Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 7 usuários online :: 0 registrados, 0 invisíveis e 7 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
vírus no navegador
3 participantes
Página 1 de 1
vírus no navegador
por ALINEBGAMA Qui 10 Abr 2014, 12:29
já tentei de tudo p retirar os vírus do meu navegador, fui em propriedades do mozila, complementos, ferramentas na cx do mozila já desativei tudo q poderia ser vírus, no face book já removi todos os aplicativos, desinstalei o mozila e reinstalei e nada, tem um programa q se chama presto pvr q desde q o instalei é q percebi esses aplicativos indesejáveis, o problema é q toda vez q clico em deinstalar esse programa eu não consigo, to a dias tentando mais dá um erro q diz q o programa parou de funcionar e o windows não consegue solução, o que faço? pois todo site q entre por este pc tá cheio de vírus, obrigada. 
ALINEBGAMA- Iniciante
- Mensagens : 20
Reputação : 1
Data de inscrição : 09/03/2014
Re: vírus no navegador
por Power Max Qui 10 Abr 2014, 12:35
Oi Aline.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
ALINEBGAMA- Iniciante
- Mensagens : 20
Reputação : 1
Data de inscrição : 09/03/2014
Re: vírus no navegador
por Power Max Qui 10 Abr 2014, 13:24
Desative temporariamente seu antivírus para evitar conflitos.Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Qui 17 Abr 2014, 10:06, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: vírus no navegador
por ALINEBGAMA Qui 10 Abr 2014, 14:59
minha mensagem foi diferente, veja:
Zoek.exe is running now.
Do not start any browser windows, they may get closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
Zoek.exe is running now.
Do not start any browser windows, they may get closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
ALINEBGAMA- Iniciante
- Mensagens : 20
Reputação : 1
Data de inscrição : 09/03/2014
Re: vírus no navegador
por ALINEBGAMA Qui 10 Abr 2014, 15:01
oi max,agora apareceu este:
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by WSCGAMA on 10/04/2014 at 14:57:08,77.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\WSCGAMA\Downloads\zoek.exe [Scan all users] [Script inserted]
===== Runcheck 14:57:49,48 =====
--- Create Environment Variables 14:57:51,02
--- Create System Restore Point 14:58:00,84
--- Checking Input 14:58:26,10
--- Reset Hosts File 14:58:30,28
--- AU AppData Check 14:58:31,27
--- Remove From Windows Installer 14:58:37,64
--- IE Startpage Check 15:00:42,60
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by WSCGAMA on 10/04/2014 at 14:57:08,77.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\WSCGAMA\Downloads\zoek.exe [Scan all users] [Script inserted]
===== Runcheck 14:57:49,48 =====
--- Create Environment Variables 14:57:51,02
--- Create System Restore Point 14:58:00,84
--- Checking Input 14:58:26,10
--- Reset Hosts File 14:58:30,28
--- AU AppData Check 14:58:31,27
--- Remove From Windows Installer 14:58:37,64
--- IE Startpage Check 15:00:42,60
ALINEBGAMA- Iniciante
- Mensagens : 20
Reputação : 1
Data de inscrição : 09/03/2014
Re: vírus no navegador
por Power Max Qui 10 Abr 2014, 15:07
Ele ainda está fazendo a limpeza. Quando ele terminar você posta o relatório completo dele que estará em C:\zoek-results.txt
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: vírus no navegador
por ALINEBGAMA Qui 10 Abr 2014, 15:26
ai q burra, eu, rsrsrs, agora ele terminou, veja:
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by WSCGAMA on 10/04/2014 at 14:57:08,77.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\WSCGAMA\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
10/04/2014 14:58:22 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\WSCGAMA\AppData\Roaming\Mozilla\Firefox\Profiles\xhybgbgw.default\prefs.js:
user_pref("browser.startup.homepage", "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
user_pref("browser.search.useDBForOrder", "false");
Added to C:\Users\WSCGAMA\AppData\Roaming\Mozilla\Firefox\Profiles\xhybgbgw.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\WSCGAMA\AppData\Roaming\Mozilla\Firefox\Profiles\xhybgbgw.default
user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- Lines a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632 removed from prefs.js ----
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.active", true);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.addressbar", "NA");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.addressbarenhanced", "");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.backgroundver", 1);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.certdomaininstaller", "");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.changeprevious", false);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.ASDKJFBSDJKBFJKSDBFJSDFBSKDJFSDF.expirati
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.ASDKJFBSDJKBFJKSDBFJSDFBSKDJFSDF.value",
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.ASHDJKASDBJASBDJASBNDNASJKDNASJKDAS.expir
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.ASHDJKASDBJASBDJASBNDNASJKDNASJKDAS.value
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.ASJDASHDBASDAMSKLDHFJHDSJKFNSDNFMSDFKSDFS
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.ASJDASHDBASDAMSKLDHFJHDSJKFNSDNFMSDFKSDFS
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.B234N2B342J3N4J2N3JK4N23M4KJ23N4JN23KJ4.e
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.B234N2B342J3N4J2N3JK4N23M4KJ23N4JN23KJ4.v
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.EHRWHERGWHEGRHJWEGRHWGEHRJWEGR.expiration
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.EHRWHERGWHEGRHJWEGRHWGEHRJWEGR.value", "%
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.IAUSDHASIUHDUASDUSHAUIDHASDUADMASDMASD.ex
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.IAUSDHASIUHDUASDUSHAUIDHASDUADMASDMASD.va
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.InstallationTime.value", "1394766797");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.JH3B2R2B3NM4B23NM4BN23B4M2N3423N4M234.exp
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.JH3B2R2B3NM4B23NM4BN23B4M2N3423N4M234.val
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.JK234JK23KJ4N23J4N3J234234234234234234.ex
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.JK234JK23KJ4N23J4N3J234234234234234234.va
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.KJ3NK4J32N4J23J4234K2H3J4H23J4H2K3J4234.e
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.KJ3NK4J32N4J23J4234K2H3J4H23J4H2K3J4234.v
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.more_data.expiration", "Fri Feb 01 2030 0
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.more_data.value", "%7B%22bar%22%3A%22%233
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.OASKDOSAKDOASKODKASODKOSAKDOAD.expiration
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.OASKDOSAKDOASKODKASODKOSAKDOAD.value", "%
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.OQWIUEOQIRUQWRUIUROIWEUROWRJWENRJWNEJKRBW
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.OQWIUEOQIRUQWRUIUROIWEUROWRJWENRJWNEJKRBW
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.UAHSUHSUAHSUAHUSHAUHSUAHUSHAUSHAUS.expira
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.UAHSUHSUAHSUAHUSHAUHSUAHUSHAUSHAUS.value"
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.description", "D� vida nova a sua timeline, es
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.domain", "");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.enablesearch", false);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.homepage", "");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.iframe", false);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.InstallationThankYouPage", false);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.InstallationTime", 1394766797);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_appVer.value", "146");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_lastVersion.value", "2");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_nextCheck.expiration", "Thu
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_remote_resources.expiration
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_remote_resources.value", "%
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.lastDailyReport", "1397152756779");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.lastUpdate", "1397152740031");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.manifesturl", "");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.name", "FbCores");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.newtab", "");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.opensearch", "");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.pluginsurl", "https://w9u6a2p6.ssl.hwcdn.net/plu
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.pluginsversion", 1);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.publisher", "FbCores");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.searchstatus", 0);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.setnewtab", false);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.thankyou", "https://www.facebook.com");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.updateinterval", 15);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.ver", 146);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.apps", "43632");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.bic", "141936506c42c26636288e4c92f614d0");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.cid", 43632);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.firstrun", false);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.hadappinstalled", true);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.installationdate", 1394766797);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.modetype", "production");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.reportInstall", true);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.statsDailyCounter", 748);
---- FireFox user.js and prefs.js backups ----
prefs_042014_1513_.backup
==== Deleting Files \ Folders ======================
C:\Users\WSCGAMA\daemonprocess.txt deleted
C:\Users\WSCGAMA\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~2\FileSplitUpLoad.dll deleted
C:\Users\WSCGAMA\AppData\Local\cache deleted
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk deleted
C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart deleted
C:\Users\WSCGAMA\AppData\LocalLow\Plus-HD-4.1 deleted
C:\Windows\system32\tasks\Baidu PC Faster Update deleted
C:\Windows\System32\InstallUtil.InstallLog deleted
C:\Users\WSCGAMA\AppData\Roaming\Mozilla\Firefox\Profiles\xhybgbgw.default\extensions\781cb1a7-b6ca-44b4-a7f2-f4f6aa3776bc@20711806-1033-42cf-82cd-ce5f924b5c5c.com deleted
"C:\Users\WSCGAMA\AppData\Local\{AC6B7030-9F0D-444F-979A-DDE8685BF577}" deleted
"C:\Users\WSCGAMA\AppData\Local\{D434D317-948A-4749-821D-9F5842875979}" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [21/10/2013 20:07]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [21/10/2013 20:07]
==== Firefox Extensions ======================
ProfilePath: C:\Users\WSCGAMA\AppData\Roaming\Mozilla\Firefox\Profiles\xhybgbgw.default
- Undetermined - %ProfilePath%\extensions\781cb1a7-b6ca-44b4-a7f2-f4f6aa3776bc@20711806-1033-42cf-82cd-ce5f924b5c5c.com
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\WSCGAMA\AppData\Roaming\Mozilla\Firefox\Profiles\xhybgbgw.default
E83B541C71965CFA1DEFF846CD6E9ECD - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll - Google Update
95812430959AE88CDD0301AB3A71913B - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash
01D93217A9EE48DD37072B671378CC9C - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
28986F0A2342A033345EF9E70D395E4F - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight
==== Chrome Look ======================
Google Docs - WSCGAMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - WSCGAMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - WSCGAMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - WSCGAMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - WSCGAMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - WSCGAMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Video Download - WSCGAMA\AppData\Local\Spark\User Data\Default\Extensions\djmgfiokceelcoeihknfhbnnbboaibkm
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://br.hao123.com/?tn=opencd_hp_hao123_br"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\WSCGAMA\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\WSCGAMA\AppData\Local\Spark\User Data\Default\Preferences was reset successfully
C:\Users\WSCGAMA\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\WSCGAMA\AppData\Local\Spark\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\WSCGAMA\Desktop\Computador - Atalho.lnk -
C:\Users\WSCGAMA\Desktop\Downloads.lnk - C:\Users\WSCGAMA\Downloads
C:\Users\WSCGAMA\Desktop\Format Factory.lnk - C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\WSCGAMA\Desktop\Free Audio Editor.lnk - C:\Program Files\Free Audio Editor\FreeAudioEditor.exe
C:\Users\WSCGAMA\Desktop\Free PDF to Word Doc Converter.lnk - C:\Program Files\Free PDF to Word Doc Converter\pdf2word.exe
C:\Users\WSCGAMA\Desktop\HP Deskjet 3510 series.lnk - C:\Program Files\HP\HP Deskjet 3510 series\Bin\HP Deskjet 3510 series.exe -Start UDCDevicePage
C:\Users\WSCGAMA\Desktop\HP Photosmart C4400 series - Atalho.lnk -
C:\Users\WSCGAMA\Desktop\HP Photosmart Essential 3.5.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
C:\Users\WSCGAMA\Desktop\HP Scan.lnk - C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPScan.exe
C:\Users\WSCGAMA\Desktop\HPPSDr.lnk - C:\Program Files\HP\Diagnostics\PSDR\HPPSDr.exe
C:\Users\WSCGAMA\Desktop\Microsoft OneDrive.lnk - C:\Users\WSCGAMA\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\WSCGAMA\Desktop\Microsoft Security Essentials.lnk - C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\WSCGAMA\Desktop\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\WSCGAMA\Desktop\On-Screen Keyboard.lnk - C:\Windows\system32\osk.exe
C:\Users\WSCGAMA\Desktop\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\WSCGAMA\Desktop\Programas e Recursos - Atalho.lnk -
C:\Users\WSCGAMA\Desktop\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe
C:\Users\WSCGAMA\Desktop\Word Reader 6.22.lnk - C:\Program Files\Abdio\Word Reader\WordReader.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adicionar um dispositivo - Photosmart C4600 series.lnk - C:\Program Files\HP\Digital Imaging\{1E1746EF-F5BF-4677-8F30-04FE399130DA}\hpzstub.exe -AddADevice
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Ashampoo Cover Studio 2.lnk - C:\Program Files\Ashampoo\Ashampoo Cover Studio 2\coverstudio2.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\Bitstream Font Navigator.lnk - C:\Program Files\Corel\CorelDRAW Graphics Suite X6\FontNav\FontNav.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\Central de Soluções HP.lnk -
C:\Users\Public\Desktop\Corel CAPTURE X6.lnk - c:\Windows\Installer\{74FA94F1-9566-4252-9372-E7EAFFEFE209}\NewShortcut8.exe
C:\Users\Public\Desktop\Corel CONNECT X6.lnk - C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Connect\Connect.exe
C:\Users\Public\Desktop\Corel PHOTO-PAINT X6.lnk - c:\Windows\Installer\{6F53FB68-6620-423E-B7CD-B8205655B421}\NewShortcut2.exe
C:\Users\Public\Desktop\CorelDRAW X6.lnk - c:\Windows\Installer\{C5262276-0075-498B-B80F-7D997482E4DB}\NewShortcut1.exe
C:\Users\Public\Desktop\CyberLink PowerDVD.lnk - C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk - C:\Program Files\HP\Diagnostics\PSDR\HPPSDr.exe
C:\Users\Public\Desktop\Loja de Suprimentos HP.lnk - C:\Program Files\HP\HPSSUPPLY\hpqSSupply.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Nero Home.lnk - C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8
C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\Public\Desktop\Recuva.lnk - C:\Program Files\Recuva\recuva.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Program Files\Microsoft OneDrive\OneDriveSetup.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Program Files\Microsoft OneDrive\OneDriveSetup.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Free Audio Editor.lnk - C:\Program Files\Free Audio Editor\FreeAudioEditor.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Users\WSCGAMA\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu Spark Browser\Uninstall.lnk - C:\Program Files\baidu\Spark\Uninstall.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD\CyberLink PowerDVD.lnk - C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD\Online registration.lnk - C:\Program Files\CyberLink\PowerDVD\OLRSubmission\OLRSubmission.exe /LANG:Enu
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD\PowerDVD Help file.lnk - C:\Program Files\CyberLink\PowerDVD\Language\Enu\PowerDVD.CHM
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD\Read Me.lnk - C:\Program Files\CyberLink\PowerDVD\Language\Enu\Readme.htm
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD\Uninstall PowerDVD.lnk - C:\Windows\system32\RunDll32.exe C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP\Encerrar participação no programa de pesquisa HP.lnk -
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 3510 series.lnk - C:\Windows\system32\RunDll32.exe "C:\Program Files\HP\HP Deskjet 3510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=BR36BFJ21X05Y8;CONNECTION=USB;MONITOR=1;
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Program Files\Microsoft OneDrive\OneDriveSetup.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files\Microsoft Security Client\msseces.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva\Recuva.lnk - C:\Program Files\Recuva\recuva.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva\Uninstall Recuva.lnk - C:\Program Files\Recuva\uninst.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Baidu Spark Browser.lnk - C:\Program Files\baidu\Spark\Spark.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Audio Editor.lnk - C:\Program Files\Free Audio Editor\FreeAudioEditor.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\aTube Catcher.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\On-Screen Keyboard.lnk - C:\Windows\system32\osk.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== shortcuts After Repair ======================
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Users\WSCGAMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\WSCGAMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\WSCGAMA\AppData\Local\Mozilla\Firefox\Profiles\xhybgbgw.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\WSCGAMA\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\WSCGAMA\AppData\Local\Spark\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=10 folders=5 248640 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\WSCGAMA\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\WSCGAMA\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 10/04/2014 at 15:23:55,83 ======================
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by WSCGAMA on 10/04/2014 at 14:57:08,77.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\WSCGAMA\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
10/04/2014 14:58:22 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\WSCGAMA\AppData\Roaming\Mozilla\Firefox\Profiles\xhybgbgw.default\prefs.js:
user_pref("browser.startup.homepage", "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
user_pref("browser.search.useDBForOrder", "false");
Added to C:\Users\WSCGAMA\AppData\Roaming\Mozilla\Firefox\Profiles\xhybgbgw.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\WSCGAMA\AppData\Roaming\Mozilla\Firefox\Profiles\xhybgbgw.default
user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- Lines a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632 removed from prefs.js ----
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.active", true);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.addressbar", "NA");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.addressbarenhanced", "");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.backgroundver", 1);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.certdomaininstaller", "");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.changeprevious", false);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.ASDKJFBSDJKBFJKSDBFJSDFBSKDJFSDF.expirati
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.ASDKJFBSDJKBFJKSDBFJSDFBSKDJFSDF.value",
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.ASHDJKASDBJASBDJASBNDNASJKDNASJKDAS.expir
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.ASHDJKASDBJASBDJASBNDNASJKDNASJKDAS.value
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.ASJDASHDBASDAMSKLDHFJHDSJKFNSDNFMSDFKSDFS
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.ASJDASHDBASDAMSKLDHFJHDSJKFNSDNFMSDFKSDFS
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.B234N2B342J3N4J2N3JK4N23M4KJ23N4JN23KJ4.e
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.B234N2B342J3N4J2N3JK4N23M4KJ23N4JN23KJ4.v
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.EHRWHERGWHEGRHJWEGRHWGEHRJWEGR.expiration
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.EHRWHERGWHEGRHJWEGRHWGEHRJWEGR.value", "%
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.IAUSDHASIUHDUASDUSHAUIDHASDUADMASDMASD.ex
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.IAUSDHASIUHDUASDUSHAUIDHASDUADMASDMASD.va
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.InstallationTime.value", "1394766797");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.JH3B2R2B3NM4B23NM4BN23B4M2N3423N4M234.exp
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.JH3B2R2B3NM4B23NM4BN23B4M2N3423N4M234.val
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.JK234JK23KJ4N23J4N3J234234234234234234.ex
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.JK234JK23KJ4N23J4N3J234234234234234234.va
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.KJ3NK4J32N4J23J4234K2H3J4H23J4H2K3J4234.e
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.KJ3NK4J32N4J23J4234K2H3J4H23J4H2K3J4234.v
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.more_data.expiration", "Fri Feb 01 2030 0
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.more_data.value", "%7B%22bar%22%3A%22%233
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.OASKDOSAKDOASKODKASODKOSAKDOAD.expiration
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.OASKDOSAKDOASKODKASODKOSAKDOAD.value", "%
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.OQWIUEOQIRUQWRUIUROIWEUROWRJWENRJWNEJKRBW
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.OQWIUEOQIRUQWRUIUROIWEUROWRJWENRJWNEJKRBW
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.UAHSUHSUAHSUAHUSHAUHSUAHUSHAUSHAUS.expira
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.cookie.UAHSUHSUAHSUAHUSHAUHSUAHUSHAUSHAUS.value"
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.description", "D� vida nova a sua timeline, es
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.domain", "");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.enablesearch", false);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.homepage", "");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.iframe", false);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.InstallationThankYouPage", false);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.InstallationTime", 1394766797);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_appVer.value", "146");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_lastVersion.value", "2");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_nextCheck.expiration", "Thu
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_remote_resources.expiration
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.internaldb.Resources_remote_resources.value", "%
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.lastDailyReport", "1397152756779");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.lastUpdate", "1397152740031");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.manifesturl", "");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.name", "FbCores");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.newtab", "");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.opensearch", "");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.pluginsurl", "https://w9u6a2p6.ssl.hwcdn.net/plu
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.pluginsversion", 1);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.publisher", "FbCores");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.searchstatus", 0);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.setnewtab", false);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.thankyou", "https://www.facebook.com");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.updateinterval", 15);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.43632.ver", 146);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.apps", "43632");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.bic", "141936506c42c26636288e4c92f614d0");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.cid", 43632);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.firstrun", false);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.hadappinstalled", true);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.installationdate", 1394766797);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.modetype", "production");
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.reportInstall", true);
user_pref("extensions.a781cb1a7b6ca44b4a7f2f4f6aa3776bc20711806103342cf82cdce5f924b5c5ccom43632.statsDailyCounter", 748);
---- FireFox user.js and prefs.js backups ----
prefs_042014_1513_.backup
==== Deleting Files \ Folders ======================
C:\Users\WSCGAMA\daemonprocess.txt deleted
C:\Users\WSCGAMA\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~2\FileSplitUpLoad.dll deleted
C:\Users\WSCGAMA\AppData\Local\cache deleted
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk deleted
C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart deleted
C:\Users\WSCGAMA\AppData\LocalLow\Plus-HD-4.1 deleted
C:\Windows\system32\tasks\Baidu PC Faster Update deleted
C:\Windows\System32\InstallUtil.InstallLog deleted
C:\Users\WSCGAMA\AppData\Roaming\Mozilla\Firefox\Profiles\xhybgbgw.default\extensions\781cb1a7-b6ca-44b4-a7f2-f4f6aa3776bc@20711806-1033-42cf-82cd-ce5f924b5c5c.com deleted
"C:\Users\WSCGAMA\AppData\Local\{AC6B7030-9F0D-444F-979A-DDE8685BF577}" deleted
"C:\Users\WSCGAMA\AppData\Local\{D434D317-948A-4749-821D-9F5842875979}" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [21/10/2013 20:07]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [21/10/2013 20:07]
==== Firefox Extensions ======================
ProfilePath: C:\Users\WSCGAMA\AppData\Roaming\Mozilla\Firefox\Profiles\xhybgbgw.default
- Undetermined - %ProfilePath%\extensions\781cb1a7-b6ca-44b4-a7f2-f4f6aa3776bc@20711806-1033-42cf-82cd-ce5f924b5c5c.com
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\WSCGAMA\AppData\Roaming\Mozilla\Firefox\Profiles\xhybgbgw.default
E83B541C71965CFA1DEFF846CD6E9ECD - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll - Google Update
95812430959AE88CDD0301AB3A71913B - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash
01D93217A9EE48DD37072B671378CC9C - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
28986F0A2342A033345EF9E70D395E4F - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight
==== Chrome Look ======================
Google Docs - WSCGAMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - WSCGAMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - WSCGAMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - WSCGAMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - WSCGAMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - WSCGAMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Video Download - WSCGAMA\AppData\Local\Spark\User Data\Default\Extensions\djmgfiokceelcoeihknfhbnnbboaibkm
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://br.hao123.com/?tn=opencd_hp_hao123_br"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\WSCGAMA\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\WSCGAMA\AppData\Local\Spark\User Data\Default\Preferences was reset successfully
C:\Users\WSCGAMA\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\WSCGAMA\AppData\Local\Spark\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\WSCGAMA\Desktop\Computador - Atalho.lnk -
C:\Users\WSCGAMA\Desktop\Downloads.lnk - C:\Users\WSCGAMA\Downloads
C:\Users\WSCGAMA\Desktop\Format Factory.lnk - C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\WSCGAMA\Desktop\Free Audio Editor.lnk - C:\Program Files\Free Audio Editor\FreeAudioEditor.exe
C:\Users\WSCGAMA\Desktop\Free PDF to Word Doc Converter.lnk - C:\Program Files\Free PDF to Word Doc Converter\pdf2word.exe
C:\Users\WSCGAMA\Desktop\HP Deskjet 3510 series.lnk - C:\Program Files\HP\HP Deskjet 3510 series\Bin\HP Deskjet 3510 series.exe -Start UDCDevicePage
C:\Users\WSCGAMA\Desktop\HP Photosmart C4400 series - Atalho.lnk -
C:\Users\WSCGAMA\Desktop\HP Photosmart Essential 3.5.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
C:\Users\WSCGAMA\Desktop\HP Scan.lnk - C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPScan.exe
C:\Users\WSCGAMA\Desktop\HPPSDr.lnk - C:\Program Files\HP\Diagnostics\PSDR\HPPSDr.exe
C:\Users\WSCGAMA\Desktop\Microsoft OneDrive.lnk - C:\Users\WSCGAMA\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\WSCGAMA\Desktop\Microsoft Security Essentials.lnk - C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\WSCGAMA\Desktop\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\WSCGAMA\Desktop\On-Screen Keyboard.lnk - C:\Windows\system32\osk.exe
C:\Users\WSCGAMA\Desktop\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\WSCGAMA\Desktop\Programas e Recursos - Atalho.lnk -
C:\Users\WSCGAMA\Desktop\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe
C:\Users\WSCGAMA\Desktop\Word Reader 6.22.lnk - C:\Program Files\Abdio\Word Reader\WordReader.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adicionar um dispositivo - Photosmart C4600 series.lnk - C:\Program Files\HP\Digital Imaging\{1E1746EF-F5BF-4677-8F30-04FE399130DA}\hpzstub.exe -AddADevice
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Ashampoo Cover Studio 2.lnk - C:\Program Files\Ashampoo\Ashampoo Cover Studio 2\coverstudio2.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\Bitstream Font Navigator.lnk - C:\Program Files\Corel\CorelDRAW Graphics Suite X6\FontNav\FontNav.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\Central de Soluções HP.lnk -
C:\Users\Public\Desktop\Corel CAPTURE X6.lnk - c:\Windows\Installer\{74FA94F1-9566-4252-9372-E7EAFFEFE209}\NewShortcut8.exe
C:\Users\Public\Desktop\Corel CONNECT X6.lnk - C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Connect\Connect.exe
C:\Users\Public\Desktop\Corel PHOTO-PAINT X6.lnk - c:\Windows\Installer\{6F53FB68-6620-423E-B7CD-B8205655B421}\NewShortcut2.exe
C:\Users\Public\Desktop\CorelDRAW X6.lnk - c:\Windows\Installer\{C5262276-0075-498B-B80F-7D997482E4DB}\NewShortcut1.exe
C:\Users\Public\Desktop\CyberLink PowerDVD.lnk - C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk - C:\Program Files\HP\Diagnostics\PSDR\HPPSDr.exe
C:\Users\Public\Desktop\Loja de Suprimentos HP.lnk - C:\Program Files\HP\HPSSUPPLY\hpqSSupply.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Nero Home.lnk - C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8
C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\Public\Desktop\Recuva.lnk - C:\Program Files\Recuva\recuva.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Program Files\Microsoft OneDrive\OneDriveSetup.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Program Files\Microsoft OneDrive\OneDriveSetup.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Free Audio Editor.lnk - C:\Program Files\Free Audio Editor\FreeAudioEditor.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Users\WSCGAMA\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu Spark Browser\Uninstall.lnk - C:\Program Files\baidu\Spark\Uninstall.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD\CyberLink PowerDVD.lnk - C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD\Online registration.lnk - C:\Program Files\CyberLink\PowerDVD\OLRSubmission\OLRSubmission.exe /LANG:Enu
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD\PowerDVD Help file.lnk - C:\Program Files\CyberLink\PowerDVD\Language\Enu\PowerDVD.CHM
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD\Read Me.lnk - C:\Program Files\CyberLink\PowerDVD\Language\Enu\Readme.htm
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD\Uninstall PowerDVD.lnk - C:\Windows\system32\RunDll32.exe C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP\Encerrar participação no programa de pesquisa HP.lnk -
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 3510 series.lnk - C:\Windows\system32\RunDll32.exe "C:\Program Files\HP\HP Deskjet 3510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=BR36BFJ21X05Y8;CONNECTION=USB;MONITOR=1;
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Program Files\Microsoft OneDrive\OneDriveSetup.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files\Microsoft Security Client\msseces.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva\Recuva.lnk - C:\Program Files\Recuva\recuva.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva\Uninstall Recuva.lnk - C:\Program Files\Recuva\uninst.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Baidu Spark Browser.lnk - C:\Program Files\baidu\Spark\Spark.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Audio Editor.lnk - C:\Program Files\Free Audio Editor\FreeAudioEditor.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\aTube Catcher.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\On-Screen Keyboard.lnk - C:\Windows\system32\osk.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== shortcuts After Repair ======================
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\WSCGAMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Users\WSCGAMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\WSCGAMA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\WSCGAMA\AppData\Local\Mozilla\Firefox\Profiles\xhybgbgw.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\WSCGAMA\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\WSCGAMA\AppData\Local\Spark\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=10 folders=5 248640 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\WSCGAMA\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\WSCGAMA\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 10/04/2014 at 15:23:55,83 ======================
ALINEBGAMA- Iniciante
- Mensagens : 20
Reputação : 1
Data de inscrição : 09/03/2014
Re: vírus no navegador
por Power Max Qui 10 Abr 2014, 15:29
Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: vírus no navegador
por ALINEBGAMA Qui 10 Abr 2014, 16:53
po legal removeu a deoga do hao do meu navegador, mas alguns vírus tipo aqueles q ficam no face e youtube q mandam vc clicar p o pc ficar rápido e outros continuam, veja o log:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by WSCGAMA on 10/04/2014 at 16:25:20,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/04/2014 at 16:34:35,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by WSCGAMA on 10/04/2014 at 16:25:20,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/04/2014 at 16:34:35,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ALINEBGAMA- Iniciante
- Mensagens : 20
Reputação : 1
Data de inscrição : 09/03/2014
Re: vírus no navegador
por Power Max Qui 10 Abr 2014, 18:11
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: vírus no navegador
por Danii Sáb 26 Abr 2014, 10:33
TÓPICO ARQUIVADO
Como a autora não respondeu por mais de 15 dias, o tópico foi arquivado. Caso a autora do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Como a autora não respondeu por mais de 15 dias, o tópico foi arquivado. Caso a autora do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Danii- Membro Pleno
- Mensagens : 571
Reputação : 80
Data de inscrição : 04/04/2014
Localização : Brasil
Tópicos semelhantes» Virus de Navegador
» Vírus, muitos vírus - SOCORRO!!
» como remover vírus do navegador?
» Remova vírus e malwares com o Kaspersky Virus Removal Tool
» Navegador infectado
» Vírus, muitos vírus - SOCORRO!!
» como remover vírus do navegador?
» Remova vírus e malwares com o Kaspersky Virus Removal Tool
» Navegador infectado
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|