Author Topic: mensagem de infeccção recorrente  (Read 12775 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Re: mensagem de infeccção recorrente
« Reply #15 on: September 18, 2015, 05:25:57 AM »
segue log gerado depois de salvar o fixlist.txt
"Run FRST and press Fix
On completion a log will be generated please post that"

REDACTED

  • Guest
Re: mensagem de infeccção recorrente
« Reply #16 on: September 18, 2015, 05:40:17 AM »
segue o log depois do AdwCleaner.exe :


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: mensagem de infeccção recorrente
« Reply #17 on: September 18, 2015, 04:08:49 PM »
Any further problems ?

REDACTED

  • Guest
Re: mensagem de infeccção recorrente
« Reply #18 on: September 18, 2015, 06:44:31 PM »
tambem tenho o mesmo problema:http://differentia.ru/diff.php e http://disorderstatus.ru/order.php

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6677
  • volunteer
Re: mensagem de infeccção recorrente
« Reply #19 on: September 18, 2015, 10:34:47 PM »
tambem tenho o mesmo problema:http://differentia.ru/diff.php e http://disorderstatus.ru/order.php

Por favor, da próxima vez que criar um novo tópico
um especialista em remoção de malware irá ajudá-lo
aguarde.
« Last Edit: September 19, 2015, 03:23:02 AM by jefferson sant »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: mensagem de infeccção recorrente
« Reply #20 on: September 18, 2015, 11:16:49 PM »
@samuelgross

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
HKLM\...\Policies\Explorer\Run: [531646816] => C:\Documents and Settings\All Users\msanz.exe [77920512 2008-04-13] ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-220523388-484061587-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcrQUOXCk65dOJhmHxpLtSVTxIe_-lLOguhMtVlByKV9Pwd0vlF-6P4iPUTFFNi7A,,
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcrQUOXCk65dOJhmHxpLtSVTxIe_-lLOguhMtVlByKV9Pwd0vlF-6P4iPUTFFNi7A,,
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-220523388-484061587-1801674531-1003 -> {3AEAD5DA-D308-414D-8F76-0CCCFFAAE25B} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST500DM002-1BD142_S2A4QQCDXXXXS2A4QQCD&ts=1430105075&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-220523388-484061587-1801674531-1003 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST500DM002-1BD142_S2A4QQCDXXXXS2A4QQCD&ts=1430105075&type=default&q={searchTerms}
CHR HomePage: Default -> hxxp://br.hao123.com/?tn=sdkp_inner_protection_02_hao123_br
CHR RestoreOnStartup: Default -> "hxxp://br.hao123.com/?tn=sdkp_inner_protection_02_hao123_br"
CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - <no Path\update_url>
S2 vofohope; C:\Documents and Settings\Samuel.MAQUINA\Dados de aplicativos\FFFFFFFF-1430105201-FFFF-FFFF-FFFFFFFFFFFF\jnsn938.tmp [X]
2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Dados de aplicativos\FFFFFFFF-1430497961-FFFF-FFFF-FFFFFFFFFFFF
2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Dados de aplicativos\FFFFFFFF-1430105201-FFFF-FFFF-FFFFFFFFFFFF
2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Configurações locais\Dados de aplicativos\FFFFFFFF-1430487407-FFFF-FFFF-FFFFFFFFFFFF
2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Configurações locais\Dados de aplicativos\FFFFFFFF-1430487393-FFFF-FFFF-FFFFFFFFFFFF
2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Configurações locais\Dados de aplicativos\FFFFFFFF-1430487251-FFFF-FFFF-FFFFFFFFFFFF
2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Configurações locais\Dados de aplicativos\FFFFFFFF-1430094679-FFFF-FFFF-FFFFFFFFFFFF
2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2008-04-13 18:21 - 2008-04-13 18:21 - 77920512 ___SH () C:\Documents and Settings\All Users\msanz.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

REDACTED

  • Guest
Re: mensagem de infeccção recorrente
« Reply #21 on: September 19, 2015, 12:34:34 AM »
Meu PC estava com o mesmo problema, então fiz o mesmo procedimento com o FARBAR. Segue em anexos os arquivos gerados pelo mesmo ao fim do escaneamento.

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6677
  • volunteer
Re: mensagem de infeccção recorrente
« Reply #22 on: September 19, 2015, 03:21:45 AM »
Meu PC estava com o mesmo problema, então fiz o mesmo procedimento com o FARBAR. Segue em anexos os arquivos gerados pelo mesmo ao fim do escaneamento.

Boa noite

fernandoufc.93 Você tem abrir seu próprio tópico,acesse o link da área português.

https://forum.avast.com/index.php?board=27.0

Clique no botão novo tópico como a seta indicada na imagem em anexo e anexar os logs novamente. Infelizmente tem dois usuários na frente com mesmo problema e ainda os procedimentos não terminaram.

« Last Edit: September 19, 2015, 04:00:05 AM by jefferson sant »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: mensagem de infeccção recorrente
« Reply #23 on: September 20, 2015, 09:13:33 PM »
Please start a new thread for each topic

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6677
  • volunteer
Re: mensagem de infeccção recorrente
« Reply #24 on: September 20, 2015, 09:37:46 PM »
Meu PC estava com o mesmo problema, então fiz o mesmo procedimento com o FARBAR. Segue em anexos os arquivos gerados pelo mesmo ao fim do escaneamento.

@fernandoufc.93

Este tópico não dá para continuar (Confuso), extremamente necessário que você crie um novo tópico, como eu disse no post acima. Como também o instrutor de remoção de malware informou agora pouco.
« Last Edit: September 20, 2015, 09:43:24 PM by jefferson sant »

REDACTED

  • Guest
Re: mensagem de infeccção recorrente
« Reply #25 on: September 21, 2015, 10:48:50 PM »
@samuelgross

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
HKLM\...\Policies\Explorer\Run: [531646816] => C:\Documents and Settings\All Users\msanz.exe [77920512 2008-04-13] ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-220523388-484061587-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcrQUOXCk65dOJhmHxpLtSVTxIe_-lLOguhMtVlByKV9Pwd0vlF-6P4iPUTFFNi7A,,
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcrQUOXCk65dOJhmHxpLtSVTxIe_-lLOguhMtVlByKV9Pwd0vlF-6P4iPUTFFNi7A,,
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRAM4wyQFGqZgzjuGnVQxGaWwMYI1l5afqIQfMk6EkQjYhYci4hrsXKayzX3Zd0vTcnDR1bT-yVumKxpRvh0Xm9TbrMmT-Kg3bf_ZHZE3Nh34M98dvburXZuysdAQ7VXA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-220523388-484061587-1801674531-1003 -> {3AEAD5DA-D308-414D-8F76-0CCCFFAAE25B} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST500DM002-1BD142_S2A4QQCDXXXXS2A4QQCD&ts=1430105075&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-220523388-484061587-1801674531-1003 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST500DM002-1BD142_S2A4QQCDXXXXS2A4QQCD&ts=1430105075&type=default&q={searchTerms}
CHR HomePage: Default -> hxxp://br.hao123.com/?tn=sdkp_inner_protection_02_hao123_br
CHR RestoreOnStartup: Default -> "hxxp://br.hao123.com/?tn=sdkp_inner_protection_02_hao123_br"
CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - <no Path\update_url>
S2 vofohope; C:\Documents and Settings\Samuel.MAQUINA\Dados de aplicativos\FFFFFFFF-1430105201-FFFF-FFFF-FFFFFFFFFFFF\jnsn938.tmp [X]
2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Dados de aplicativos\FFFFFFFF-1430497961-FFFF-FFFF-FFFFFFFFFFFF
2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Dados de aplicativos\FFFFFFFF-1430105201-FFFF-FFFF-FFFFFFFFFFFF
2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Configurações locais\Dados de aplicativos\FFFFFFFF-1430487407-FFFF-FFFF-FFFFFFFFFFFF
2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Configurações locais\Dados de aplicativos\FFFFFFFF-1430487393-FFFF-FFFF-FFFFFFFFFFFF
2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Configurações locais\Dados de aplicativos\FFFFFFFF-1430487251-FFFF-FFFF-FFFFFFFFFFFF
2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\Samuel.MAQUINA\Configurações locais\Dados de aplicativos\FFFFFFFF-1430094679-FFFF-FFFF-FFFFFFFFFFFF
2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-08-20 15:59 - 2015-08-20 15:59 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2008-04-13 18:21 - 2008-04-13 18:21 - 77920512 ___SH () C:\Documents and Settings\All Users\msanz.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6677
  • volunteer
Re: mensagem de infeccção recorrente
« Reply #26 on: September 22, 2015, 04:26:39 AM »
@samuelgross
Peço desculpas, eu estive ausente hoje, mas já notifiquei para amanhã, está faltando o Fixlog.txt,se executou o primeiro procedimento, anexá-lo em seguida.
« Last Edit: September 22, 2015, 04:33:58 AM by jefferson sant »

REDACTED

  • Guest
Re: mensagem de infeccção recorrente
« Reply #27 on: September 22, 2015, 03:45:18 PM »
SEGUE ARQUIVO

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: mensagem de infeccção recorrente
« Reply #28 on: September 22, 2015, 04:05:08 PM »
@samuelgross have the alerts ceased ?

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6677
  • volunteer
Re: mensagem de infeccção recorrente
« Reply #29 on: September 23, 2015, 10:28:10 PM »
@samuelgross
O instrutor de remoção de malware está perguntando sobre os alertas sumiram, complementando como está seu computador neste exato momento?