Fórum PC Brasil
Gostaria de reagir a esta mensagem? Crie uma conta em poucos cliques ou inicie sessão para continuar.
Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking reddit      

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14807 usuários registrados
O último membro registrado é Costa24

Os nossos membros postaram um total de 36044 mensagens em 3685 assuntos
Últimos assuntos
» Problema no disco rígido do Windows 11
por Costa24 Hoje à(s) 10:19

Quem está conectado?
13 usuários online :: 0 registrados, 0 invisíveis e 13 visitantes :: 1 motor de busca

Nenhum

O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
 
 

Resultados por:
 


Rechercher Pesquisa avançada

março 2024
SegTerQuaQuiSexSábDom
    123
45678910
11121314151617
18192021222324
25262728293031

Calendário Calendário


win 10 infectado

3 participantes

Ir para baixo

win 10 infectado Empty win 10 infectado

Mensagem por Yuri Lavand Dom 27 Set 2015, 12:02

Já tentei vários programas, porém não deu certo, trava todos meus navegadores


log do hijackthis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:58:56, on 27/09/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Users\Felipe\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Felipe\Downloads\HijackThis(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: (no name) - {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O3 - Toolbar: (no name) - {41545534-2D53-5000-76A7-7A786E7484D7} - (no file)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Felipe\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O8 - Extra context menu item: &Enviar para o OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.itau.b.br
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: banklineplus.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.itau.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Serviço do Positivo Aplicativos (AppManagerService) - Positivo Informática S.A. - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\PositivoAplicativosService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Baidu MoboMarket Service (BASSVC) - Baidu, Inc. - C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5967\bassvc.exe
O23 - Service: Battery Manager Service (BatteryManagerSrv) - Positivo Informática S.A - C:\Program Files (x86)\Positivo Informática\Mundo Positivo Bateria\BatteryManagerService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Tecnologia de armazenamento Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11688 bytes
Yuri Lavand
Yuri Lavand
Iniciante
Iniciante

Mensagens : 33
Reputação : 0
Data de inscrição : 08/02/2014
Idade : 33

Ir para o topo Ir para baixo

win 10 infectado Empty Re: win 10 infectado

Mensagem por Power Max Dom 27 Set 2015, 12:15

Olá Yuri.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

win 10 infectado Empty Re: win 10 infectado

Mensagem por Yuri Lavand Dom 27 Set 2015, 12:46

# AdwCleaner v5.008 - Relatório criado 27/09/2015 às 12:34:53
# Atualizado 18/09/2015 por Xplode
# Banco de dados : 2015-09-23.1 [Servidor]
# Sistema operacional : Windows 10 Home Single Language  (x64)
# Usuário : Felipe - SRERALDO
# Executando de : C:\Users\Felipe\Downloads\AdwCleaner.exe
# Opção : Limpar
# Apoio : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

***** [ Serviços ] *****


***** [ Pastas ] *****

[-] Pasta Excluído : C:\ProgramData\apn
[-] Pasta Excluído : C:\Users\Felipe\AppData\Local\AskPartnerNetwork
[-] Pasta Excluído : C:\Users\Felipe\AppData\Local\Astromenda
[-] Pasta Excluído : C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Astromenda

***** [ Arquivos ] *****

[-] Arquivo Excluído : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml
[-] Arquivo Excluído : C:\ProgramData\Duplicaterecord.js
[-] Arquivo Excluído : C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\fqobll1t.default\searchplugins\astromenda.xml
[-] Arquivo Excluído : C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\fqobll1t.default\searchplugins\search.xml
[-] Arquivo Excluído : C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\fqobll1t.default\user.js
[-] Arquivo Excluído : C:\WINDOWS\Sysnative\WinDivert64.sys

***** [ Atalhos ] *****


***** [ Tarefas agendadas ] *****


***** [ Registro ] *****

[-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] Chave Excluída : HKCU\Software\Mozilla\Extends
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{3e9deaca}
[-] Chave Excluída : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaadgepjkdffhjbkfjgnnffnfcffbg
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaadgepjkdffhjbkfjgnnffnfcffbg
[-] Chave Excluída : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{884189CF-7C10-41E8-A014-F7B2BE40AADB}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
[-] Valor Excluída : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{41545534-2D53-5000-76A7-7A786E7484D7}]
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4A0C-9753-B57B9AE272CC}
[-] Valor Excluída : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{41545534-2D53-5000-76A7-7A786E7484D7}]
[-] Chave Excluída : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
[-] Chave Excluída : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
[-] Chave Excluída : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
[-] Chave Excluída : HKCU\Software\Astromenda
[-] Chave Excluída : HKCU\Software\BRS
[-] Chave Excluída : HKCU\Software\WSE_Astromenda
[-] Chave Excluída : HKCU\Software\PRODUCTSETUP
[-] Chave Excluída : HKLM\SOFTWARE\Trymedia Systems
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE_Astromenda
[!] Chave Não Excluída : [x64] HKCU\Software\Astromenda
[!] Chave Não Excluída : [x64] HKCU\Software\BRS
[!] Chave Não Excluída : [x64] HKCU\Software\WSE_Astromenda
[!] Chave Não Excluída : [x64] HKCU\Software\PRODUCTSETUP
[-] Dados Restaurar : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\Web
[!] Chave Não Excluída : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
[!] Chave Não Excluída : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
[-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
[-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
[!] Chave Não Excluída : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\Web
[!] Chave Não Excluída : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
[!] Chave Não Excluída : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
[!] Chave Não Excluída : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
[!] Chave Não Excluída : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
[!] Chave Não Excluída : HKU\S-1-5-21-1714357389-3331690931-1798891615-1001\Software\Microsoft\Internet Explorer\SearchScopes\Web
[!] Chave Não Excluída : HKU\S-1-5-21-1714357389-3331690931-1798891615-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
[!] Chave Não Excluída : HKU\S-1-5-21-1714357389-3331690931-1798891615-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
[!] Chave Não Excluída : HKU\S-1-5-21-1714357389-3331690931-1798891615-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
[!] Chave Não Excluída : HKU\S-1-5-21-1714357389-3331690931-1798891615-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}

***** [ Navegadores ] *****

[-] [C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\fqobll1t.default\prefs.js] [Preference] Excluída : user_pref("browser.startup.homepage", "hxxp://br.hao123.com/?tn=sdkb_inner_hp_02_hao123_br");
[-] [C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\fqobll1t.default\prefs.js] [Preference] Excluída : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_ir_14_37_ch&cd=2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtBtCtA0B0DtCtDtA0CzytN0D0Tzu0SzyyBzztN1L2XzutAtFtDtFtCyCtFyCtN1L1CzutCyEtBzytDyD[...]
[-] [C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\fqobll1t.default\prefs.js] [Preference] Excluída : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_ir_14_37_ch&cd=2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtBtCtA0B0DtCtDtA0CzytN0D0Tzu0SzyyBzztN1L2XzutAtFtDtFtCyCtFyCtN1L1CzutCyEtBzytD[...]
[-] [C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\fqobll1t.default\prefs.js] [Preference] Excluída : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
[-] [C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\fqobll1t.default\prefs.js] [Preference] Excluída : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
[-] [C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\fqobll1t.default\prefs.js] [Preference] Excluída : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_ir_14_37_ch&cd=2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtBtCtA0B0DtCtDtA0CzytN0D0Tzu0SzyyBzztN1L2XzutAtFtDtFtCyCtFyCtN1L1CzutCyEtBzy[...]
[-] [C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\fqobll1t.default\prefs.js] [Preference] Excluída : user_pref("keyword.URL", "hxxp://br.yhs4.search.yahoo.com/yhs/search");

*************************

:: Configurações Winsock restauradas

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7427 bytes] ##########
Yuri Lavand
Yuri Lavand
Iniciante
Iniciante

Mensagens : 33
Reputação : 0
Data de inscrição : 08/02/2014
Idade : 33

Ir para o topo Ir para baixo

win 10 infectado Empty Re: win 10 infectado

Mensagem por Power Max Dom 27 Set 2015, 12:51

Alguns problemas não puderam ser removidos pelo Adwcleaner. Execute novamente o Adwcleaner clicando sobre o ícone dele e escolhendo a opção de Executar como administrador e fazendo uma nova limpeza conforme mostra o tutorial dele que lhe passei. Depois disto poste aqui o novo relatório que o Adwcleaner irá criar juntamente com o relatório do Junkware Removal Tool pedido abaixo.
____________________________________________________________________________________

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt juntamente com o novo relatório do Adwcleaner.

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

win 10 infectado Empty Re: win 10 infectado

Mensagem por Yuri Lavand Dom 27 Set 2015, 16:25

# AdwCleaner v5.008 - Relatório criado 27/09/2015 às 16:23:55
# Atualizado 18/09/2015 por Xplode
# Banco de dados : 2015-09-27.1 [Servidor]
# Sistema operacional : Windows 10 Home Single Language (x64)
# Usuário : Felipe - SRERALDO
# Executando de : C:\Users\Felipe\Downloads\AdwCleaner.exe
# Opção : Verificar
# Apoio : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

***** [ Serviços ] *****


***** [ Pastas ] *****


***** [ Arquivos ] *****


***** [ Atalhos ] *****


***** [ Tarefas agendadas ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [575 bytes] ##########



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.3 (09.21.2015:1)
OS: Windows 10 Home Single Language x64
Ran by Felipe on 27/09/2015 at 15:56:03,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully deleted: [Service] bassvc [Reboot required]



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update SmarterPower
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util SmarterPower



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\pc faster
Successfully deleted: [Folder] C:\Program Files (x86)\sw_booster
Successfully deleted: [Folder] C:\ProgramData\alawarwrapper
Successfully deleted: [Folder] C:\users\Public\Documents\pc faster



~~~ FireFox

Emptied folder: C:\Users\Felipe\AppData\Roaming\mozilla\firefox\profiles\fqobll1t.default\minidumps [4 files]



~~~ Chrome


[C:\Users\Felipe\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Felipe\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Felipe\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Felipe\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/09/2015 at 16:07:28,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Yuri Lavand
Yuri Lavand
Iniciante
Iniciante

Mensagens : 33
Reputação : 0
Data de inscrição : 08/02/2014
Idade : 33

Ir para o topo Ir para baixo

win 10 infectado Empty Re: win 10 infectado

Mensagem por Power Max Dom 27 Set 2015, 19:44

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Salve-o no Desktop (Área de Trabalho).

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

win 10 infectado Empty Re: win 10 infectado

Mensagem por Yuri Lavand Qua 30 Set 2015, 19:24


Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Felipe on 30/09/2015 at 18:25:04,26.
Microsoft Windows 10 Home Single Language 10.0.10240 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Felipe\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-09-27-150723.log 21961 bytes

==== System Restore Info ======================

30/09/2015 18:27:18 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\Comms deleted successfully
C:\Users\Felipe\AppData\Local\CombatArms deleted successfully
C:\Users\Felipe\AppData\Local\NetworkTiles deleted successfully
C:\Users\Felipe\AppData\Local\Warface deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\fqobll1t.default\prefs.js:
user_pref("browser.startup.homepage", "http://google.com/");
user_pref("browser.search.selectedEngine", "Yahoo BR");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\fqobll1t.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\fqobll1t.default

user.js not found
---- Lines astrmndasr removed from prefs.js ----
user_pref("extensions.astrmndasr.aflt", "ast_ir_14_37_ch");
user_pref("extensions.astrmndasr.AL", 4);
user_pref("extensions.astrmndasr.appId", "{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}");
user_pref("extensions.astrmndasr.c_ver", "3.0.16.6");
user_pref("extensions.astrmndasr.cd", "2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtBtCtA0B0DtCtDtA0CzytN0D0Tzu0SzyyBzztN1L2XzutAtFtDtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1
user_pref("extensions.astrmndasr.cr", "2124432251");
user_pref("extensions.astrmndasr.data._dy", "20140914");
user_pref("extensions.astrmndasr.data.1475e97c0146bfb1c490339546d9e72ee", "1");
user_pref("extensions.astrmndasr.data.1f88722ae5152724775e4006367767d3e", "1");
user_pref("extensions.astrmndasr.data.aliveDate", "20141127");
user_pref("extensions.astrmndasr.data.cc", "br");
user_pref("extensions.astrmndasr.data.ccfc1eb13092ea34473c169417eefd00", "1");
user_pref("extensions.astrmndasr.data.instlDate", "20140905");
user_pref("extensions.astrmndasr.dfltLng", "");
user_pref("extensions.astrmndasr.dfltSrch", true);
user_pref("extensions.astrmndasr.dnsErr", true);
user_pref("extensions.astrmndasr.excTlbr", false);
user_pref("extensions.astrmndasr.general.guid", "af92e945-d92e-4030-885c-01477113d19a");
user_pref("extensions.astrmndasr.hmpg", true);
user_pref("extensions.astrmndasr.id", "5CC9D3213BD103C9");
user_pref("extensions.astrmndasr.instlDay", "16317");
user_pref("extensions.astrmndasr.instlRef", "142905_a");
user_pref("extensions.astrmndasr.prdct", "astrmndasr");
user_pref("extensions.astrmndasr.RVT", false);
user_pref("extensions.astrmndasr.SetAB", "false");
user_pref("extensions.astrmndasr.SetDS", "true");
user_pref("extensions.astrmndasr.SetHP", "true");
user_pref("extensions.astrmndasr.SetNT", "true");
user_pref("extensions.astrmndasr.tlbrId", "");
user_pref("extensions.astrmndasr.vrsn", "");
user_pref("extensions.astrmndasr.vrsni", "");
user_pref("extensions.astrmndasr_i.newTab", true);
user_pref("extensions.astrmndasr_i.smplGrp", "none");
user_pref("extensions.astrmndasr_i.vrsnTs", "23:49:47");
user_pref("extensions.astrmndasrdt", "S978");
---- Lines SmarterPower removed from prefs.js ----
user_pref("extensions.SmarterPower.asul", "1417093765771");
user_pref("extensions.SmarterPower.aul", "1410617979604");
user_pref("extensions.SmarterPower.irl", true);
user_pref("extensions.SmarterPower.is", "isgiwhBR");
user_pref("extensions.SmarterPower.ug", "21862515-7D89-46FC-97F8-823ECE51CAD7");
---- FireFox user.js and prefs.js backups ----

prefs_092015_1852_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\DRV10.tmp deleted
C:\PROGRA~3\E1010.tmp deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Felipe\AppData\Local\Unity deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\Tasks\avastBCLRestartS-1-5-21-1714357389-3331690931-1798891615-1001 deleted
C:\windows\SysNative\Tasks\avastBCLRestart_chrome.exe deleted
C:\Users\Felipe\AppData\LocalLow\Unity deleted
C:\windows\SysNative\tasks\060184C3-9766-46a0-B258-F4518A0B2633 deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\fqobll1t.default\extensions\abs@avira.com deleted
"C:\WINDOWS\Installer\8249c99.msi" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\fqobll1t.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [12/06/2015 13:14]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886D}"="C:\Users\Felipe\AppData\Local\GAS Tecnologia\GBBD\cef\xpi" [01/09/2015 20:47]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\fqobll1t.default
- GBBD Caixa Economica Federal - C:\Users\Felipe\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
- Undetermined - %ProfilePath%\extensions\1435196689_xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\fqobll1t.default
1A62BB86D17B8DC0D4339BACC8D60635 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll - Shockwave Flash
6C5C8D59CF0FAB004AB572F4F11BC5E0 - C:\Users\Felipe\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal
D006D3FEB1F62EB274A42FDDD008985C - C:\Users\Felipe\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal


==== Chromium Look ======================

Google Chrome Version: 45.0.2454.101

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[12/06/2015 13:14]
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[12/06/2015 13:14]

Google Slides - Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Avast SafePrice - Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Google Sheets - Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Chrome Hotword Shared Module - Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Chrome Web Store Payments - Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi
Gmail - Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Fix ======================

C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_imoveis.trovit.com.br_0.localstorage deleted successfully
C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_imoveis.trovit.com.br_0.localstorage-journal deleted successfully
C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_ads1.msads.net_0.localstorage deleted successfully
C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_ads1.msads.net_0.localstorage-journal deleted successfully
C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://br.yahoo.com/?fr=hp-avast&type=avastbcl"
"Search Page"="https://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}"
"Search Bar"="https://br.yahoo.com/?fr=hp-avast&type=avastbcl"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{9CB96984-43C3-4D44-90EF-01466EFCF7BB}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully
C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data-journal was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Felipe\Desktop\BitTorrent (2).lnk - C:\Users\Felipe\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Users\Felipe\Desktop\BitTorrent.lnk - C:\Users\Felipe\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Users\Felipe\Desktop\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Public\Desktop\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
C:\Users\Public\Desktop\Manual do Usuário.lnk -
C:\Users\Public\Desktop\Mundo Positivo Bateria.lnk - C:\Program Files (x86)\Positivo Informática\Mundo Positivo Bateria\BatteryAppManager.exe
C:\Users\Public\Desktop\Mundo Positivo Monitora.lnk - C:\Program Files (x86)\Positivo Informática\Mundo Positivo Monitora\Monitora.exe
C:\Users\Public\Desktop\Mundo Positivo Webcam.lnk - C:\Program Files (x86)\Positivo Informática\Mundo Positivo Webcam\WebCam.exe
C:\Users\Public\Desktop\Positivo Antirroubo.lnk - C:\Program Files (x86)\Positivo Informática\Positivo Antirroubo\PositivoAntirroubo.exe
C:\Users\Public\Desktop\Positivo Aplicativos.lnk - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\PositivoAplicativosUI.exe Offer
C:\Users\Public\Desktop\Positivo Fotos.lnk - C:\Program Files (x86)\Positivo Informática\Positivo Fotos\PositivoFotos.exe
C:\Users\Public\Desktop\Positivo Jogos.lnk - C:\Fabricante\Positivo Jogos Atalhos
C:\Users\Public\Desktop\Skype.lnk - C:\WINDOWS\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Public\Desktop\World of Warcraft.lnk - C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk - C:\WINDOWS\system32\magnify.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk - C:\WINDOWS\system32\narrator.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk - C:\WINDOWS\system32\osk.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\WINDOWS\system32\notepad.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk - C:\WINDOWS\system32\cmd.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk - page=SettingsPageAppsDefaults
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk - page=SettingsPagePCSystemDevices
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\powershell.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk - C:\WINDOWS\system32\magnify.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk - C:\WINDOWS\system32\narrator.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk - C:\WINDOWS\system32\osk.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\WINDOWS\system32\notepad.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk - C:\WINDOWS\system32\cmd.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk - page=SettingsPageAppsDefaults
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk - page=SettingsPagePCSystemDevices
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\powershell.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\bf2015.lnk - C:\Users\Felipe\Music\minhas fts\bras\Brasfoot2015\bf2015.exe
C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\Felipe\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk - C:\WINDOWS\system32\magnify.exe
C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk - C:\WINDOWS\system32\narrator.exe
C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk - C:\WINDOWS\system32\osk.exe
C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\WINDOWS\system32\notepad.exe
C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk - C:\WINDOWS\system32\cmd.exe
C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -
C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -
C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk - page=SettingsPageAppsDefaults
C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk - page=SettingsPagePCSystemDevices
C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -
C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -
C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -
C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\powershell.exe
C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe
C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe
C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk - C:\WINDOWS\system32\magnify.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk - C:\WINDOWS\system32\narrator.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk - C:\WINDOWS\system32\osk.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\WINDOWS\system32\notepad.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk - C:\WINDOWS\system32\cmd.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk - page=SettingsPageAppsDefaults
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk - page=SettingsPagePCSystemDevices
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\powershell.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk - C:\WINDOWS\DevicesFlow\DevicesFlow.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk - C:\WINDOWS\System32\Control.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk - C:\WINDOWS\MiracastView\MiracastView.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk - C:\WINDOWS\PrintDialog\PrintDialog.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk - C:\WINDOWS\Speech\Common\sapisvr.exe -SpeechUX
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk - C:\WINDOWS\system32\mspaint.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk - C:\WINDOWS\system32\mstsc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk - C:\WINDOWS\system32\psr.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk - C:\WINDOWS\system32\xpsrchvw.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk - C:\WINDOWS\system32\charmap.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk - C:\WINDOWS\system32\comexp.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk - C:\WINDOWS\system32\compmgmt.msc /s
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk - C:\WINDOWS\system32\dfrgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk - C:\WINDOWS\system32\cleanmgr.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk - C:\WINDOWS\system32\eventvwr.msc /s
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk - C:\WINDOWS\system32\iscsicpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk - C:\WINDOWS\syswow64\odbcad32.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk - C:\WINDOWS\system32\odbcad32.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk - C:\WINDOWS\system32\perfmon.msc /s
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk - C:\WINDOWS\system32\perfmon.exe /res
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk - C:\WINDOWS\system32\services.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk - C:\WINDOWS\system32\msinfo32.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk - C:\WINDOWS\system32\taskschd.msc /s
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk - C:\WINDOWS\system32\WF.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Antivirus\Ajuda do Avira Antivirus.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\57\avwin.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Antivirus\Avira na Internet.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\weblink.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Antivirus\Iniciar Avira Antivirus.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone\Hearthstone.lnk - C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Level Up\Ragnarok\Ragnarok.lnk - C:\Level Up\Ragnarok\Ragnarok.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype para a área de trabalho.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk - C:\WINDOWS\system32\control.exe /name Microsoft.DefaultPrograms
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk - C:\WINDOWS\system32\taskmgr.exe /7
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\Uninstall.lnk - C:\Program Files (x86)\TeamSpeak 3 Client\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\World of Warcraft.lnk - C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Felipe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk - C:\Users\Felipe\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Users\Felipe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Felipe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Felipe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Felipe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory="Profile 1"
C:\Users\Felipe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Felipe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\bf2015.lnk - C:\Users\Felipe\Music\minhas fts\bras\Brasfoot2015\bf2015.exe
C:\Users\Felipe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\Felipe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\Felipe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4355451435D20005677A7A857BC06100 deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4355451435D20005677A7A857BC06100 deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Felipe\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Felipe\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Felipe\AppData\Local\Mozilla\Firefox\Profiles\fqobll1t.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=261 folders=86 387010359 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Felipe\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 30/09/2015 at 19:10:36,44 ======================
Yuri Lavand
Yuri Lavand
Iniciante
Iniciante

Mensagens : 33
Reputação : 0
Data de inscrição : 08/02/2014
Idade : 33

Ir para o topo Ir para baixo

win 10 infectado Empty Re: win 10 infectado

Mensagem por Power Max Qui 01 Out 2015, 08:35

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPCleaner para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para executá-lo corretamente siga as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Após a utilização dele, copie todo o conteúdo do seu relatório ZHPCleaner.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

win 10 infectado Empty Re: win 10 infectado

Mensagem por Yuri Lavand Dom 04 Out 2015, 15:47

~ ZHPCleaner v2015.10.3.360 by Nicolas Coolman (2015/10/03)
~ Run by Felipe (Administrator) (04/10/2015 15:45:18)
~ Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Users\Felipe\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Felipe\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home Single Language, 64-bit (Build 10240)


---\\ Serviços (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\ Navegadores de Internet (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\ Arquivo hosts (2)
SUBSTITUIDO:
Número de redirecionamentos encontrados 1/20


---\\ Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\ Explorer ( Arquivos, Pastas) (79)
MOVIDO pasta: C:\Users\Felipe\AppData\Roaming\unins000.exe [ - Setup/Uninstall] =>PUP.Optional.Pirrit
MOVIDO arquivo: C:\WINDOWS\Installer\MSI143A.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI14E7.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI16DD.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI1884.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI19AE.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI1CF7.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI1E02.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI1F3D.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI1F70.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI2009.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI2113.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI21CD.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI2316.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI23E2.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI248F.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI250C.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI25A9.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI2646.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI2695.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI2702.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI280D.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI2917.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI2A51.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI2A95.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI3580.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI3CDC.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI41DF.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI43F4.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI4F90.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI5584.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI5612.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI573D.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI57DA.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI58B6.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI5B09.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI5B87.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI5C24.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI5CC1.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI5D4F.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI5DDC.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI6504.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI6EAB.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI7D3B.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI7EF1.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI88A8.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI8A01.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI8B8.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI8BA7.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI8E19.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI932B.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI9465.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI9D4.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI9F5C.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI9FDA.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIA409.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIA6EE.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIADB8.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIB452.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIB52E.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIB59D.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIB64A.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIB699.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIB6F8.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIB832.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIB881.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIBF5B.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIC03F.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIC1DA.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIC3AB.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSICE3C.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSID070.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSID2A3.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSID544.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIDD06.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIDEC3.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIDF1A.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIECDE.tmp- =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIEE9F.tmp- =>Empty


---\\ Registro ( Chaves, Valores, Dados ) (6)
SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-1714357389-3331690931-1798891615-1001\Software\Astromenda Browser [] =>PUP.Optional.Astromenda
SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-1714357389-3331690931-1798891615-1001\Software\Classes\Astromenda.KP7GZDFXBGNQ3HH7LZNZFXAAUI [] =>PUP.Optional.Astromenda
SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-1714357389-3331690931-1798891615-1001\Software\Classes\AstromendaHTML.KP7GZDFXBGNQ3HH7LZNZFXAA [Astromenda HTML Document] =>PUP.Optional.Astromenda
SUPRIMIDO chave: HKCU\Software\Astromenda Browser [] =>PUP.Optional.Astromenda
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A5AC497E6BBC8D45BE8AD6619DA8217 [C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe (Not File)] =>Toolbar.AskBar
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool] =>Toolbar.Ask


---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Google Chrome)
~ Este navegador está faltando ! (Opera Software)


---\\ Estatísticas
~ Items scan : 638
~ Items encontrado : 1
~ items cancelados : 0
~ Items réparo : 85


~ End of clean in 0 minutes
===================
ZHPCleaner-[R]-04102015-15_45_37.txt
ZHPCleaner-[S]-04102015-15_44_53.txt
Yuri Lavand
Yuri Lavand
Iniciante
Iniciante

Mensagens : 33
Reputação : 0
Data de inscrição : 08/02/2014
Idade : 33

Ir para o topo Ir para baixo

win 10 infectado Empty Re: win 10 infectado

Mensagem por Power Max Dom 04 Out 2015, 17:44

Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

win 10 infectado Empty Re: win 10 infectado

Mensagem por joram Sex 11 Mar 2016, 12:38

Tópico Arquivado

Como o autor não respondeu por mais de 45 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.

_________________
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >> O que há de melhor,para desinfectar seu computador!
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >> Não deixem de conhecer!
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >> Tradição em informática!
joram
joram
Administrador
Administrador

Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

win 10 infectado Empty Re: win 10 infectado

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Ir para o topo Ir para baixo

Ir para o topo


 
Permissões neste sub-fórum
Não podes responder a tópicos