Fórum SecSecurity

Implementando Limpeza e Seguranca em seu computador!

Palavras chave

Últimos assuntos

» ResetBrowser ( ... de Nicolas Coolman )
Ter Maio 31, 2016 5:58 am por joram

» herdProtectScan ( ... by herdprotect.com )
Seg Mar 07, 2016 10:58 pm por joram

» Emsisoft Emergency Kit ( ... by Emsisoft.com )
Dom Fev 28, 2016 5:40 am por joram

» Dr.WEB Link Checker ( ... by Doctor Web.Ltd )
Qui Fev 11, 2016 9:51 am por joram

» Computador com erros no navegador
Sab Ago 29, 2015 8:04 pm por joram

» Justiça determina que PSafe retire alertas desleais
Qua Ago 19, 2015 6:58 am por joram

» Google vai fazer buscas offline internas no desktop do seu PC
Ter Ago 18, 2015 8:19 am por joram

» Baidu lança buscador no Brasil!
Seg Ago 17, 2015 12:25 pm por joram

» Kaspersky é acusada de inventar vírus!
Sex Ago 14, 2015 3:32 pm por joram

Dezembro 2016

SegTerQuaQuiSexSabDom
   1234
567891011
12131415161718
19202122232425
262728293031 

Calendário Calendário

Parceiros

Fórum grátis

Os membros mais marcados


    Ao navegar no firefox, o mesmo abre varias paginas de propagandas.

    Compartilhe

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Ao navegar no firefox, o mesmo abre varias paginas de propagandas.

    Mensagem por Edvan em Sex Nov 08, 2013 9:36 am

    Log para analise [Você precisa estar registrado e conectado para ver este link.]

    # AdwCleaner v3.011 - Relatório criado 08/11/2013 às 11:59:59
    # Atualizado 03/11/2013 por Xplode
    # Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Usuário : walber - HP
    # Executando de : C:\Users\walber\Desktop\adwcleaner(1).exe
    # Opção : Limpar

    ***** [ Serviços ] *****


    ***** [ Arquivos / Pastas ] *****

    Pasta Deletada : C:\ProgramData\BonanzaDealsLive
    Pasta Deletada : C:\ProgramData\IBUpdaterService
    Pasta Deletada : C:\Program Files (x86)\BonanzaDeals
    Pasta Deletada : C:\Program Files (x86)\BonanzaDealsLive
    Pasta Deletada : C:\Program Files (x86)\Plus-HD-4.1
    Pasta Deletada : C:\Users\walber\AppData\Local\BonanzaDealsLive
    Pasta Deletada : C:\Users\walber\AppData\Local\Temp\Iminent
    Pasta Deletada : C:\Users\walber\AppData\Roaming\baidu
    Pasta Deletada : C:\Users\walber\AppData\Roaming\UpdaterEX
    Pasta Deletada : C:\Users\walber\AppData\Roaming\Mozilla\Firefox\Profiles\s9mgw4oz.default\Extensions\1c4760d9-6efb-48d1-b650-e82623c8612e@982da7d4-d829-4a76-8b83-32a7fa75255f.com
    Pasta Deletada : C:\Users\walber\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpiglpdbbmcnncekagalndhicllimchm
    Arquivo Deletada : C:\Users\walber\AppData\Roaming\speedanalysis.ico
    Arquivo Deletada : C:\Users\walber\Desktop\SpeedAnalysis.lnk
    Arquivo Deletada : C:\Windows\Tasks\UpdaterEX.job
    Arquivo Deletada : C:\Windows\System32\Tasks\UpdaterEX
    Arquivo Deletada : C:\Windows\Tasks\Plus-HD-4.1-chromeinstaller.job
    Arquivo Deletada : C:\Windows\System32\Tasks\Plus-HD-4.1-chromeinstaller
    Arquivo Deletada : C:\Windows\Tasks\Plus-HD-4.1-codedownloader.job
    Arquivo Deletada : C:\Windows\System32\Tasks\Plus-HD-4.1-codedownloader
    Arquivo Deletada : C:\Windows\Tasks\Plus-HD-4.1-enabler.job
    Arquivo Deletada : C:\Windows\System32\Tasks\Plus-HD-4.1-enabler
    Arquivo Deletada : C:\Windows\Tasks\Plus-HD-4.1-firefoxinstaller.job
    Arquivo Deletada : C:\Windows\System32\Tasks\Plus-HD-4.1-firefoxinstaller
    Arquivo Deletada : C:\Windows\Tasks\Plus-HD-4.1-updater.job
    Arquivo Deletada : C:\Windows\System32\Tasks\Plus-HD-4.1-updater

    ***** [ Atalhos ] *****


    ***** [ Registro ] *****

    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
    Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0039200.BHO
    Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0039200.BHO.1
    Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0039200.Sandbox
    Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0039200.Sandbox.1
    Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
    Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311921100}
    Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322922200}
    Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355925500}
    Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366926600}
    Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344924400}
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311921100}
    Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
    Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311921100}
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{630c3f42-5fce-40a5-b809-64f58930844c}
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68895652-e601-4ac1-899e-3d181d11a444}
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94f524bc-edeb-4eb2-b513-b13be1a64a1c}
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9f497f1d-ea20-4550-8368-5d1bd7e81deb}
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ba359e53-b1ba-4a1d-a659-7d137dc0a4a2}
    Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311921100}
    Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322922200}
    Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355925500}
    Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366926600}
    Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311921100}
    Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{630c3f42-5fce-40a5-b809-64f58930844c}
    Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68895652-e601-4ac1-899e-3d181d11a444}
    Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94f524bc-edeb-4eb2-b513-b13be1a64a1c}
    Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9f497f1d-ea20-4550-8368-5d1bd7e81deb}
    Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ba359e53-b1ba-4a1d-a659-7d137dc0a4a2}
    Chave Deletedo : HKCU\Software\BonanzaDealsLive
    Chave Deletedo : HKCU\Software\InstallCore
    Chave Deletedo : HKCU\Software\installedbrowserextensions
    Chave Deletedo : HKCU\Software\InstalledThirdPartyPrograms
    Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
    Chave Deletedo : HKCU\Software\AppDataLow\Software\Plus-HD-4.1
    Chave Deletedo : HKLM\Software\BonanzaDealsLive
    Chave Deletedo : HKLM\Software\DeviceVM
    Chave Deletedo : HKLM\Software\Iminent
    Chave Deletedo : HKLM\Software\Plus-HD-4.1
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Iminent
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-4.1
    Chave Deletedo : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
    Chave Deletedo : HKLM\Software\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED

    ***** [ Navegadores ] *****

    -\\ Internet Explorer v10.0.9200.16720


    -\\ Mozilla Firefox v25.0 (pt-BR)

    [ Arquivo : C:\Users\walber\AppData\Roaming\Mozilla\Firefox\Profiles\s9mgw4oz.default\prefs.js ]

    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.InstallationThankYouPage", true);
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.InstallationTime", 1383878026);
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.active", true);
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.addressbar", "NA");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.addressbarenhanced", "");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.asyncdb_dbWasSet", true);
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.asyncdb_dbWasSet_FF25_FIX", true);
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.asyncinternaldb_dbWasSet", true);
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.asyncinternaldb_dbWasSet_FF25_FIX", true);
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.backgroundver", 1);
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.certdomaininstaller", "");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.changeprevious", false);
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasil)")[...]
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.cookie.InstallationTime.value", "1383878026");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.cookie.geo.expiration", "Fri Nov 15 2013 00:35:27 GMT-0200 (Hora oficial do Brasil)");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.cookie.geo.value", "%22BR%22");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.cookie.iframe-exists.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasil)");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.cookie.iframe-exists.value", "true");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.cookie.load_balancer.expiration", "Fri Nov 08 2013 17:38:41 GMT-0200 (Hora oficial do Brasil)");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.cookie.load_balancer.value", "%22%7B%20%5C%22Status%5C%22%3A%201%2C%5C%22Endpoint%5C%22%3A%20%5C%2[...]
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.cookie.previous_page.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasil)");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.cookie.previous_page.value", "%22hxxp%3A//www.google.com.br/url%3Fsa%3Dt%26rct%3Dj%26q%3D%26esrc%3[...]
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.cookie.user_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasil)");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.cookie.user_id.value", "%22142358ed09aca6a340bcb5dc92160399%22");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.description", "Turn YouTube videos to High Definition by default");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.domain", "");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.enablesearch", false);
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.homepage", "");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.iframe", false);
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do B[...]
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22194095AF2CBE4E18AB88B82BCEAC7[...]
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasi[...]
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.internaldb.Resources_appVer.value", "49");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do [...]
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.internaldb.Resources_lastVersion.value", "1");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasil)[...]
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.internaldb.Resources_meta.value", "%7B%7D");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.internaldb.Resources_nextCheck.expiration", "Fri Nov 08 2013 17:38:34 GMT-0200 (Hora oficial do Br[...]
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.internaldb.Resources_nextCheck.value", "true");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasil[...]
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.internaldb.Resources_queue.value", "%7B%7D");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.internaldb._country_code_.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasil)[...]
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.internaldb._country_code_.value", "%22BR%22");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasil)");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%22194095AF[...]
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.lastDailyReport", "1383917913091");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.lastUpdate", "1383917910831");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.manifesturl", "");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.name", "Plus-HD-4.1");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.newtab", "");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.opensearch", "");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/39200/plugins/093/ff/plugins.json");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.pluginsversion", 45);
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.publisher", "Plus HD");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.searchstatus", 0);
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.setnewtab", false);
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.thankyou", "");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.updateinterval", 360);
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.39200.ver", 49);
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.apps", "39200");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.bic", "142358ed09aca6a340bcb5dc92160399");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.cid", 39200);
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.firstrun", false);
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.hadappinstalled", true);
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.installationdate", 1383878021);
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.modetype", "production");
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.reportInstall", true);
    Linha deletada : user_pref("extensions.a1c4760d96efb48d1b650e82623c8612e982da7d4d8294a768b8332a7fa75255fcom39200.statsDailyCounter", 2);
    Linha deletada : user_pref("extensions.crossrider.bic", "142358ed09aca6a340bcb5dc92160399");

    -\\ Google Chrome v30.0.1599.101

    [ Arquivo : C:\Users\walber\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [17449 octets] - [04/11/2013 16:27:45]
    AdwCleaner[R1].txt - [21484 octets] - [08/11/2013 11:58:33]
    AdwCleaner[S0].txt - [17004 octets] - [04/11/2013 16:29:50]
    AdwCleaner[S1].txt - [18235 octets] - [08/11/2013 11:59:59]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [18296 octets] ##########





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.8 (11.05.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by walber on 08/11/2013 at 12:07:39,55
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1630071058-2599205304-2412354637-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu



    ~~~ Files

    Successfully deleted: [File] C:\Windows\Tasks\LyricsBuddy-2-chromeinstaller.job
    Successfully deleted: [File] C:\Windows\Tasks\LyricsBuddy-2-codedownloader.job



    ~~~ Folders



    ~~~ FireFox

    Successfully deleted: [Folder] C:\Users\walber\AppData\Roaming\mozilla\firefox\profiles\s9mgw4oz.default\extensions\8a701777-19b6-47a8-b4d8-7c3dc13bc21e@9ee87924-f3ee-404d-8728-2e14a85e873b.com
    Emptied folder: C:\Users\walber\AppData\Roaming\mozilla\firefox\profiles\s9mgw4oz.default\minidumps [3 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 08/11/2013 at 12:21:59,82
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Ao navegar no firefox, o mesmo abre varias paginas de propagandas.

    Mensagem por Edvan em Sex Nov 08, 2013 12:58 pm

    Malwarebytes Anti-Malware 1.75.0.1300
    [Você precisa estar registrado e conectado para ver este link.]

    Versão da Base de Dados:  v2013.11.04.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16721
    walber :: HP [administrador]

    08/11/2013 15:48:00
    mbam-log-2013-11-08 (15-48-00).txt

    Tipo de Verificação:  Verificação Rápida
    Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
    Opções de verificação desativadas: P2P
    Objetos escaneados:  235000
    Tempo decorrido: 6 minuto(s), 56 segundo(s)

    Processos de Memória Detectados: 0
    (Não foram detectados ítens maliciosos)

    Módulos de Memória Detectados: 0
    (Não foram detectados ítens maliciosos)

    Chaves de Registro Detectadas: 4
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{ECFCEA8D-502E-40E5-988C-010D4E465D67} (PUP.Optional.BestToolbars) -> Enviado para a Quarentena e deletado com sucesso.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ECFCEA8D-502E-40E5-988C-010D4E465D67} (PUP.Optional.BestToolbars) -> Enviado para a Quarentena e deletado com sucesso.
    HKLM\Software\LyricsBuddy-2 (PUP.Optional.LyricsBuddy.A) -> Enviado para a Quarentena e deletado com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LyricsBuddy-2 (PUP.Optional.LyricsBuddy.A) -> Enviado para a Quarentena e deletado com sucesso.

    Valores de Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)

    Itens de Dados no Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)

    Pastas Detectadas: 1
    C:\Program Files (x86)\LyricsBuddy-2 (PUP.Optional.LyricsBuddy.A) -> Enviado para a Quarentena e deletado com sucesso.

    Arquivos Detectados: 14
    C:\$Recycle.Bin\S-1-5-21-1630071058-2599205304-2412354637-1000\$R48RCWP.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
    C:\$Recycle.Bin\S-1-5-21-1630071058-2599205304-2412354637-1000\$RMOAWJ8.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
    C:\$Recycle.Bin\S-1-5-21-1630071058-2599205304-2412354637-1000\$RUUY20I.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Users\walber\AppData\Local\Temp\is-3BI6A.tmp\LyricsBuddy_1060-5050_v122.exe (Heuristics.Shuriken) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Users\walber\AppData\Local\Temp\is701137889\6665616_stp\bd.exe (PUP.Optional.BonanzaDeals.A) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Users\walber\Downloads\mozilla-firefox-250-32-bits.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Program Files (x86)\LyricsBuddy-2\42652.crx (PUP.Optional.LyricsBuddy.A) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Program Files (x86)\LyricsBuddy-2\42652.xpi (PUP.Optional.LyricsBuddy.A) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Program Files (x86)\LyricsBuddy-2\LyricsBuddy-2-buttonutil.exe (PUP.Optional.LyricsBuddy.A) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Program Files (x86)\LyricsBuddy-2\LyricsBuddy-2-chromeinstaller.exe (PUP.Optional.LyricsBuddy.A) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Program Files (x86)\LyricsBuddy-2\LyricsBuddy-2-codedownloader.exe (PUP.Optional.LyricsBuddy.A) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Program Files (x86)\LyricsBuddy-2\LyricsBuddy-2-helper.exe (PUP.Optional.LyricsBuddy.A) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Program Files (x86)\LyricsBuddy-2\Uninstall.exe (PUP.Optional.LyricsBuddy.A) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Program Files (x86)\LyricsBuddy-2\utils.exe (PUP.Optional.LyricsBuddy.A) -> Enviado para a Quarentena e deletado com sucesso.

    (fim)

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Ao navegar no firefox, o mesmo abre varias paginas de propagandas.

    Mensagem por Edvan em Sex Nov 08, 2013 2:30 pm

    Log completo.

    Malwarebytes Anti-Malware 1.75.0.1300
    [Você precisa estar registrado e conectado para ver este link.]

    Versão da Base de Dados:  v2013.11.04.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16721
    walber :: HP [administrador]

    08/11/2013 16:09:26
    mbam-log-2013-11-08 (16-09-26).txt

    Tipo de Verificação:  Verificação Completa  (C:\|)
    Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
    Opções de verificação desativadas: P2P
    Objetos escaneados:  479701
    Tempo decorrido: 1 hora(s), 17 minuto(s), 15 segundo(s)

    Processos de Memória Detectados: 0
    (Não foram detectados ítens maliciosos)

    Módulos de Memória Detectados: 0
    (Não foram detectados ítens maliciosos)

    Chaves de Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)

    Valores de Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)

    Itens de Dados no Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)

    Pastas Detectadas: 0
    (Não foram detectados ítens maliciosos)

    Arquivos Detectados: 16
    C:\Users\walber\Desktop\AutoCAD-2013.ptbr.64x\AutoCAD 2013.ptbr.64x\Ativador\xf-autocad-kg_x64.exe (RiskWare.Tool.CK) -> Nenhuma ação foi feita.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.1\Plus-HD-4.1-bg.exe.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.1\Plus-HD-4.1-bho.dll.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.1\Plus-HD-4.1-bho64.dll.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.1\Plus-HD-4.1-buttonutil.exe.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.1\Plus-HD-4.1-buttonutil64.exe.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.1\Plus-HD-4.1-chromeinstaller.exe.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.1\Plus-HD-4.1-codedownloader.exe.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.1\Plus-HD-4.1-enabler.exe.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.1\Plus-HD-4.1-firefoxinstaller.exe.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.1\Plus-HD-4.1-updater.exe.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Users\walber\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0007b7 (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Users\walber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05KSTYD1\iminent[1].msi (PUP.Optional.Iminent) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Users\walber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05KSTYD1\MinibarFirefox[1].exe (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Users\walber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LNYXM73Q\IminentMinibarIE[1].exe (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Users\walber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OLR7H7E8\MinibarChrome[1].exe (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.

    (fim)

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Ao navegar no firefox, o mesmo abre varias paginas de propagandas.

    Mensagem por joram em Sex Nov 08, 2013 3:19 pm

    Boa Noite! Edvan

    |- Execute este script na ferramenta ZHPFix.

    script zhpfix
    O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Chave orfã   
    O4 - GS\Desktop [walber]: Windows Update Troubleshooting Info.lnk . (...)  -- C:\Users\walber\AppData\Local\Temp\WUDiagTempFolder\2013_02_22T08_11_59
    O4 - HKLM\..\Wow6432Node\Run: [PSafeTray] C:\Program Files (x86)\PSafe\PSafeSysTray.exe (.not file.)
    O4 - HKLM\..\Wow6432Node\Run: [PSafeWDS] C:\Program Files (x86)\PSafe\PSafeWDS.exe (.not file.)
    O42 - Logiciel: Extended Update - (...) [HKCU][64Bits] -- UpdaterEX =>PUP.Dealply
    O42 - Logiciel: LyricsBuddy-2 - (.flysoftLmark.) [HKLM][64Bits] -- LyricsBuddy-2 =>Adware.AddLyrics
    O43 - CFD: 08/11/2013 - 00:19:15 - [3,206] ----D C:\Program Files (x86)\LyricsBuddy-2 =>Adware.AddLyrics
    O43 - CFD: 08/11/2013 - 00:02:39 - [0,980] ----D C:\Users\walber\AppData\Roaming\SpeedAnalysis4 =>PUP.SpeedAnalysis
    O44 - LFC:[MD5.C836358D26BECFA86CEF23F60679F2E9] - 27/10/2013 - 00:10:22 ---A- . (...) -- C:\Windows\DirectX.log   [1340]
    O45 - LFCP:[MD5.DE0E0E40E960E58C45BB17F95660D90E] - 04/11/2013 - 15:21:41 ---A- - C:\Windows\Prefetch\YONTOODESKTOP.EXE-D08B7000.pf  =>Adware.Yontoo
    O45 - LFCP:[MD5.94BC6AE72817ACCF7F881492BF7FE66B] - 07/11/2013 - 23:47:11 ---A- - C:\Windows\Prefetch\BONANZADEALSLIVE.EXE-B181B230.pf  =>Adware.BonanzaDeals
    G2 - GCE: Preference [User Data\Default] [jjkpdhdihflbbjmlnnbphkcohajpekje] LyricsBuddy-2 v.1.25.17, (Activé) =>Adware.AddLyrics
    M3 - MFPP: Plugins - [walber] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\fcmdSrchtube.xml =>Adware.Facemoods
    [MD5.3252EAD684467D3F16A47E7581AAB757] [SPRF][28/09/2013] (.Setup © - Setup.) -- C:\Users\walber\AppData\Local\Temp\81726uninstall.exe   [458240]
    [MD5.6A63B619585FD0FD3BFB693CA05F2E5C] [SPRF][07/11/2013] (...) -- C:\Users\walber\AppData\Local\Temp\bdg7052.exe   [253952]
    [MD5.0D649E34C2552C4965694F51A18AEB15] [SPRF][31/03/2013] (...) -- C:\Users\walber\AppData\Local\Temp\ctengine_tld.dat   [68989]
    [MD5.EADD4D3B52C220C04116A25FBD276E50] [SPRF][16/03/2013] (...) -- C:\Users\walber\AppData\Local\Temp\ICReinstall_boxoft-pdf-to-powerpoint-10-baixaki-32-bits.exe   [646008]
    [MD5.82555B1ABFA3BDD11AD3B7EEE8319775] [SPRF][04/10/2013] (...) -- C:\Users\walber\AppData\Local\Temp\install_helper.exe   [901120]
    [MD5.E61E66E2FEAF326F1CF39555CA1319FF] [SPRF][31/03/2013] (.PSafe S/A - Instalador do ClikSeguro.) -- C:\Users\walber\AppData\Local\Temp\ps_ClikSeguroSetup.exe   [2041360]
    [MD5.F3B33AC8EF0950E8F37AC867DB2825F6] [SPRF][03/11/2013] (...) -- C:\Users\walber\AppData\Local\Temp\Quarantine.exe   [350259]
    [MD5.3B34BA681B2112C7F6A665475D32BD65] [SPRF][07/11/2013] (...) -- C:\Users\walber\AppData\Local\Temp\setup_.exe   [17294872]
    [MD5.5405413FFF79B8D9C747AA900F60F082] [SPRF][28/09/2013] (...) -- C:\Users\walber\AppData\Local\Temp\Sqlite3.dll   [599419]
    [MD5.DF2B4BFD4973224AA172D7694D94B109] [SPRF][20/04/2013] (...) -- C:\Users\walber\AppData\Local\Temp\temp.bat   [447]
    [MD5.10E1AB9267FBFBEEC1C21502C3BBBA99] [SPRF][26/10/2013] (...) -- C:\Users\walber\AppData\Local\Temp\utt8B0.tmp.bat   [102]
    [MD5.B5B2829B37336BB266B179700398B421] [SPRF][13/09/2013] (.Ask.com - Offercast - APN Install Manager.) -- C:\Users\walber\AppData\Local\Temp\AskPIP_FF_.exe   [1021872]
    [MD5.D4386108C6B6B91EE7BD04ED4B0A7016] [SPRF][26/10/2013] (.PC Health Labs - PC Health Kit.) -- C:\Users\walber\AppData\Local\Temp\air82BD.exe   [3844200]  =>PUP.DealPly
    [MD5.171F1BB73D0238A7A56126D3459ECDCD] [SPRF][15/10/2008] (...) -- C:\Users\walber\AppData\Local\Temp\Extract.exe   [50432]   

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F999A48B-1950-4D81-9971-79018F807B4B}]   =>Toolbar.Conduit
    [HKLM\Software\Wow6432Node\360Safe]   
    [HKLM\Software\Google\Chrome\Extensions\jjkpdhdihflbbjmlnnbphkcohajpekje]   =>Adware.AddLyrics^
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX]   =>PUP.Dealply^
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LyricsBuddy-2]   =>Adware.AddLyrics^
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]   =>PUP.Tarma
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]   =>PUP.Tarma
    [HKLM\Software\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED]   =>Adware.IMBooster
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED]   =>Adware.IMBooster
    [HKLM\Software\Wow6432Node\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED]   =>Adware.IMBooster
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A]   =>Adware.IMBooster
    [HKLM\Software\Wow6432Node\360Safe]   =>Trojan.Lozavita
    [HKLM\Software\Wow6432Node\AnvSoft\OpenCandy]   =>Adware.OpenCandy
    C:\Program Files (x86)\PSafe
    C:\Users\walber\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjkpdhdihflbbjmlnnbphkcohajpekje   =>Adware.AddLyrics^
    C:\Program Files (x86)\LyricsBuddy-2   =>Adware.AddLyrics^
    C:\Users\walber\AppData\Roaming\SpeedAnalysis4   =>PUP.SpeedAnalysis^
    C:\Users\walber\AppData\Local\Temp\air82BD.exe   =>PUP.DealPly^


    |- Poste o relatório!

    A+

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Ao navegar no firefox, o mesmo abre varias paginas de propagandas.

    Mensagem por Edvan em Seg Nov 11, 2013 9:29 am

    Vou rodar um Relatório do ZHPDiag novamente, pois está travando, não consigo gerar o relatório do ZHPFix!

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Ao navegar no firefox, o mesmo abre varias paginas de propagandas.

    Mensagem por Edvan em Seg Nov 11, 2013 9:43 am

    Log [Você precisa estar registrado e conectado para ver este link.]

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Ao navegar no firefox, o mesmo abre varias paginas de propagandas.

    Mensagem por joram em Seg Nov 11, 2013 1:43 pm

    Boa Tarde! Edvan

    |- Execute este script na ferramenta ZHPFix.

    script zhpfix
    O4 - HKLM\..\Wow6432Node\Run: [PSafeTray] C:\Program Files (x86)\PSafe\PSafeSysTray.exe (.not file.)
    O4 - HKLM\..\Wow6432Node\Run: [PSafeWDS] C:\Program Files (x86)\PSafe\PSafeWDS.exe (.not file.)
    O42 - Logiciel: Extended Update - (...) [HKCU][64Bits] -- UpdaterEX =>PUP.Dealply  
    O43 - CFD: 08/11/2013 - 00:02:39 - [0,980] ----D C:\Users\walber\AppData\Roaming\SpeedAnalysis4 =>PUP.SpeedAnalysis
    O45 - LFCP:[MD5.DE0E0E40E960E58C45BB17F95660D90E] - 04/11/2013 - 15:21:41 ---A- - C:\Windows\Prefetch\YONTOODESKTOP.EXE-D08B7000.pf  =>Adware.Yontoo
    O45 - LFCP:[MD5.94BC6AE72817ACCF7F881492BF7FE66B] - 07/11/2013 - 23:47:11 ---A- - C:\Windows\Prefetch\BONANZADEALSLIVE.EXE-B181B230.pf  =>Adware.BonanzaDeals
    O45 - LFCP:[MD5.D68A4F379858CA3AAAB56B986541FC68] - 11/11/2013 - 10:20:33 ---A- - C:\Windows\Prefetch\ADSYNC.EXE-55BFFC0D.pf
    O45 - LFCP:[MD5.7D129EE6A6E3584BD8C6FB9C834FACB6] - 11/11/2013 - 10:20:43 ---A- - C:\Windows\Prefetch\HIDDATA.EXE-8B1F9A63.pf
    O45 - LFCP:[MD5.E4D1AFAAC781F1C6022527E706FF533D] - 11/11/2013 - 10:20:53 ---A- - C:\Windows\Prefetch\QLBCTRL.EXE-F27CBE6C.pf
    O45 - LFCP:[MD5.1124FD3AC958CDAFDFF9694EB55F23F5] - 12/10/2013 - 09:25:15 ---A- - C:\Windows\Prefetch\SUPPORT-LINK.EXE-3EC37119.pf
    O45 - LFCP:[MD5.E8B7672A03B3463A56443ADB19DDDAF2] - 12/10/2013 - 10:46:09 ---A- - C:\Windows\Prefetch\AUTORUN.EXE-D28490C2.pf
    O45 - LFCP:[MD5.1419E1C5C3537FCC8D4B54A40D2FFAA9] - 18/10/2013 - 21:22:18 ---A- - C:\Windows\Prefetch\RESOURCE.EXE-E971D367.pf
    O45 - LFCP:[MD5.7BAA814FCCF57A19271F98780C349699] - 18/10/2013 - 21:23:34 ---A- - C:\Windows\Prefetch\LOWDISKSPACEDETECTION.EXE-6D00DF33.pf
    [MD5.3252EAD684467D3F16A47E7581AAB757] [SPRF][28/09/2013] (.Setup © - Setup.) -- C:\Users\walber\AppData\Local\Temp\81726uninstall.exe   [458240]
    [MD5.6A63B619585FD0FD3BFB693CA05F2E5C] [SPRF][07/11/2013] (...) -- C:\Users\walber\AppData\Local\Temp\bdg7052.exe   [253952]
    [MD5.0D649E34C2552C4965694F51A18AEB15] [SPRF][31/03/2013] (...) -- C:\Users\walber\AppData\Local\Temp\ctengine_tld.dat   [68989]
    [MD5.EADD4D3B52C220C04116A25FBD276E50] [SPRF][16/03/2013] (...) -- C:\Users\walber\AppData\Local\Temp\ICReinstall_boxoft-pdf-to-powerpoint-10-baixaki-32-bits.exe   [646008]
    [MD5.82555B1ABFA3BDD11AD3B7EEE8319775] [SPRF][04/10/2013] (...) -- C:\Users\walber\AppData\Local\Temp\install_helper.exe   [901120]
    [MD5.E61E66E2FEAF326F1CF39555CA1319FF] [SPRF][31/03/2013] (.PSafe S/A - Instalador do ClikSeguro.) -- C:\Users\walber\AppData\Local\Temp\ps_ClikSeguroSetup.exe   [2041360]
    [MD5.F3B33AC8EF0950E8F37AC867DB2825F6] [SPRF][03/11/2013] (...) -- C:\Users\walber\AppData\Local\Temp\Quarantine.exe   [350259]
    [MD5.3B34BA681B2112C7F6A665475D32BD65] [SPRF][07/11/2013] (...) -- C:\Users\walber\AppData\Local\Temp\setup_.exe   [17294872]
    [MD5.5405413FFF79B8D9C747AA900F60F082] [SPRF][28/09/2013] (...) -- C:\Users\walber\AppData\Local\Temp\Sqlite3.dll   [599419]
    [MD5.DF2B4BFD4973224AA172D7694D94B109] [SPRF][20/04/2013] (...) -- C:\Users\walber\AppData\Local\Temp\temp.bat   [447]
    [MD5.10E1AB9267FBFBEEC1C21502C3BBBA99] [SPRF][26/10/2013] (...) -- C:\Users\walber\AppData\Local\Temp\utt8B0.tmp.bat   [102]
    [MD5.B5B2829B37336BB266B179700398B421] [SPRF][13/09/2013] (.Ask.com - Offercast - APN Install Manager.) -- C:\Users\walber\AppData\Local\Temp\AskPIP_FF_.exe   [1021872]
    [MD5.D4386108C6B6B91EE7BD04ED4B0A7016] [SPRF][26/10/2013] (.PC Health Labs - PC Health Kit.) -- C:\Users\walber\AppData\Local\Temp\air82BD.exe   [3844200]  =>PUP.DealPly
    [MD5.171F1BB73D0238A7A56126D3459ECDCD] [SPRF][15/10/2008] (...) -- C:\Users\walber\AppData\Local\Temp\Extract.exe   [50432]   
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F999A48B-1950-4D81-9971-79018F807B4B}]   =>Toolbar.Conduit
    [HKLM\Software\Google\Chrome\Extensions\jjkpdhdihflbbjmlnnbphkcohajpekje]   =>Adware.AddLyrics^
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX]   =>PUP.Dealply^
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]   =>PUP.Tarma
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]   =>PUP.Tarma
    [HKLM\Software\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED]   =>Adware.IMBooster
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED]   =>Adware.IMBooster
    [HKLM\Software\Wow6432Node\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED]   =>Adware.IMBooster
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A]   =>Adware.IMBooster
    [HKLM\Software\Wow6432Node\360Safe]   =>Trojan.Lozavita
    [HKLM\Software\Wow6432Node\AnvSoft\OpenCandy]   =>Adware.OpenCandy
    [HKLM\Software\Wow6432Node\360Safe]   
    C:\Users\walber\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjkpdhdihflbbjmlnnbphkcohajpekje   =>Adware.AddLyrics^
    C:\Users\walber\AppData\Roaming\SpeedAnalysis4   =>PUP.SpeedAnalysis^
    C:\Users\walber\AppData\Local\Temp\air82BD.exe   =>PUP.DealPly^

    firewallraz
    emptyflash
    emptytemp


    |- Poste o relatório!

    A+

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Ao navegar no firefox, o mesmo abre varias paginas de propagandas.

    Mensagem por Edvan em Seg Nov 11, 2013 1:57 pm

    Rapport de ZHPFix 2013.11.4.1 par Nicolas Coolman, Update du 03/11/2013
    Fichier d'export Registre :
    Run by walber at 11/11/2013 16:56:14
    High Elevated Privileges : OK
    Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

    Reciclagem vazia (00mn 02s)

    ========== Processo memória ==========
    ELIMINÉ: Memory Process: C:\Users\walber\AppData\Local\Temp\81726uninstall.exe
    ELIMINÉ: Memory Process: C:\Users\walber\AppData\Local\Temp\bdg7052.exe
    ELIMINÉ: Memory Process: C:\Users\walber\AppData\Local\Temp\ICReinstall_boxoft-pdf-to-powerpoint-10-baixaki-32-bits.exe
    ELIMINÉ: Memory Process: C:\Users\walber\AppData\Local\Temp\install_helper.exe
    ELIMINÉ: Memory Process: C:\Users\walber\AppData\Local\Temp\ps_ClikSeguroSetup.exe
    ELIMINÉ: Memory Process: C:\Users\walber\AppData\Local\Temp\Quarantine.exe
    ELIMINÉ: Memory Process: C:\Users\walber\AppData\Local\Temp\setup_.exe
    ELIMINÉ: Memory Process: C:\Users\walber\AppData\Local\Temp\AskPIP_FF_.exe
    ELIMINÉ: Memory Process: C:\Users\walber\AppData\Local\Temp\air82BD.exe
    ELIMINÉ: Memory Process: C:\Users\walber\AppData\Local\Temp\Extract.exe

    ========== Modulos memória ==========
    ELIMINÉ: Memory Module: C:\Users\walber\AppData\Local\Temp\Sqlite3.dll

    ========== Chaves do Registo ==========
    ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F999A48B-1950-4D81-9971-79018F807B4B}
    ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
    ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
    ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
    ELIMINÉ:³ HKLM\Software\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED
    ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED
    ELIMINÉ:³ HKLM\Software\Wow6432Node\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED
    ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
    ELIMINÉ: HKLM\Software\Wow6432Node\360Safe
    ELIMINÉ: HKLM\Software\Wow6432Node\AnvSoft\OpenCandy

    ========== Valores do Registo ==========
    ELIMINÉ RunValue: PSafeTray
    ELIMINÉ RunValue: PSafeWDS
    Ausente Valor Perfil Padrão: FirewallRaz :
    Ausente Valor Perfil Domínio FirewallRaz :
    ELIMINÉ: FirewallRaz (Public) : TCP Query User{A619F3BF-8043-4C5F-86C6-5D8E86DCF7D6}C:\users\walber\appdata\roaming\utorrent\utorrent.exe
    ELIMINÉ: FirewallRaz (Public) : UDP Query User{09DCF5CF-F6FF-44A3-975F-88F30F4A0FA7}C:\users\walber\appdata\roaming\utorrent\utorrent.exe

    ========== Pastas ==========
    ELIMINÉ: C:\Users\walber\AppData\Roaming\SpeedAnalysis4
    ELIMINÉ: c:\users\walber\appdata\local\google\chrome\user data\default\extensions\jjkpdhdihflbbjmlnnbphkcohajpekje
    ELIMINÉ Flash Cookies (0) (0 octets)
    ELIMINÉ Temporários windows (356) (0 octets)

    ========== Ficheiros ==========
    ELIMINÉ: c:\windows\prefetch\yontoodesktop.exe-d08b7000.pf
    ELIMINÉ: c:\windows\prefetch\bonanzadealslive.exe-b181b230.pf
    ELIMINÉ: c:\windows\prefetch\adsync.exe-55bffc0d.pf
    ELIMINÉ: c:\windows\prefetch\hiddata.exe-8b1f9a63.pf
    ELIMINÉ: c:\windows\prefetch\qlbctrl.exe-f27cbe6c.pf
    ELIMINÉ: c:\windows\prefetch\support-link.exe-3ec37119.pf
    ELIMINÉ: c:\windows\prefetch\autorun.exe-d28490c2.pf
    ELIMINÉ: c:\windows\prefetch\resource.exe-e971d367.pf
    ELIMINÉ: c:\windows\prefetch\lowdiskspacedetection.exe-6d00df33.pf
    ELIMINÉ: C:\Users\walber\AppData\Local\Temp\ctengine_tld.dat
    ELIMINÉ: C:\Users\walber\AppData\Local\Temp\temp.bat
    ELIMINÉ: C:\Users\walber\AppData\Local\Temp\utt8B0.tmp.bat
    ELIMINÉ Flash Cookies (0) (0 octets)
    ELIMINÉ Temporários windows (0) (0 octets)


    ========== Recapitulativo ==========
    10 : Processo memória
    1 : Modulos memória
    10 : Chaves do Registo
    6 : Valores do Registo
    4 : Pastas
    14 : Ficheiros


    End of clean in 00mn 14s

    ========== Caminho do ficheiro do relatório ==========
    C:\Users\walber\AppData\Roaming\ZHP\ZHPFix[R1].txt - 11/11/2013 16:56:17 [4066]

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Ao navegar no firefox, o mesmo abre varias paginas de propagandas.

    Mensagem por joram em Seg Nov 11, 2013 4:26 pm

    Boa Noite! Edvan

    |- Baixe: < [Você precisa estar registrado e conectado para ver este link.] > ( ... by Smeenk )

    |- Ou aqui! < [Você precisa estar registrado e conectado para ver esta imagem.][Você precisa estar registrado e conectado para ver este link.] >

    |- Salve-o no desktop!
    |- Desabilite seu antivírus!
    |- Para Windows 7,execute zoek.exe como administrador.

    hijackthis;
    iedefaults;
    firefoxlook;
    emptyFFcache;
    autoclean; 
    emptyclsid;
    emptyalltemp;


    |- Copie e cole estas informações,em vermelho,no campo da ferramenta.
    |- Clique "Run Script".

    Zoek.exe is running now.
    Do not start any browser windows, they will be closed automatically.
    Please wait! This window will close when finished.
    A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
    |- Surgirão estas informações,pedindo-lhe que aguarde o relatório.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Aceite e/ou confirme o reboot!

    zoek.hta failed by unknown error.
    Restart computer, and try again.
    |- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
    |- Poste o relatório,que estará em C:\zoek-results.txt <<

    A+

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Ao navegar no firefox, o mesmo abre varias paginas de propagandas.

    Mensagem por Edvan em Ter Nov 12, 2013 6:45 am

    Zoek.exe Version 4.0.0.5 Updated 09-November-2013
    Tool run by walber on 12/11/2013 at  9:12:33,76.
    Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
    Running in: Normal Mode Internet Access Detected
    Launched: C:\Users\walber\Desktop\zoek.com [Script inserted]

    ==== System Restore Info ======================

    12/11/2013 09:14:43 Zoek.exe System Restore Point Created Succesfully.

    ==== Deleting CLSID Registry Keys ======================

    HKEY_USERS\S-1-5-21-1630071058-2599205304-2412354637-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully

    ==== Deleting CLSID Registry Values ======================


    ==== Deleting Services ======================


    ==== FireFox Fix ======================

    ProfilePath: C:\Users\walber\AppData\Roaming\Mozilla\Firefox\Profiles\s9mgw4oz.default

    user.js not found
    ---- Lines Lyric removed from prefs.js ----
    user_pref("extensions.a8a70177719b647a8b4d87c3dc13bc21e9ee87924f3ee404d87282e14a85e873bcom42652.42652.description", "LyricsBuddy will allow you to dis
    user_pref("extensions.a8a70177719b647a8b4d87c3dc13bc21e9ee87924f3ee404d87282e14a85e873bcom42652.42652.name", "LyricsBuddy-2");
    user_pref("extensions.a8a70177719b647a8b4d87c3dc13bc21e9ee87924f3ee404d87282e14a85e873bcom42652.42652.publisher", "Lyrics");
    ---- Lines SpeedAnalysis removed from prefs.js ----
    user_pref("extensions.speedanalysis04@SpeedAnalysis.com.id", "\"b97b57fb-9f1c-03b6-e405-6ce352607978\"");
    user_pref("extensions.speedanalysis04@SpeedAnalysis.com.mzID", "83");
    user_pref("extensions.speedanalysis04@SpeedAnalysis.com.uuid", "\"2e459f81-481e-11e3-9977-0025900b3c98\"");
    ---- FireFox user.js and prefs.js backups ----

    prefs_112013_0930_.backup

    ==== Deleting Files \ Folders ======================

    C:\PROGRA~2\SopCast deleted
    C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
    C:\found.000 deleted
    C:\found.001 deleted
    C:\Users\walber\AppData\Roaming\Uniblue deleted
    C:\Users\walber\AppData\Roaming\cdr.ini deleted
    C:\Users\walber\AppData\Local\BIT8F83.tmp deleted
    C:\Windows\Installer\{118D6CE9-5F18-42F9-958A-14676A629FDE} deleted
    C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
    C:\PROGRA~2\Mozilla Firefox\searchplugins\fcmdSrchtube.xml deleted
    "C:\Users\walber\AppData\Local\{6AC5275E-DBE0-4608-8C9A-C1A36C5A0972}" deleted

    ==== Firefox Extensions Registry ======================

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
    "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [16/09/2013 15:36]
    [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
    "otis@digitalpersona.com"="C:\Program Files (x86)\DigitalPersona\Bin\firefoxext" [20/07/2010 17:22]

    ==== Firefox Extensions ======================

    ProfilePath: C:\Users\walber\AppData\Roaming\Mozilla\Firefox\Profiles\s9mgw4oz.default
    - NetVideoHunter - %ProfilePath%\extensions\netvideohunter@netvideohunter.com

    AppDir: C:\Program Files (x86)\Mozilla Firefox
    - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ==== Firefox Plugins ======================

    Profilepath: C:\Users\walber\AppData\Roaming\Mozilla\Firefox\Profiles\s9mgw4oz.default
    4BF70B35B943BD73BD6E13EB7C1BA4B3    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll -    Shockwave Flash
    EC401349BFA64BD6232C746046AEC0B5    - C:\Users\walber\AppData\Roaming\Mozilla\plugins\npoctoshape.dll -    Octoshape Streaming Services
    F92FC494F7E9760802180B5493DD4F90    - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll -    Shockwave for Director / Shockwave for Director


    ==== Chrome Look ======================


    ==== Set IE to Default ======================

    Old Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.com"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
    "SearchAssistant"="http://www.google.com"
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
    "SearchAssistant"="http://www.google.com"

    New Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.com"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
    "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
    "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    "DefaultScope"="{EE0498B6-87BC-4A19-B79A-A0A9E5A62521}"
    {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
    {EE0498B6-87BC-4A19-B79A-A0A9E5A62521} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox"

    ==== Deleting Registry Keys ======================

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2 deleted successfully

    ==== HijackThis Entries ======================

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Você precisa estar registrado e conectado para ver este link.]
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Você precisa estar registrado e conectado para ver este link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Você precisa estar registrado e conectado para ver este link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start [Você precisa estar registrado e conectado para ver este link.]
    O4 - HKCU\..\Run: [Boxoft Tools] "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun
    O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
    O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
    O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Você precisa estar registrado e conectado para ver este link.]
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
    O15 - Trusted Zone: www14.bancobrasil.com.br
    O15 - Trusted Zone: www2.bancobrasil.com.br
    O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - [Você precisa estar registrado e conectado para ver este link.]
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - [Você precisa estar registrado e conectado para ver este link.]
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Você precisa estar registrado e conectado para ver este link.]
    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\AESTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
    O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SPLASH.SYS\config\DVMExportService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\STacSV64.exe
    O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    ==== Empty IE Cache ======================

    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\Convidado\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\Convidado\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
    C:\Users\walber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\walber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
    C:\Users\walber\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\walber\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    ==== Empty FireFox Cache ======================

    C:\Users\walber\AppData\Local\Mozilla\Firefox\Profiles\s9mgw4oz.default\Cache will be emptied at reboot

    ==== Empty Chrome Cache ======================

    C:\Users\walber\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

    ==== Empty All Flash Cache ======================

    Flash Cache Emptied Successfully

    ==== Empty All Java Cache ======================

    Java Cache cleared successfully

    ==== After Reboot ======================

    ==== Empty Temp Folders ======================

    C:\Windows\Temp successfully emptied
    C:\Users\walber\AppData\Local\Temp successfully emptied

    ==== Empty Recycle Bin ======================

    C:\$RECYCLE.BIN successfully emptied

    ==== EOF on 12/11/2013 at  9:41:26,45 ======================

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Ao navegar no firefox, o mesmo abre varias paginas de propagandas.

    Mensagem por joram em Ter Nov 12, 2013 6:53 am

    Bom Dia! Edvan

    |- Baixe: |[Você precisa estar registrado e conectado para ver este link.]| ( ... de Xplode )

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Estando na página,clique na seta verde para o download.
    |- Salve-a em um local conveniente! ( desktop! )
    |- Feche aplicativos que estejam abertos.

    [Você precisa estar registrado e conectado para ver este link.]

    |- Execute-a!
    |- Com as 3 checkbox marcadas!
    |- Clique "Run".
    |- Tudo Ok?

    Abs!

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Ao navegar no firefox, o mesmo abre varias paginas de propagandas.

    Mensagem por Edvan em Ter Nov 12, 2013 7:14 am

    Tudo ok amigo, valeu pela força!


    # DelFix v10.6 - Logfile created 12/11/2013 at 09:59:03
    # Updated 11/11/2013 by Xplode
    # Username : walber - HP
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

    ~ Removing disinfection tools ...

    Deleted : C:\AdwCleaner
    Deleted : C:\Users\walber\AppData\Roaming\ZHP
    Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
    Deleted : C:\Program Files (x86)\ZHPDiag
    Deleted : C:\Program Files (x86)\Hijackthis
    Deleted : C:\PhysicalDisk0_MBR.bin
    Deleted : C:\zoek-results.log
    Deleted : C:\Users\walber\Desktop\ZHPDiag.lnk
    Deleted : C:\Users\walber\Desktop\ZHPDiag.txt
    Deleted : C:\Users\walber\Desktop\ZHPFix.lnk
    Deleted : C:\Users\walber\Desktop\ZHPFixReport.txt
    Deleted : C:\Users\walber\Desktop\zoek.com
    Deleted : C:\Users\walber\Desktop\zoek.pif
    Deleted : C:\Users\walber\Desktop\zoek.rar
    Deleted : C:\Users\walber\Desktop\zoek.scr
    Deleted : C:\Users\walber\Downloads\adwcleaner.exe
    Deleted : C:\Users\walber\Downloads\JRT.exe
    Deleted : C:\Users\walber\Downloads\ZHPDiag2.exe
    Deleted : C:\Users\walber\Downloads\zoek.rar
    Deleted : HKLM\SOFTWARE\AdwCleaner
    Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

    ~ Cleaning system restore ...

    Deleted : RP #256 [Windows Update | 10/29/2013 02]
    Deleted : RP #257 [Windows Update | 10/30/2013 01]
    Deleted : RP #258 [Windows Update | 10/31/2013 02]
    Deleted : RP #259 [Windows Update | 11/01/2013 23]
    Deleted : RP #260 [Windows Update | 11/02/2013 13]
    Deleted : RP #261 [Windows Update | 11/02/2013 18]
    Deleted : RP #262 [Windows Update | 11/05/2013 02]
    Deleted : RP #263 [Windows Update | 11/06/2013 00]
    Deleted : RP #264 [Windows Update | 11/06/2013 01]
    Deleted : RP #266 [Windows Update | 11/08/2013 13]
    Deleted : RP #267 [Windows Update | 11/08/2013 20]
    Deleted : RP #268 [Windows Update | 11/09/2013 00]
    Deleted : RP #269 [Windows Update | 11/09/2013 01]
    Deleted : RP #270 [Windows Update | 11/09/2013 16]
    Deleted : RP #271 [Windows Update | 11/10/2013 01]
    Deleted : RP #272 [Windows Update | 11/10/2013 01]
    Deleted : RP #273 [Windows Update | 11/10/2013 01]
    Deleted : RP #274 [Windows Update | 11/10/2013 12]
    Deleted : RP #275 [Windows Update | 11/10/2013 13]
    Deleted : RP #276 [Windows Update | 11/10/2013 16]
    Deleted : RP #277 [Windows Update | 11/10/2013 19]
    Deleted : RP #278 [Windows Update | 11/11/2013 19]
    Deleted : RP #279 [Windows Update | 11/11/2013 19]
    Deleted : RP #280 [Windows Update | 11/11/2013 20]
    Deleted : RP #281 [zoek.exe restore point | 11/12/2013 11]
    Deleted : RP #282 [Windows Update | 11/12/2013 11]

    New restore point created !

    ~ Resetting system settings ... OK

    ########## - EOF - ##########

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Ao navegar no firefox, o mesmo abre varias paginas de propagandas.

    Mensagem por joram em Ter Nov 12, 2013 8:02 am

    CASO RESOLVIDO!

    Necessitando novo auxílio para este computador,basta abrir "[Você precisa estar registrado e conectado para ver este link.]" e relatar o problema.

    Conteúdo patrocinado

    Re: Ao navegar no firefox, o mesmo abre varias paginas de propagandas.

    Mensagem por Conteúdo patrocinado Hoje à(s) 8:35 am


      Data/hora atual: Sab Dez 03, 2016 8:35 am