Shetef Solutions & Consulting 1998 LTD

FICA APARECENDO TODA HORA PARA O ADMINISTRADOR AUTORIZAR A FAZER MODIFICAÇÕES E INSTALAR ALGUMA COISA...JÁ CLIQUEI EM NÃO E SEMPRE APARECE! JÁ VI OUTROS TÓPICOS AQUI RELATANDO O MESMO PROBLEMA, FIZ O QUE ESTAVA INDICANDO...MAS DEMOROU MUITO E NÃO RESOLVEU. CONTINUA APARECENDO! ALGUÉM PODE ME AJUDAR??

 Oi Suellen!  Seja bem vinda ao Fórum PC Brasil.

Quais procedimentos você já fez?

Se você tiver os logs (relatórios) dos programas que você já usou, poste esses logs aqui no seu tópico para que os analistas possam verificar.

# AdwCleaner v3.007 - Relatório criado 15/10/2013 às 23:08:15
# Atualizado 09/10/2013 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : Suellen Ramos - SUELLENRAMOS-PC
# Executando de : C:\Users\Suellen Ramos\Documents\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : winzipersvc
Serviço Deletada : WsysSvc

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\BonanzaDealsLive
Pasta Deletada : C:\ProgramData\DealPlyLive
Pasta Deletada : C:\ProgramData\eSafe
Pasta Deletada : C:\ProgramData\Trymedia
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Pasta Deletada : C:\Program Files (x86)\Ask.com
Pasta Deletada : C:\Program Files (x86)\BonanzaDealsLive
Pasta Deletada : C:\Program Files (x86)\Conduit
Pasta Deletada : C:\Program Files (x86)\DealPlyLive
Pasta Deletada : C:\Program Files (x86)\WinZipper
Pasta Deletada : C:\Program Files (x86)\Common Files\spigot
Pasta Deletada : C:\Users\SUELLE~1\AppData\Local\Temp\AskSearch
Pasta Deletada : C:\Users\SUELLE~1\AppData\Local\Temp\eIntaller
Pasta Deletada : C:\Users\Suellen Ramos\AppData\Local\BonanzaDealsLive
Pasta Deletada : C:\Users\Suellen Ramos\AppData\Local\Conduit
Pasta Deletada : C:\Users\Suellen Ramos\AppData\Local\DealPlyLive
Pasta Deletada : C:\Users\Suellen Ramos\AppData\LocalLow\Conduit
Pasta Deletada : C:\Users\Suellen Ramos\AppData\LocalLow\Minibar
Pasta Deletada : C:\Users\Suellen Ramos\AppData\LocalLow\PriceGong
Pasta Deletada : C:\Users\Suellen Ramos\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Suellen Ramos\AppData\Roaming\DealPly
Pasta Deletada : C:\Users\Suellen Ramos\AppData\Roaming\DSite
Pasta Deletada : C:\Users\Suellen Ramos\AppData\Roaming\WinZipper
Pasta Deletada : C:\Users\Suellen Ramos\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda
Arquivo Deletada : C:\Users\Suellen Ramos\AppData\Roaming\Mozilla\Firefox\Profiles\vaoopf29.default\searchplugins\Askcom.xml
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\searchplugins\portaldosites.xml
Arquivo Deletada : C:\Users\Suellen Ramos\AppData\Roaming\Mozilla\Firefox\Profiles\vaoopf29.default\user.js
Arquivo Deletada : C:\windows\Tasks\Dealply.job
Arquivo Deletada : C:\windows\System32\Tasks\Dealply
Arquivo Deletada : C:\windows\Tasks\DSite.job
Arquivo Deletada : C:\windows\System32\Tasks\DSite
Arquivo Deletada : C:\windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Users\Suellen Ramos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0041896.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0041896.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\b1.org
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\Cr_Installer
Chave Deletedo : HKCU\Software\DealPlyLive
Chave Deletedo : HKCU\Software\dsiteproducts
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\AppDataLow\Software\AskToolbar
Chave Deletedo : HKCU\Software\AppDataLow\Software\Conduit
Chave Deletedo : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\lyrixeeker
Chave Deletedo : HKCU\Software\AppDataLow\Software\PriceGong
Chave Deletedo : HKCU\Software\AppDataLow\Software\Search Settings
Chave Deletedo : HKCU\Software\AppDataLow\Software\smartbar
Chave Deletedo : HKLM\Software\b1.org
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\delta-homesSoftware
Chave Deletedo : HKLM\Software\eSafeSecControl
Chave Deletedo : HKLM\Software\portaldositesSoftware
Chave Deletedo : HKLM\Software\V9
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Desk 365
Chave Deletedo : [x64] HKLM\SOFTWARE\b1.org
Chave Deletedo : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16720

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

-\\ Mozilla Firefox v15.0.1 (pt-BR)

[ Arquivo : C:\Users\Suellen Ramos\AppData\Roaming\Mozilla\Firefox\Profiles\vaoopf29.default\prefs.js ]


-\\ Google Chrome v30.0.1599.69

[ Arquivo : C:\Users\Suellen Ramos\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9130 octets] - [15/10/2013 21:53:53]
AdwCleaner[S0].txt - [7628 octets] - [15/10/2013 23:08:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7688 octets] ##########

Zoek.exe Version 4.0.0.5 Updated 13-October-2013
Tool run by Suellen Ramos on 15/10/2013 at 23:21:17,20.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Suellen Ramos\Desktop\zoek.exe [Script inserted]

==== System Restore Info ======================

15/10/2013 23:24:15 Zoek.exe System Restore Point Created Succesfully.

==== Creating Sample_102013_2331.zip ======================

Process C:\Users\Suellen Ramos\AppData\Local\keepvid.com.exe killed
Copied file C:\Users\Suellen Ramos\AppData\Local\ContentAgent.exe to sample\ContentAgent.exe
Copied file C:\Users\Suellen Ramos\AppData\Local\keepvid.com.exe to sample\keepvid.com.exe
sample\ContentAgent.exe renamed to 802AFF4C0CCD0CBE2C9D8CA84B7C5EC9
sample\keepvid.com.exe renamed to A5E746D3A15129ECA75F581F814AC502

C:\Users\Public\Desktop\sample_102013_2331.zip created successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2208230807-1906984956-1475362193-1001\Software\Microsoft\Internet Explorer\SearchScopes\{01E6DBCE-5334-4456-B1BF-E5DD8E2F447D} deleted successfully
HKEY_USERS\S-1-5-21-2208230807-1906984956-1475362193-1001\Software\Microsoft\Internet Explorer\SearchScopes\{4842258F-F1EC-42D1-9597-7009463CF73D} deleted successfully
HKEY_USERS\S-1-5-21-2208230807-1906984956-1475362193-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A909E438-AA9C-4C8F-89BD-CD764E43595B} deleted successfully
HKEY_USERS\S-1-5-21-2208230807-1906984956-1475362193-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFC4CEE3-3E3D-4519-B4F5-56C437C01111} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================

C:\windows\system32\appdata deleted

==== Deleting Files \ Folders ======================

C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted
C:\windows\syswow64\appdata deleted
C:\Users\Suellen Ramos\AppData\Roaming\UpdaterEX deleted
C:\Users\Suellen Ramos\AppData\Roaming\eCyber deleted
C:\Users\Suellen Ramos\AppData\Roaming\iSafe deleted
C:\Users\Suellen Ramos\AppData\Local\keepvid.dll deleted
C:\Users\Suellen Ramos\AppData\Local\libeay32.dll deleted
C:\Users\Suellen Ramos\AppData\Local\msvcp100.dll deleted
C:\Users\Suellen Ramos\AppData\Local\msvcr100.dll deleted
C:\Users\Suellen Ramos\AppData\Local\QtCore4.dll deleted
C:\Users\Suellen Ramos\AppData\Local\QtGui4.dll deleted
C:\Users\Suellen Ramos\AppData\Local\QtNetwork4.dll deleted
C:\Users\Suellen Ramos\AppData\Local\ssleay32.dll deleted
C:\Users\Suellen Ramos\AppData\Local\CRE deleted
C:\Users\Suellen Ramos\AppData\Local\APN deleted
C:\Users\Suellen Ramos\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx deleted
C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow\Search Settings deleted
C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\windows\SysNative\tasks\UpdaterEX deleted
C:\windows\tasks\UpdaterEX.job deleted
C:\Users\Suellen Ramos\AppData\Roaming\Mozilla\Firefox\Profiles\vaoopf29.default\searchplugins\ashampoo-br-customized-web-search.xml deleted
C:\Users\Suellen Ramos\AppData\Roaming\Mozilla\Firefox\Profiles\vaoopf29.default\extensions\staged deleted
C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted
C:\Users\Suellen Ramos\AppData\Local\ContentAgent.exe deleted
C:\Users\Suellen Ramos\AppData\Local\keepvid.com.exe deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [14/09/2013 18:07]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"keepvid.com@helper.com"="C:\Users\Suellen Ramos\AppData\Local\keepvid.xpi" [14/10/2013 22:08]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Suellen Ramos\AppData\Roaming\Mozilla\Firefox\Profiles\vaoopf29.default
- Undetermined - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
- 4shared Desktop Plugin - %ProfilePath%\extensions\4sharedCopyLinks.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Suellen Ramos\AppData\Roaming\Mozilla\Firefox\Profiles\vaoopf29.default
D7324EB1EDCB8990F8522DE0311359E9 - C:\windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17
0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Suellen Ramos\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
15E298B5EC5B89C5994A59863969D9FF - C:\windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
epojlgbehpaeekopencdagbdamnkppci - No path found[]
hbcennhacfaagdopikcegfcobcadeocj - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx[]
icdlfehblmklkikfigmjhbmmpmkmpooj - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx[]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]
ieadcoanfjloocmfafkebdnfefmohngj - No path found[]
mhkaekfpcppmmioggniknbnbdbcigpkk - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx[]
nfengeggddojhakldhlpjdlddgkkjkdd - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx[11/08/2012 11:45]
pfndaklgolladniicklehhancnlgocpp - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx[]

RealDownloader - Suellen Ramos - Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Advanced SystemCare Surfing Protection - Suellen Ramos - Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
Chrome In-App Payments service - Suellen Ramos - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
keepvid.com - Suellen Ramos - Default\Extensions\oipolchnclfaogmpaomopjibifaabgif

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{49ED9900-38CD-453C-BBA7-3F2613317F5A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49ED9900-38CD-453C-BBA7-3F2613317F5A} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\epojlgbehpaeekopencdagbdamnkppci deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ieadcoanfjloocmfafkebdnfefmohngj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Suellen Ramos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Suellen Ramos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Suellen Ramos\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Suellen Ramos\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Suellen Ramos\AppData\Local\Mozilla\Firefox\Profiles\vaoopf29.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Suellen Ramos\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\SUELLE~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 15/10/2013 at 23:43:30,75 ======================

# DelFix v10.4 - Logfile created 15/10/2013 at 23:52:35
# Updated 19/07/2013 by Xplode
# Username : Suellen Ramos - SUELLENRAMOS-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek-results.log
Deleted : C:\Users\Suellen Ramos\Desktop\zoek.com
Deleted : C:\Users\Suellen Ramos\Desktop\zoek.exe
Deleted : C:\Users\Suellen Ramos\Desktop\zoek.scr
Deleted : C:\Users\Suellen Ramos\Documents\Downloads\AdwCleaner.exe
Deleted : C:\Users\Suellen Ramos\Documents\Downloads\zoek.zip
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Cleaning system restore ...

Deleted : RP #146 [Windows Update | 09/14/2013 00:36:57]
Deleted : RP #147 [Windows Update | 09/14/2013 01:14:02]
Deleted : RP #148 [Windows Update | 09/18/2013 02:42:37]
Deleted : RP #149 [Windows Update | 09/23/2013 23:56:57]
Deleted : RP #150 [Windows Update | 09/29/2013 15:45:18]
Deleted : RP #151 [Windows Update | 10/06/2013 11:17:08]
Deleted : RP #152 [Windows Update | 10/10/2013 00:35:11]
Deleted : RP #153 [Windows Update | 10/10/2013 01:30:16]
Deleted : RP #154 [Instalador de Módulos do Windows | 10/15/2013 00:30:45]
Deleted : RP #155 [Windows Update | 10/15/2013 23:12:59]
Deleted : RP #156 [zoek.exe restore point | 10/16/2013 02:23:51]

New restore point created !

########## - EOF - ##########

VOcÊ sabe como me ajudar ?

Poste também por gentileza um log do Hijackthis conforme mostra esse tópico: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:37:44, on 16/10/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Users\Suellen Ramos\AppData\Local\aHaskZ3\CashPartners.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Suellen Ramos\Documents\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [keepvid] C:\Users\Suellen Ramos\AppData\Local\keepvid.com.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Suellen Ramos\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [CashPartners] C:\Users\Suellen Ramos\AppData\Local\aHaskZ3\CashPartners.exe
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'Default user')
O8 - Extra context menu item: &Download All using 4shared Desktop - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Ramos\Music\Diretório\4shared Desktop\Desktop.32/D_ALL_LINK
O8 - Extra context menu item: &Download using 4shared Desktop - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Ramos\Music\Diretório\4shared Desktop\Desktop.32/D_ONE_LINK
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11784 bytes

pronto...e agora?

Vários problemas foram removidos do seu PC, mas ainda há outros. Hoje os analistas não estão por aqui, mas durante o dia eles irão te dar as dicas para completar a remoção dos problemas.

ok! aguardo uma resposta de dia então   obrigada

uma outra coisa que você pode ir fazendo enquanto isso é baixar o Malwarebytes, fazer uma verificação completa com ele e remover os problemas que ele encontrar. Para isto é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

E aí quando a limpeza dele terminar você posta o log dele aqui também.

Bom dia...
alguém online para me orientar por favor ??

Oi Suellen! Você executou o Malwarebytes? Se tiver executado poste o log dele aqui para análise.

não estou conseguindo baixar o Malwarebytes.... o link do tutorial não abre! dá erro. vc teria outro?

consegui...o programa está sendo executado...postarei quando acabar

suellenramos escreveu:consegui...o programa está sendo executado...postarei quando acabar

 Ok.

demora tanto assim para fazer a verificação ? já tem 12 minutos...

suellenramos escreveu:demora tanto assim para fazer a verificação ? já tem 12 minutos...

Olá suellenramos

Pode demorar um pouco sim. Isso dependerá da quantidade de arquivos existentes no PC.

Tenha paciência.

OK...estou aguardando

Malwarebytes Anti-Malware 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Versão da Base de Dados: v2013.04.04.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Suellen Ramos :: SUELLENRAMOS-PC [administrador]

16/10/2013 10:44:15
mbam-log-2013-10-16 (10-44-15).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 376595
Tempo decorrido: 1 hora(s), 6 minuto(s), 53 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)

(fim)

e agora ???não detectou nada ;(

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Farbar) e salve-o no Desktop

*Clique com o botão direito do mouse no FRST e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Aceite o contrato, clique [Scan] e ao término clique [OK] > [OK]

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt


Acesse [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique [Selecionar arquivo...], localize o relatório FRST.txt criado no Desktop e clique [Abrir]

*Selecione 4 jours e clique [Créer le lien Cjoint]

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Copie e cole o link criado ao lado de Le lien a été créé:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Repita o procedimento para o relatório Addition.txt e cole o link

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

E agora ????

Baixe o arquivo fixlist.txt e salve-o no mesmo local onde encontra-se o FRST

*Clique com o botão direito do mouse no FRST e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Clique [Fix] e cole o relatório Fixlog.txt criado no Desktop


Reinicie o PC e informe.