Fórum SecSecurity

Implementando Limpeza e Seguranca em seu computador!

Palavras chave

Últimos assuntos

» ListChkdskResult ( ... by SleepyDude )
Dom Set 24, 2017 1:39 pm por joram

» Clean_DNS ( ... by g3n-h@ckm@n )
Dom Jul 16, 2017 6:00 pm por joram

»  MCShield ( ... by Borislav Šurbat and Boban Spasić )
Qua Jul 12, 2017 3:22 pm por joram

» CheckDiskGUI ( ... by Emiel Wieldraaijer )
Seg Jul 10, 2017 11:08 am por joram

» Eset Online Scanner ( ... by Eset.com )
Sab Jul 08, 2017 9:32 am por joram

» Virus Total ( ... de virustotal.com )
Dom Jun 11, 2017 9:21 am por joram

» RogueKiller ( ... by adlice.com )
Dom Jun 04, 2017 8:36 pm por joram

» Sophos Virus Removal Tool ( ... by Sophos.com )
Dom Maio 21, 2017 4:44 pm por joram

» 9-Lab Malware Removal Tool ( ... by 9-lab.com )
Sab Dez 31, 2016 4:24 am por joram

Novembro 2017

SegTerQuaQuiSexSabDom
  12345
6789101112
13141516171819
20212223242526
27282930   

Calendário Calendário

Parceiros

Fórum grátis

Os membros mais marcados


    Firefox travando, script aparecendo no firefox

    Compartilhe
    avatar
    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 37
    Localização : Natal/RN

    Firefox travando, script aparecendo no firefox

    Mensagem por Edvan em Seg Ago 12, 2013 3:05 pm

     Log para analise http://cjoint.com/13au/CHmvdjuV0Ol.htm

    # AdwCleaner v2.306 - Relatório criado em 12/08/2013 às 15:49:06
    # Atualizado em 19/07/2013 por Xplode
    # Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
    # Usuário : f003204 - FUN0044
    # Modo de Boot : Normal
    # Executado de : C:\Documents and Settings\f003204\Meus documentos\Downloads\adwcleaner.exe
    # Opção [Remover]


    ***** [Serviços] *****


    ***** [Arquivos/Pastas] *****

    Pasta Removido : C:\Arquivos de programas\FromDocToPDF_65
    Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
    Pasta Removido : C:\Documents and Settings\f003204\Configurações locais\Dados de aplicativos\iac
    Pasta Removido : C:\Documents and Settings\f003204\Dados de aplicativos\FromDocToPDF_65
    Pasta Removido : C:\Documents and Settings\f003204\Dados de aplicativos\Mozilla\Firefox\Profiles\e7hokt0n.default\extensions\65ffxtbr@FromDocToPDF_65.com

    ***** [Registro] *****

    Chave Removida : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
    Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}]
    Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}]

    ***** [Navegadores] *****

    -\\ Internet Explorer v8.0.6001.18702

    Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = [Você precisa estar registrado e conectado para ver este link.] --> [Você precisa estar registrado e conectado para ver este link.]

    -\\ Mozilla Firefox v22.0 (pt-BR)

    Arquivo : C:\Documents and Settings\f000173\Dados de aplicativos\Mozilla\Firefox\Profiles\bqvwvvxl.default\prefs.js

    [OK] Arquivo está limpo.

    Arquivo : C:\Documents and Settings\f003204\Dados de aplicativos\Mozilla\Firefox\Profiles\e7hokt0n.default\prefs.js

    Removida : user_pref("extensions.toolbar.mindspark._65Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]

    -\\ Google Chrome v [Impossível ler a versão]

    Arquivo : C:\Documents and Settings\f003204\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences

    [OK] Arquivo está limpo.

    *************************

    AdwCleaner[S1].txt - [2870 octets] - [12/08/2013 15:49:06]

    ########## EOF - C:\AdwCleaner[S1].txt - [2930 octets] ##########




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.8.9 (04.22.2013:1)
    OS: Microsoft Windows XP x86
    Ran by f003204 on 12/08/2013 at 15:52:22,10
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Successfully deleted the following from C:\Documents and Settings\f003204\Dados de aplicativos\mozilla\firefox\profiles\e7hokt0n.default\prefs.js

    user_pref("extensions.toolbar.mindspark._65Members_.initialized", true);
    user_pref("extensions.toolbar.mindspark._65Members_.installation.contextKey", "");
    user_pref("extensions.toolbar.mindspark._65Members_.installation.installDate", "2013052310");
    user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerId", "Y6xpi000YY");
    user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerSubId", "");
    user_pref("extensions.toolbar.mindspark._65Members_.installation.success", false);
    user_pref("extensions.toolbar.mindspark._65Members_.installation.toolbarId", "undefined");
    user_pref("extensions.toolbar.mindspark._65Members_.options.defaultSearch", false);
    user_pref("extensions.toolbar.mindspark._65Members_.options.homePageEnabled", false);
    user_pref("extensions.toolbar.mindspark._65Members_.options.keywordEnabled", false);
    user_pref("extensions.toolbar.mindspark._65Members_.options.tabEnabled", false);
    user_pref("extensions.toolbar.mindspark._65Members_.weather.location", "10001");
    user_pref("extensions.toolbar.mindspark.lastInstalled", "fromdoctopdf@mindspark.com");
    Emptied folder: C:\Documents and Settings\f003204\Dados de aplicativos\mozilla\firefox\profiles\e7hokt0n.default\minidumps [8 files]



    ~~~ Chrome

    Successfully deleted: [Registry Key] hkey_current_user\software\policies\google\chrome\extensioninstallforcelist





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 12/08/2013 at 15:58:10,76
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    avatar
    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 618
    Data de inscrição : 14/08/2012
    Idade : 64
    Localização : Rio de Janeiro

    Re: Firefox travando, script aparecendo no firefox

    Mensagem por joram em Seg Ago 12, 2013 3:19 pm

    Boa Tarde! Edvan

    |- Baixe: < [Você precisa estar registrado e conectado para ver este link.] > ( ... by Smeenk )

    |- Ou aqui! < [Você precisa estar registrado e conectado para ver esta imagem.][Você precisa estar registrado e conectado para ver este link.] >

    |- Salve-o no desktop!
    |- Desabilite seu antivírus!
    |- Para Windows 7,execute zoek.exe como administrador.

    startupall;
    firefoxlook; 
    autoclean; 
    filesrcm; 
    emptyalltemp;
     

    |- Copie e cole estas informações,em vermelho,no campo da ferramenta.
    |- Clique "Run Script". 

    Zoek.exe is running now. 
    Do not start any browser windows, they will be closed automatically. 
    Please wait! This window will close when finished. 
    A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
    |- Surgirão estas informações,pedindo-lhe que aguarde o relatório.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Aceite e/ou confirme o reboot!

    zoek.hta failed by unknown error.
    Restart computer, and try again.
    |- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
    |- Poste o relatório,que estará em C:\zoek-results.txt << 

    -/-

    |- Feche programas/pastas que estejam abertas.
    |- Feche,também,o navegador!
    |- Para Windows Vista,desabilite a [Você precisa estar registrado e conectado para ver este link.].

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
    |- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

    P2 - FPN: [HKLM] [@FromDocToPDF_65.com/Plugin] - (...) -- C:\Arquivos de programas\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (.not file.)
    R3 - URLSearchHook: (no name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
    O2 - BHO: Toolbar BHO - {a235e1e3-6296-4710-af39-104a7faa6c7c} . (...) -- C:\ARQUIV~1\FROMDO~2\bar\1.bin\65bar.dll (.not file.)
    O2 - BHO: Search Assistant BHO - {f236ca79-3123-4afb-9f74-e98117ad5625} . (...) -- C:\Arquivos de programas\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (.not file.)
    O4 - HKLM\..\Run: [FromDocToPDF Search Scope Monitor] C:\ARQUIV~1\FROMDO~2\bar\1.bin\65srchmn.exe (.not file.)
    O4 - HKLM\..\Run: [FromDocToPDF_65 Browser Plugin Loader] C:\ARQUIV~1\FROMDO~2\bar\1.bin\65brmon.exe (.not file.)
    O23 - Service: FromDocToPDFService (FromDocToPDF_65Service) . (...) - C:\ARQUIV~1\FROMDO~2\bar\1.bin\65barsvc.exe (.not file.)

    ctffix
    emptytemp
    emptyclsid
    emptyflash
    firewallraz
    sysrestore

    |- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
    |- Minimize o Bloco de Notas.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Clique no menu,"Paste ClipBoard".
    |- Evite a opção "Colar" ( Ctrl+V ),no campo amarelo claro,que não habilita o botão "Go".

    [Você precisa estar registrado e conectado para ver este link.]

    |- Clique "GO" >> Oui.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
    |- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

    Abs!
    avatar
    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 37
    Localização : Natal/RN

    Re: Firefox travando, script aparecendo no firefox

    Mensagem por Edvan em Seg Ago 12, 2013 3:40 pm

    Aqui amigo:


    Zoek.exe Version 4.0.0.4 Updated 10-August-2013
    Tool run by f003204 on 12/08/2013 at 16:24:37,48.
    Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
    Running in: Normal Mode Internet Access Detected
    Launched: C:\Documents and Settings\f003204\Desktop\zoek.exe [Script inserted] 

    ==== System Restore Info ======================

    12/08/2013 16:25:33 Zoek.exe System Restore Point Created Succesfully.

    ==== Creating Sample_082013_1630.zip ======================
     
    Copied file C:\Documents and Settings\f003204\Dados de aplicativos\unins000.exe to sample\unins000.exe
    sample\unins000.exe renamed to AD6E810B9CE3D8C0C1FF0203C68C6FA6

    C:\Documents and Settings\All Users\Desktop\sample_082013_1630.zip created successfully

    ==== Deleting CLSID Registry Keys ======================


    ==== Deleting CLSID Registry Values ======================


    ==== Deleting Services ======================


    ==== Deleting Files \ Folders ======================

    "C:\WINDOWS\002662_.tmp" deleted
    "C:\WINDOWS\SET3.tmp" deleted
    "C:\WINDOWS\SET4.tmp" deleted
    "C:\WINDOWS\SET8.tmp" deleted
    "C:\Documents and Settings\f003204\Dados de aplicativos\unins000.exe" deleted

    ==== Files Recently Created / Modified ======================

    ====== C:\WINDOWS ====
    ====== C:\DOCUME~1\f003204\CONFIG~1\Temp ====
    ====== C:\WINDOWS\system32 =====
    ====== C:\WINDOWS\system32\drivers =====
    ====== C:\WINDOWS\Tasks ======
    ====== C:\WINDOWS\Temp ======
    ======= C:\Arquivos de programas =====
    2013-08-12 18:59:46 -------- d-----w- C:\Arquivos de programas\ZHPDiag
    ======= C: =====
    2013-08-12 19:02:45 40D41AD5CA297F62EB47FAA42A8C0688 512 ----a-w- C:\PhysicalDisk0_MBR.bin
    2013-08-12 18:49:06 0D4AC7A87B92D72EB7259658B8C5BC2E 2999 ----a-w- C:\AdwCleaner[S1].txt
    ====== C:\Documents and Settings\f003204\Dados de aplicativos ======
    2013-08-12 13:46:07 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Temp
    ====== C:\Documents and Settings\f003204 ======
    2013-08-12 18:59:06 6276219441AFA20AE900104DF712DD29 5003740 ----a-w- C:\Documents and Settings\f003204\Desktop\ZHPDiag2.exe

    ====== C: exe-files ==
    2013-08-12 19:16:44 984CC93BB0EF86A0B4825269D8379D81 774424 ----a-w- C:\Documents and Settings\f003204\Configurações locais\temp\CRX_DF399A9B283A\GoogleUpdateSetup.exe
    2013-08-12 19:16:44 4C8C0B0340C6234649C7F91FB5E89A54 571272 ----a-w- C:\Documents and Settings\f003204\Configurações locais\temp\CRX_DF399A9B283A\ChromeRecovery.exe
    2013-08-12 18:59:54 CB2D120A4B72422A8141192831B1F500 80384 ----a-w- C:\Arquivos de programas\ZHPDiag\mbrcheck.exe
    2013-08-12 18:59:54 5DAF7081A4BB112FA3F1915819330A3E 61440 ----a-w- C:\Arquivos de programas\ZHPDiag\pv.exe
    2013-08-12 18:59:54 5BBF2A0351E336646022D09009560CEF 143360 ----a-w- C:\Arquivos de programas\ZHPDiag\FileInfos.exe
    2013-08-12 18:59:53 F3A37421DBD1AAA36558C97572C91C5A 147456 ----a-w- C:\Arquivos de programas\ZHPDiag\catchme.exe
    2013-08-12 18:59:53 53CDBB093B0AEE9FD6CF1CBD25A95077 290304 ----a-w- C:\Arquivos de programas\ZHPDiag\subinacl.exe
    2013-08-12 18:59:53 451AE03D3C92777F09840CA56F08AB62 454056 ----a-w- C:\Arquivos de programas\ZHPDiag\setacl32.exe
    2013-08-12 18:59:53 3E350EB5DF15C06DEC400A39DD1C6F29 559528 ----a-w- C:\Arquivos de programas\ZHPDiag\setacl64.exe
    2013-08-12 18:59:53 2312A38B8B003330DB919FA818C48449 231048 ----a-w- C:\Arquivos de programas\ZHPDiag\sigcheck.exe
    2013-08-12 18:59:52 9DAA7218961710008D7385B01BD3F386 89088 ----a-w- C:\Arquivos de programas\ZHPDiag\mbr.exe
    2013-08-12 18:59:52 6B8AF3A2A3D9059008B55C444461CA00 61952 ----a-w- C:\Arquivos de programas\ZHPDiag\Lads.exe
    2013-08-12 18:59:51 A3F7B76494E5F3D32B05824241E82AD0 2726912 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPFix\ZHPFix.exe
    2013-08-12 18:59:50 864F3E37BCF2F9BB998414673F1C215A 7711232 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe
    2013-08-12 18:59:48 1321DC81E317EE48C4D004775FB29AC9 1916928 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPFix\ZHPhep.exe
    2013-08-12 18:59:46 8AE13B97BFCAD6C7D3B8C8A1C298EFB4 694736 ----a-w- C:\Arquivos de programas\ZHPDiag\unins000.exe
    2013-08-12 18:59:46 1321DC81E317EE48C4D004775FB29AC9 1916928 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPhep.exe
    2013-08-12 18:59:06 6276219441AFA20AE900104DF712DD29 5003740 ----a-w- C:\Documents and Settings\f003204\Desktop\ZHPDiag2.exe
    2013-08-12 18:52:05 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\JRT\erunt\ERUNT.EXE
    2013-08-12 18:44:26 4C47469F47FD9F8437B62A86F6E0874F 666633 ----a-w- C:\Documents and Settings\f003204\Meus documentos\Downloads\adwcleaner.exe
    2013-08-12 18:40:56 2C2F20747085946DE79A713879E09C4E 535764 ----a-w- C:\RECYCLER\S-1-5-21-2586132527-314635491-3328972525-21318\Dc47\JRT.exe
    2013-08-12 13:46:18 4B9FD29A17150961BCDF7FDD3310118B 3482136 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Temp\sf.exe
    2013-08-12 13:45:37 BCC6448BD6D1B19306DA48B0A73FBBA4 2349096 ----a-w- C:\Documents and Settings\f003204\Meus documentos\Downloads\DiagnosticoBB (1).exe
    2013-08-12 12:20:33 BCC6448BD6D1B19306DA48B0A73FBBA4 2349096 ----a-w- C:\Documents and Settings\f003204\Meus documentos\Downloads\DiagnosticoBB(2).exe
    === C: other files ==
    2013-08-12 19:30:11 D5958455AB274970E03BDB2B6950AB5D 331988 ----a-w- C:\Documents and Settings\All Users\Desktop\sample_082013_1630.zip
    2013-08-12 18:52:04 F79A3991927C7B1005E0DE627034002E 11837 ----a-w- C:\JRT\JRT.bat
    2013-08-12 18:52:04 E81B41BEDB4EFDE2BC2C6863E7ABE25A 78772 ----a-w- C:\JRT\misc.bat
    2013-08-12 18:52:04 E4B95882FB080670179EA3605395889B 29803 ----a-w- C:\JRT\iexplore.bat
    2013-08-12 18:52:04 C0C9EBB0F67894B294057F8DFD982FB7 224236 ----a-w- C:\JRT\firefox.bat
    2013-08-12 18:52:04 BC6829679AE4DF51BA5F2B6DF9C0BAFC 14243 ----a-w- C:\JRT\medfos.bat
    2013-08-12 18:52:04 892B8347BAF133646A19D3B90928AE86 15542 ----a-w- C:\JRT\chrome.bat
    2013-08-12 18:52:04 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\JRT\ev_clear.bat
    2013-08-12 18:52:04 6AFF3EA276AA312EFBB29BA0D5D2A85A 9763 ----a-w- C:\JRT\modules.bat
    2013-08-12 18:52:04 63FEB4EAF9E8C709C3B3470BC40E3EF8 37373 ----a-w- C:\JRT\ask.bat
    2013-08-12 18:52:04 620AD0970CC18D799A357D5B9C797F31 5379 ----a-w- C:\JRT\runvalues.bat
    2013-08-12 18:52:04 4C021963204579942B72781B032315A0 29023 ----a-w- C:\JRT\prelim.bat
    2013-08-12 18:52:04 357F4F46BA2ADE86E2084DE3EC219A18 13025 ----a-w- C:\JRT\searchlnk.bat
    2013-08-12 18:52:04 33A0F7BBDF15B84FB01A361D09F54DFE 1825 ----a-w- C:\JRT\delfolders.bat
    2013-08-12 18:52:04 31D9F977B48014E79CC35A98D324B16A 1256 ----a-w- C:\JRT\FWPolicy.bat
    2013-08-12 18:52:04 1EE55AF77826E0E6F89A0ED6278E2C35 1040 ----a-w- C:\JRT\TDL4.bat
    2013-08-12 18:52:04 04BA8405091707D31A526A4689E6F5A8 14028 ----a-w- C:\JRT\get.bat

    ==== Startup Registry Enabled ======================

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

    [HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21318\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
    "Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe /minimized /regrun"

    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast"="C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe /nogui"
    "FromDocToPDF Search Scope Monitor"="C:\ARQUIV~1\FROMDO~2\bar\1.bin\65srchmn.exe /m=2 /w /h"
    "FromDocToPDF_65 Browser Plugin Loader"="C:\ARQUIV~1\FROMDO~2\bar\1.bin\65brmon.exe"
    "SunJavaUpdateSched"="C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
    "Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe /minimized /regrun"

    ==== Startup Registry Disabled ======================

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKLM"
    "command"=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="AdobeARM"
    "hkey"="HKLM"
    "command"="\"C:\\Arquivos de programas\\Arquivos comuns\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Reader_sl"
    "hkey"="HKLM"
    "command"="\"C:\\Arquivos de programas\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ctfmon"
    "hkey"="HKCU"
    "command"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Arquivos de programas\\Messenger\\msmsgs.exe\" /background"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SiSPower]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Rundll32"
    "hkey"="HKLM"
    "command"="Rundll32.exe SiSPower.dll,ModeAgent"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SoundMan]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SOUNDMAN"
    "hkey"="HKLM"
    "command"="SOUNDMAN.EXE"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="jusched"
    "hkey"="HKLM"
    "command"="\"C:\\Arquivos de programas\\Arquivos comuns\\Java\\Java Update\\jusched.exe\""


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Utility Tray.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Iniciar\\Programas\\Inicializar\\Utility Tray.lnk"
    "backup"="C:\\WINDOWS\\pss\\Utility Tray.lnkCommon Startup"
    "command"="C:\\WINDOWS\\system32\\sistray.exe "
    "item"="Utility Tray"


    ==== Task Scheduler Jobs ======================

    C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12/06/2013 10:30]
    C:\WINDOWS\tasks\avast\Undetermined Task.exe []
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [15/03/2013 09:23]
    C:\WINDOWS\tasks\User_Feed_Synchronization-{BA54C96D-D82F-48B3-A037-004BA312AEB1}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08/03/2009 04:31]
    C:\WINDOWS\tasks\User_Feed_Synchronization-{C41DAF2E-77F9-4414-98F8-0F093CF3746F}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08/03/2009 04:31]

    ==== Firefox Extensions ======================

    ==== Firefox Plugins ======================

    Profilepath: C:\Documents and Settings\f003204\Dados de aplicativos\Mozilla\Firefox\Profiles\e7hokt0n.default
    101700E93EB905992B518256CB441829 - C:\Arquivos de programas\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update
    3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash
    8F24103AB984847AA2939F58F19CCC98 - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U21
    ADC539F67D3198679F480974EE203678 - C:\WINDOWS\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.210.11
    ECD88CDFC178E6A84DB1346EABF9F03F - C:\Arquivos de programas\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat
    ECD88CDFC178E6A84DB1346EABF9F03F - C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
    CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
    76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
    02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
    F9174E52953C2EDB35E4E634F6228F66 - C:\WINDOWS\system32\npptools.dll - Sistema operacional Microsoft® Windows®


    ==== Chrome Look ======================

    HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
    pgacfjdigcddmmncljpflgcfpfahebkh - C:\Documents and Settings\f003204\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\bb\sf.crx[31/07/2013 10:14]

    GBBD Banco do Brasil - f003204 - Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh

    ==== Set IE to Default ======================

    Old Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.com"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
    No DefaultScope Set For HKCU

    New Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.com"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
    "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
    {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

    ==== Deleting CLSID Registry Keys ======================

    HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21318\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a235e1e3-6296-4710-af39-104a7faa6c7c} deleted successfully
    HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21318\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a235e1e3-6296-4710-af39-104a7faa6c7c} deleted successfully
    HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21318\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{f236ca79-3123-4afb-9f74-e98117ad5625} deleted successfully
    HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21318\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{f236ca79-3123-4afb-9f74-e98117ad5625} deleted successfully
    HKEY_CLASSES_ROOT\CLSID\{a235e1e3-6296-4710-af39-104a7faa6c7c} deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a235e1e3-6296-4710-af39-104a7faa6c7c} deleted successfully
    HKEY_CLASSES_ROOT\CLSID\{f236ca79-3123-4afb-9f74-e98117ad5625} deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f236ca79-3123-4afb-9f74-e98117ad5625} deleted successfully

    ==== Deleting CLSID Registry Values ======================


    ==== Empty IE Cache ======================

    C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
    C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\f003204\Configurações locais\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
    C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

    ==== Empty FireFox Cache ======================

    C:\Documents and Settings\f000173\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\bqvwvvxl.default\Cache emptied successfully
    C:\Documents and Settings\f003204\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\e7hokt0n.default\Cache emptied successfully

    ==== Empty Chrome Cache ======================

    C:\Documents and Settings\f003204\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully

    ==== Empty All Flash Cache ======================

    Flash Cache Emptied Successfully

    ==== Empty All Java Cache ======================

    Java Cache cleared successfully

    ==== After Reboot ======================

    ==== Empty Temp Folders ======================

    C:\WINDOWS\Temp successfully emptied
    C:\DOCUME~1\f003204\CONFIG~1\Temp successfully emptied

    ==== Empty Recycle Bin ======================

    C:\RECYCLER successfully emptied

    ==== Deleting Files / Folders ======================

    "C:\Documents and Settings\f003204\Configurações locais\Temporary Internet Files\Content.IE5\index.dat" not deleted
    "C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat" not deleted

    ==== EOF on 12/08/2013 at 16:37:24,39 ======================




    Rapport de ZHPFix 2013.6.12.3 par Nicolas Coolman, Update du 12/06/2013
    Fichier d'export Registre : 
    Run by f003204 at 12/08/2013 16:40:26
    High Elevated Privileges : OK
    Windows XP Professional Service Pack 3 (Build 2600)

    Recycle Files Deleted

    ========== Registry Key ==========
    DELETED Key: Mozilla Plugin: @FromDocToPDF_65.com/Plugin
    NOT FOUND Key: CLSID BHO: {a235e1e3-6296-4710-af39-104a7faa6c7c}
    NOT FOUND Key: CLSID BHO: {f236ca79-3123-4afb-9f74-e98117ad5625}
    DELETED Key: Service: FromDocToPDF_65Service
    ctffixCTFMon already disabled

    ========== Registry Value ==========
    DELETED URLSearchHook: {4c60e5ab-5c68-4c59-abaa-885010b24b32}
    DELETED RunValue: FromDocToPDF Search Scope Monitor
    DELETED RunValue: FromDocToPDF_65 Browser Plugin Loader
    DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe
    DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe
    DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe
    DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe
    No Value in Firewall Exception Register Key (FirewallRaz)

    ========== Repertory ==========
    No Empty CLSID Directories
    DELETED Flash Cookies

    ========== File ==========
    NOT FOUND File: c:\arquivos de programas\fromdoctopdf_65\bar\1.bin\np65stub.dll
    NOT FOUND File: c:\arquiv~1\fromdo~2\bar\1.bin\65bar.dll
    NOT FOUND File: c:\arquivos de programas\fromdoctopdf_65\bar\1.bin\65srcas.dll
    NOT FOUND File: c:\arquiv~1\fromdo~2\bar\1.bin\65srchmn.exe
    NOT FOUND File: c:\arquiv~1\fromdo~2\bar\1.bin\65brmon.exe
    NOT FOUND File: c:\arquiv~1\fromdo~2\bar\1.bin\65barsvc.exe
    DELETED Window Temporary
    DELETED Flash Cookies

    ========== Restoration ==========
    Restore System Point created succefully


    ========== Summary ==========
    5 : Registry Key
    8 : Registry Value
    2 : Repertory
    8 : File
    1 : Restoration


    End of clean in 00mn 15s

    ========== Report File ==========
    C:\ZHP\ZHPFix[R1].txt - 12/08/2013 16:40:26 [1910]
    avatar
    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 37
    Localização : Natal/RN

    Re: Firefox travando, script aparecendo no firefox

    Mensagem por Edvan em Seg Ago 12, 2013 3:59 pm

    Veja a imagem: 

    Quando abro o Firefox, o processo vai lá pra cima e trava, veja:

    [Você precisa estar registrado e conectado para ver esta imagem.]
    avatar
    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 618
    Data de inscrição : 14/08/2012
    Idade : 64
    Localização : Rio de Janeiro

    Re: Firefox travando, script aparecendo no firefox

    Mensagem por joram em Seg Ago 12, 2013 4:06 pm

    Olá! Edvan

    |- Abra o Firefox.
    |- Na barra de endereços,digite: about:config

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Clique no botão que aparece com o texto “Serei cuidadoso, prometo!”.
    |- Na barra de busca,pesquise pelo seguinte termo: dom.ipc.plugins

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Altere o valor desta opção,que está em destaque,de “true” para “false”.
    |- Clique direito >> Inverter valor.
    |- Feche a página e reinicie o Firefox.

    |- Ps: Se estiver tudo Ok,pode rodar o DelFix.

    A+
    avatar
    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 37
    Localização : Natal/RN

    Re: Firefox travando, script aparecendo no firefox

    Mensagem por Edvan em Seg Ago 12, 2013 4:10 pm

    Resolvi amigo, desinstalei o FF e instalei novamente a versão nova, esta tudo ok agora.

    # DelFix v10.3 - Logfile created 12/08/2013 at 17:10:35
    # Updated 08/06/2013 by Xplode
    # Username : f003204 - FUN0044
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

    ~ Removing disinfection tools ...

    Deleted : C:\JRT
    Deleted : C:\ZHP
    Deleted : C:\Arquivos de programas\ZHPDiag
    Deleted : C:\AdwCleaner[S1].txt
    Deleted : C:\PhysicalDisk0_MBR.bin
    Deleted : C:\zoek-results.log
    Deleted : C:\Documents and Settings\f003204\Desktop\MBRCheck.lnk
    Deleted : C:\Documents and Settings\f003204\Desktop\ZHPDiag.lnk
    Deleted : C:\Documents and Settings\f003204\Desktop\ZHPDiag2.exe
    Deleted : C:\Documents and Settings\f003204\Desktop\ZHPFix.lnk
    Deleted : C:\Documents and Settings\f003204\Desktop\ZHPFixReport.txt
    Deleted : C:\Documents and Settings\f003204\Desktop\zoek-results.log
    Deleted : C:\Documents and Settings\f003204\Desktop\zoek.exe
    Deleted : C:\Documents and Settings\f003204\Meus documentos\Downloads\adwcleaner.exe
    Deleted : HKLM\SOFTWARE\AdwCleaner
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

    ~ Cleaning system restore ...

    Deleted : RP #152 [Ponto de verificação do sistema | 05/17/2013 12:00:26]
    Deleted : RP #153 [Ponto de verificação do sistema | 05/20/2013 15:19:07]
    Deleted : RP #154 [Ponto de verificação do sistema | 05/22/2013 16:43:59]
    Deleted : RP #155 [Instalado Java 7 Update 21 | 05/24/2013 11:16:19]
    Deleted : RP #156 [Ponto de verificação do sistema | 05/27/2013 16:49:51]
    Deleted : RP #157 [Ponto de verificação do sistema | 05/28/2013 17:18:23]
    Deleted : RP #158 [Removido Java 7 Update 17 | 05/31/2013 11:15:12]
    Deleted : RP #159 [Instalado Java 7 Update 21 | 05/31/2013 11:16:14]
    Deleted : RP #160 [Removido Java 7 Update 21 | 05/31/2013 11:22:50]
    Deleted : RP #161 [Instalado Java 7 Update 21 | 05/31/2013 11:31:13]
    Deleted : RP #162 [Removido Java 7 Update 21 | 05/31/2013 11:42:17]
    Deleted : RP #163 [Instalado Java 7 Update 21 | 05/31/2013 11:44:10]
    Deleted : RP #164 [Ponto de verificação do sistema | 06/03/2013 11:54:57]
    Deleted : RP #165 [Ponto de verificação do sistema | 06/04/2013 20:39:14]
    Deleted : RP #166 [Ponto de verificação do sistema | 06/06/2013 13:53:38]
    Deleted : RP #167 [Ponto de verificação do sistema | 06/07/2013 20:25:36]
    Deleted : RP #168 [Ponto de verificação do sistema | 06/10/2013 15:17:08]
    Deleted : RP #169 [Ponto de verificação do sistema | 06/11/2013 15:27:30]
    Deleted : RP #170 [Ponto de verificação do sistema | 06/12/2013 16:07:55]
    Deleted : RP #171 [Ponto de verificação do sistema | 06/14/2013 14:49:05]
    Deleted : RP #172 [Ponto de verificação do sistema | 06/17/2013 11:37:41]
    Deleted : RP #173 [Ponto de verificação do sistema | 06/18/2013 15:17:15]
    Deleted : RP #174 [Ponto de verificação do sistema | 06/19/2013 15:17:19]
    Deleted : RP #175 [Ponto de verificação do sistema | 06/20/2013 16:22:13]
    Deleted : RP #176 [Ponto de verificação do sistema | 06/25/2013 15:45:41]
    Deleted : RP #177 [Ponto de verificação do sistema | 06/26/2013 15:55:19]
    Deleted : RP #178 [Ponto de verificação do sistema | 06/27/2013 15:55:23]
    Deleted : RP #179 [Ponto de verificação do sistema | 07/01/2013 15:21:20]
    Deleted : RP #180 [Ponto de verificação do sistema | 07/03/2013 15:17:05]
    Deleted : RP #181 [Ponto de verificação do sistema | 07/04/2013 15:45:22]
    Deleted : RP #182 [Ponto de verificação do sistema | 07/09/2013 20:37:01]
    Deleted : RP #183 [Ponto de verificação do sistema | 07/15/2013 19:54:27]
    Deleted : RP #184 [Ponto de verificação do sistema | 07/17/2013 14:34:41]
    Deleted : RP #185 [Ponto de verificação do sistema | 07/18/2013 15:17:19]
    Deleted : RP #186 [Ponto de verificação do sistema | 07/19/2013 15:31:16]
    Deleted : RP #187 [Ponto de verificação do sistema | 07/22/2013 15:49:56]
    Deleted : RP #188 [Ponto de verificação do sistema | 07/23/2013 18:39:04]
    Deleted : RP #189 [Ponto de verificação do sistema | 07/25/2013 11:26:14]
    Deleted : RP #190 [Ponto de verificação do sistema | 07/26/2013 12:52:43]
    Deleted : RP #191 [Ponto de verificação do sistema | 07/29/2013 16:30:45]
    Deleted : RP #192 [Ponto de verificação do sistema | 07/30/2013 18:34:09]
    Deleted : RP #193 [Ponto de verificação do sistema | 07/31/2013 18:59:53]
    Deleted : RP #194 [Ponto de verificação do sistema | 08/01/2013 20:50:49]
    Deleted : RP #195 [Ponto de verificação do sistema | 08/02/2013 21:01:04]
    Deleted : RP #196 [Ponto de verificação do sistema | 08/05/2013 13:21:52]
    Deleted : RP #197 [Ponto de verificação do sistema | 08/06/2013 15:17:30]
    Deleted : RP #198 [Ponto de verificação do sistema | 08/08/2013 14:04:16]
    Deleted : RP #199 [Ponto de verificação do sistema | 08/09/2013 15:18:02]
    Deleted : RP #200 [Ponto de verificação do sistema | 08/12/2013 15:17:49]
    Deleted : RP #201 [zoek.exe restore point | 08/12/2013 19:25:33]
    Deleted : RP #202 [P | 08/12/2013 19:40:20]
    Deleted : RP #203 [Removido Java 7 Update 21 | 08/12/2013 19:47:13]
    Deleted : RP #204 [Instalado Java 7 Update 25 | 08/12/2013 19:48:12]

    New restore point created !

    ~ Resetting system settings ... OK

    ########## - EOF - ##########
    avatar
    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 618
    Data de inscrição : 14/08/2012
    Idade : 64
    Localização : Rio de Janeiro

    Re: Firefox travando, script aparecendo no firefox

    Mensagem por joram em Seg Ago 12, 2013 4:32 pm

    CASO RESOLVIDO!

    Necessitando novo auxílio para este computador,basta abrir "Novo Tópico" e relatar o problema.

    Conteúdo patrocinado

    Re: Firefox travando, script aparecendo no firefox

    Mensagem por Conteúdo patrocinado


      Data/hora atual: Sex Nov 17, 2017 9:41 pm