Olá,

No meu computador está aparecendo a cada 10min uma janela com a mensagem “Infecção Bloqueada” URL: “hxxp://getusaaall.info/?e=bsp&unp=Azm9CdOLv7DVDyxECyFPg7x9Ae0KBfUKAe4MBG0VWz” e gera até 10 telas com a mesma mensagem.
Li os tópicos relacionados e fiz tudo o que pediam, mas até agora nada.
Gostaria que alguém analise os relatórios do FRST e me dê uma luz de como resolver este problema.

Cordialmente,
Jefferson Sampaio

Hello,

Are you able to follow my instruction in Engish?

If not, then you may seek help in corresponding section of the forum.
https://forum.avast.com/index.php?board=21.0

//google translate
https://translate.google.com/#en/pt/Are%20you%20able%20to%20follow%20my%20instruction%20in%20Engish%3F%20 If%20not%2C%20then%20you%20may%20seek%20help%20in%20corresponding%20section%20of%20the%20forum.

Hi, I am able to follow your instructions. What should I do??

Hi,

First from Start > Control Panel > Programs and Features you shall need to uninstall the ‘WindowsMangerProtect20.0.0.502’ adware.
Then we shall deploy FixList.

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Start File: C:\Program Files\qubnfe\qubnfe.exe Hosts: AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\Program Files\SupTab\SearchProtect32.dll [94088 2014-07-07] (Skytech Co., Ltd.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1404737424&from=pcm&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2J53441434414 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1404737424&from=pcm&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2J53441434414 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1404737424&from=pcm&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2J53441434414&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1404737424&from=pcm&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2J53441434414&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1404737424&from=pcm&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2J53441434414 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1404737424&from=pcm&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2J53441434414&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1404737424&from=pcm&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2J53441434414&q={searchTerms} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1404737424&from=pcm&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2J53441434414&q={searchTerms} BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited) CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Manutenção\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-06-30] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [535936 2014-07-07] (Fuyu LIMITED) Reboot: C:\Program Files\SupTab\SearchProtect32.dll C:\Program Files\SupTab C:\Users\Manutenção\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx C:\ProgramData\WindowsMangerProtect C:\Users\Manutenção\AppData\Local\Torch C:\Users\Convidado\AppData\Local\Torch C:\Users\Administrador\AppData\Local\Torch C:\ProgramData\IePluginServices C:\Users\Manutenção\AppData\Local\Temp\300614_a4.exe C:\Users\Manutenção\AppData\Local\Temp\300614_h.exe C:\Users\Manutenção\AppData\Local\Temp\300614_l.exe C:\Users\Manutenção\AppData\Local\Temp\300614_t2.exe C:\Users\Manutenção\AppData\Local\Temp\300614_y.exe CMD: ipconfig /flushdns End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

done,

Thank you for your help.

Hello,

If FixList has been executed, FRST tool shall create another report named FixLog. Could you please post here the FixLog so I can see what has been done?

Also, tell me is the problem resolved?