFC:[MD5.1693C5597570B122DEC6577AEC360D1A] - 13/06/2015 - 19:10:01 ---A- . (...) -- C:\Windows\System32\xvidvfw.dll [240128]
O44 - LFC:[MD5.4716A57FE7A11DB28FBE8E950FA12AAE] - 13/06/2015 - 19:10:02 ---A- . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\Windows\System32\x264vfw.dll [3591680]
O44 - LFC:[MD5.FA425C74CE2EB719B2A77A7A2ADDAE32] - 13/06/2015 - 19:10:03 ---A- . (.No owner - Lagarith.) -- C:\Windows\System32\lagarith.dll [216064]
O44 - LFC:[MD5.671FEF5266B8AA14C0B69B38C24BD8BD] - 13/06/2015 - 19:10:04 ---A- . (...) -- C:\Windows\System32\lame_acm.xml [415]
O44 - LFC:[MD5.2B24DB82C3C6A590591039153536183A] - 13/06/2015 - 19:10:04 ---A- . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\Windows\System32\lameACM.acm [473088]
O44 - LFC:[MD5.2CBD6D22499EB13A2666F62EF33D00E2] - 13/06/2015 - 19:34:25 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16303]
O44 - LFC:[MD5.1DAA514FDC61ABF63AC7EBA3C2D1095C] - 13/06/2015 - 23:26:01 ---A- . (...) -- C:\Windows\System32\nvcoproc.bin [4408727]
O44 - LFC:[MD5.4B35843180E883109343607EB3619F41] - 14/06/2015 - 21:23:37 ---A- . (...) -- C:\TDSSKiller.3.0.0.19_14.06.2015_21.20.06_log.txt [192592]
O44 - LFC:[MD5.40AC5A58348516FB75AFF93F87D7D4D4] - 14/06/2015 - 21:28:46 ---A- . (...) -- C:\TDSSKiller.3.0.0.44_14.06.2015_21.23.47_log.txt [198236]
O44 - LFC:[MD5.95F69E23D7D300F7CB6D4740B28A5F6E] - 16/06/2015 - 19:13:26 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [145668]
O44 - LFC:[MD5.CAAFA7EEDA9201330C6945109BEE9D4E] - 16/06/2015 - 19:13:26 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [702882]
O44 - LFC:[MD5.4C200F4A0DCF4EE5827AB6341A72AE26] - 16/06/2015 - 19:49:47 ---A- . (...) -- C:\VundoFix.txt [102]
~ Files: 459 Legitimates Filtered in 01mn 15s



---\\ Controlo do Modo de Segurança (CSB) (49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
~ CSB: 15 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 65 Legitimates Filtered in 00mn 10s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 14/04/2015 - C:\Windows\system32\drivers\mwac.sys (MBAMWebAccessControl) .(.Malwarebytes Corporation - Malwarebytes Web Access Control.) - LEGACY_MBAMWEBACCESSCONTROL
O64 - Services: CurCS - 03/06/2015 - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys (NvStreamKms) .(.NVIDIA Corporation - Nvidia Streaming Kernel Service.) - LEGACY_NVSTREAMKMS
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 108 Legitimates Filtered in 00mn 01s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 14/06/2015 144200 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 14/06/2015 144200 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 25/05/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 03/06/2015 919184 | (GfExperienceService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
SR - | Auto 14/04/2015 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 14/04/2015 1080120 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 03/06/2015 1893008 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 03/06/2015 20694160 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 28/05/2015 672064 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 28/05/2015 410768 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 01mn 29s



---\\ Scâner Aditional (088)
Database Version : 13008 - (16/06/2015)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 134297 Items scanned in 02mn 21s



---\\ Informações complémentaires do módulos
~ http://www.nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Gestão do Proxy (R5)
~ http://www.nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 2 Legitimates Filtered in 00mn 00s



~ 1027 Legitimates filtered by white list
End of the scan (343 lines in 11mn 43s)(0.6)

Desde já agradeço qualquer ajuda!

Att,
 
Última edição:
Olá saga05.

Primeiramente peço que edite sua resposta e coloque o relatório do ZHPDiag entre tags
para que assim o relatório fique oculto e não ocupe muito espaço. Os próximos relatórios que postar peço que faça sempre a mesma coisa, para evitarmos que o tópico fique muito grande.
_____________________________________________________________________________________________

* Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
http://www.bleepingcomputer.com/download/adwcleaner/

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.
 
Olá Rafael Turbo, muito obrigado, o farei assim que chegar em casa e estarei enviando.
Tag adicionada!
Até logo.
 
Boa noite!

Conforme o solicitado, rodei o ADWCleaner.
Log:
# AdwCleaner v4.206 - Relatório criado 17/06/2015 às 19:53:19
# Atualizado 01/06/2015 por Xplode
# Base de dados : 2015-06-17.1 [Servidor]
# Sistema operacional : Windows 7 Ultimate Service Pack 1 (x86)
# Usuário : Kiri - KIRI-PC
# Executando de : C:\Users\Kiri\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Arquivo Excluído : C:\Users\Kiri\AppData\Roaming\Mozilla\Firefox\Profiles\78klqlmd.default\user.js

***** [ Tarefas agendadas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 pt-BR)


-\\ Google Chrome v43.0.2357.124


*************************

AdwCleaner[R0].txt - [883 bytes] - [14/06/2015 20:28:15]
AdwCleaner[R1].txt - [1116 bytes] - [15/06/2015 20:38:38]
AdwCleaner[R2].txt - [1083 bytes] - [17/06/2015 19:49:18]
AdwCleaner[S0].txt - [1165 bytes] - [15/06/2015 20:40:32]
AdwCleaner[S1].txt - [1000 bytes] - [17/06/2015 19:53:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1059 bytes] ##########

Mas as malditas propagandas continuam. Existe algo tão indetectável assim? :damn:
Muito obrigado pessoal!
 
Olá saga05.

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
http://www.hijackthis.nl/smeenk/

Salve-o no Desktop (Área de Trabalho).

Para executá-lo corretamente siga as dicas deste tutorial:

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
_______________________________________________________________________________

Obs: Se mesmo seguindo o procedimento acima os problemas continuarem, confira isto: sua internet é via rádio ou outro tipo?

Se sua internet não for via rádio, resete o roteador e modem, troque o nome da rede e troque as senhas de acesso.

Faça também o seguinte:

Vá no menu Iniciar > Painel de Controle > Rede e Internet > Central de Rede e Compartilhamento

*Na coluna da esquerda, clique em Alterar as configurações do adaptador

*Clique com o botão direito do mouse em Conexão de Rede sem fio e selecione Propriedades

*Localize e selecione Protocolo TCP/IP Versão 4 (TCP/IPv4)

*Clique [Propriedades]

*Selecione Usar os seguintes endereços de servidor DNS:

Em Servidor DNS preferencial: coloque 208.67.222.222

Em Servidor DNS alternativo: coloque 208.67.220.220

Clique em OK.

Já se você usa internet via rádio, além de fazer os passos acima, você precisa também entrar em contato com o suporte de seu provedor e pedir que eles façam estes mesmos procedimentos também na central deles.
 
Rafael Turbo disse:
Olá saga05.
Clique para expandir...

Boa noite Rafael! eis que fiz o primeiro procedimento e não obtive resultado </3
Relatório:
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Kiri on 18/06/2015 at 19:11:10,34.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Kiri\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

18/06/2015 19:15:39 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\HitmanPro deleted successfully
C:\PROGRA~2\Riot Games deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Kiri\AppData\Roaming\Mozilla\Firefox\Profiles\78klqlmd.default\prefs.js:

Added to C:\Users\Kiri\AppData\Roaming\Mozilla\Firefox\Profiles\78klqlmd.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\Program Files\Arquivos Comuns deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Kiri\AppData\Roaming\Mozilla\Firefox\Profiles\78klqlmd.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"url_advisor@kaspersky.com"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com" [17/06/2015 00:36]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Kiri\AppData\Roaming\Mozilla\Firefox\Profiles\78klqlmd.default
- Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Kiri\AppData\Roaming\Mozilla\Firefox\Profiles\78klqlmd.default
696A4DA9EDA917038A57B34D003FD055 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION
276AEADF06F75DB8ED2BE2F6EB3DD5AD - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision
E2B92179DA6F4CF6EC3778D2802C960F - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll - Plugins PDK
4BA14D74164EC27A9A97663D7D9755A1 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll - Plugins PDK


==== Chromium Look ======================

Google Chrome Version: 43.0.2357.124

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dbhjdbfgekjfcfkkfjjmlmojhbllhbho - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho[]


==== Chromium Startpages ======================

C:\Users\Kiri\AppData\Local\Google\Chrome\User Data\Default\Preferences
MVaWTu9QUHd6aydPYn2LpqBWZZHFZ3OySrgXhw==","signature_format_version":2,"timestamp":"13078801183837250"},"last_chrome_version":"43.0.2357.124"},"gcm":{"check_time":"13078801242471250"},"hotword":{"previous_language":"pt-BR"},"http_original_content_length":"52123559","http_received_content_length":"52123559","intl":{"accept_languages":"pt-BR,pt,en-US,en"},"invalidator":{"client_id":"EjqKN7McYpFuF52I0sN90w=="},"media":{"device_id_salt":"jweweW14/NRPxY82Gxjm/g=="},"net":{"http_server_properties":{"servers":{"6-edge-chat.facebook.com:443":{"supports_spdy":true},"accounts.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":141684},"supports_spdy":true},"accounts.youtube.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":145246},"supports_spdy":true},"ajax.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"apis.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":149825},"supports_spdy":true},"cache.pack.google.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"cdn.leagueoflegends.com:443":{"supports_spdy":true},"clients1.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":146616},"supports_spdy":true},"clients2.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":141980},"supports_spdy":true},"clients2.googleusercontent.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":182125},"supports_spdy":true},"clients4.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]},"cm.g.doubleclick.net:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":148113}},"cx.atdmt.com:443":{"supports_spdy":true},"fbcdn-profile-a.akamaihd.net:443":{"settings":{"4":20,"7":65536},"supports_spdy":true},"fbcdn-sphotos-a-a.akamaihd.net:443":{"settings":{"4":20,"7":65536},"supports_spdy":true},"fbcdn-sphotos-d-a.akamaihd.net:443":{"settings":{"4":20,"7":65536},"supports_spdy":true},"fbcdn-vthumb-a.akamaihd.net:443":{"settings":{"4":20,"7":65536},"supports_spdy":true},"fbstatic-a.akamaihd.net:443":{"settings":{"4":20,"7":65536},"supports_spdy":true},"fonts.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":165263},"supports_spdy":true},"googleads.g.doubleclick.net:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"googleads.g.doubleclick.net:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"pt-br.facebook.com:443":{"supports_spdy":true},"r1---sn-oxunxg8pjvn-2v5e.c.pack.google.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"r4---sn-a8au-hp5l.c.pack.google.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"scontent-atl1-1.xx.fbcdn.net:443":{"supports_spdy":true},"ssl.google-analytics.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":145125},"supports_spdy":true},"ssl.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":159634},"supports_spdy":true},"sync.liverail.com:443":{"supports_spdy":true},"www.facebook.com:443":{"supports_spdy":true},"www.google.com.br:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":144185},"supports_spdy":true},"www.google.com.br:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":145701},"supports_spdy":true},"www.google.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.googleadservices.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":176796},"supports_spdy":true},"www.googleadservices.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"www.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]},"www.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":148946},"supports_spdy":true}},"supports_quic":{"address":"192.168.0.2","used_quic":true},"version":3}},"partition":{"per_host_zoom_levels":{"3155232537":{}}},"password_bubble":{"nopes":1},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_index":26,"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{},"pref_version":1},"created_by_version":"43.0.2357.124","exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Primeiro usuário","per_host_zoom_levels":{}},"protection":{"macs":{}},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13078798123941523"},"sync_promo":{"startup_count":4},"translate_accepted_count":{"en":0},"translate_blocked_languages":["pt"],"translate_denied_count":{"en":1},"translate_last_denied_time":1.434493e+12,"translate_whitelists":{}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Reset Google Chrome ======================

C:\Users\Kiri\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Kiri\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Kiri\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Kiri\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Kiri\Desktop\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\Users\Kiri\Desktop\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Kiri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Kiri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk - C:\Windows\ehome\ehshell.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk - C:\Program Files\DVD Maker\DVDMaker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk - C:\Windows\system32\mblctr.exe /open
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk - C:\Windows\system32\NetProj.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk - C:\Windows\system32\SnippingTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk - C:\Program Files\Windows Journal\Journal.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\Windows\system32\printmanagement.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk - C:\Windows\system32\secpol.msc /s
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby Axon\Dolby Axon Help.lnk - C:\Program Files\DolbyAxon\Axon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby Axon\Dolby Axon.lnk - C:\Program Files\DolbyAxon\Axon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby Axon\Uninstall Dolby Axon.lnk - C:\Program Files\DolbyAxon\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby Axon\View Changelog.lnk - C:\Program Files\DolbyAxon\changelog.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby Axon\View Known Issues.lnk - C:\Program Files\DolbyAxon\knownissues.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire\AIDA64 Extreme Edition\AIDA64 Extreme Edition Documentation.lnk - C:\Program Files\FinalWire\AIDA64 Extreme Edition\aida64.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire\AIDA64 Extreme Edition\AIDA64 Extreme Edition on the Web.lnk - C:\Program Files\FinalWire\AIDA64 Extreme Edition\aida64.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire\AIDA64 Extreme Edition\AIDA64 Extreme Edition.lnk - C:\Program Files\FinalWire\AIDA64 Extreme Edition\aida64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire\AIDA64 Extreme Edition\Uninstall AIDA64 Extreme Edition.lnk - C:\Program Files\FinalWire\AIDA64 Extreme Edition\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to USB\ISO to USB.lnk - C:\Program Files\ISO to USB\isotousb.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to USB\Uninstall ISO to USB.lnk - C:\Program Files\ISO to USB\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool.lnk - C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk - C:\Program Files\K-Lite Codec Pack\MPC-HC\mpc-hc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\vsfilter.dll",DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configureAudio
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow VFW interface.lnk - C:\Windows\System32\rundll32.exe "C:\Windows\system32\ff_vfw.dll",configureVFW
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\LAV\lavaudio.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\LAV\lavsplitter.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\LAV\lavvideo.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\x264 VFW (x86).lnk - C:\Windows\System32\rundll32.exe "C:\Windows\system32\x264vfw.dll",Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Xvid VFW.lnk - C:\Windows\System32\rundll32.exe "C:\Windows\system32\xvidvfw.dll",Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\Frequently Asked Questions.lnk - C:\Program Files\K-Lite Codec Pack\Info\faq.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\FourCC Code Changer.lnk - C:\Program Files\K-Lite Codec Pack\Tools\fourcc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudioNext.lnk - C:\Program Files\K-Lite Codec Pack\Tools\GraphStudioNext.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Haali Muxer.lnk - C:\Program Files\K-Lite Codec Pack\Filters\Haali\gdsmux.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk - C:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\VobSubStrip.lnk - C:\Program Files\K-Lite Codec Pack\Tools\VobSubStrip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk - C:\Program Files\K-Lite Codec Pack\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus\Ajuda do Kaspersky Anti-Virus.lnk - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\Doc\pt-BR\kav\context.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus\Contrato de Licença do Usuário Final.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus\Kaspersky Anti-Virus.lnk - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus\Remover o Kaspersky Anti-Virus.lnk - C:\Windows\System32\msiexec.exe /i{653C1B5A-3287-47B1-8613-0745D4E771C4} REMOVE=ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus\Visitar a Kaspersky Lab na Web.lnk - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\kl.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends\League of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++\Notepad++.lnk - C:\Program Files\Notepad++\notepad++.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk - C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk - C:\Program Files\NVIDIA Corporation\3D Vision\nvstview.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk - C:\Program Files\NVIDIA Corporation\3D Vision\nvstlink.exe /show
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk - C:\Program Files\NVIDIA Corporation\3D Vision\nvstlink.exe /disable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk - C:\Program Files\NVIDIA Corporation\3D Vision\nvstlink.exe /enable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files\Skype\Phone\Skype.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Kiri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Kiri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Kiri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Kiri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Kiri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Dolby Axon.lnk - C:\Program Files\DolbyAxon\Axon.exe
C:\Users\Kiri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Kiri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Kiri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\League of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe
C:\Users\Kiri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe
C:\Users\Kiri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TERA.lnk - D:\TERA\TERA-Launcher.exe
C:\Users\Kiri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Kiri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Users\Kiri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Kiri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Kiri\AppData\Local\Mozilla\Firefox\Profiles\78klqlmd.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Kiri\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1 folders=0 79 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Kiri\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Kiri\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 18/06/2015 at 19:48:12,39 ======================

Vou testar o segundo método e já edito :)
 
Rafael Turbo disse:
Ok, faça então os outros métodos que te passei, por gentileza, e depois nos diga se resolveu.
Clique para expandir...
Bom dia!
Testei fazer a restauração do router e inclusão manual de DNS e não funcionou.:fuuu:

Essa madrugada formatei a máquina e estarei verificando hoje se o problema continua!

Grato!
 
Problema com Navegaki e outros hijackers

Meu problema é o seguinte: Toda vez q tento realizar uma pesqusia no google chrome a pesquisa é feita pelo tal do "Navegaki", já verifiquei o mecanismo de busca padrão e o infeliz está lá, com a url camuflada no meio do buscador padrão do chrome, não consigo alterar mesmo abrindo em modo adm, com a conta do google logada, deslogada, e etc.
print do chrome: http://i.imgur.com/dXYdCXn.png

diagnóstico do ZHP:

---\\ Sumário das deteções encontradas na sua estaçãohttp://www.nicolascoolman.fr/blog/ =>Hijacker.Navegaki
http://www.nicolascoolman.fr/blog/ =>PUP.BubbleSound
http://www.nicolascoolman.fr/blog/ =>PUP.Infonaut
http://www.nicolascoolman.fr/pup-anyprotect =>PUP.AnyProtect
http://www.nicolascoolman.fr/blog/ =>PUP.ASPackage
http://www.nicolascoolman.fr/blog/ =>PUP.BoBrowser
http://www.nicolascoolman.fr/blog/ =>PUP.CrossBrowser
http://www.nicolascoolman.fr/adware-downware =>Adware.Downware
http://www.nicolascoolman.fr/crapware-spyhunter =>Crapware.SpyHunter
http://www.nicolascoolman.fr/blog/ =>PUP.CMILimited
http://www.nicolascoolman.fr/blog/ =>PUP.Shopperz
http://www.nicolascoolman.fr/blog/ =>Adware.Pirrit
http://www.nicolascoolman.fr/pup-smartwebsearch =>PUP.SmartWeb
http://www.nicolascoolman.fr/pup-vuupc =>PUP.VuuPC
~ MSI: 14 link(s) detected in 00mn 00s

Segue aqui o diagnóstico completo: https://mega.co.nz/#!YYclWIjB!3DSHLsGCQnknHxDRe58YziWnIq7puO9KtDuqbTDQBy0

Agradeço pela atenção e colaboração de todos.
 
Última edição:
Vale ressaltar, que antes de vir ao tópico também já tinha utilizado o malwarebytes, mas não tive sucesso.

Agora segue o log do adwcleaner:
# AdwCleaner v4.207 - Relatório criado 22/06/2015 às 11:31:50
# Atualizado 21/06/2015 por Xplode
# Base de dados : 2015-06-21.2 [Servidor]
# Sistema operacional : Windows 8.1 Single Language (x64)
# Usuário : Anderson Carlos - ANDERSON
# Executando de : C:\Users\Anderson Carlos\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Tarefas agendadas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v35.0.1 (x86 pt-BR)


-\\ Google Chrome v43.0.2357.124

[C:\Users\Anderson Carlos\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Apagado [Homepage] : hxxp://www.mystartsearch.com/?type=sy&ts=1434922140&z=9a084cd603a4ad5e884bba4gfz9cbz8tboeobg8cet&from=cmi&uid=HitachiXHTS547550A9E384_J1100016G2DUGCG2DUGCX
[C:\Users\Anderson Carlos\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Apagado [Startup_URLs] : 4B4DFD27D10E08D7D36CE7B2596A08336AEBCD28EFBB0FC1A1C159BFAB0477E4"},"software_reporter":{"prompt_reason":"824591075CF47CD031B9AF76E381A02E69468C2F0E3B5DD08E2E25F08D98FB81","prompt_seed":"DF09787122A73315B8D77C163D2D3D0BE9D471372BF2AD2352E711E3F4EE6C39","prompt_version":"2A03CD4D0F6F0894FF59AE8ACEA932EBEC0D978CC0473BE6DF3BE23DA07116BB"},"sync":{"remaining_rollback_tries":"14E2FB8EACBD164F86D10B253A0DC767E04CD9E663688FC434CE796E6CC99986"}},"super_mac":"76BB8F740A6AB9393D43951786ED4804CAC7A907E62582FF3AD547CDEF5BF655"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.google.com.br/","hxxp://www.mystartsearch.com/?type=hp&ts=1434922106&z=077c9c9881b6853f70dbd13g1zbcbzbtbo5obg5e5w&from=cmi&uid=HitachiXHTS547550A9E384_J1100016G2DUGCG2DUGCX

*************************

AdwCleaner[R0].txt - [9167 bytes] - [21/06/2015 22:17:19]
AdwCleaner[R1].txt - [1364 bytes] - [21/06/2015 22:43:58]
AdwCleaner[R2].txt - [1057 bytes] - [21/06/2015 22:51:14]
AdwCleaner[R3].txt - [1416 bytes] - [21/06/2015 22:53:34]
AdwCleaner[R4].txt - [2334 bytes] - [22/06/2015 11:26:42]
AdwCleaner[R5].txt - [2393 bytes] - [22/06/2015 11:29:03]
AdwCleaner[S0].txt - [8046 bytes] - [21/06/2015 22:19:16]
AdwCleaner[S1].txt - [1415 bytes] - [21/06/2015 22:46:48]
AdwCleaner[S2].txt - [2305 bytes] - [22/06/2015 11:31:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2364 bytes] ##########
Após esse procedimento o google chrome não abre mais. Fico no aguardo das intruções, mais uma vez obrigado pela ajuda.
 
Você postou este relatório: C:\AdwCleaner\AdwCleaner[S2].txt

Mas o que precisamos é deste: C:\AdwCleaner\AdwCleaner[S0].txt

Poste o relatório pedido acima, por gentileza.
_______________________________________________________

Faça também o seguinte:

Baixe o programa Junkware Removal Tool no link abaixo:
http://thisisudax.org/downloads/JRT.exe

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt juntamente com este relatório: C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.
 
Desculpe, rs.

relatório correto do adwcleanner :
# AdwCleaner v4.207 - Relatório criado 21/06/2015 às 22:19:16
# Atualizado 21/06/2015 por Xplode
# Base de dados : 2015-06-21.2 [Servidor]
# Sistema operacional : Windows 8.1 Single Language (x64)
# Usuário : Anderson Carlos - ANDERSON
# Executando de : C:\Users\Anderson Carlos\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Excluído : innfd_1_10_0_14

***** [ Arquivos / Pastas ] *****

Pasta Excluído : C:\IQIYI Video
Pasta Excluído : C:\ProgramData\apn
Pasta Excluído : C:\ProgramData\IQIYI Video
Pasta Excluído : C:\ProgramData\TomorrowGames
Pasta Excluído : C:\Program Files (x86)\Bench
Pasta Excluído : C:\Program Files (x86)\globalUpdate
Pasta Excluído : C:\Program Files (x86)\predm
Pasta Excluído : C:\Program Files (x86)\miuitab
Pasta Excluído : C:\Users\Anderson Carlos\AppData\Local\2A105200-1434910676-128D-9007-519D67CDE304
Pasta Excluído : C:\Users\Anderson Carlos\AppData\Roaming\AnyProtectEx
Pasta Excluído : C:\Users\Anderson Carlos\AppData\Roaming\Systweak
Pasta Excluído : C:\Users\Anderson Carlos\AppData\Roaming\IQIYI Video
Arquivo Excluído : C:\claraInstaller.txt
Arquivo Excluído : C:\Users\Anderson Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\672jpa9s.default\user.js

***** [ Tarefas agendadas ] *****

Tarefa Apagado : APSnotifierPP1
Tarefa Apagado : APSnotifierPP2
Tarefa Apagado : APSnotifierPP3
Tarefa Apagado : Run_Bobby_Browser
Tarefa Apagado : amiupdaterExd
Tarefa Apagado : amiupdaterExi

***** [ Atalhos ] *****


***** [ Registro ] *****

Valor Apagado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com]
Valor Apagado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchffv2@gmail.com]
Chave Apagado : HKCU\Software\Mozilla\Extends
Chave Apagado : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Chave Apagado : HKLM\SOFTWARE\Classes\TypeLib\{E6F928E4-B672-4F3A-8CA2-53C4259235DE}
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Chave Apagado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
Chave Apagado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
Chave Apagado : [x64] HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Chave Apagado : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Chave Apagado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
Chave Apagado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Chave Apagado : HKCU\Software\AnyProtect
Chave Apagado : HKCU\Software\APN PIP
Chave Apagado : HKCU\Software\AskPartnerNetwork
Chave Apagado : HKCU\Software\GlobalUpdate
Chave Apagado : HKCU\Software\simplytech
Chave Apagado : HKCU\Software\Softonic
Chave Apagado : HKCU\Software\Crossbrowse
Chave Apagado : HKCU\Software\SpeedBit
Chave Apagado : HKCU\Software\Linkey
Chave Apagado : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Chave Apagado : HKLM\SOFTWARE\AskPartnerNetwork
Chave Apagado : HKLM\SOFTWARE\Bench
Chave Apagado : HKLM\SOFTWARE\Conduit
Chave Apagado : HKLM\SOFTWARE\GlobalUpdate
Chave Apagado : HKLM\SOFTWARE\SearchProtect
Chave Apagado : HKLM\SOFTWARE\SupDp
Chave Apagado : HKLM\SOFTWARE\Clara
Chave Apagado : HKLM\SOFTWARE\Crossbrowse
Chave Apagado : HKLM\SOFTWARE\SpeedBit
Chave Apagado : HKLM\SOFTWARE\AIM Toolbar
Chave Apagado : HKLM\SOFTWARE\FFPluginHp
Chave Apagado : HKLM\SOFTWARE\searchult
Chave Apagado : HKLM\SOFTWARE\navegaki
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Chave Apagado : [x64] HKLM\SOFTWARE\TornTv Downloader

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v35.0.1 (x86 pt-BR)

[672jpa9s.default\prefs.js] - Linha Apagado : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[672jpa9s.default\prefs.js] - Linha Apagado : user_pref("browser.search.searchengine.alias", "omniboxes");
[672jpa9s.default\prefs.js] - Linha Apagado : user_pref("browser.search.searchengine.iconURL", "hxxp://www.omniboxes.com/web/favicon.ico");
[672jpa9s.default\prefs.js] - Linha Apagado : user_pref("browser.search.searchengine.name", "omniboxes");
[672jpa9s.default\prefs.js] - Linha Apagado : user_pref("browser.search.searchengine.url", "hxxp://www.omniboxes.com/web/?type=dspp&ts=1434921196&z=af7cd22d751d9c6c5d0e9bcg0z2c0z9teocgdgat3b&from=amt&uid=HitachiXHTS547550A9E384_J1100016G2DUGCG2DU[...]
[672jpa9s.default\prefs.js] - Linha Apagado : user_pref("browser.search.selectedEngine", "omniboxes");
[672jpa9s.default\prefs.js] - Linha Apagado : user_pref("browser.startup.homepage", "hxxp://www.omniboxes.com/?type=hppp&ts=1434921196&z=af7cd22d751d9c6c5d0e9bcg0z2c0z9teocgdgat3b&from=amt&uid=HitachiXHTS547550A9E384_J1100016G2DUGCG2DUGCX");
[672jpa9s.default\prefs.js] - Linha Apagado : user_pref("extensions.quick_start.enable_search1", false);
[672jpa9s.default\prefs.js] - Linha Apagado : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v43.0.2357.124

[C:\Users\Anderson Carlos\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Apagado [Search Provider] : hxxp://br.ask.com/web?q={searchTerms}
[C:\Users\Anderson Carlos\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Apagado [Search Provider] : hxxp://search.navegaki.com/?bd=ds&oem=Cube&uid=HitachiXHTS547550A9E384_J1100016G2DUGCG2DUGCX&version=2.3.0.8724&pid=414031160&tid=428&q={searchTerms}

*************************

AdwCleaner[R0].txt - [9167 bytes] - [21/06/2015 22:17:19]
AdwCleaner[S0].txt - [7879 bytes] - [21/06/2015 22:19:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7938 bytes] ##########

Relatório do Junkware :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.7 (06.21.2015:2)
OS: Windows 8.1 Single Language x64
Ran by Anderson Carlos on 22/06/2015 at 12:05:40,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Driver Booster Scan
Successfully deleted: [Task] C:\Windows\system32\tasks\Driver Booster SkipUAC (Anderson Carlos)
Successfully deleted: [Task] C:\Windows\system32\tasks\Driver Booster Update



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_3B9B9BA613B2D0A2CAFFF7D4F813AF1D



~~~ Registry Keys



~~~ Files



~~~ Folders

Failed to delete: [Folder] C:\Windows\syswow64\number of results
Successfully deleted: [Folder] C:\Program Files (x86)\baidu
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\driver booster 2
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\ProgramData\19a87fa1ec024bbcbb41931263354405
Successfully deleted: [Folder] C:\ProgramData\49d2d59d8c0044b69ff4eaa3087930bf
Successfully deleted: [Folder] C:\Users\Anderson Carlos\appdata\local\96AB7DCC-75B5-4DEF-B4B5-24F8F57944 [Adware.GamesBot]
Successfully deleted: [Folder] C:\Users\Anderson Carlos\AppData\Roaming\2A105200-1434921294-128D-9007-519D67CDE304 [Adware.BrowseFox.svc]



~~~ FireFox




~~~ Chrome


[C:\Users\Anderson Carlos\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Anderson Carlos\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Anderson Carlos\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Anderson Carlos\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/06/2015 at 12:07:49,42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Informações adicionais: O google chrome voltou a funcionar, porém continua com a praga.

Agora uma coisa que eu não sei se pode ter a ver: Minha internet parou de funcionar no cabo de rede e agora so esta funcionando pelo wifi. Isso tem ocorrido a uns 15 dias, será que é problema no modem, ou essas pragas podem ter a ver com isso ? Sempre que faço alterações no DNS ela volta a funcionar, seja colocando em estático ou alterando para8.8.8.8/ 8.8.4.4... Inclusive quando conecto algum celular no wifi, preciso configurar o dns dele manualmente, caso contrário não funciona.(caso não tenha relação favor desconsiderar.)
 
Vamos fazendo a limpeza dos problemas. Normalmente os adwares e outras pragas também trazem problemas com a conexão.
____________________________________________________

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
http://www.hijackthis.nl/smeenk/

Salve-o no Desktop (Área de Trabalho).

Para executá-lo corretamente siga as dicas deste tutorial:

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
 
Relatório zoek :
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Anderson Carlos on 22/06/2015 at 13:28:07,75.
Microsoft Windows 8.1 Single Language 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Anderson Carlos\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

22/06/2015 13:30:40 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Spyware Terminator deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1470280751-1106588165-1864393938-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC} deleted successfully
HKEY_USERS\S-1-5-21-1470280751-1106588165-1864393938-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC} deleted successfully
HKEY_USERS\S-1-5-21-1470280751-1106588165-1864393938-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64526D1-7022-49DE-B0FF-4FA24EADC4B3} deleted successfully
HKEY_USERS\S-1-5-21-1470280751-1106588165-1864393938-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D52E63F2-399D-49D0-8F1F-B7FCC284C8F0} deleted successfully
HKEY_USERS\S-1-5-21-1470280751-1106588165-1864393938-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E84FA799-BF3-49A0-BB5D-EC78B766D0EB} deleted successfully
HKEY_USERS\S-1-5-21-1470280751-1106588165-1864393938-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD103FED-DAA3-4C4A-803F-33CE98D6B4F4} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kiluluqe deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xoperoze deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zedepory deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\ANDERS~1\AppData\Roaming\Mozilla\Firefox\Profiles\672jpa9s.default\prefs.js:
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\ANDERS~1\AppData\Roaming\Mozilla\Firefox\Profiles\672jpa9s.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Spyware Terminator not found
C:\PROGRA~2\SystemRequirementsLab deleted
C:\windows\SysNative\Tasks\PXAQZQT1 deleted
C:\windows\SysNative\Tasks\YMCLIEFHM deleted
C:\Users\Anderson Carlos\.android deleted
C:\install.exe deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\ANDERS~1\AppData\Roaming\Mozilla\Firefox\Profiles\672jpa9s.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8874}"="C:\Users\Anderson Carlos\AppData\Local\GAS Tecnologia\GBBD\abn\xpi" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\ANDERS~1\AppData\Roaming\Mozilla\Firefox\Profiles\672jpa9s.default
- FlashGot - %ProfilePath%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Anderson Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\672jpa9s.default
2E661988463BCFA1B95D4DAAB9B0B6FA - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll - Shockwave Flash
5950D438CD3DDF2DD50D9FA4E07A6C1C - C:\Users\Anderson Carlos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player


==== Chromium Look ======================

Google Chrome Version: 43.0.2357.124

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01/05/2015 11:17]

Chrome Hotword Shared Module - Anderson Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Skype Click to Call - Anderson Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - Anderson Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Old Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Old Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Anderson Carlos\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Anderson Carlos\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Anderson Carlos\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bad was reset successfully
C:\Users\Anderson Carlos\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Anderson Carlos\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1470280751-1106588165-1864393938-1001\Software\Mozilla\Firefox\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Anderson Carlos\Desktop\6 temp.lnk - C:\Users\Anderson Carlos\Videos\HORA DE AVENTURA\6 temp
C:\Users\Anderson Carlos\Desktop\FIFA 14.lnk - C:\game\FIFA 14\Game\fifa14-3dm.exe
C:\Users\Anderson Carlos\Desktop\IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Anderson Carlos\Desktop\Popcorn Time.lnk - C:\Users\Anderson Carlos\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .
C:\Users\Anderson Carlos\Desktop\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\Users\Anderson Carlos\Desktop\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe
C:\Users\Anderson Carlos\Desktop\µTorrent.lnk -

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
C:\Users\Public\Desktop\Battlefield 3.lnk - C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Central de Soluções HP.lnk -
C:\Users\Public\Desktop\City Car Driving.lnk - C:\Program Files (x86)\City Car Driving\bin\win32\Starter.exe
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Public\Desktop\Dead Space.lnk - C:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
C:\Users\Public\Desktop\Driver Booster 2.lnk - C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
C:\Users\Public\Desktop\Hearthstone.lnk - C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe
C:\Users\Public\Desktop\Intel(R) Driver Update Utility 2.0.lnk - C:\Program Files (x86)\Intel Driver Update Utility\DriverUpdateUI.exe
C:\Users\Public\Desktop\Intel(R) HD Graphics Control Panel.lnk - C:\Windows\system32\GfxUIEx.exe
C:\Users\Public\Desktop\LG On-Screen Phone.lnk - C:\Program Files (x86)\LG Electronics\LG On-Screen Phone\LGOsp.exe
C:\Users\Public\Desktop\LG PC Suite.Lnk - C:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe
C:\Users\Public\Desktop\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe
C:\Users\Public\Desktop\Receitanet 1.04 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Users\Public\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Anderson Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Anderson Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Área de trabalho remota do Google Chrome (1).lnk -
C:\Users\Anderson Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Área de trabalho remota do Google Chrome.lnk -
C:\Users\Anderson Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\Anderson Carlos\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .
C:\Users\Anderson Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\Anderson Carlos\AppData\Local\Popcorn Time\Uninstall.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\LG On-Screen Phone.lnk - C:\Program Files (x86)\LG Electronics\LG On-Screen Phone\LGOsp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\LG PC Suite.Lnk - C:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3\Battlefield 3.lnk - C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3\EA EULA.lnk - C:\Program Files (x86)\Origin Games\Battlefield 3\Support\eula\en_US_eula.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3\Read Me.lnk - C:\Program Files (x86)\Origin Games\Battlefield 3\Support\readme\readme.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3\Technical Support.lnk - C:\Program Files (x86)\Origin Games\Battlefield 3\Support\EA Help\Electronic_Arts_Technical_Support.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Space\Dead Space End User License Agreement.lnk - C:\Program Files (x86)\Origin Games\Dead Space\Support\eula\en_US_eula.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Space\Dead Space.lnk - C:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Space\Read Me.lnk - C:\Program Files (x86)\Origin Games\Dead Space\Support\readme\readme.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Space\Technical Support.lnk - C:\Program Files (x86)\Origin Games\Dead Space\Support\EA Help\Technical Support.en_US.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone\Hearthstone.lnk - C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG On-Screen Phone\Desinstalar LG On-Screen Phone.lnk - C:\Program Files (x86)\LG Electronics\LG On-Screen Phone\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG On-Screen Phone\LG On-Screen Phone.lnk - C:\Program Files (x86)\LG Electronics\LG On-Screen Phone\LGOsp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite\LG PC Suite.Lnk - C:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype para a área de trabalho.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\Anderson Carlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Anderson Carlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Anderson Carlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\LG On-Screen Phone.lnk - C:\Program Files (x86)\LG Electronics\LG On-Screen Phone\LGOsp.exe
C:\Users\Anderson Carlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Anderson Carlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Anderson Carlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\Anderson Carlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Anderson Carlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\Anderson Carlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Anderson Carlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe
C:\Users\Anderson Carlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Anderson Carlos\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Anderson Carlos\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Anderson Carlos\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Anderson Carlos\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Anderson Carlos\AppData\Local\Mozilla\Firefox\Profiles\672jpa9s.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Anderson Carlos\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=21 folders=14 10319205 bytes)

==== Empty Temp Folders ======================

C:\Users\Anderson Carlos\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\DefaultAppPool\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\ANDERS~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 22/06/2015 at 13:41:54,95 ======================

Funcionou! a praga do navegaki saiu e o chrome está funcionando normalmente(aparentemente)! Muito obrigado Rafael, já estava surtando com esse programa, pensando até em formatar. Mas pelo visto foi mais fácil de remover do que eu imaginava. Agora se não for pedir muito, teria alguma dica de programa ou teste que eu possa fazer, para saber se estou 100% livre desses spywares ? E dica de algum programa antispyware pra reforçar a proteção da maquina ou até mesmo um bom antivirus? Eu utilizava apenas o microsfot live essentials q vem junto com o win8 e deixava as atualizações ativadas, mas pelo jeito a proteção é fraca. Mais uma vez muito obrigada!
 
Última edição:
Faça o download do < ZHPCleaner > <
NicolasCoolman.jpg
> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPCleaner para baixá-lo.

Para executá-lo corretamente siga as dicas desta postagem:

Tutorial completo do ZHPCleaner

Após a utilização dele, copie todo o conteúdo do seu relatório ZHPCleaner.txt e poste em sua próxima resposta.
 
ZHPCleaner:
~ ZHPCleaner v2015.6.21.281 by Nicolas Coolman (2015\06\21)
~ Run by Anderson Carlos (Administrator) (22/06/2015 14:15:41)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Users\Anderson Carlos\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Anderson Carlos\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 8.1, 64-bit (Build 9600)


---\\ Serviços (0)
~ Nenhum ítem malicioso foi encontrado.


---\\ Navegadores de Internet (0)
~ Nenhum ítem malicioso foi encontrado.


---\\ Arquivo hosts (2)
SUBSTITUIDO:
Número de redirecionamentos encontrados 1/20


---\\ Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso foi encontrado.


---\\ Explorer ( Arquivos, Pastas) (36)
MOVIDO pasta: C:\Windows\Prefetch\3D BUBBLESOUND.EXE-920EAE65.pf (PUP.BubbleSound)
MOVIDO pasta: C:\Windows\Prefetch\ANYPROTECT.EXE-53752276.pf (PUP.AnyProtect)
MOVIDO pasta: C:\Windows\Prefetch\ASPACKAGE.EXE-25EF7A8D.pf (PUP.ASPackage)
MOVIDO pasta: C:\Windows\Prefetch\BOBROWSER.EXE-F99413B5.pf (PUP.BoBrowser)
MOVIDO pasta: C:\Windows\Prefetch\PACKAGE_BUBBLESOUND_INSTALLER-81BDCFFE.pf (PUP.BubbleSound)
MOVIDO pasta: C:\Windows\Prefetch\PACKAGE_PCROSSBROWSER_INSTALL-003747EB.pf (PUP.CrossBrowser)
MOVIDO pasta: C:\Windows\Prefetch\PREDM.TMP-7F9BBD96.pf (Adware.Downware)
MOVIDO pasta: C:\Windows\Prefetch\PREDM.TMP-AF2E55BD.pf (Adware.Downware)
MOVIDO pasta: C:\Windows\Prefetch\SPYHUNTER-INSTALLER.EXE-AF30604D.pf (Crapware.SpyHunter)
MOVIDO pasta: C:\Windows\Prefetch\SPYHUNTER4.EXE-3B4E3201.pf (Crapware.SpyHunter)
MOVIDO arquivo: C:\Windows\Installer\MSI1CF5.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI2301.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI7756.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI8D12.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI9139.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI94E9.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI97E2.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI9D70.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI9FB8.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIA08E.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIA0CF.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIA309.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIA593.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIB890.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIB929.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIBE4B.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIBE8D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIC302.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIC70A.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIC810.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSICCB9.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSICD9F.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSID0CC.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSID16D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSID893.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIE25C.tmp- (Empty)


---\\ Registro ( Chaves, Valores, Dados ) (6)
SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-1470280751-1106588165-1864393938-1001\Software\Classes\.torrent [TornTvDownloader.File] (Hijacker.TornTV)
SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-1470280751-1106588165-1864393938-1001\Software\Classes\TornTvDownloader.File [TornTvDownloader.torrent File] (Hijacker.TornTV)
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\TornTvDownloader.File [] (Hijacker.TornTV)
SUPRIMIDO chave*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Torntv [] (Hijacker.TornTV)
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Infonaut_1.10.0.14 [] (PUP.Infonaut)
SUPRIMIDO valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\3D BubbleSound ["C:\Program Files\BubbleSound\3D BubbleSound.exe"] (PUP.BubbleSound)


---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Opera Software)


---\\ Estatísticas
~ Items scan : 1005
~ Items encontrado : 1
~ items cancelados : 0
~ Items réparo : 42


End of clean at 14:15:57
===================
ZHPCleaner-[R]-22062015-14_15_57.txt
ZHPCleaner--22062015-14_13_23.txt

 
Vale ressaltar, que antes de vir ao tópico também já tinha utilizado o malwarebytes, mas não tive sucesso.
Clique para expandir...
Siga as dicas abaixo para acessar o Log (relatório) do Malwarebytes:

Para isto abra o Malwarebytes > Clique no botão Histórico > Clique em Logs do Aplicativo > E dê um duplo clique com o botão esquerdo do mouse sobre o Scan Log mais atual para abri-lo. Isto é mostrado nesta imagem:

tutorial-do-malwarebytes-7.jpg


Na próxima tela que surgirá clique no botão Exportar > e clique na opção Arquivo texto (*.txt):
tutorial-do-malwarebytes-8.jpg


Na outra tela que vai aparecer dê um nome para este relatório (como LOG por exemplo) > Clique em Área de Trabalho (para que ele seja salvo no seu Desktop) > Clique em Salvar:

malwarebytes-tutorial-16.jpg


Clique em OK na próxima mensagem que aparece:

tutorial_do_malwarebytes_8.jpg

Depois disto é só postar este log do Malwarebytes em sua próxima resposta.
 
Você usou só a verificação de ameaças, que não é tão completa. Siga as dicas abaixo para fazer a limpeza completa:

- Abra o Malwarebytes > Clique em Verificar > clique em Verificação Personalizada > Clique em Configurar Varredura:
tutorial-do-malwarebytes-1.jpg


Surgirá mais esta tela abaixo na qual você marcará todas as caixinhas do lado direito da tela para que todas as áreas de seu PC e mídias removíveis ligadas a ele possam ser escaneadas. E do lado esquerdo da tela deixe marcadas todas estas opções:

Verificar Objetos na Memória
Verificar Inicialização e Registro
Verificar Arquivos Compactados
Verificar Rootkits

Quanto ao restante, deixe da forma já pré-configurada pelo Malwarebytes.

Depois disto clique no botão Verificar Agora como mostra a imagem abaixo:
tutorial-do-malwarebytes-2.jpg


Aguarde enquanto o escaneamento é realizado. Ele demora de acordo com a quantidade de arquivos que você possua em seu computador:

tutorial-do-malwarebytes-3.jpg


Assim que a verificação terminar, aparecerá a frase Verificação Personalizada completada com sucesso. Caso seu PC esteja seguro e sem ameaças, uma mensagem parecida com esta abaixo aparecerá informando que "Ameaças Identificadas: 0" (Ou seja: Nenhum ítem malicioso foi detectado). Neste caso tudo está certo, seu computador está normal e você clicará no botão Terminar:

tutorial-do-malwarebytes-4.jpg


Caso seja detectada alguma ameaça em seu PC surgirá uma mensagem como esta abaixo próximo ao relógio do Windows com a frase Verificação Terminada - Malware Detectado na qual você clicará nela:

tutorial-do-malwarebytes-13.jpg


Neste momento aparecerá quais os malwares e itens potencialmente indesejáveis que foram detectados e os locais onde eles se encontram. Para remover a infecção, deixe todas as caixinhas marcadas em todos os itens que queira remover e clique no botão Remover Selecionadas, como mostra esta imagem:
tutorial-do-malwarebytes-14.jpg


Surgirá então uma outra tela parecida com esta abaixo informando que as ameaças foram enviadas à quarentena, na qual você clicará no botão Terminar:

tutorial-do-malwarebytes-15.jpg


Alguns malwares são rebeldes e podem necessitar de uma reinicialização do PC para que sejam removidos. Caso isto seja solicitado pelo Malwarebytes, aceite esta reinicialização pelo Malwarebytes.

Depois disto é só postar o novo Scan Log (log de verificação) que o Malwarebytes irá criar em sua próxima resposta:

tutorial-do-malwarebytes-7.jpg
 
Você deve fazer login ou se registrar para responder aqui.

Users who are viewing this thread

Total: 2 (membros: 0, visitantes: 2)
Voltar
Topo