Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14412 usuários registrados
O último usuário registrado atende pelo nome de LucasDrBr

Os nossos membros postaram um total de 35074 mensagens em 3551 assuntos
Últimos assuntos
» Computador travando direto
por joram Ontem à(s) 16:50

Quem está conectado
3 usuários online :: Nenhum usuário registrado, Nenhum Invisível e 3 Visitantes

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Julho 2017
SegTerQuaQuiSexSabDom
     12
3456789
10111213141516
17181920212223
24252627282930
31      

Calendário Calendário

Palavras chave


Propagandas pelo navegador e abrindo novas páginas!

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Sky.M em Sex 20 Jun 2014, 20:19

Boa noite. Vim relatar um problema que meu computador está apresentando, ontem ele começou a mostrar propagandas espalhadas no meu navegador ( em todos os sites ) e ele me redireciona para outras páginas ( a maioria das vezes mandando eu atualizar o flash player ). Fiz várias varreduras com meu antivírus ( Avira ), encontrei alguns vírus e deletei-os, porém o problema persiste. Tentei baixar AdwCleaner, porém não consigo executa-lo para instalar, pois ele me manda uma mensagem escrito : Autolt Error " Unable to open the script file." "Ok" . O que eu faço ? Preciso do meu computador para trabalho e está complicado acessar a internet com estas propagandas o tempo todo.
avatar
Sky.M
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 20/06/2014

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Sky.M em Sex 20 Jun 2014, 20:56

Consegui instalar o AdwCleaner. Segue o Relatório :



# AdwCleaner v3.212 - Relatório criado 20/06/2014 às 20:48:42
# Atualizado 05/06/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : USER - MICRO22
# Executando de : C:\Documents and Settings\USER\Meus documentos\Downloads\AdwCleaner.exe
# Opção : Examinar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Arquivo Encontrado : C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Encontrado : C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Arquivo Encontrado : C:\END
Arquivo Encontrado : C:\WINDOWS\Tasks\AmiUpdXp.job
Arquivo Encontrado : C:\WINDOWS\Tasks\Plus-HD-1.6-codedownloader.job
Arquivo Encontrado : C:\WINDOWS\Tasks\Plus-HD-1.6-enabler.job
Arquivo Encontrado : C:\WINDOWS\Tasks\Plus-HD-1.6-updater.job
Pasta Encontrado : C:\Arquivos de programas\BetterSurf
Pasta Encontrado : C:\Arquivos de programas\Better-Surf
Pasta Encontrado : C:\Arquivos de programas\BonanzaDeals
Pasta Encontrado : C:\Arquivos de programas\BonanzaDealsLive
Pasta Encontrado : C:\Arquivos de programas\DealPly
Pasta Encontrado : C:\Arquivos de programas\DealPlyLive
Pasta Encontrado : C:\Arquivos de programas\IminentToolbar
Pasta Encontrado : C:\Arquivos de programas\MediaPlayerV1
Pasta Encontrado : C:\Arquivos de programas\MediaViewerV1
Pasta Encontrado : C:\Arquivos de programas\MediaViewV1
Pasta Encontrado : C:\Arquivos de programas\MediaWatchV1
Pasta Encontrado : C:\Arquivos de programas\Plus-HD-1.6
Pasta Encontrado : C:\Arquivos de programas\Plus-HD-1.6
Pasta Encontrado : C:\Arquivos de programas\RichMediaViewV1
Pasta Encontrado : C:\Arquivos de programas\VideoPlayerV3
Pasta Encontrado : C:\Arquivos de programas\WebexpEnhancedV1
Pasta Encontrado : C:\Documents and Settings\All Users\Dados de aplicativos\baidu
Pasta Encontrado : C:\Documents and Settings\All Users\Dados de aplicativos\BonanzaDealsLive
Pasta Encontrado : C:\Documents and Settings\All Users\Dados de aplicativos\DealPlyLive
Pasta Encontrado : C:\Documents and Settings\All Users\Dados de aplicativos\ParetoLogic
Pasta Encontrado : C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer
Pasta Encontrado : C:\Documents and Settings\All Users\Dados de aplicativos\wincert
Pasta Encontrado : C:\Documents and Settings\USER\AppData\LocalLow\DataMngr
Pasta Encontrado : C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\BonanzaDealsLive
Pasta Encontrado : C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\DealPlyLive
Pasta Encontrado : C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\eSupport.com
Pasta Encontrado : C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\lollipop
Pasta Encontrado : C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\Plus-HD-1.6
Pasta Encontrado : C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\Plus-HD-1.6
Pasta Encontrado : C:\Documents and Settings\USER\Dados de aplicativos\baidu
Pasta Encontrado : C:\Documents and Settings\USER\Dados de aplicativos\DealPly
Pasta Encontrado : C:\Documents and Settings\USER\Dados de aplicativos\DriverCure
Pasta Encontrado : C:\Documents and Settings\USER\Dados de aplicativos\OpenCandy
Pasta Encontrado : C:\Documents and Settings\USER\Dados de aplicativos\ParetoLogic
Pasta Encontrado : C:\Documents and Settings\USER\Dados de aplicativos\SwvUpdater
Pasta Encontrado : C:\Documents and Settings\USER\Dados de aplicativos\Tencent
Pasta Encontrado : C:\Documents and Settings\USER\Meus documentos\Optimizer Pro

***** [ Atalhos ] *****

Atalho Encontrado : C:\Documents and Settings\USER\Menu Iniciar\Programas\Internet Explorer.lnk ( [Você precisa estar registrado e conectado para ver este link.] )
Atalho Encontrado : C:\Documents and Settings\USER\Menu Iniciar\Programas\Acessórios\Ferramentas do Sistema\Internet Explorer (Sem Complementos).lnk ( [Você precisa estar registrado e conectado para ver este link.] )

***** [ Registro ] *****

Chave Encontrada : HKCU\Software\APN DTX
Chave Encontrada : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Encontrada : HKCU\Software\AppDataLow\Software\Crossrider
Chave Encontrada : HKCU\Software\AppDataLow\Software\Plus-HD-1.6
Chave Encontrada : HKCU\Software\AppDataLow\Software\Plus-HD-1.6
Chave Encontrada : HKCU\Software\BI
Chave Encontrada : HKCU\Software\BonanzaDealsLive
Chave Encontrada : HKCU\Software\DealPlyLive
Chave Encontrada : HKCU\Software\InstallCore
Chave Encontrada : HKCU\Software\installedbrowserextensions
Chave Encontrada : HKCU\Software\lollipop
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311201102}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311201102}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Encontrada : HKCU\Software\ParetoLogic
Chave Encontrada : HKCU\Software\Plus-HD-1.6
Chave Encontrada : HKCU\Software\Plus-HD-1.6
Chave Encontrada : HKCU\Software\smartbarbackup
Chave Encontrada : HKCU\Software\smartbarlog
Chave Encontrada : HKCU\Software\Softonic
Chave Encontrada : HKCU\Software\somotomoviestoolbar1
Chave Encontrada : HKCU\Software\TENCENT
Chave Encontrada : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Encontrada : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311201102}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311201102}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322202202}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Chave Encontrada : HKLM\SOFTWARE\Classes\CrossriderApp0032002.BHO
Chave Encontrada : HKLM\SOFTWARE\Classes\CrossriderApp0032002.BHO.1
Chave Encontrada : HKLM\SOFTWARE\Classes\CrossriderApp0032002.Sandbox
Chave Encontrada : HKLM\SOFTWARE\Classes\CrossriderApp0032002.Sandbox.1
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355205502}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344204402}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{BEAA0C04-ED15-4C17-800B-28716025A4E4}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Encontrada : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Chave Encontrada : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Chave Encontrada : HKLM\Software\DataMngr
Chave Encontrada : HKLM\Software\eSafeSecControl
Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Chave Encontrada : HKLM\Software\Iminent
Chave Encontrada : HKLM\Software\MediaBuzzV1
Chave Encontrada : HKLM\Software\MediaPlayerV1
Chave Encontrada : HKLM\Software\MediaViewerV1
Chave Encontrada : HKLM\Software\MediaViewV1
Chave Encontrada : HKLM\Software\MediaWatchV1
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{128f2b74-e2e0-43b2-9a03-57b1f8bea548}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{128f2b74-e2e0-43b2-9a03-57b1f8bea548}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2ae9cda4-61cc-48d4-b4a2-66c1c4fce838}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2ae9cda4-61cc-48d4-b4a2-66c1c4fce838}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3444C3C5-6C56-4A16-A453-832B05BF6EA4}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39d2fddc-e3f4-4a30-812d-c856830a9db7}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39d2fddc-e3f4-4a30-812d-c856830a9db7}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eada652b-6ee5-449f-92f5-56ee526377f8}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Iminent
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plus-HD-1.6
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plus-HD-1.6
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WsysControl
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311201102}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311201102}
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-1.6
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-1.6
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Encontrada : HKLM\Software\ParetoLogic
Chave Encontrada : HKLM\Software\Plus-HD-1.6
Chave Encontrada : HKLM\Software\Plus-HD-1.6
Chave Encontrada : HKLM\Software\qvo6Software
Chave Encontrada : HKLM\Software\SafetyNut
Chave Encontrada : HKLM\Software\Tarma Installer
Chave Encontrada : HKLM\Software\TENCENT
Chave Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Valor Encontrada : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [12x3q@3244516.com]
Valor Encontrada : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Valor Encontrada : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Valor Encontrada : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]
Valor Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\All Users\Dados de aplicativos\eSafe\eGdpSvc.exe]
Valor Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\DProtect\DProtectSvc.exe]
Valor Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\USER\Dados de aplicativos\Tencent\Assault Fire\84729F66FA0D151DCDF49CA09913291D\TenioDL\TenioDL.exe]

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.6001.18702

Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] - [Você precisa estar registrado e conectado para ver este link.]

-\\ Google Chrome v35.0.1916.153

[ Arquivo : C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]

Encontrada [Extension] : poheodfamflhhhdcmjfeggbgigeefaco

*************************

AdwCleaner[R0].txt - [22183 octets] - [20/06/2014 20:48:42]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [22244 octets] ##########
avatar
Sky.M
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 20/06/2014

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Power Max em Sex 20 Jun 2014, 21:51

Olá. Para executar corretamente o AdwCleaner siga as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Sky.M em Sex 20 Jun 2014, 22:10

Isso ? :

# AdwCleaner v3.212 - Relatório criado 20/06/2014 às 20:58:07
# Atualizado 05/06/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : USER - MICRO22
# Executando de : C:\Documents and Settings\USER\Meus documentos\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\baidu
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\BonanzaDealsLive
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\DealPlyLive
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\ParetoLogic
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\wincert
Pasta Deletada : C:\Arquivos de programas\BetterSurf
Pasta Deletada : C:\Arquivos de programas\Better-Surf
Pasta Deletada : C:\Arquivos de programas\BonanzaDeals
Pasta Deletada : C:\Arquivos de programas\BonanzaDealsLive
Pasta Deletada : C:\Arquivos de programas\DealPly
Pasta Deletada : C:\Arquivos de programas\DealPlyLive
Pasta Deletada : C:\Arquivos de programas\IminentToolbar
Pasta Deletada : C:\Arquivos de programas\MediaPlayerV1
Pasta Deletada : C:\Arquivos de programas\MediaViewerV1
Pasta Deletada : C:\Arquivos de programas\MediaViewV1
Pasta Deletada : C:\Arquivos de programas\MediaWatchV1
Pasta Deletada : C:\Arquivos de programas\Plus-HD-1.6
Pasta Deletada : C:\Arquivos de programas\RichMediaViewV1
Pasta Deletada : C:\Arquivos de programas\VideoPlayerV3
Pasta Deletada : C:\Arquivos de programas\WebexpEnhancedV1
Pasta Deletada : C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\BonanzaDealsLive
Pasta Deletada : C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\DealPlyLive
Pasta Deletada : C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\eSupport.com
Pasta Deletada : C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\lollipop
Pasta Deletada : C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\Plus-HD-1.6
Pasta Deletada : C:\Documents and Settings\USER\AppData\LocalLow\DataMngr
Pasta Deletada : C:\Documents and Settings\USER\Dados de aplicativos\baidu
Pasta Deletada : C:\Documents and Settings\USER\Dados de aplicativos\DealPly
Pasta Deletada : C:\Documents and Settings\USER\Dados de aplicativos\DriverCure
Pasta Deletada : C:\Documents and Settings\USER\Dados de aplicativos\OpenCandy
Pasta Deletada : C:\Documents and Settings\USER\Dados de aplicativos\ParetoLogic
Pasta Deletada : C:\Documents and Settings\USER\Dados de aplicativos\SwvUpdater
Pasta Deletada : C:\Documents and Settings\USER\Dados de aplicativos\Tencent
Pasta Deletada : C:\Documents and Settings\USER\Meus documentos\Optimizer Pro
Arquivo Deletada : C:\END
Arquivo Deletada : C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Arquivo Deletada : C:\WINDOWS\Tasks\AmiUpdXp.job
Arquivo Deletada : C:\WINDOWS\Tasks\Plus-HD-1.6-codedownloader.job
Arquivo Deletada : C:\WINDOWS\Tasks\Plus-HD-1.6-enabler.job
Arquivo Deletada : C:\WINDOWS\Tasks\Plus-HD-1.6-updater.job

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Documents and Settings\USER\Menu Iniciar\Programas\Internet Explorer.lnk
Atalho Desinfectada : C:\Documents and Settings\USER\Menu Iniciar\Programas\Acessórios\Ferramentas do Sistema\Internet Explorer (Sem Complementos).lnk

***** [ Registro ] *****

Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [12x3q@3244516.com]
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Chave Deletedo : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Chave Deletedo : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Valor Deletedo : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Valor Deletedo : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0032002.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0032002.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0032002.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0032002.Sandbox.1
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311201102}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322202202}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355205502}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{BEAA0C04-ED15-4C17-800B-28716025A4E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344204402}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311201102}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311201102}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3444C3C5-6C56-4A16-A453-832B05BF6EA4}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{128f2b74-e2e0-43b2-9a03-57b1f8bea548}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2ae9cda4-61cc-48d4-b4a2-66c1c4fce838}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39d2fddc-e3f4-4a30-812d-c856830a9db7}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eada652b-6ee5-449f-92f5-56ee526377f8}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Valor Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\DProtect\DProtectSvc.exe]
Valor Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\All Users\Dados de aplicativos\eSafe\eGdpSvc.exe]
Valor Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\USER\Dados de aplicativos\Tencent\Assault Fire\84729F66FA0D151DCDF49CA09913291D\TenioDL\TenioDL.exe]
Chave Deletedo : HKCU\Software\APN DTX
Chave Deletedo : HKCU\Software\BI
Chave Deletedo : HKCU\Software\BonanzaDealsLive
Chave Deletedo : HKCU\Software\DealPlyLive
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\installedbrowserextensions
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\ParetoLogic
Chave Deletedo : HKCU\Software\Plus-HD-1.6
Chave Deletedo : HKCU\Software\smartbarbackup
Chave Deletedo : HKCU\Software\smartbarlog
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\somotomoviestoolbar1
Chave Deletedo : HKCU\Software\TENCENT
Chave Deletedo : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\Plus-HD-1.6
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\eSafeSecControl
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\MediaBuzzV1
Chave Deletedo : HKLM\Software\MediaPlayerV1
Chave Deletedo : HKLM\Software\MediaViewerV1
Chave Deletedo : HKLM\Software\MediaViewV1
Chave Deletedo : HKLM\Software\MediaWatchV1
Chave Deletedo : HKLM\Software\ParetoLogic
Chave Deletedo : HKLM\Software\Plus-HD-1.6
Chave Deletedo : HKLM\Software\qvo6Software
Chave Deletedo : HKLM\Software\SafetyNut
Chave Deletedo : HKLM\Software\Tarma Installer
Chave Deletedo : HKLM\Software\TENCENT
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-1.6
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Iminent
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plus-HD-1.6
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WsysControl
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.6001.18702

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]

-\\ Google Chrome v35.0.1916.153

[ Arquivo : C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]

Deletedo [Extension] : poheodfamflhhhdcmjfeggbgigeefaco

*************************

AdwCleaner[R0].txt - [22325 octets] - [20/06/2014 20:48:42]
AdwCleaner[S0].txt - [19328 octets] - [20/06/2014 20:58:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19389 octets] ##########
avatar
Sky.M
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 20/06/2014

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Power Max em Sex 20 Jun 2014, 22:14

Desative temporariamente seu antivírus para evitar conflitos.

 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Você precisa estar registrado e conectado para ver este link.]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Sab 21 Jun 2014, 23:41, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Sky.M em Sex 20 Jun 2014, 22:22

Não está começando o download do Zoek.exe, apenas o Zoek.zip . Retiro o que disse, consegui.
avatar
Sky.M
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 20/06/2014

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Power Max em Sab 21 Jun 2014, 00:13

Sky.M escreveu:Retiro o que disse, consegui.
Ok, fico no aguardo do relatório do Zoek.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Sky.M em Sab 21 Jun 2014, 08:55

Bom dia, houve um erro meu, fechei a janela do bloco de notas que apareceu após reiniciar, mas acredito que seja " C:\zoek-results.log ". Foi o que consegui achar. Espero que seja isto, desculpe, segue o log :


Zoek.exe v5.0.0.0 Updated 20-06-2014
Tool run by USER on s b 21/06/2014 at 8:26:02,70.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\USER\Meus documentos\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-21-013252.log 1245 bytes

==== System Restore Info ======================

21/6/2014 08:26:52 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Arquivos de programas\GUM6F.tmp deleted
C:\Arquivos de programas\MediaBuzzV1 deleted
C:\extensions.sqlite deleted
C:\extensions.ini deleted
C:\found.000 deleted
C:\found.001 deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\InstallMate deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\Package Cache deleted
C:\WINDOWS\tasks\At1.job deleted
C:\WINDOWS\System32\InstallUtil.InstallLog deleted

==== Folders Found ======================

2014-06-20 23:58:07 2014-06-20 23:58:07 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Dados de aplicativos\baidu
2013-09-08 16:37:48 2013-09-08 16:37:48 -------- d-----w- C:\Arquivos de programas\Baidu Security
2013-09-08 16:37:45 2013-09-08 16:38:04 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security
2013-09-08 16:37:52 2013-09-08 16:38:25 -------- d-----w- C:\Documents and Settings\All Users\Documentos\Baidu Security
2013-09-08 16:38:21 2013-09-08 16:38:21 -------- d-----w- C:\Documents and Settings\USER\Dados de aplicativos\Baidu Security
2013-09-08 17:22:08 2013-09-08 17:22:08 -------- d-----w- C:\Documents and Settings\USER\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall
2013-09-08 17:22:08 2013-09-08 17:22:08 -------- d-----w- C:\Documents and Settings\USER\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\Baidu_Secure_SystemUp_3.7.1.41942]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\Baidu_Secure_SystemUp_3.7.1.41942\DEBUG]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"InstPath"="C:\\Arquivos de programas\\Baidu Security\\PC Faster\\3.7.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Arquivos de programas\\Baidu Security\\PC Faster\\3.7.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx]
"InstPath"="C:\\Arquivos de programas\\Baidu Security\\PC Faster\\3.7.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Arquivos de programas\\Baidu Security\\PC Faster\\3.7.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"InstPath"="C:\\Arquivos de programas\\Baidu Security\\PC Faster\\3.7.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Arquivos de programas\\Baidu Security\\PC Faster\\3.7.0.0\\PCFApiUtil.sys"

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu\Hao123-br]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu\Hao123-br\hao123desk]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu\Hao123-br\hao123desk]
"ToyPath"="C:\\Documents and Settings\\USER\\Dados de aplicativos\\baidu\\hao123-br\\hao123.1.0.0.1111.exe"

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu\Hao123-international]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu\Hao123-international\hao123desk]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu\Hao123-international\hao123desk]
"NewBaiduTn"="tn=brosoft_sc_hao123_br"

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\CleanRecord]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Install]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
"Skype_BaiDuSafe_RegType"=dword:00000002

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
"uTorrent_BaiDuSafe_RegType"=dword:00000002

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"KernelFaultCheck_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"PWRISOVM.EXE_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Statistic]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\UUReport]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\DataReport]
"c:\\documents and settings\\all users\\dados de aplicativos\\baidu security\\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\Setup]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"ext@RichMediaViewV1release75.net"="C:\Arquivos de programas\RichMediaViewV1\RichMediaViewV1release75\ff" []

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
chhogjpleaflaldcdocebjcbonidopfc - C:\Arquivos de programas\MediaWatchV1\MediaWatchV1home944\ch\MediaWatchV1home944.crx[]
dggfpgeijiooaakmbpolnapkldceddff - C:\Arquivos de programas\MediaViewV1\MediaViewV1alpha3597\ch\MediaViewV1alpha3597.crx[]
ecgpmhhfcmbegjnjnlhkkcokonnplind - C:\Arquivos de programas\MediaViewV1\MediaViewV1alpha2555\ch\MediaViewV1alpha2555.crx[]
kppkejlfhdcnlcplkmjbfnhbeedhdonm - C:\Arquivos de programas\MediaBuzzV1\MediaBuzzV1mode3085\ch\MediaBuzzV1mode3085.crx[]
lgmaolpbadgjkbjodnnkdfiomcfmajae - C:\Arquivos de programas\WebexpEnhancedV1\WebexpEnhancedV1alpha809\ch\WebexpEnhancedV1alpha809.crx[]
nopfdpabjhmpjhkpijgglahjkgnggedo - C:\Arquivos de programas\VideoPlayerV3\VideoPlayerV3beta593\ch\VideoPlayerV3beta593.crx[]
ocfdfdkkcfloaciencloogpepkgcbnpn - C:\Arquivos de programas\RichMediaViewV1\RichMediaViewV1release75\ch\RichMediaViewV1release75.crx[]
panancajandaedhgfmnhgihcldhbpfck - C:\Arquivos de programas\MediaViewerV1\MediaViewerV1alpha251\ch\MediaViewerV1alpha251.crx[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
"Search Page"="http://search.localstrike.net/tata.php"
"Search Bar"="http://www.google.com/ie"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://search.localstrike.net/tata.php"
"Default_Search_URL"="http://search.localstrike.net/tata.php"
"Search Page"="http://search.localstrike.net/tata.php"
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.localstrike.net/tata.php"
"Default_Page_URL"="http://search.localstrike.net/tata.php"
"Default_Search_URL"="http://search.localstrike.net/tata.php"
"Search Page"="http://search.localstrike.net/tata.php"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://search.localstrike.net"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://search.localstrike.net"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
"CustomizeSearch"="http://www.google.com"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{33D59858-89D9-4AC2-A956-93875EB02323} LocalStrike Search Url="http://search.localstrike.net/tata.php?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{92001F8A-C36B-473A-91E7-5BE0C81CF2B3} Unknown Url="Not_Found"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052d3166-4ebc-41cb-9b1f-0908c1542dd0} deleted successfully
HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{052d3166-4ebc-41cb-9b1f-0908c1542dd0} deleted successfully
HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{052d3166-4ebc-41cb-9b1f-0908c1542dd0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{052d3166-4ebc-41cb-9b1f-0908c1542dd0} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{052d3166-4ebc-41cb-9b1f-0908c1542dd0} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\ext@WebexpEnhancedV1alpha809.net deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\ext@VideoPlayerV3beta593.net deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\ext@MediaPlayerV1alpha764.net deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\ext@MediaViewerV1alpha251.net deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\ext@MediaViewV1alpha2555.net deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\ext@MediaViewV1alpha3597.net deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\ext@MediaWatchV1home944.net deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\ext@MediaBuzzV1mode3085.net deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\ext@RichMediaViewV1release75.net deleted successfully

==== shortcuts on Users Desktops ======================

C:\Documents and Settings\USER\Desktop\APB Reloaded.lnk - C:\Arquivos de programas\Hoplon\APB Reloaded\Launcher\APBLauncher.exe
C:\Documents and Settings\USER\Desktop\Assault Fire BR.lnk - C:\Arquivos de programas\Level Up Games\Assault Fire BR\TCLS\client.exe
C:\Documents and Settings\USER\Desktop\Brothers In Arms Earned In Blood.lnk - C:\Arquivos de programas\Ubisoft\Gearbox Software\Earned\System\EiB.exe
C:\Documents and Settings\USER\Desktop\Brothers In Arms Road To Hill 30.lnk - C:\Arquivos de programas\Ubisoft\Gearbox Software\BrothersInArms\System\bia.exe
C:\Documents and Settings\USER\Desktop\CrossFire AL.lnk - C:\Arquivos de programas\Z8Games\CrossFire AL\cfPT_launcher.exe
C:\Documents and Settings\USER\Desktop\EVEREST Ultimate Edition.lnk - C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Documents and Settings\USER\Desktop\GTA San Andreas.lnk - C:\Arquivos de programas\Rockstar Games\GTA San Andreas\gta_sa.exe
C:\Documents and Settings\USER\Desktop\Hitman 2 - Silent Assassin.lnk - C:\Arquivos de programas\hitman 2 full\hitman2.exe
C:\Documents and Settings\USER\Desktop\PhotoScape.lnk - C:\Arquivos de programas\PhotoScape\PhotoScape.exe
C:\Documents and Settings\USER\Desktop\Revo Uninstaller.lnk - C:\Arquivos de programas\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Documents and Settings\USER\Desktop\Pasta A\avast Free Antivirus.lnk -
C:\Documents and Settings\USER\Desktop\Pasta A\Counter-Strike 1.6 SiteCS.lnk - C:\Arquivos de programas\Valve\hl.exe -nomaster -game cstrike
C:\Documents and Settings\USER\Desktop\Pasta A\FLV Player.lnk - C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\WebPlayer\FLV Player\WebPlayer.exe
C:\Documents and Settings\USER\Desktop\Pasta A\Half-Life.lnk - C:\Arquivos de programas\Counter-Strike 1.6\hl.exe
C:\Documents and Settings\USER\Desktop\Pasta A\Servidor Dedicado.lnk - C:\Arquivos de programas\Valve\hlds.exe -game cstrike -insecure
C:\Documents and Settings\USER\Desktop\Pasta A\Skype.lnk - C:\WINDOWS\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Documents and Settings\USER\Desktop\Pasta A\sXe Injected.lnk - C:\Arquivos de programas\sXe Injected\sXe Injected.exe

==== shortcuts on All Users Desktop ======================

C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Documents and Settings\All Users\Desktop\aTube Catcher.lnk - C:\Arquivos de programas\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Documents and Settings\All Users\Desktop\Avira.lnk - C:\Arquivos de programas\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\Documents and Settings\All Users\Desktop\Battlefield 1942 Secret Weapons of WWII.lnk - C:\Arquivos de programas\EA GAMES\Battlefield 1942\BF1942.exe +game XPack2
C:\Documents and Settings\All Users\Desktop\Battlefield 1942 The Road To Rome.lnk - C:\Arquivos de programas\EA GAMES\Battlefield 1942\BF1942.exe +game XPack1
C:\Documents and Settings\All Users\Desktop\Battlefield 1942.lnk - C:\Arquivos de programas\EA GAMES\Battlefield 1942\BF1942.exe
C:\Documents and Settings\All Users\Desktop\Call of Duty(R) 2 Singleplayer.lnk - C:\Arquivos de programas\Activision\Call of Duty 2\CoD2SP_s.exe
C:\Documents and Settings\All Users\Desktop\CCleaner.lnk - C:\Arquivos de programas\CCleaner\CCleaner.exe
C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Desktop\Medal of Honor Pacific Assault(tm).lnk - C:\Arquivos de programas\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa_setup.exe
C:\Documents and Settings\All Users\Desktop\Opera.lnk - C:\Arquivos de programas\Opera\launcher.exe
C:\Documents and Settings\All Users\Desktop\Play Call of Juarez - Bound in Blood.lnk - C:\Arquivos de programas\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe
C:\Documents and Settings\All Users\Desktop\Steam.lnk - C:\Arquivos de programas\Steam\Steam.exe
C:\Documents and Settings\All Users\Desktop\TeamSpeak 3 Client.lnk - C:\Arquivos de programas\TeamSpeak 3 Client\ts3client_win32.exe

==== shortcuts in Users Start Menu ======================

C:\Documents and Settings\USER\Menu Iniciar\Programas\Internet Explorer.lnk - C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\USER\Menu Iniciar\Programas\Acessórios\Ferramentas do Sistema\Internet Explorer (Sem Complementos).lnk -
C:\Documents and Settings\USER\Menu Iniciar\Programas\Hoplon\APB Reloaded\APB Reloaded.lnk - C:\Arquivos de programas\Hoplon\APB Reloaded\Launcher\APBLauncher.exe
C:\Documents and Settings\USER\Menu Iniciar\Programas\Hoplon\APB Reloaded\Desinstalar.lnk - C:\Arquivos de programas\Hoplon\APB Reloaded\Desinstalar.exe
C:\Documents and Settings\USER\Menu Iniciar\Programas\Hoplon\APB Reloaded\Screenshot.lnk - C:\Arquivos de programas\Hoplon\APB Reloaded\Media\Screenshots
C:\Documents and Settings\USER\Menu Iniciar\Programas\Hoplon\APB Reloaded\Video.lnk - C:\Arquivos de programas\Hoplon\APB Reloaded\Media\Videos

==== shortcuts in All Users Start Menu ======================

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Avira\Avira Desktop\Avira Free Antivirus.lnk - C:\Arquivos de programas\Avira\AntiVir Desktop\avwin.chm
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Avira\Avira Desktop\Avira na Internet.lnk - C:\Arquivos de programas\Avira\AntiVir Desktop\weblink.url
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Avira\Avira Desktop\Iniciar Avira Free Antivirus.lnk - C:\Arquivos de programas\Avira\AntiVir Desktop\avcenter.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Avira\My Avira\Avira.lnk - C:\Arquivos de programas\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Java\About Java.lnk - C:\Arquivos de programas\Java\jre7\bin\javacpl.exe -tab about
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Java\Check For Updates.lnk - C:\Arquivos de programas\Java\jre7\bin\javacpl.exe -tab update
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Java\Configure Java.lnk - C:\Arquivos de programas\Java\jre7\bin\javacpl.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Java\Get Help.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Java\Visit Java.com.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\TeamSpeak 3 Client\TeamSpeak 3 Client.lnk - C:\Arquivos de programas\TeamSpeak 3 Client\ts3client_win32.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\TeamSpeak 3 Client\Uninstall.lnk - C:\Arquivos de programas\TeamSpeak 3 Client\Uninstall.exe

==== shortcuts in Quick Launch ======================

C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o navegador Internet Explorer.lnk - C:\Arquivos de programas\Internet Explorer\iexplore.exe [Você precisa estar registrado e conectado para ver este link.]
C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Opera.lnk - C:\Arquivos de programas\Opera\launcher.exe
C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Arquivos de programas\PhotoScape\PhotoScape.exe
C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Arquivos de programas\Windows Media Player\wmplayer.exe /prefetch:1

==== shortcuts After Repair ======================

C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o navegador Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\chhogjpleaflaldcdocebjcbonidopfc deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dggfpgeijiooaakmbpolnapkldceddff deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ecgpmhhfcmbegjnjnlhkkcokonnplind deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kppkejlfhdcnlcplkmjbfnhbeedhdonm deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lgmaolpbadgjkbjodnnkdfiomcfmajae deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nopfdpabjhmpjhkpijgglahjkgnggedo deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ocfdfdkkcfloaciencloogpepkgcbnpn deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\panancajandaedhgfmnhgihcldhbpfck deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\USER\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=38 folders=25 12389680 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Reset Hosts File ======================

Hosts File Reset Successfully

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\USER\CONFIG~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== EOF on s b 21/06/2014 at 8:40:01,17 ======================
avatar
Sky.M
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 20/06/2014

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Power Max em Sab 21 Jun 2014, 19:07

Desative temporariamente seu antivírus para evitar conflitos.

* Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Sab 21 Jun 2014, 23:42, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Sky.M em Sab 21 Jun 2014, 19:51

Ocorreu um erro de script durante o processo, eu optei por não continuar executando scripts na página ( não sei se foi o correto) e o resultado foi este :



Zoek.exe v5.0.0.0 Updated 20-06-2014
Tool run by Administrador on s b 21/06/2014 at 19:33:22,79.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\USER\Meus documentos\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

\zoek-results2014-06-21-013252.log 1245 bytes
\zoek-results2014-06-21-114001.log 28619 bytes
\zoek-results2014-06-21-222834.log 8848 bytes

==== System Restore Info ======================

21/6/2014 19:34:00 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\Baidu_Secure_SystemUp_3.7.1.41942]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\Baidu_Secure_SystemUp_3.7.1.41942\DEBUG]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu\Hao123-br]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu\Hao123-br\hao123desk]
[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu\Hao123-br\hao123desk]
"ToyPath"=-
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu\Hao123-international]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu\Hao123-international\hao123desk]
[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu\Hao123-international\hao123desk]
"NewBaiduTn"=-
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\CleanRecord]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Install]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
"Skype_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
"uTorrent_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"KernelFaultCheck_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"PWRISOVM.EXE_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\DataReport]
"c:\\documents and settings\\all users\\dados de aplicativos\\baidu security\\rpdata"=-
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\Setup]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== Deleting Files \ Folders ======================

C:\Arquivos de programas\Baidu Security not found
C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security not found
C:\Documents and Settings\All Users\Documentos\Baidu Security not found
C:\Documents and Settings\USER\Dados de aplicativos\Baidu Security not found
C:\Documents and Settings\USER\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall not found
C:\Documents and Settings\USER\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK not found

==== Folders Found ======================

2014-06-20 23:58:07 2014-06-20 23:58:07 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Dados de aplicativos\baidu
2014-06-21 22:27:31 2014-06-21 22:27:31 -------- d---a-w- C:\zoek_backup\C_Arquivos de programas_Baidu Security
2014-06-21 22:27:31 2014-06-21 22:27:36 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_Baidu Security
2014-06-21 22:27:36 2014-06-21 22:27:37 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_All Users_Documentos_Baidu Security
2014-06-21 22:27:37 2014-06-21 22:27:37 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_USER_Dados de aplicativos_Baidu Security
2014-06-21 22:27:37 2014-06-21 22:27:37 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_USER_Dados de aplicativos_Baidu Security_PC Faster_3.7.0.0_Uninstall_Baidu PC Faster Uninstall
2014-06-21 22:27:37 2014-06-21 22:27:37 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_USER_Dados de aplicativos_Baidu Security_PC Faster_3.7.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-06-21 22:27:37 2014-06-21 22:27:37 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_USER_Dados de aplicativos_Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall
2014-06-21 22:27:37 2014-06-21 22:27:37 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_USER_Dados de aplicativos_Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================


==== Registry Search Results for "Baidu" ======================


[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu\Hao123-br]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu\Hao123-br\hao123desk]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu\Hao123-international]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu\Hao123-international\hao123desk]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\DataReport]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=72 folders=63 146982437 bytes)

==== EOF on s b 21/06/2014 at 19:36:03,35 ======================
avatar
Sky.M
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 20/06/2014

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Power Max em Sab 21 Jun 2014, 20:02

Desative temporariamente seu antivírus para evitar conflitos.

* Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Sab 21 Jun 2014, 23:42, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Sky.M em Sab 21 Jun 2014, 20:09


Zoek.exe v5.0.0.0 Updated 20-06-2014
Tool run by Administrador on s b 21/06/2014 at 20:08:01,01.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\USER\Meus documentos\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

\zoek-results2014-06-21-013252.log 1245 bytes
\zoek-results2014-06-21-114001.log 28619 bytes
\zoek-results2014-06-21-222834.log 8848 bytes
\zoek-results2014-06-21-223603.log 11504 bytes

==== System Restore Info ======================

21/6/2014 20:08:23 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu\Hao123-br]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu\Hao123-br\hao123desk]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu\Hao123-international]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu\Hao123-international\hao123desk]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-796845957-1647877149-682003330-1003\Software\Baidu Security\PC Faster\DataReport]

==== Registry Search Results for "Baidu" ======================

No instances of string "Baidu" found.

==== C:\zoek_backup content ======================

C:\zoek_backup (files=72 folders=63 146982437 bytes)

==== EOF on s b 21/06/2014 at 20:08:50,09 ======================
avatar
Sky.M
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 20/06/2014

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Power Max em Sab 21 Jun 2014, 20:11

Baixe o programa Junkware Removal Tool no link abaixo:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Sky.M em Sab 21 Jun 2014, 20:50

Bom, eu pude observar que minha área de trabalho mudou um pouco e sumiram alguns atalhos, quando terminou eu reiniciei e voltou tudo como estava antes e não encontrei o arquivo do programa... Então eu tive que refazer, espero que não tenha problema D: aqui está :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrador on s b 21/06/2014 at 20:35:16,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted [File] C:\Documents and Settings\All Users\Microsoft\DRM\awh8.tmp [TDL4 Trace]



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on s b 21/06/2014 at 20:38:29,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
avatar
Sky.M
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 20/06/2014

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Power Max em Sab 21 Jun 2014, 20:52

Faça o download do < ZHPDiag > < [Você precisa estar registrado e conectado para ver esta imagem.]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Você precisa estar registrado e conectado para ver esta imagem.]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Sky.M em Sab 21 Jun 2014, 21:06

Não entendi, baixei e instalei o ZHPDiag e abri o mesmo, e agora está aparecendo como ZHPFix e só tem as opções "importação" e "configurar" ao invés de "pesquisar" "configurar" e "completa" . Isso está certo, se sim, o que eu faço ?


Perdão amigo, falta de atenção minha devido ao meu nervosismo, o ZHPDiag veio junto com o ZHPFix, irei lhe mandar o relatório em outra respota.
avatar
Sky.M
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 20/06/2014

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Power Max em Sab 21 Jun 2014, 21:10

Este que você citou que tem a opção Importação é o ZHPFix.

O que precisamos usar neste momento é o ZHPDiag que deve estar na sua área de trabalho o seu ícone.

Se não estiver, vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpdiag e escolha a opção de Executar como administrador e aí é só executá-lo como mostra o tutorial que lhe passei.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Sky.M em Sab 21 Jun 2014, 21:14

Obrigado por sua atenção e desculpe pela ausência da minha haha. Segue o relatório :


~ Relatório do ZHPDiag v2014.6.21.95 - Nicolas Coolman (21/6/2014)
~ Iniciado por Administrador (21/6/2014 21:10:32)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found


---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
GCIE: Google Chrome v35.0.1916.153 (Defaut)
OPIE: Opera vStable 22.0.1471.70

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Softwares de proteçao do sistema
Avira Free Antivirus v14.0.4.642
AVG 2014 v14.0.3604

---\\ Softwares d'optimização do sistema
CCleaner v4.03

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI
Java 7 Update 60

---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 67 Stepping 3, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 91 GB (39%) free of 233 GB

---\\ Modo de conexão ao sistema
~ Computer Name: MICRO22
~ User Name: Administrador
~ All Users Names: USER, SUPPORT_388945a0, HelpAssistant, Convidado, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Administrador\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\Administrador\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\Administrador\Desktop\
~ %Favorites% : C:\Documents and Settings\Administrador\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\Administrador\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 91 Go of 233 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 45 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.E2FFA50357056ADE4FCDB5FD09F9D2FF] - (.Microsoft Corporation - Internet Extensions for Win32.) (.6/3/2014 - 14:58:35.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/8/2011 - 10:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/7/2011 - 10:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 15:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/5
~ Mon Bureau (My Desktop) : 0/3
~ Menu demarrer (Programs) : 1/21
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.0BF3BE441B226D018767C28F92830D34] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe [430160] [PID.236]
[MD5.0BF3BE441B226D018767C28F92830D34] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe [430160] [PID.1736]
[MD5.E87885A59FDC241B6575943A75E495D9] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696] [PID.520]
[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.544]
[MD5.05A96B8A01D3EB3ED5E403ECC7339981] - (...) -- C:\WINDOWS\system32\nethtsrv.exe [180224] [PID.616]
[MD5.D2FE0376285A783693469422678E878B] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Arquivos de programas\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632] [PID.760]
[MD5.DADF7468C85F3295B5B69D0F1E40BDF3] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 335.2.) -- C:\WINDOWS\system32\nvsvc32.exe [156960] [PID.1628]
[MD5.3A2E85F7D90D15460C337CE80C2E3B29] - (...) -- C:\WINDOWS\system32\PnkBstrA.exe [76888] [PID.312]
[MD5.5D8DDA1B3F561181E1D26C06D266BDFC] - (...) -- C:\WINDOWS\system32\netupdsrv.exe [162304] [PID.988]
[MD5.43B18BAA433FD79DFC7D4B25AF6EB2F9] - (.Avira Operations GmbH & Co. KG - Avira.OE.ServiceHost.) -- C:\Arquivos de programas\Avira\My Avira\Avira.OE.ServiceHost.exe [123984] [PID.2276]
[MD5.E349ED8E6F380C23BBFDB3E813FF8E6C] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe [425552] [PID.3332]
[MD5.E0ADE8DDBD57F3953E569F8554744B37] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [16062464] [PID.976]
[MD5.E715412E47D20EB0EBF77B65F9157343] - (...) -- ystem32\RunDLL32.exe [0] [PID.708]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe [638816] [PID.412]
[MD5.53C418610A3C3E0C27EC146D3F6094AE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8070144] [PID.3660]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (...) -- C:\Arquivos de programas\Pando Networks\Media Booster\npPandoWebPlugin.dll (.not file.)
~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 0



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SkyTel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\WINDOWS\SkyTel.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMCTray.dll
O4 - HKLM\..\Run: [nwiz] . (...) -- C:\Arquivos de programas\NVIDIA Corporation\nview\nwiz.exe
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Arquivos de programas\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [Avira Systray] . (.Avira Operations GmbH & Co. KG - Avira.OE.Systray.) -- C:\Arquivos de programas\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-796845957-1647877149-682003330-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-796845957-1647877149-682003330-1003\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Arquivos de programas\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - [Você precisa estar registrado e conectado para ver este link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - [Você precisa estar registrado e conectado para ver este link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - [Você precisa estar registrado e conectado para ver este link.]
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{75DC0F7E-4EEF-40B7-8010-2C8112F77697}: DhcpNameServer = 201.17.0.84 201.17.0.52 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{75DC0F7E-4EEF-40B7-8010-2C8112F77697}: DhcpNameServer = 201.17.0.84 201.17.0.52 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{75DC0F7E-4EEF-40B7-8010-2C8112F77697}: DhcpNameServer = 201.17.0.84 201.17.0.52 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.0.84 201.17.0.52 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Network HTTP Support Service (NetHttpService) . (...) - C:\WINDOWS\system32\nethtsrv.exe
O23 - Service: Network Support Service Updater (ServiceUpdater) . (...) - C:\WINDOWS\system32\netupdsrv.exe
~ Services: 11 Legitimates Filtered in 00mn 03s



---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\web\wallpaper\Alegria.bmp
O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\web\wallpaper\Alegria.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.1C0C05E56A8C306E53F90602E9D79351] [APT] [Opera scheduled Autoupdate 1383268032] (.Opera Software.) -- C:\Arquivos de programas\Opera\launcher.exe [468088]
O39 - APT: Opera scheduled Autoupdate 1383268032 - (.Opera Software.) -- C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1383268032.job [406]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (360FileOem) . (.360.cn - 360FileOem.) - C:\WINDOWS\system32\drivers\360FileOem.sys
O41 - Driver: (360RegOem) . (.360安全中心 - 360RegOem.) - C:\WINDOWS\system32\drivers\360RegOem.sys
O41 - Driver: (nethfdrv) . (.No owner - nethfdrv.sys.) - C:\WINDOWS\system32\drivers\nethfdrv.sys
~ Drivers: 81 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Assault Fire BR - (.Level Up Games.) [HKLM] -- Assault Fire BR
O42 - Logiciel: Cross Fire AL - (.Z8Games.com.) [HKLM] -- Cross Fire AL_is1
O42 - Logiciel: Fistful of Frags - (.Fistful of Frags Team.) [HKLM] -- Steam App 265630
O42 - Logiciel: Media Buzz - (.Media Buzz.) [HKLM] -- MediaBuzzV1mode3085 =>PUP.MediaBuzz
O42 - Logiciel: Network System Driver - (...) [HKLM] -- inethnfd
~ Logic: 30 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKLM\Software\360Safe]
[HKLM\Software\Better-Surf] =>PUP.BetterSurf
[HKLM\Software\Client]
[HKLM\Software\GameVicio]
[HKLM\Software\MediaPlayerV1alpha764]
[HKLM\Software\MediaViewV1alpha2555] =>PUP.MediaViewer
[HKLM\Software\MediaViewV1alpha3597] =>PUP.MediaViewer
[HKLM\Software\MediaViewerV1alpha251]
[HKLM\Software\MediaWatchV1home944] =>PUP.MediaWatch
[HKLM\Software\RichMediaViewV1] =>PUP.MediaViewer
[HKLM\Software\RichMediaViewV1release75] =>PUP.MediaViewer
[HKLM\Software\sXe_Injected]
~ Key Software: 397 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 8/2/2014 - 08:31:09 - [] ----D C:\Arquivos de programas\GameVicio
O43 - CFD: 13/6/2014 - 13:23:58 - [] ----D C:\Arquivos de programas\Hoplon
O43 - CFD: 6/4/2014 - 19:44:49 - [] ----D C:\Arquivos de programas\Level Up Games
O43 - CFD: 7/1/2014 - 11:13:45 - [0] ----D C:\Arquivos de programas\Pando Networks
O43 - CFD: 18/7/2013 - 09:42:09 - [] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 19/6/2014 - 13:28:28 - [] ----D C:\Arquivos de programas\Arquivos comuns\Config
O43 - CFD: 18/7/2013 - 09:41:45 - [] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 31/7/2013 - 19:23:40 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\levelup downloader
O43 - CFD: 8/9/2013 - 13:47:00 - [] -SH-D C:\Documents and Settings\All Users\Dados de aplicativos\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 12/3/2014 - 15:49:53 - [] -SH-D C:\Documents and Settings\All Users\Dados de aplicativos\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 21/6/2014 - 20:15:28 - [] R---D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Acessórios
O43 - CFD: 18/7/2013 - 06:31:06 - [] R---D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar
~ Program Folder: 111 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.2687F78FDD3FDCC0F4EF84AF48DE6C01] - 10/6/2014 - 13:22:01 ---A- . (.TENCENT - Loader NT Driver.) -- C:\WINDOWS\system32\TesSafe.sys [964600] =>Adware.TencentAddressBar
O44 - LFC:[MD5.4A62B839C5395CC06025741874AD1B44] - 13/6/2014 - 12:17:18 ---A- . (...) -- C:\console.log [718]
O44 - LFC:[MD5.3A2E85F7D90D15460C337CE80C2E3B29] - 13/6/2014 - 13:38:44 ---A- . (...) -- C:\WINDOWS\system32\PnkBstrA.exe [76888]
O44 - LFC:[MD5.BD2C561FB201CC11173AB05B7FCA6AF1] - 14/6/2014 - 17:14:27 ---A- . (...) -- C:\WINDOWS\system32\PnkBstrB.ex0 [281848]
O44 - LFC:[MD5.BD2C561FB201CC11173AB05B7FCA6AF1] - 14/6/2014 - 17:28:49 ---A- . (...) -- C:\WINDOWS\system32\PnkBstrB.exe [281848]
O44 - LFC:[MD5.BD2C561FB201CC11173AB05B7FCA6AF1] - 14/6/2014 - 17:28:49 ---A- . (...) -- C:\WINDOWS\system32\PnkBstrB.xtr [281848]
O44 - LFC:[MD5.6DA04CD534C47140075C9052A22A52E0] - 14/6/2014 - 17:28:58 ---A- . (...) -- C:\WINDOWS\system32\Drivers\PnkBstrK.sys [140176]
O44 - LFC:[MD5.6CE76AB4F5BEA74AABD3356CE904EBF8] - 15/6/2014 - 10:35:30 ---A- . (...) -- C:\WINDOWS\system32\hfpapi.dll [246784]
O44 - LFC:[MD5.8179B41DE3E183456C3FBADB80138CC3] - 15/6/2014 - 10:35:40 ---A- . (...) -- C:\WINDOWS\system32\hfnapi.dll [108544]
O44 - LFC:[MD5.05A96B8A01D3EB3ED5E403ECC7339981] - 15/6/2014 - 10:35:50 ---A- . (...) -- C:\WINDOWS\system32\nethtsrv.exe [180224]
O44 - LFC:[MD5.B57478AAF45A875E37831525E1257FF8] - 15/6/2014 - 10:36:00 ---A- . (...) -- C:\WINDOWS\system32\installd.exe [108544]
O44 - LFC:[MD5.5D8DDA1B3F561181E1D26C06D266BDFC] - 15/6/2014 - 10:36:10 ---A- . (...) -- C:\WINDOWS\system32\netupdsrv.exe [162304]
O44 - LFC:[MD5.8C690DC00115F973B2395CAB68AAB3C7] - 15/6/2014 - 10:36:18 ---A- . (.No owner - nethfdrv.sys.) -- C:\WINDOWS\system32\Drivers\nethfdrv.sys [49152]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 19/6/2014 - 13:33:33 ---A- . (...) -- C:\awh2C.tmp [687]
O44 - LFC:[MD5.984F6F453F487AA46D8C0FB4059D3FD4] - 19/6/2014 - 13:51:48 ---A- . (...) -- C:\WINDOWS\system32\jupdate-1.7.0_60-b19.log [4094]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 20/6/2014 - 15:19:49 ---A- . (...) -- C:\awh35.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 20/6/2014 - 16:25:52 ---A- . (...) -- C:\awh10.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 20/6/2014 - 19:40:20 ---A- . (...) -- C:\awh11.tmp [687]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 20/6/2014 - 20:49:19 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\WINDOWS\system32\sqlite3.dll [536576]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 20/6/2014 - 21:06:13 ---A- . (...) -- C:\awh24.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 20/6/2014 - 22:09:48 ---A- . (...) -- C:\awh1D.tmp [687]
O44 - LFC:[MD5.BEA1ACA89F54A94CC3D9A873EE5DEABD] - 20/6/2014 - 22:32:52 ---A- . (...) -- C:\zoek-results2014-06-21-013252.log [1245]
O44 - LFC:[MD5.60E47F2B7EAC3D4196188E11C5145CA0] - 21/6/2014 - 08:40:01 ---A- . (...) -- C:\zoek-results2014-06-21-114001.log [28619]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 21/6/2014 - 08:45:12 ---A- . (...) -- C:\awh18.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 21/6/2014 - 11:13:54 ---A- . (...) -- C:\awh15.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 21/6/2014 - 18:01:59 ---A- . (...) -- C:\awh12.tmp [687]
O44 - LFC:[MD5.CDAFCF9E28EAC955AE2AFFCE41B83F96] - 21/6/2014 - 19:28:34 ---A- . (...) -- C:\zoek-results2014-06-21-222834.log [8848]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 21/6/2014 - 19:34:35 ---A- . (...) -- C:\awh19.tmp [687]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 21/6/2014 - 19:35:03 ---A- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
O44 - LFC:[MD5.09972A12C6BC0F878FA680E8291A5137] - 21/6/2014 - 19:35:05 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.E6F80C02D065E93BAE96CD8A302E5215] - 21/6/2014 - 19:36:03 ---A- . (...) -- C:\zoek-results2014-06-21-223603.log [11504]
O44 - LFC:[MD5.ACD165409ADECDE21DD9738294897EBD] - 21/6/2014 - 20:08:50 ---A- . (...) -- C:\zoek-results.log [2377]
O44 - LFC:[MD5.0F3462FBB244D4B7C2B8B347031F396D] - 21/6/2014 - 20:15:25 ---A- . (...) -- C:\WINDOWS\wmsetup.log [639]
O44 - LFC:[MD5.6858F37775262A5CA55F2E26358BAF0E] - 21/6/2014 - 20:15:26 ---A- . (...) -- C:\WINDOWS\OEWABLog.txt [345]
O44 - LFC:[MD5.836D0AE184531633FCE0B9F6E0E6B832] - 21/6/2014 - 20:22:18 ---A- . (...) -- C:\WINDOWS\wiadebug.log [216]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 21/6/2014 - 20:28:57 ---A- . (...) -- C:\awh14.tmp [687]
O44 - LFC:[MD5.55AEB675EC2686E39E9646F40A40591F] - 21/6/2014 - 21:08:15 ---A- . (...) -- C:\WINDOWS\system32\nvAppTimestamps [6670]
~ Files: 56 Legitimates Filtered in 00mn 02s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [Enabled] .(...) -- C:\Arquivos de programas\Google\Google Talk\googletalk.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\USER\Configurações locais\Apps\2.0\9R46X2V1.APJ\1L4J692C.1ZK\leve..tion_b598c967a14cb714_0000.0009_a9927750ae4a245a\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe" [Enabled] .(.No owner.) -- C:\Documents and Settings\USER\Configurações locais\Apps\2.0\9R46X2V1.APJ\1L4J692C.1ZK\leve..tion_b598c967a14cb714_0000.0009_a9927750ae4a245a\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Level Up Games\Assault Fire BR\Binaries\Win32\TGame.exe" [Enabled] .(.Tencent Games, Inc..) -- C:\Arquivos de programas\Level Up Games\Assault Fire BR\Binaries\Win32\TGame.exe =>Adware.TencentAddressBar
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\UniverseGamers\Gunz\UGGunz.exe" [Enabled] .(.Universe Gamers.) -- C:\Arquivos de programas\UniverseGamers\Gunz\UGGunz.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Counter-Strike 1.6\hl.exe" [Enabled] .(...) -- C:\Arquivos de programas\Counter-Strike 1.6\hl.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Level Up! Games\Warface\Launcher\Launcher.exe" [Enabled] .(...) -- C:\Level Up! Games\Warface\Launcher\Launcher.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Hoplon\APB Reloaded\Binaries\APB.exe" [Enabled] .(.K2 Network, Inc..) -- C:\Arquivos de programas\Hoplon\APB Reloaded\Binaries\APB.exe
~ Keys Export: 26 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:30/8/2013 - 21:18:58 R--A- . (.360.cn - 360FileOem.) -- C:\WINDOWS\system32\Drivers\360FileOem.sys [152880]
O58 - SDL:30/8/2013 - 21:18:58 R--A- . (.360安全中心 - 360HookOem.) -- C:\WINDOWS\system32\Drivers\360HookOem.sys [61488]
O58 - SDL:30/8/2013 - 21:18:58 R--A- . (.360安全中心 - 360RegOem.) -- C:\WINDOWS\system32\Drivers\360RegOem.sys [29744]
O58 - SDL:19/7/2013 - 07:38:11 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:19/7/2013 - 07:38:11 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswSP.sys.sum [175]
O58 - SDL:19/7/2013 - 07:38:11 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software
O58 - SDL:3/9/2013 - 08:59:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\WINDOWS\system32\Drivers\Bhbase.sys [47456]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:15/6/2014 - 10:36:18 ---A- . (.No owner - nethfdrv.sys.) -- C:\WINDOWS\system32\Drivers\nethfdrv.sys [49152]
O58 - SDL:14/6/2014 - 17:28:58 ---A- . (...) -- C:\WINDOWS\system32\Drivers\PnkBstrK.sys [140176]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:1/1/1601 - 03:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sptd.sys [643072]
O58 - SDL:1/1/1601 - 03:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sptd8637.sys [96384]
O58 - SDL:16/5/2014 - 09:07:14 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\Drivers\ssmdrv.sys [28520]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
O58 - SDL:10/6/2014 - 13:22:01 ---A- . (.TENCENT - Loader NT Driver.) -- C:\WINDOWS\system32\TesSafe.sys [964600] =>Adware.TencentAddressBar
~ Drivers: 62 Legitimates Filtered in 00mn 02s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 30/8/2013 - C:\WINDOWS\system32\drivers\360FileOem.sys (360FileOem) .(.360.cn - 360FileOem.) - LEGACY_360FILEOEM
O64 - Services: CurCS - 30/8/2013 - C:\WINDOWS\system32\drivers\360HookOem.sys (360HookOem) .(.360安全中心 - 360HookOem.) - LEGACY_360HOOKOEM
O64 - Services: CurCS - 30/8/2013 - C:\WINDOWS\system32\drivers\360RegOem.sys (360RegOem) .(.360安全中心 - 360RegOem.) - LEGACY_360REGOEM
O64 - Services: CurCS - 15/6/2014 - C:\WINDOWS\system32\drivers\nethfdrv.sys (nethfdrv) .(.No owner - nethfdrv.sys.) - LEGACY_NETHFDRV
O64 - Services: CurCS - 15/6/2014 - C:\WINDOWS\system32\nethtsrv.exe (NetHttpService) .(...) - LEGACY_NETHTTPSERVICE
O64 - Services: CurCS - 13/6/2014 - C:\WINDOWS\system32\PnkBstrA.exe (PnkBstrA) .(...) - LEGACY_PNKBSTRA
O64 - Services: CurCS - 15/6/2014 - C:\WINDOWS\system32\netupdsrv.exe (ServiceUpdater) .(...) - LEGACY_SERVICEUPDATER
O64 - Services: CurCS - 16/5/2014 - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (ssmdrv) .(.Avira GmbH - AVIRA SnapShot Driver.) - LEGACY_SSMDRV
~ Legacy: 167 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Arquivos de programas\Opera\Launcher.exe
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Arquivos de programas\Opera\launcher.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Arquivos de programas\Opera\Launcher.exe
~ Keys: Scanned in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{1c196414-8698-4895-90d7-d8daa1306f6f}] (Webexp Enhanced) =>PUP.WebexpEnhanced
[HKCR\CLSID\{38ad786b-6a54-4d10-b088-c25681474d9b}] (Media View) =>PUP.MediaViewer
[HKCR\CLSID\{4316bfe9-c77f-4fac-9bc9-f3fa0c5c47d0}] (Media Viewer) =>PUP.MediaViewer
[HKCR\CLSID\{ca428b8e-7240-4695-ba3a-ac5e184ec0ab}] (Media Watch) =>PUP.MediaWatch
[HKCR\CLSID\{e573a1a4-9462-4ae9-924c-2b8770a59edd}] (Media View) =>PUP.MediaViewer
~ BCK: 4662 Legitimates Filtered in 00mn 07s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 14/6/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 16/5/2014 1039440 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.exe
SS - | Demand 14/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 17/4/2014 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 17/4/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe
SR - | Auto 16/5/2014 430160 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
SR - | Auto 16/5/2014 430160 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 14/5/2014 123984 | (Avira.OE.ServiceHost) . (.Avira Operations GmbH & Co. KG.) - C:\Arquivos de programas\Avira\My Avira\Avira.OE.ServiceHost.exe
SR - | Auto 20/6/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SR - | Auto 15/6/2014 180224 | (NetHttpService) . (...) - C:\WINDOWS\system32\nethtsrv.exe
SR - | Auto 5/2/2014 1593632 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Arquivos de programas\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 9/3/2014 156960 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SR - | Auto 13/6/2014 76888 | (PnkBstrA) . (...) - C:\WINDOWS\system32\PnkBstrA.exe
SR - | Auto 15/6/2014 162304 | (ServiceUpdater) . (...) - C:\WINDOWS\system32\netupdsrv.exe
~ Services: Scanned in 00mn 07s



---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:1/1/1601 - 03:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sptd.sys [643072]
O58 - SDL:1/1/1601 - 03:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sptd8637.sys [96384]
~ Emulateurs: Scanned in 00mn 07s



---\\ Scâner Aditional (088)
Database Version : 13026 - (21/6/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 11

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaBuzzV1mode3085] =>PUP.MediaBuzz^
[HKLM\Software\360Safe] =>Trojan.Lozavita
[HKLM\Software\Better-Surf] =>PUP.BetterSurf^
[HKLM\Software\MediaViewV1alpha2555] =>PUP.MediaViewer^
[HKLM\Software\MediaViewV1alpha3597] =>PUP.MediaViewer^
[HKLM\Software\MediaWatchV1home944] =>PUP.MediaWatch^
[HKLM\Software\RichMediaViewV1] =>PUP.MediaViewer^
[HKLM\Software\RichMediaViewV1release75] =>PUP.MediaViewer^
[HKCR\CLSID\{1c196414-8698-4895-90d7-d8daa1306f6f}] (Webexp Enhanced) =>PUP.WebexpEnhanced^
[HKCR\CLSID\{38ad786b-6a54-4d10-b088-c25681474d9b}] (Media View) =>PUP.MediaViewer^
[HKCR\CLSID\{4316bfe9-c77f-4fac-9bc9-f3fa0c5c47d0}] (Media Viewer) =>PUP.MediaViewer^
[HKCR\CLSID\{ca428b8e-7240-4695-ba3a-ac5e184ec0ab}] (Media Watch) =>PUP.MediaWatch^
[HKCR\CLSID\{e573a1a4-9462-4ae9-924c-2b8770a59edd}] (Media View) =>PUP.MediaViewer^
~ Additionnel Scan: 284236 Items scanned in 01mn 03s



---\\ Informações complémentaires do módulos
~ [Você precisa estar registrado e conectado para ver este link.] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 2 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>PUP.MediaBuzz
[Você precisa estar registrado e conectado para ver este link.] =>PUP.BetterSurf
[Você precisa estar registrado e conectado para ver este link.] =>Adware.TencentAddressBar
[Você precisa estar registrado e conectado para ver este link.] =>PUP.WebexpEnhanced
[Você precisa estar registrado e conectado para ver este link.] =>Trojan.Lozavita
~ MSI: 5 link(s) detected in 00mn 00s



~ 848 Legitimates filtered by white list
End of the scan (530 lines in 01mn 32s)(0)
avatar
Sky.M
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 20/06/2014

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Power Max em Sab 21 Jun 2014, 22:01

 Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

Escolhendo Programas que Iniciam com o PC

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
________________________________________________________________________________________

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]
______________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o log do Zoek que estará em C:\zoek-results.txt


Última edição por Power Max em Sab 21 Jun 2014, 23:40, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Sky.M em Sab 21 Jun 2014, 22:31

Relatório do ZHPFix :

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Administrador at 21/6/2014 22:27:21
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)

Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador

========== Estado dos serviços ==========
360HOOKOEM Parado
360REGOEM Parado

========== Chaves do Registo ==========
ELIMINÉ Driver Key: 360RegOem
ELIMINÉ: HKLM\Software\360Safe
ELIMINÉ: HKLM\Software\Better-Surf
ELIMINÉ: HKLM\Software\MediaPlayerV1alpha764
ELIMINÉ: HKLM\Software\MediaViewV1alpha2555
ELIMINÉ: HKLM\Software\MediaViewV1alpha3597
ELIMINÉ: HKLM\Software\MediaViewerV1alpha251
ELIMINÉ: HKLM\Software\MediaWatchV1home944
ELIMINÉ: HKLM\Software\RichMediaViewV1
ELIMINÉ: HKLM\Software\RichMediaViewV1release75
ELIMINÉ: HKCR\CLSID\{1c196414-8698-4895-90d7-d8daa1306f6f}
ELIMINÉ: HKCR\CLSID\{38ad786b-6a54-4d10-b088-c25681474d9b}
ELIMINÉ: HKCR\CLSID\{4316bfe9-c77f-4fac-9bc9-f3fa0c5c47d0}
ELIMINÉ: HKCR\CLSID\{ca428b8e-7240-4695-ba3a-ac5e184ec0ab}
ELIMINÉ: HKCR\CLSID\{e573a1a4-9462-4ae9-924c-2b8770a59edd}
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaBuzzV1mode3085

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\windows\system32\drivers\360hookoem.sys
ELIMINÉ: c:\windows\system32\drivers\360regoem.sys
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINÉ Temporários windows (146) (3.053.036 octets)
ELIMINÉ Flash Cookies (1) (416 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
16 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
5 : Ficheiros
2 : Estado dos serviços
1 : Restauração Sistema


End of clean in 00mn 11s

========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\Administrador\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 21/6/2014 22:27:26 [2167]





Relatório do Zoek :



Zoek.exe v5.0.0.0 Updated 20-06-2014
Tool run by Administrador on s b 21/06/2014 at 22:19:35,50.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\USER\Meus documentos\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

\zoek-results2014-06-21-013252.log 1245 bytes
\zoek-results2014-06-21-114001.log 28619 bytes
\zoek-results2014-06-21-222834.log 8848 bytes
\zoek-results2014-06-21-223603.log 11504 bytes
\zoek-results2014-06-21-230850.log 2377 bytes

==== VirusTotal Scan ======================

C:\WINDOWS\system32\nethtsrv.exe [Você precisa estar registrado e conectado para ver este link.]
C:\WINDOWS\system32\netupdsrv.exe [Você precisa estar registrado e conectado para ver este link.]
C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1383268032.job [Você precisa estar registrado e conectado para ver este link.]
C:\WINDOWS\system32\drivers\nethfdrv.sys [Você precisa estar registrado e conectado para ver este link.]
C:\WINDOWS\system32\hfpapi.dll [Você precisa estar registrado e conectado para ver este link.]
C:\WINDOWS\system32\hfnapi.dll [Você precisa estar registrado e conectado para ver este link.]
C:\WINDOWS\system32\installd.exe [Você precisa estar registrado e conectado para ver este link.]
C:\Arquivos de programas\Level Up Games\Assault Fire BR\Binaries\Win32\TGame.exe [Você precisa estar registrado e conectado para ver este link.]
C:\WINDOWS\system32\Drivers\sptd8637.sys [Você precisa estar registrado e conectado para ver este link.] COULD NOT OPEN FILE !!!!!/analysis/
C:\WINDOWS\system32\TesSafe.sys [Você precisa estar registrado e conectado para ver este link.]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=72 folders=63 146982437 bytes)

==== EOF on s b 21/06/2014 at 22:20:22,28 ======================
avatar
Sky.M
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 20/06/2014

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Power Max em Sab 21 Jun 2014, 22:36

Abra novamente o ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Você precisa estar registrado e conectado para ver esta imagem.]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Sky.M em Sab 21 Jun 2014, 22:39

~ Relatório do ZHPDiag v2014.6.21.95 - Nicolas Coolman (21/6/2014)
~ Iniciado por Administrador (21/6/2014 22:38:01)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found


---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
GCIE: Google Chrome v35.0.1916.153 (Defaut)
OPIE: Opera vStable 22.0.1471.70

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Softwares de proteçao do sistema
Avira Free Antivirus v14.0.4.642
AVG 2014 v14.0.3604

---\\ Softwares d'optimização do sistema
CCleaner v4.03

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI
Java 7 Update 60

---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 67 Stepping 3, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047 MB (46% free)
System Restore: Activé (Enable)
System drive C: has 91 GB (39%) free of 233 GB

---\\ Modo de conexão ao sistema
~ Computer Name: MICRO22
~ User Name: Administrador
~ All Users Names: USER, SUPPORT_388945a0, HelpAssistant, Convidado, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Administrador\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\Administrador\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\Administrador\Desktop\
~ %Favorites% : C:\Documents and Settings\Administrador\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\Administrador\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 91 Go of 233 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 45 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.E2FFA50357056ADE4FCDB5FD09F9D2FF] - (.Microsoft Corporation - Internet Extensions for Win32.) (.6/3/2014 - 14:58:35.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/8/2011 - 10:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/7/2011 - 10:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 15:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/5
~ Mon Bureau (My Desktop) : 0/4
~ Menu demarrer (Programs) : 1/21
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.0BF3BE441B226D018767C28F92830D34] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe [430160] [PID.236]
[MD5.0BF3BE441B226D018767C28F92830D34] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe [430160] [PID.1736]
[MD5.E87885A59FDC241B6575943A75E495D9] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696] [PID.520]
[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.544]
[MD5.05A96B8A01D3EB3ED5E403ECC7339981] - (...) -- C:\WINDOWS\system32\nethtsrv.exe [180224] [PID.616]
[MD5.D2FE0376285A783693469422678E878B] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Arquivos de programas\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632] [PID.760]
[MD5.DADF7468C85F3295B5B69D0F1E40BDF3] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 335.2.) -- C:\WINDOWS\system32\nvsvc32.exe [156960] [PID.1628]
[MD5.3A2E85F7D90D15460C337CE80C2E3B29] - (...) -- C:\WINDOWS\system32\PnkBstrA.exe [76888] [PID.312]
[MD5.5D8DDA1B3F561181E1D26C06D266BDFC] - (...) -- C:\WINDOWS\system32\netupdsrv.exe [162304] [PID.988]
[MD5.43B18BAA433FD79DFC7D4B25AF6EB2F9] - (.Avira Operations GmbH & Co. KG - Avira.OE.ServiceHost.) -- C:\Arquivos de programas\Avira\My Avira\Avira.OE.ServiceHost.exe [123984] [PID.2276]
[MD5.E349ED8E6F380C23BBFDB3E813FF8E6C] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe [425552] [PID.3332]
[MD5.E0ADE8DDBD57F3953E569F8554744B37] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [16062464] [PID.976]
[MD5.E715412E47D20EB0EBF77B65F9157343] - (...) -- ystem32\RunDLL32.exe [0] [PID.708]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe [638816] [PID.3804]
[MD5.A131FF6AF7E2B2492566FB57683CE6CB] - (.Nicolas Coolman - ZHPFix.) -- C:\Arquivos de programas\ZHPDiag\ZHPFix\ZHPFix.exe [3054592] [PID.2656]
[MD5.53C418610A3C3E0C27EC146D3F6094AE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8070144] [PID.1344]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (...) -- C:\Arquivos de programas\Pando Networks\Media Booster\npPandoWebPlugin.dll (.not file.)
~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 0



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SkyTel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\WINDOWS\SkyTel.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMCTray.dll
O4 - HKLM\..\Run: [nwiz] . (...) -- C:\Arquivos de programas\NVIDIA Corporation\nview\nwiz.exe
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Arquivos de programas\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [Avira Systray] . (.Avira Operations GmbH & Co. KG - Avira.OE.Systray.) -- C:\Arquivos de programas\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-796845957-1647877149-682003330-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-796845957-1647877149-682003330-1003\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Arquivos de programas\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - [Você precisa estar registrado e conectado para ver este link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - [Você precisa estar registrado e conectado para ver este link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - [Você precisa estar registrado e conectado para ver este link.]
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{75DC0F7E-4EEF-40B7-8010-2C8112F77697}: DhcpNameServer = 201.17.0.84 201.17.0.52 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{75DC0F7E-4EEF-40B7-8010-2C8112F77697}: DhcpNameServer = 201.17.0.84 201.17.0.52 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{75DC0F7E-4EEF-40B7-8010-2C8112F77697}: DhcpNameServer = 201.17.0.84 201.17.0.52 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.0.84 201.17.0.52 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Network HTTP Support Service (NetHttpService) . (...) - C:\WINDOWS\system32\nethtsrv.exe
O23 - Service: Network Support Service Updater (ServiceUpdater) . (...) - C:\WINDOWS\system32\netupdsrv.exe
~ Services: 11 Legitimates Filtered in 00mn 03s



---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\web\wallpaper\Alegria.bmp
O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\web\wallpaper\Alegria.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.1C0C05E56A8C306E53F90602E9D79351] [APT] [Opera scheduled Autoupdate 1383268032] (.Opera Software.) -- C:\Arquivos de programas\Opera\launcher.exe [468088]
O39 - APT: Opera scheduled Autoupdate 1383268032 - (.Opera Software.) -- C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1383268032.job [406]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (360FileOem) . (.360.cn - 360FileOem.) - C:\WINDOWS\system32\drivers\360FileOem.sys
O41 - Driver: (nethfdrv) . (.No owner - nethfdrv.sys.) - C:\WINDOWS\system32\drivers\nethfdrv.sys
O41 - Driver: (360RegOem) . (. - .) - C:\WINDOWS\system32\drivers\360RegOem.sys (.not file.)
~ Drivers: 79 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Assault Fire BR - (.Level Up Games.) [HKLM] -- Assault Fire BR
O42 - Logiciel: Cross Fire AL - (.Z8Games.com.) [HKLM] -- Cross Fire AL_is1
O42 - Logiciel: Fistful of Frags - (.Fistful of Frags Team.) [HKLM] -- Steam App 265630
O42 - Logiciel: Network System Driver - (...) [HKLM] -- inethnfd
~ Logic: 29 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKLM\Software\Client]
[HKLM\Software\GameVicio]
[HKLM\Software\MediaBuzzV1mode3085] =>PUP.MediaBuzz
[HKLM\Software\sXe_Injected]
~ Key Software: 386 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 8/2/2014 - 08:31:09 - [] ----D C:\Arquivos de programas\GameVicio
O43 - CFD: 13/6/2014 - 13:23:58 - [] ----D C:\Arquivos de programas\Hoplon
O43 - CFD: 6/4/2014 - 19:44:49 - [] ----D C:\Arquivos de programas\Level Up Games
O43 - CFD: 7/1/2014 - 11:13:45 - [0] ----D C:\Arquivos de programas\Pando Networks
O43 - CFD: 18/7/2013 - 09:42:09 - [] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 19/6/2014 - 13:28:28 - [] ----D C:\Arquivos de programas\Arquivos comuns\Config
O43 - CFD: 18/7/2013 - 09:41:45 - [] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 31/7/2013 - 19:23:40 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\levelup downloader
O43 - CFD: 21/6/2014 - 20:15:28 - [] R---D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Acessórios
O43 - CFD: 18/7/2013 - 06:31:06 - [] R---D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar
~ Program Folder: 109 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.2687F78FDD3FDCC0F4EF84AF48DE6C01] - 10/6/2014 - 13:22:01 ---A- . (.TENCENT - Loader NT Driver.) -- C:\WINDOWS\system32\TesSafe.sys [964600] =>Adware.TencentAddressBar
O44 - LFC:[MD5.4A62B839C5395CC06025741874AD1B44] - 13/6/2014 - 12:17:18 ---A- . (...) -- C:\console.log [718]
O44 - LFC:[MD5.3A2E85F7D90D15460C337CE80C2E3B29] - 13/6/2014 - 13:38:44 ---A- . (...) -- C:\WINDOWS\system32\PnkBstrA.exe [76888]
O44 - LFC:[MD5.BD2C561FB201CC11173AB05B7FCA6AF1] - 14/6/2014 - 17:14:27 ---A- . (...) -- C:\WINDOWS\system32\PnkBstrB.ex0 [281848]
O44 - LFC:[MD5.BD2C561FB201CC11173AB05B7FCA6AF1] - 14/6/2014 - 17:28:49 ---A- . (...) -- C:\WINDOWS\system32\PnkBstrB.exe [281848]
O44 - LFC:[MD5.BD2C561FB201CC11173AB05B7FCA6AF1] - 14/6/2014 - 17:28:49 ---A- . (...) -- C:\WINDOWS\system32\PnkBstrB.xtr [281848]
O44 - LFC:[MD5.6DA04CD534C47140075C9052A22A52E0] - 14/6/2014 - 17:28:58 ---A- . (...) -- C:\WINDOWS\system32\Drivers\PnkBstrK.sys [140176]
O44 - LFC:[MD5.6CE76AB4F5BEA74AABD3356CE904EBF8] - 15/6/2014 - 10:35:30 ---A- . (...) -- C:\WINDOWS\system32\hfpapi.dll [246784]
O44 - LFC:[MD5.8179B41DE3E183456C3FBADB80138CC3] - 15/6/2014 - 10:35:40 ---A- . (...) -- C:\WINDOWS\system32\hfnapi.dll [108544]
O44 - LFC:[MD5.05A96B8A01D3EB3ED5E403ECC7339981] - 15/6/2014 - 10:35:50 ---A- . (...) -- C:\WINDOWS\system32\nethtsrv.exe [180224]
O44 - LFC:[MD5.B57478AAF45A875E37831525E1257FF8] - 15/6/2014 - 10:36:00 ---A- . (...) -- C:\WINDOWS\system32\installd.exe [108544]
O44 - LFC:[MD5.5D8DDA1B3F561181E1D26C06D266BDFC] - 15/6/2014 - 10:36:10 ---A- . (...) -- C:\WINDOWS\system32\netupdsrv.exe [162304]
O44 - LFC:[MD5.8C690DC00115F973B2395CAB68AAB3C7] - 15/6/2014 - 10:36:18 ---A- . (.No owner - nethfdrv.sys.) -- C:\WINDOWS\system32\Drivers\nethfdrv.sys [49152]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 19/6/2014 - 13:33:33 ---A- . (...) -- C:\awh2C.tmp [687]
O44 - LFC:[MD5.984F6F453F487AA46D8C0FB4059D3FD4] - 19/6/2014 - 13:51:48 ---A- . (...) -- C:\WINDOWS\system32\jupdate-1.7.0_60-b19.log [4094]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 20/6/2014 - 15:19:49 ---A- . (...) -- C:\awh35.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 20/6/2014 - 16:25:52 ---A- . (...) -- C:\awh10.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 20/6/2014 - 19:40:20 ---A- . (...) -- C:\awh11.tmp [687]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 20/6/2014 - 20:49:19 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\WINDOWS\system32\sqlite3.dll [536576]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 20/6/2014 - 21:06:13 ---A- . (...) -- C:\awh24.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 20/6/2014 - 22:09:48 ---A- . (...) -- C:\awh1D.tmp [687]
O44 - LFC:[MD5.BEA1ACA89F54A94CC3D9A873EE5DEABD] - 20/6/2014 - 22:32:52 ---A- . (...) -- C:\zoek-results2014-06-21-013252.log [1245]
O44 - LFC:[MD5.60E47F2B7EAC3D4196188E11C5145CA0] - 21/6/2014 - 08:40:01 ---A- . (...) -- C:\zoek-results2014-06-21-114001.log [28619]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 21/6/2014 - 08:45:12 ---A- . (...) -- C:\awh18.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 21/6/2014 - 11:13:54 ---A- . (...) -- C:\awh15.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 21/6/2014 - 18:01:59 ---A- . (...) -- C:\awh12.tmp [687]
O44 - LFC:[MD5.CDAFCF9E28EAC955AE2AFFCE41B83F96] - 21/6/2014 - 19:28:34 ---A- . (...) -- C:\zoek-results2014-06-21-222834.log [8848]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 21/6/2014 - 19:34:35 ---A- . (...) -- C:\awh19.tmp [687]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 21/6/2014 - 19:35:03 ---A- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
O44 - LFC:[MD5.09972A12C6BC0F878FA680E8291A5137] - 21/6/2014 - 19:35:05 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.E6F80C02D065E93BAE96CD8A302E5215] - 21/6/2014 - 19:36:03 ---A- . (...) -- C:\zoek-results2014-06-21-223603.log [11504]
O44 - LFC:[MD5.0F3462FBB244D4B7C2B8B347031F396D] - 21/6/2014 - 20:15:25 ---A- . (...) -- C:\WINDOWS\wmsetup.log [639]
O44 - LFC:[MD5.6858F37775262A5CA55F2E26358BAF0E] - 21/6/2014 - 20:15:26 ---A- . (...) -- C:\WINDOWS\OEWABLog.txt [345]
O44 - LFC:[MD5.836D0AE184531633FCE0B9F6E0E6B832] - 21/6/2014 - 20:22:18 ---A- . (...) -- C:\WINDOWS\wiadebug.log [216]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 21/6/2014 - 20:28:57 ---A- . (...) -- C:\awh14.tmp [687]
O44 - LFC:[MD5.04E8FE7367972F68F4CA39282CA94897] - 21/6/2014 - 22:20:22 ---A- . (...) -- C:\zoek-results.log [2300]
O44 - LFC:[MD5.C33FD02D719821648561A9AD27853333] - 21/6/2014 - 22:33:27 ---A- . (...) -- C:\WINDOWS\system32\nvAppTimestamps [6670]
~ Files: 57 Legitimates Filtered in 00mn 00s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [Enabled] .(...) -- C:\Arquivos de programas\Google\Google Talk\googletalk.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\USER\Configurações locais\Apps\2.0\9R46X2V1.APJ\1L4J692C.1ZK\leve..tion_b598c967a14cb714_0000.0009_a9927750ae4a245a\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe" [Enabled] .(.No owner.) -- C:\Documents and Settings\USER\Configurações locais\Apps\2.0\9R46X2V1.APJ\1L4J692C.1ZK\leve..tion_b598c967a14cb714_0000.0009_a9927750ae4a245a\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Level Up Games\Assault Fire BR\Binaries\Win32\TGame.exe" [Enabled] .(.Tencent Games, Inc..) -- C:\Arquivos de programas\Level Up Games\Assault Fire BR\Binaries\Win32\TGame.exe =>Adware.TencentAddressBar
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\UniverseGamers\Gunz\UGGunz.exe" [Enabled] .(.Universe Gamers.) -- C:\Arquivos de programas\UniverseGamers\Gunz\UGGunz.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Counter-Strike 1.6\hl.exe" [Enabled] .(...) -- C:\Arquivos de programas\Counter-Strike 1.6\hl.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Level Up! Games\Warface\Launcher\Launcher.exe" [Enabled] .(...) -- C:\Level Up! Games\Warface\Launcher\Launcher.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Hoplon\APB Reloaded\Binaries\APB.exe" [Enabled] .(.K2 Network, Inc..) -- C:\Arquivos de programas\Hoplon\APB Reloaded\Binaries\APB.exe
~ Keys Export: 26 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:30/8/2013 - 21:18:58 R--A- . (.360.cn - 360FileOem.) -- C:\WINDOWS\system32\Drivers\360FileOem.sys [152880]
O58 - SDL:19/7/2013 - 07:38:11 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:19/7/2013 - 07:38:11 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswSP.sys.sum [175]
O58 - SDL:19/7/2013 - 07:38:11 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:15/6/2014 - 10:36:18 ---A- . (.No owner - nethfdrv.sys.) -- C:\WINDOWS\system32\Drivers\nethfdrv.sys [49152]
O58 - SDL:14/6/2014 - 17:28:58 ---A- . (...) -- C:\WINDOWS\system32\Drivers\PnkBstrK.sys [140176]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:1/1/1601 - 03:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sptd.sys [643072]
O58 - SDL:1/1/1601 - 03:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sptd8637.sys [96384]
O58 - SDL:16/5/2014 - 09:07:14 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\Drivers\ssmdrv.sys [28520]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
O58 - SDL:10/6/2014 - 13:22:01 ---A- . (.TENCENT - Loader NT Driver.) -- C:\WINDOWS\system32\TesSafe.sys [964600] =>Adware.TencentAddressBar
~ Drivers: 59 Legitimates Filtered in 00mn 00s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 30/8/2013 - C:\WINDOWS\system32\drivers\360FileOem.sys (360FileOem) .(.360.cn - 360FileOem.) - LEGACY_360FILEOEM
O64 - Services: CurCS - 8/5/1744 - C:\WINDOWS\system32\drivers\360HookOem.sys (360HookOem) .(...) - LEGACY_360HOOKOEM
O64 - Services: CurCS - 15/6/2014 - C:\WINDOWS\system32\drivers\nethfdrv.sys (nethfdrv) .(.No owner - nethfdrv.sys.) - LEGACY_NETHFDRV
O64 - Services: CurCS - 15/6/2014 - C:\WINDOWS\system32\nethtsrv.exe (NetHttpService) .(...) - LEGACY_NETHTTPSERVICE
O64 - Services: CurCS - 13/6/2014 - C:\WINDOWS\system32\PnkBstrA.exe (PnkBstrA) .(...) - LEGACY_PNKBSTRA
O64 - Services: CurCS - 15/6/2014 - C:\WINDOWS\system32\netupdsrv.exe (ServiceUpdater) .(...) - LEGACY_SERVICEUPDATER
O64 - Services: CurCS - 16/5/2014 - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (ssmdrv) .(.Avira GmbH - AVIRA SnapShot Driver.) - LEGACY_SSMDRV
~ Legacy: 167 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Arquivos de programas\Opera\Launcher.exe
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Arquivos de programas\Opera\launcher.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Arquivos de programas\Opera\Launcher.exe
~ Keys: Scanned in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 14/6/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 16/5/2014 1039440 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.exe
SS - | Demand 14/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 17/4/2014 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 17/4/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe
SR - | Auto 16/5/2014 430160 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
SR - | Auto 16/5/2014 430160 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 14/5/2014 123984 | (Avira.OE.ServiceHost) . (.Avira Operations GmbH & Co. KG.) - C:\Arquivos de programas\Avira\My Avira\Avira.OE.ServiceHost.exe
SR - | Auto 20/6/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SR - | Auto 15/6/2014 180224 | (NetHttpService) . (...) - C:\WINDOWS\system32\nethtsrv.exe
SR - | Auto 5/2/2014 1593632 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Arquivos de programas\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 9/3/2014 156960 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SR - | Auto 13/6/2014 76888 | (PnkBstrA) . (...) - C:\WINDOWS\system32\PnkBstrA.exe
SR - | Auto 15/6/2014 162304 | (ServiceUpdater) . (...) - C:\WINDOWS\system32\netupdsrv.exe
~ Services: Scanned in 00mn 07s



---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:1/1/1601 - 03:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sptd.sys [643072]
O58 - SDL:1/1/1601 - 03:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sptd8637.sys [96384]
~ Emulateurs: Scanned in 00mn 07s



---\\ Scâner Aditional (088)
Database Version : 13026 - (21/6/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKLM\Software\MediaBuzzV1mode3085] =>PUP.MediaBuzz^
~ Additionnel Scan: 284087 Items scanned in 00mn 16s



---\\ Informações complémentaires do módulos
~ [Você precisa estar registrado e conectado para ver este link.] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 2 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>PUP.MediaBuzz
[Você precisa estar registrado e conectado para ver este link.] =>Adware.TencentAddressBar
~ MSI: 2 link(s) detected in 00mn 00s



~ 835 Legitimates filtered by white list
End of the scan (491 lines in 00mn 34s)(0)
avatar
Sky.M
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 20/06/2014

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Power Max em Sab 21 Jun 2014, 22:48

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.


Última edição por Power Max em Sab 21 Jun 2014, 23:40, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Sky.M em Sab 21 Jun 2014, 23:00

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Administrador at 21/6/2014 23:00:02
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)

Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ Driver Key: 360RegOem
ELIMINÉ: HKLM\Software\MediaBuzzV1mode3085

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (9) (116.326 octets)
ELIMINÉ Flash Cookies (1) (416 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
2 : Chaves do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 03s

========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\Administrador\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 21/6/2014 22:27:26 [2276]
C:\Documents and Settings\Administrador\Dados de aplicativos\ZHP\ZHPFix[R2].txt - 21/6/2014 23:00:04 [1024]
avatar
Sky.M
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 20/06/2014

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Power Max em Sab 21 Jun 2014, 23:02

Como está o seu PC?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Propagandas pelo navegador e abrindo novas páginas!

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum