Fórum SecSecurity

Implementando Limpeza e Seguranca em seu computador!

Palavras chave

Últimos assuntos

» ResetBrowser ( ... de Nicolas Coolman )
Ter Maio 31, 2016 5:58 am por joram

» herdProtectScan ( ... by herdprotect.com )
Seg Mar 07, 2016 10:58 pm por joram

» Emsisoft Emergency Kit ( ... by Emsisoft.com )
Dom Fev 28, 2016 5:40 am por joram

» Dr.WEB Link Checker ( ... by Doctor Web.Ltd )
Qui Fev 11, 2016 9:51 am por joram

» Computador com erros no navegador
Sab Ago 29, 2015 8:04 pm por joram

» Justiça determina que PSafe retire alertas desleais
Qua Ago 19, 2015 6:58 am por joram

» Google vai fazer buscas offline internas no desktop do seu PC
Ter Ago 18, 2015 8:19 am por joram

» Baidu lança buscador no Brasil!
Seg Ago 17, 2015 12:25 pm por joram

» Kaspersky é acusada de inventar vírus!
Sex Ago 14, 2015 3:32 pm por joram

Dezembro 2016

SegTerQuaQuiSexSabDom
   1234
567891011
12131415161718
19202122232425
262728293031 

Calendário Calendário

Parceiros

Fórum grátis

Os membros mais marcados


    Muitos Adwares, log para analise.

    Compartilhe

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Muitos Adwares, log para analise.

    Mensagem por Edvan em Ter Set 10, 2013 4:32 pm

    Passei algumas ferramentas básicas para adiantar o procedimento:

    Log para analise [Você precisa estar registrado e conectado para ver este link.]


    # AdwCleaner v3.003 - Relatório criado 10/09/2013 no 16:56:07
    # Atualizado 07/09/2013 por Xplode
    # Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
    # Usuário : usuario - USUARIO-PC
    # Executando de : C:\Users\usuario\Downloads\adwcleaner.exe
    # Opção : Limpar

    ***** [ Serviços ] *****

    [#] Serviço Deletado : dealplylive
    [#] Serviço Deletado : dealplylivem
    [#] Serviço Deletado : WebCakeUpdater

    ***** [ Arquivos / Pastas ] *****

    Pasta Deletado : C:\ProgramData\Ask
    Pasta Deletado : C:\ProgramData\Babylon
    Pasta Deletado : C:\ProgramData\boost_interprocess
    [!] Pasta Deletado : C:\ProgramData\DealPlyLive
    Pasta Deletado : C:\ProgramData\eSafe
    Pasta Deletado : C:\ProgramData\Tarma Installer
    Pasta Deletado : C:\Program Files\Ask.com
    Pasta Deletado : C:\Program Files\DealPly
    [!] Pasta Deletado : C:\Program Files\DealPlyLive
    Pasta Deletado : C:\Program Files\Movdap
    Pasta Deletado : C:\Program Files\Tepfel
    Pasta Deletado : C:\Users\usuario\AppData\Local\DealPlyLive
    Pasta Deletado : C:\Users\usuario\AppData\Local\lollipop
    Pasta Deletado : C:\Users\usuario\AppData\LocalLow\AskToolbar
    Pasta Deletado : C:\Users\usuario\AppData\Roaming\Babylon
    Pasta Deletado : C:\Users\usuario\AppData\Roaming\DealPly
    Pasta Deletado : C:\Users\usuario\AppData\Roaming\eIntaller
    Pasta Deletado : C:\Users\usuario\AppData\Roaming\Movdap
    Pasta Deletado : C:\Users\usuario\AppData\Roaming\Tepfel
    Pasta Deletado : C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
    Pasta Deletado : C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\zpgdud1p.default\Extensions\plugin@getwebcake.com
    Pasta Deletado : C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\zpgdud1p.default\Extensions\toolbar@ask.com
    Pasta Deletado : C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
    Pasta Deletado : C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla
    Arquivo Deletado : C:\Windows\system32\roboot.exe
    Arquivo Deletado : C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\zpgdud1p.default\searchplugins\Askcom.xml
    Arquivo Deletado : C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\zpgdud1p.default\searchplugins\ask-search.xml
    Arquivo Deletado : C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\zpgdud1p.default\user.js
    Arquivo Deletado : C:\Windows\Tasks\Dealply.job
    Arquivo Deletado : C:\Windows\System32\Tasks\Dealply
    Arquivo Deletado : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
    Arquivo Deletado : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
    Arquivo Deletado : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
    Arquivo Deletado : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
    Arquivo Deletado : C:\Windows\System32\Tasks\LyricXeeker Update
    Arquivo Deletado : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

    ***** [ Atalhos ] *****

    Atalho Desinfectada : C:\Users\Public\Desktop\Mozilla Firefox.lnk
    Atalho Desinfectada : C:\Users\usuario\Desktop\backup luciNa\LUCYANNA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    Atalho Desinfectada : C:\Users\usuario\Desktop\backup luciNa\LUCYANNA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    Atalho Desinfectada : C:\Users\usuario\Desktop\backup luciNa\LUCYANNA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    Atalho Desinfectada : C:\Users\usuario\Desktop\backup luciNa\LUCYANNA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    Atalho Desinfectada : C:\Users\usuario\Desktop\backup luciNa\LUCYANNA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
    Atalho Desinfectada : C:\Users\usuario\Desktop\backup luciNa\LUCYANNA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
    Atalho Desinfectada : C:\Users\usuario\Desktop\backup luciNa\LUCYANNA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
    Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    Atalho Desinfectada : C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    Atalho Desinfectada : C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    Atalho Desinfectada : C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    Atalho Desinfectada : C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
    Atalho Desinfectada : C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

    ***** [ Registro ] *****

    Chave Deleteda : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
    Chave Deleteda : HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
    [#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply
    [#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FB66763-9060-4CDE-886F-3FD13163EB16}
    [#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FB66763-9060-4CDE-886F-3FD13163EB16}
    [#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyLiveUpdateTaskMachineCore
    [#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E6BFD5B-D93A-4876-98B6-C9B22F6AB855}
    [#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3E6BFD5B-D93A-4876-98B6-C9B22F6AB855}
    [#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyLiveUpdateTaskMachineUA
    [#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC31741E-B4B3-4289-853B-13EC2A1FFC34}
    [#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC31741E-B4B3-4289-853B-13EC2A1FFC34}
    [#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LyricXeeker Update
    [#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3A136EB-2599-468F-9F3F-1070B3EF2980}
    [#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F3A136EB-2599-468F-9F3F-1070B3EF2980}
    [#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
    [#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35FBD3C0-41F8-40CD-9887-172FC71480F7}
    [#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35FBD3C0-41F8-40CD-9887-172FC71480F7}
    Valor Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WebCake Desktop]
    Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\dealplylive.exe
    Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL
    Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickCtrl.9
    Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine
    Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine.1.0
    Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLive.Update3WebControl.3
    Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync
    Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync.1.0
    Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.coreclass
    Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass.1
    Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass
    Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass.1
    Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine
    Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine.1.0
    Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachine
    Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0
    Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback
    Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback.1.0
    Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc
    Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclasssvc.1.0
    Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher
    Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher.1.0
    Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService
    Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService.1.0
    Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine
    Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine.1.0
    Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback
    Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback.1.0
    Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc
    Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc.1.0
    Chave Deleteda : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Chave Deleteda : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Chave Deleteda : HKLM\SOFTWARE\Classes\Prod.cap
    Chave Deleteda : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api
    Chave Deleteda : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api.1
    Chave Deleteda : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers
    Chave Deleteda : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers.1
    Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
    Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
    Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
    Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
    Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
    Valor Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
    Chave Deleteda : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3
    Chave Deleteda : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9
    Chave Deleteda : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
    Chave Deleteda : HKLM\SOFTWARE\5f08c8ab03bea12
    Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
    Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
    Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
    Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}
    Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
    Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
    Chave Deleteda : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Chave Deleteda : HKLM\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}
    Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
    Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
    Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
    Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
    Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
    Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
    Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
    Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
    Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
    Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
    Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
    Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
    Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
    Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
    Chave Deleteda : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Chave Deleteda : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
    Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Valor Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
    Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
    Chave Deleteda : HKCU\Software\Ask.com
    Chave Deleteda : HKCU\Software\BabSolution
    Chave Deleteda : HKCU\Software\BI
    Chave Deleteda : HKCU\Software\DataMngr
    [#] Chave Deleteda : HKCU\Software\DataMngr_Toolbar
    Chave Deleteda : HKCU\Software\DealPly
    Chave Deleteda : HKCU\Software\dealplylive
    Chave Deleteda : HKCU\Software\InstallCore
    Chave Deleteda : HKCU\Software\lollipop
    Chave Deleteda : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Chave Deleteda : HKCU\Software\AppDataLow\Software\AskToolbar
    Chave Deleteda : HKCU\Software\AppDataLow\Software\Crossrider
    Chave Deleteda : HKCU\Software\AppDataLow\Software\lyrixeeker
    Chave Deleteda : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Chave Deleteda : HKLM\Software\AskToolbar
    Chave Deleteda : HKLM\Software\DataMngr
    Chave Deleteda : HKLM\Software\DealPly
    Chave Deleteda : HKLM\Software\dealplylive
    Chave Deleteda : HKLM\Software\portaldositesSoftware
    Chave Deleteda : HKLM\Software\Tarma Installer
    Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
    Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
    Produto Deletado : Ask Toolbar

    ***** [ Navegadores ] *****

    -\\ Internet Explorer v10.0.9200.16660

    Configurações Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
    Configurações Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
    Configurações Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
    Configurações Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Mozilla Firefox v22.0 (pt-BR)

    [ Arquivo : C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\zpgdud1p.default\prefs.js ]

    Linha deletada : user_pref("extensions.crossrider.bic", "14025a6618390a1dd592e6da686df25e");
    Linha deletada : user_pref("extensions.enabledAddons", "toolbar_ATU4-V7%40apn.ask.com:20.52309,%7B97A78363-B868-4B48-AC91-A783A31215AF%7D:2.0.1,plugin%40getwebcake.com:1.00.01,lyrix%40lyrixeeker.co:1.128,%7B972ce4c6-7[...]
    Linha deletada : user_pref("extensions.kango.storage.m2_k1", "0");
    Linha deletada : user_pref("extensions.kango.storage.m2_k2", "10");
    Linha deletada : user_pref("extensions.kango.storage.m2_k3", "1377396981593");
    Linha deletada : user_pref("extensions.kango.storage.m2_k4", "0");
    Linha deletada : user_pref("extensions.kango.storage.m2_k5", "1377907320393");
    Linha deletada : user_pref("extensions.kango.storage.minibar.config", "{\"name\":\"AppsHat\",\"description\":\"AppsHat\",\"button\":{\"tooltip\":\"Visit AppsHat.com\",\"icon\":\"hxxp://www.bigspeedpro.com/button/%affi[...]
    Linha deletada : user_pref("extensions.kango.storage.nero_options", "\"{\\\"m1\\\":{\\\"ads\\\":{\\\"n1\\\":{\\\"url\\\":\\\"//ulayout.com/nero/hatter/google_post_results_728x90.html?aff_slug=appshat\\\",\\\"width\\\"[...]
    Linha deletada : user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAADlElEQVQ4jb3S3U9adxwG8F/BuooQAQscXj0cOIC8nANUPYjoHDClvqAoZ04gpqsZKmrUV[...]
    Linha deletada : user_pref("extentions.webcake.defaultEnableAppsList", "layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc");
    Linha deletada : user_pref("extentions.webcake.installId", "fba4f323-3b38-4222-9c9e-2d30536ba0d8");

    -\\ Google Chrome v

    [ Arquivo : C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleteda : homepage
    Deleteda : icon_url
    Deleteda : search_url
    Deleteda : keyword
    Deleteda : urls_to_restore_on_startup

    *************************

    AdwCleaner[R0].txt - [24205 octets] - [10/09/2013 16:35:22]
    AdwCleaner[S0].txt - [21118 octets] - [10/09/2013 16:56:07]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [21179 octets] ##########




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 5.5.9 (09.07.2013:1)
    OS: Windows 7 Professional x86
    Ran by usuario on 10/09/2013 at 17:10:07,65
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{17E58097-6CA5-448B-830F-2A19678248FB}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3793992859-2972383918-4261860535-1000\Software\SweetIM
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\WebCakeUpdater
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealplylive
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4CCAF978-2EDE-4FA1-9E6D-40571912FDB4}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\apn"



    ~~~ FireFox

    Successfully deleted: [Folder] C:\Users\usuario\AppData\Roaming\mozilla\firefox\profiles\zpgdud1p.default\extensions\staged
    Successfully deleted the following from C:\Users\usuario\AppData\Roaming\mozilla\firefox\profiles\zpgdud1p.default\prefs.js

    user_pref("browser.startup.homepage", "hxxp://www.search.ask.com/?p2=%5EB1V%5Epfm060%5EYY%5EBR&gct=hp&o=APN10946&apn_ptnrs=%5EB1V&apn_dtid=%5Epfm060%5EYY%5EBR&tpid=ATU4-V7&apn
    Emptied folder: C:\Users\usuario\AppData\Roaming\mozilla\firefox\profiles\zpgdud1p.default\minidumps [8 files]



    ~~~ Chrome

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 10/09/2013 at 17:16:24,82
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Muitos Adwares, log para analise.

    Mensagem por joram em Ter Set 10, 2013 4:52 pm

    Boa Tarde! Edvan

    |- Execute este script na ferramenta ZHPFix.

    script zhpfix
    [MD5.2F5252E50745E47DB355B005725DAE05] [SPRF][13/08/2013] (.Somoto Ltd. - AppsHat Mobile Apps.) -- C:\Users\usuario\AppData\Local\Temp\appshat-distribution.exe   [327880]  =>Adware.MegaSearch
    [MD5.CBED1C0E05E21DD1B6FD1995F7E50D34] [SPRF][13/08/2013] (.Babylon Ltd. - Babylon Client Setup.) -- C:\Users\usuario\AppData\Local\Temp\BabylonTB.exe   [797608]  =>Toolbar.Babylon
    [MD5.0B62417DA5719B3EA1D343DA3431C97F] [SPRF][08/09/2013] (.No owner - Powered by BetterInstaller.) -- C:\Users\usuario\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe   [167544]  =>Adware.MegaSearch
    [MD5.0B62417DA5719B3EA1D343DA3431C97F] [SPRF][31/08/2013] (.No owner - Powered by BetterInstaller.) -- C:\Users\usuario\AppData\Local\Temp\run.exe   [167544]  =>Adware.MegaSearch
    [MD5.D34B8D330F4884A603D56D7120E25030] [SPRF][13/08/2013] (.Web Cake LLC - Installer.) -- C:\Users\usuario\AppData\Local\Temp\Setup-D2502DD2B71B5.exe   [272616]  =>Adware.WebCake
    [MD5.681A102F479ED965D006B5E825884A66] [SPRF][31/07/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\usuario\AppData\Local\Temp\uninst1.exe   [339536]  =>Toolbar.Babylon
    [MD5.83087F025194693DFF3A0F22E6A4AE96] [SPRF][13/08/2013] (.Somoto Ltd. - FilesFrog Update Checker.) -- C:\Users\usuario\AppData\Local\Temp\UpdateCheckerSetup.exe   [196376]  =>Adware.MegaSearch
    [MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [SPRF][29/06/2013] (.No owner - Setup/Uninstall.) -- C:\Users\usuario\AppData\Roaming\unins000.exe   [720082]
    G1 - GCS: Preference [User Data\Default]
    [Você precisa estar registrado e conectado para ver este link.]  =>Toolbar.Babylon
    G2 - GCE: Preference [User Data\Default] [nchpfiddbhbdnagofhkjlaiaejmkdcla] Helper extension v.2.0 (Activé)
    SS - | Auto 18/04/2003 8192 |  (KMService) . (...) - C:\Windows\system32\srvany.exe  =>Hijacker.Office 
    O4 - HKCU\..\Run: [lollipop_08052349] Chave orfã  =>Adware.Lollipop
    O4 - HKUS\S-1-5-21-3793992859-2972383918-4261860535-1000\..\Run: [lollipop_08052349] Chave orfã  =>Adware.Lollipop
    O23 - Service: KMService (KMService) . (...) - C:\Windows\system32\srvany.exe  =>Hijacker.Office
    O45 - LFCP:[MD5.16BFFD800D2F2BD722A882D32E06ACDA] - 08/09/2013 - 12:06:18 ---A- - C:\Windows\Prefetch\WEBPLAYER.EXE-A768C072.pf  =>Adware.SocialSkinz
    O45 - LFCP:[MD5.D58158E5FDAAF25AF071923CEF7D39A3] - 08/09/2013 - 12:17:07 ---A- - C:\Windows\Prefetch\BROWSERDEFENDER.EXE-62524200.pf  =>Hijacker.Eazel
    O45 - LFCP:[MD5.E09DE5240A08799DC53EDE6E0092C73A] - 10/09/2013 - 16:23:09 ---A- - C:\Windows\Prefetch\DEALPLYLIVEHANDLER.EXE-53F10C90.pf  =>PUP.DealPly
    O45 - LFCP:[MD5.ABF5D5F99638BFB4162E779639A57F53] - 10/09/2013 - 16:31:45 ---A- - C:\Windows\Prefetch\DEALPLYLIVE.EXE-7BB1D07F.pf  =>PUP.DealPly
    O45 - LFCP:[MD5.7D88D2C5649EC9F2F283D252E6435A42] - 15/08/2013 - 07:42:39 ---A- - C:\Windows\Prefetch\LOLLIPOP_08052349.EXE-3FE03067.pf  =>Adware.Lollipop
    O45 - LFCP:[MD5.6DB404037FDF5B53898B7ACC910DA067] - 15/08/2013 - 07:42:46 ---A- - C:\Windows\Prefetch\WEBCAKEDESKTOP.EXE-D11A68F1.pf  =>Adware.WebCake
    O45 - LFCP:[MD5.61630CEAFF7F68B59423F60EE2DB3CE2] - 21/08/2013 - 19:04:27 ---A- - C:\Windows\Prefetch\BABMAINT.EXE-1A96D264.pf  =>Hijacker.BabSolution
    O45 - LFCP:[MD5.3E1DCE805F3B4ECD9852CCD1E6765F01] - 23/08/2013 - 12:50:02 ---A- - C:\Windows\Prefetch\LOLLIPOP_08231549.EXE-A0758BD4.pf  =>Adware.Lollipop
    O45 - LFCP:[MD5.4F5A2EA1025BFB1D68A290C077AEF999] - 08/09/2013 - 12:05:59 ---A- - C:\Windows\Prefetch\TBNOTIFIER.EXE-C54E61E5.pf   
    O45 - LFCP:[MD5.CEC158D193D56BF15C13380A369FE265] - 17/08/2013 - 20:23:24 ---A- - C:\Windows\Prefetch\APNMCP.EXE-3B6C9BED.pf
    O45 - LFCP:[MD5.3173819A0D896809DA3C71BC9EC76D7E] - 16/08/2013 - 13:10:05 ---A- - C:\Windows\Prefetch\LYRIXTMP.EXE-D723D80E.pf
    O45 - LFCP:[MD5.1FA023BECA5D05AA357220F09EDB8264] - 17/08/2013 - 20:22:14 ---A- - C:\Windows\Prefetch\UPDATEMANAGER.EXE-7B0A8410.pf
    O45 - LFCP:[MD5.3C1B998EFDDDF1159C24B9446F6CDD66] - 21/08/2013 - 18:56:33 ---A- - C:\Windows\Prefetch\29.0.1547.57_28.0.1500.95_CHR-6120978B.pf
    O45 - LFCP:[MD5.57771E1E6743DF1E686FFA755BA05E2D] - 23/08/2013 - 07:07:58 ---A- - C:\Windows\Prefetch\UPDATE~1.EXE-303EA83C.pf
    O61 - LFC: 08/09/2013 - 12:17:04 --HA- . (...) -- C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Local State~RFd4e00.TMP   [0]
    [MD5.1D6F833E15B6B6249FB978C50E474260] [SPRF][24/08/2013] (...) -- C:\Users\usuario\AppData\Local\Temp\1DECCBBD-E840-4C99-A7C5-7A42C307D37F.dat   [48025]
    [MD5.B3FDF6E7B0AECD48CA7E4921773FB606] [SPRF][13/08/2013] (...) -- C:\Users\usuario\AppData\Local\Temp\7z920.exe   [1110476]
    [MD5.F2F3EBD5C487C0EF64E0D5B4DA49D37E] [SPRF][16/08/2013] (.No owner - LyricXeeker.) -- C:\Users\usuario\AppData\Local\Temp\LyriXtmp.exe   [606037]
    [MD5.3BF79E6868B44D3ADB2796BA99521891] [SPRF][07/09/2013] (...) -- C:\Users\usuario\AppData\Local\Temp\Quarantine.exe   [344583]
    O87 - FAEL: "{D70EE7AA-121E-4D16-9CA8-EEB8D9FC70E3}" |In - Public - P6 - TRUE | .(...) -- C:\ProgramData\eSafe\eGdpSvc.exe (.not file.)
      
    [HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}]   =>Toolbar.AskTBar
    [HKLM\SYSTEM\CurrentControlSet\Services\KMService]   =>Hijacker.Office^
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:lollipop_08052349   =>Adware.Lollipop^
    [HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC}   =>Adware.ShopperReports
    C:\Windows\system32\srvany.exe   =>Hijacker.Office^
    C:\Windows\Prefetch\WEBPLAYER.EXE-A768C072.pf   =>Adware.SocialSkinz^
    C:\Windows\Prefetch\BROWSERDEFENDER.EXE-62524200.pf   =>Hijacker.Eazel^
    C:\Windows\Prefetch\DEALPLYLIVEHANDLER.EXE-53F10C90.pf   =>PUP.DealPly^
    C:\Windows\Prefetch\DEALPLYLIVE.EXE-7BB1D07F.pf   =>PUP.DealPly^
    C:\Windows\Prefetch\LOLLIPOP_08052349.EXE-3FE03067.pf   =>Adware.Lollipop^
    C:\Windows\Prefetch\WEBCAKEDESKTOP.EXE-D11A68F1.pf   =>Adware.WebCake^
    C:\Windows\Prefetch\BABMAINT.EXE-1A96D264.pf   =>Hijacker.BabSolution^
    C:\Windows\Prefetch\LOLLIPOP_08231549.EXE-A0758BD4.pf   =>Adware.Lollipop^
    C:\Users\usuario\AppData\Local\Temp\appshat-distribution.exe   =>Adware.MegaSearch^
    C:\Users\usuario\AppData\Local\Temp\BabylonTB.exe   =>Toolbar.Babylon^
    C:\Users\usuario\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe   =>Adware.MegaSearch^
    C:\Users\usuario\AppData\Local\Temp\run.exe   =>Adware.MegaSearch^
    C:\Users\usuario\AppData\Local\Temp\Setup-D2502DD2B71B5.exe   =>Adware.WebCake^
    C:\Users\usuario\AppData\Local\Temp\uninst1.exe   =>Toolbar.Babylon^
    C:\Users\usuario\AppData\Local\Temp\UpdateCheckerSetup.exe   =>Adware.MegaSearch^

    emptytemp
    emptyflash
    emptyclsid
    firewallraz


    |- Poste o relatório!

    A+

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Muitos Adwares, log para analise.

    Mensagem por Edvan em Ter Set 10, 2013 5:00 pm

    Amanhã dou continuidade amigo.

    Rapport de ZHPFix 2013.9.9.4 par Nicolas Coolman, Update du 09/09/2013
    Fichier d'export Registre : 
    Run by usuario at 10/09/2013 18:00:05
    High Elevated Privileges : OK
    Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)

    Reciclagem vazia

    ========== Processo memória ==========
    ELIMINÉ Memory Process: C:\Users\usuario\AppData\Local\Temp\appshat-distribution.exe
    ELIMINÉ Memory Process: C:\Users\usuario\AppData\Local\Temp\BabylonTB.exe
    ELIMINÉ Memory Process: C:\Users\usuario\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
    ELIMINÉ Memory Process: C:\Users\usuario\AppData\Local\Temp\run.exe
    ELIMINÉ Memory Process: C:\Users\usuario\AppData\Local\Temp\Setup-D2502DD2B71B5.exe
    ELIMINÉ Memory Process: C:\Users\usuario\AppData\Local\Temp\uninst1.exe
    ELIMINÉ Memory Process: C:\Users\usuario\AppData\Local\Temp\UpdateCheckerSetup.exe
    ELIMINÉ Memory Process: C:\Users\usuario\AppData\Roaming\unins000.exe
    ELIMINÉ Memory Process: C:\Users\usuario\AppData\Local\Temp\7z920.exe
    ELIMINÉ Memory Process: C:\Users\usuario\AppData\Local\Temp\LyriXtmp.exe
    ELIMINÉ Memory Process: C:\Users\usuario\AppData\Local\Temp\Quarantine.exe

    ========== Chaves do Registo ==========
    ELIMINÉ: Service: KMService
    ELIMINÉ: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

    ========== Valores do Registo ==========
    ELIMINÉ RunValue: lollipop_08052349
    ELIMINÉ {D70EE7AA-121E-4D16-9CA8-EEB8D9FC70E3}
    ELIMINÉ [HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC}
    Ausente Valor Perfil Padrão: FirewallRaz : 
    Ausente Valor Perfil Domínio FirewallRaz : 

    ========== Preferências do navegador ==========
    AGORA Chrome File: C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences
    ELIMINÉ Chrome Site: [Você precisa estar registrado e conectado para ver este link.]
    ELIMINÉ Folder Chrome: C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla

    ========== Pastas ==========
    Nenhuma pasta CLSID local utilizador vazia

    ========== Ficheiros ==========
    ELIMINÉ File: c:\users\usuario\appdata\local\temp\appshat-distribution.exe
    ELIMINÉ *: c:\users\usuario\appdata\local\temp\babylontb.exe
    ELIMINÉ File: c:\users\usuario\appdata\local\temp\flvplayerupdate_downloader_by_flvplayerupdate.exe
    ELIMINÉ *: c:\users\usuario\appdata\local\temp\run.exe
    ELIMINÉ *: c:\users\usuario\appdata\local\temp\setup-d2502dd2b71b5.exe
    ELIMINÉ *: c:\users\usuario\appdata\local\temp\uninst1.exe
    ELIMINÉ File: c:\users\usuario\appdata\local\temp\updatecheckersetup.exe
    ELIMINÉ *: c:\users\usuario\appdata\roaming\unins000.exe
    ELIMINÉ File: c:\users\usuario\appdata\local\google\chrome\user data\default\preferences 
    ELIMINÉ File: c:\windows\system32\srvany.exe 
    ELIMINÉ File: c:\windows\prefetch\webplayer.exe-a768c072.pf 
    ELIMINÉ File: c:\windows\prefetch\browserdefender.exe-62524200.pf 
    ELIMINÉ File: c:\windows\prefetch\dealplylivehandler.exe-53f10c90.pf 
    ELIMINÉ File: c:\windows\prefetch\dealplylive.exe-7bb1d07f.pf 
    ELIMINÉ File: c:\windows\prefetch\lollipop_08052349.exe-3fe03067.pf 
    ELIMINÉ File: c:\windows\prefetch\webcakedesktop.exe-d11a68f1.pf 
    ELIMINÉ File: c:\windows\prefetch\babmaint.exe-1a96d264.pf 
    ELIMINÉ File: c:\windows\prefetch\lollipop_08231549.exe-a0758bd4.pf 
    ELIMINÉ File: c:\windows\prefetch\tbnotifier.exe-c54e61e5.pf 
    ELIMINÉ File: c:\windows\prefetch\apnmcp.exe-3b6c9bed.pf 
    ELIMINÉ File: c:\windows\prefetch\lyrixtmp.exe-d723d80e.pf 
    ELIMINÉ File: c:\windows\prefetch\updatemanager.exe-7b0a8410.pf 
    ELIMINÉ File: c:\windows\prefetch\29.0.1547.57_28.0.1500.95_chr-6120978b.pf 
    ELIMINÉ File: c:\windows\prefetch\update~1.exe-303ea83c.pf 
    ELIMINÉ File: c:\users\usuario\appdata\local\google\chrome\user data\local state~rfd4e00.tmp 
    ELIMINÉ File: C:\Users\usuario\AppData\Local\Temp\1DECCBBD-E840-4C99-A7C5-7A42C307D37F.dat
    ELIMINÉ *: c:\users\usuario\appdata\local\temp\1deccbbd-e840-4c99-a7c5-7a42c307d37f.dat
    ELIMINÉ File: c:\users\usuario\appdata\local\temp\7z920.exe
    ELIMINÉ File: c:\users\usuario\appdata\local\temp\lyrixtmp.exe
    ELIMINÉ File: c:\users\usuario\appdata\local\temp\quarantine.exe
    ELIMINÉ Temporários windows
    ELIMINÉ Flash Cookies


    ========== Recapitulativo ==========
    11 : Processo memória
    2 : Chaves do Registo
    5 : Valores do Registo
    1 : Pastas
    32 : Ficheiros
    3 : Preferências do navegador


    End of clean in 00mn 30s

    ========== Caminho do ficheiro do relatório ==========
    C:\ZHP\ZHPFix[R1].txt - 10/09/2013 18:00:11 [4480]

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Muitos Adwares, log para analise.

    Mensagem por joram em Ter Set 10, 2013 5:19 pm

    Boa Noite! Edvan

    |- Baixe: < [Você precisa estar registrado e conectado para ver este link.] > ( ... by Smeenk )
    |- Ou aqui! < [Você precisa estar registrado e conectado para ver esta imagem.][Você precisa estar registrado e conectado para ver este link.] >
    |- Salve-o no desktop!
    |- Desabilite seu antivírus!
    |- Para Windows 7,execute zoek.exe como administrador.

    hijackthis;
    iedefaults;
    ffdefaults;
    chrdefaults;
    autoclean;
    emptyalltemp;


    |- Copie e cole estas informações,em vermelho,no campo da ferramenta.
    |- Clique "Run Script".
    Zoek.exe is running now.
    Do not start any browser windows, they will be closed automatically.
    Please wait! This window will close when finished.
    A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
    |- Surgirão estas informações,pedindo-lhe que aguarde o relatório.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Aceite e/ou confirme o reboot!

    zoek.hta failed by unknown error.
    Restart computer, and try again.
    |- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
    |- Poste o relatório,que estará em C:\zoek-results.txt <<

    A+

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Muitos Adwares, log para analise.

    Mensagem por Edvan em Qua Set 11, 2013 7:34 am

    Zoek.exe Version 4.0.0.4 Updated 11-September-2013
    Tool run by usuario on 11/09/2013 at  8:04:33,81.
    Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x86
    Running in: Normal Mode Internet Access Detected
    Launched: C:\Users\usuario\Desktop\zoek\zoek.exe [Script inserted] 

    ==== System Restore Info ======================

    11/09/2013 08:06:50 Zoek.exe System Restore Point Created Succesfully.

    ==== Deleting CLSID Registry Keys ======================


    ==== Deleting CLSID Registry Values ======================


    ==== Deleting Services ======================


    ==== FireFox Fix ======================

    Deleted from C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\zpgdud1p.default\prefs.js:
    user_pref("browser.search.selectedEngine", "Ask Search");
    user_pref("browser.search.order.1", "Ask Search");

    Added to C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\zpgdud1p.default\prefs.js:
    user_pref("browser.startup.homepage", "http://www.google.com");
    user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
    user_pref("browser.newtab.url", "http://www.google.com/");
    user_pref("browser.search.defaultengine", "Google");
    user_pref("browser.search.defaultenginename", "Google");
    user_pref("browser.search.selectedEngine", "Google");
    user_pref("browser.search.order.1", "Google");
    user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
    user_pref("browser.search.suggest.enabled", true);
    user_pref("browser.search.useDBForOrder", true);

    ProfilePath: C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\zpgdud1p.default

    user.js not found
    ---- Lines ask.com removed from prefs.js ----


    ---- Lines ask.com modified from prefs.js ----

    user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\N360_20.3.1.22\\\\coFFPlgn\",\"mtime\":1377368508459,\"rdfTime\":1377368508459},\"{BBDA0591-3099-440a-AA10-41764D9DB4DB}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\N360_20.3.1.22\\\\IPSFFPlgn\",\"mtime\":1373930610274,\"rdfTime\":1373930610118}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1372805414743,\"rdfTime\":1372805414253}}},{\"name\":\"winreg-app-user\",\"addons\":{\"{87F8774F-B485-47E2-A755-A40A8A5E886C}\":{\"descriptor\":\"C:\\\\Users\\\\usuario\\\\AppData\\\\Local\\\\GAS Tecnologia\\\\GBBD\\\\bb\\\\sf.xpi\",\"mtime\":1374074310963},\"lyrix@lyrixeeker.co\":{\"descriptor\":\"C:\\\\Program Files\\\\LyriXeeker\\\\128.xpi\",\"mtime\":1376669479024}}},{\"name\":\"app-profile\",\"addons\":{\"plugin@getwebcake.com\":{\"descriptor\":\"C:\\\\Users\\\\usuario\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\zpgdud1p.default\\\\extensions\\\\plugin@getwebcake.com\",\"mtime\":1376443473680,\"rdfTime\":1376083520000},\"toolbar@ask.com\":{\"descriptor\":\"C:\\\\Users\\\\usuario\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\zpgdud1p.default\\\\extensions\\\\toolbar@ask.com\",\"mtime\":1377368314749,\"rdfTime\":1368229532816},\"toolbar_ATU4-V7@apn.ask.com\":{\"descriptor\":\"C:\\\\Users\\\\usuario\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\zpgdud1p.default\\\\extensions\\\\toolbar_ATU4-V7@apn.ask.com.xpi\",\"mtime\":1375021057346},\"{97A78363-B868-4B48-AC91-A783A31215AF}\":{\"descriptor\":\"C:\\\\Users\\\\usuario\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\zpgdud1p.default\\\\extensions\\\\{97A78363-B868-4B48-AC91-A783A31215AF}\",\"mtime\":1376443589909,\"rdfTime\":1376443588421}}}]");

    ---- Lines browser.startup.page removed from prefs.js ----

    user_pref("browser.startup.page", 3);

    ---- Lines browser.startup.page modified from prefs.js ----


    ---- FireFox user.js and prefs.js backups ---- 

    prefs_092013_0813_.backup

    ==== Deleting Files \ Folders ======================

    "C:\Users\usuario\AppData\Roaming\windows.vbs" deleted
    "C:\ProgramData\pckt.tmp" deleted
    "C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\WebNavigation.crx" deleted
    "C:\Users\usuario\Downloads\iLividSetup-r585-n-bc.exe" deleted
    "C:\Users\usuario\Desktop\backup luciNa\LUCYANNA\AppData\Local\Temp\oi_{D62D2B8B-FAFB-4DC4-88B3-FB2E916693E0}.exe" deleted
    "C:\Windows\System32\searchplugins" deleted
    "C:\Windows\System32\Extensions" deleted

    ==== Firefox Extensions ======================

    ProfilePath: C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\zpgdud1p.default
    - LyricXeeker - %ProfilePath%\extensions\128

    ==== Firefox Plugins ======================

    Profilepath: C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\zpgdud1p.default
    0C8597DBC74AAF5179471BA013E3C6B4 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash
    101700E93EB905992B518256CB441829 - C:\Users\usuario\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update
    ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U25
    D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17
    DF75FC32D3EB681B6FE7C092D6FC4695 - C:\Users\usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
    4687B6F8CF5F62DDCF21916114142FF7 - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll - Adobe Acrobat
    15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System


    ==== Chrome Look ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
    lkemddiljapcmhicklfpcbpfffahfbja - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\extensions\WebNavigation.crx[]

    Web Navigation - usuario - Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja

    ==== Chrome Fix ======================

    C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja deleted successfully

    ==== Set IE to Default ======================

    Old Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.com"
    "Default_Page_URL"="http://www.google.com"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.google.com"
    "Start Page"="http://www.google.com"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
    No DefaultScope Set For HKCU

    New Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
    "Start Page"="http://www.google.com"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
    "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
    "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
    {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

    ==== Reset Google Chrome ======================

    C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
    C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

    ==== Deleting Registry Keys ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lkemddiljapcmhicklfpcbpfffahfbja deleted successfully

    ==== HijackThis Entries ======================

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Você precisa estar registrado e conectado para ver este link.]
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Você precisa estar registrado e conectado para ver este link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Você precisa estar registrado e conectado para ver este link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Google Update] "C:\Users\usuario\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
    O8 - Extra context menu item: &Enviar para o OneNote - [Você precisa estar registrado e conectado para ver este link.]
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Você precisa estar registrado e conectado para ver este link.]
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
    O15 - Trusted Zone: www14.bancobrasil.com.br
    O15 - Trusted Zone: www2.bancobrasil.com.br
    O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @%SystemRoot%\system32\stlang.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe

    ==== Empty IE Cache ======================

    C:\Users\usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    ==== Empty FireFox Cache ======================

    C:\Users\usuario\AppData\Local\Mozilla\Firefox\Profiles\zpgdud1p.default\Cache emptied successfully

    ==== Empty Chrome Cache ======================

    C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

    ==== Empty All Flash Cache ======================

    Flash Cache Emptied Successfully

    ==== Empty All Java Cache ======================

    Java Cache cleared successfully

    ==== After Reboot ======================

    ==== Empty Temp Folders ======================

    C:\Windows\Temp successfully emptied
    C:\Users\usuario\AppData\Local\Temp successfully emptied

    ==== Empty Recycle Bin ======================

    C:\$RECYCLE.BIN successfully emptied

    ==== EOF on 11/09/2013 at  8:29:31,96 ======================

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Muitos Adwares, log para analise.

    Mensagem por joram em Qua Set 11, 2013 9:28 am

    Bom Dia! Edvan

    |- Baixe: |[Você precisa estar registrado e conectado para ver este link.]| ( ... de Xplode )

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Estando na página,clique na seta verde para o download
    |- Salve-a em um local conveniente! ( desktop! )
    |- Feche aplicativos que estejam abertos.

    [Você precisa estar registrado e conectado para ver este link.]

    |- Execute-a!
    |- Com as 3 checkbox marcadas! 
    |- Clique "Run".
    |- Tudo Ok?

    At+

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Muitos Adwares, log para analise.

    Mensagem por Edvan em Qua Set 11, 2013 9:34 am

    tudo ok meu amigo Very Happy

    # DelFix v10.4 - Logfile created 11/09/2013 at 10:32:49
    # Updated 19/07/2013 by Xplode
    # Username : usuario - USUARIO-PC
    # Operating System : Windows 7 Professional Service Pack 1 (32 bits)

    ~ Removing disinfection tools ...

    Deleted : C:\ZHP
    Deleted : C:\Program Files\ZHPDiag
    Deleted : C:\Program Files\Hijackthis
    Deleted : C:\PhysicalDisk0_MBR.bin
    Deleted : C:\zoek-results.log
    Deleted : C:\Users\usuario\Desktop\AdwCleaner[S0].txt
    Deleted : C:\Users\usuario\Desktop\JRT.exe
    Deleted : C:\Users\usuario\Desktop\JRT.txt
    Deleted : C:\Users\usuario\Desktop\ZHPDiag.txt
    Deleted : C:\Users\usuario\Desktop\ZHPDiag2.exe
    Deleted : C:\Users\usuario\Desktop\ZHPFixReport.txt
    Deleted : C:\Users\usuario\Desktop\zoek.zip
    Deleted : C:\Users\Public\Desktop\ZHPDiag.lnk
    Deleted : C:\Users\Public\Desktop\ZHPFix.lnk
    Deleted : C:\Users\usuario\Downloads\adwcleaner.exe
    Deleted : HKLM\SOFTWARE\AdwCleaner
    Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

    ~ Cleaning system restore ...

    Deleted : RP #30 [Installed Java 7 Update 25 | 07/17/2013 14:54:53]
    Deleted : RP #31 [Windows Update | 07/18/2013 11:16:46]
    Deleted : RP #32 [Windows Update | 07/19/2013 06:00:18]
    Deleted : RP #33 [Windows Update | 07/20/2013 11:07:37]
    Deleted : RP #35 [WinZip Registry Optimizer dom, jul 28, 13  11:02 | 07/28/2013 14:02:43]
    Deleted : RP #36 [Ponto de Verificação Agendado | 08/13/2013 10:49:37]
    Deleted : RP #37 [Windows Update | 08/15/2013 09:46:14]
    Deleted : RP #39 [Avira Free Antivirus - 08/09/2013 12:16 | 09/08/2013 15:16:32]
    Deleted : RP #40 [Removed Facebook Video Calling 1.2.0.287 | 09/10/2013 19:04:32]
    Deleted : RP #41 [Quitado VAFPlayer | 09/10/2013 19:22:13]
    Deleted : RP #42 [zoek.exe restore point | 09/11/2013 11:06:20]

    New restore point created !

    ~ Resetting system settings ... OK

    ########## - EOF - ##########

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Muitos Adwares, log para analise.

    Mensagem por joram em Qua Set 11, 2013 1:29 pm

    CASO RESOLVIDO!

    Necessitando novo auxílio para este computador,basta abrir "[Você precisa estar registrado e conectado para ver este link.]" e relatar o problema.

    Conteúdo patrocinado

    Re: Muitos Adwares, log para analise.

    Mensagem por Conteúdo patrocinado Hoje à(s) 12:58 pm


      Data/hora atual: Sex Dez 02, 2016 12:58 pm