Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 16 usuários online :: 0 registrados, 0 invisíveis e 16 visitantes :: 1 motor de buscaNenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Sites com propagandas e páginas aleatórias
3 participantes
Página 1 de 1
Sites com propagandas e páginas aleatórias
por Danizinhas2 Qui 09 Jan 2014, 18:39
Boa tarde... estou com um problema que voltou.... rs
Sem fazer download nem nada, começou a aparecer propaganda... e todo link que clico... abre uma página de propaganda..
Às vezes aparece o site: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
ou as vezes abre propaganda tipo walmart, americanas, etc. Muitas palavras estão como link que passando o mouse em cima, aparece um negócio nada a ver.. rs
Segue print anexo de uma página como aparece pra mim normalmente.
Relatório (obs. não está aceitando como anexo):
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:12:22, on 09/01/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.16384)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Users\Daniele\AppData\Local\Akamai\netsession_win.exe
C:\Users\Daniele\AppData\Local\Akamai\netsession_win.exe
C:\Users\Daniele\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Daniele\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RadioController] "C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Daniele\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Daniele\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: wwws.santandernet.com.br
O15 - Trusted Zone: wwws2.santandernet.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: Nero Update (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12220 bytes
Obrigada.
Danizinhas2- Iniciante
- Mensagens : 18
Reputação : 1
Data de inscrição : 19/10/2013
Re: Sites com propagandas e páginas aleatórias
por Power Max Qui 09 Jan 2014, 19:30
Oi Danizinha!
Siga, por gentileza, as dicas dos tutoriais abaixo:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste, por gentileza, o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt e o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt e nos diga como está seu PC depois destes procedimentos.
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Sites com propagandas e páginas aleatórias
por Danizinhas2 Qui 09 Jan 2014, 20:10
Os relatórios estão em anexo nesta postagem.
aparentemente está resolvido!
aparentemente está resolvido!
Danizinhas2- Iniciante
- Mensagens : 18
Reputação : 1
Data de inscrição : 19/10/2013
Re: Sites com propagandas e páginas aleatórias
por Power Max Qui 09 Jan 2014, 20:15
Alguns problemas foram removidos.____________________________________________
Siga também esta dica, por gentileza:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Depois disto é só você postar o relatório do Zoek que estará em C:\zoek-results aqui em seu tópico.
Ficamos no aguardo.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Sites com propagandas e páginas aleatórias
por Danizinhas2 Qui 09 Jan 2014, 23:02
Zoek.exe v5.0.0.0 Updated 09-Januari-2014
Tool run by Daniele on 09/01/2014 at 22:38:00,44.
Microsoft Windows 8.1 Single Language 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Daniele\Desktop\zoek\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
09/01/2014 22:40:00 Zoek.exe System Restore Point Created Succesfully.
==== Creating Sample_012014_2250.zip ======================
Copied file C:\Users\Daniele\AppData\Roaming\unins001.exe to sample\unins001.exe
Copied file C:\Users\Daniele\AppData\Roaming\unins002.exe to sample\unins002.exe
sample\unins001.exe renamed to 169180F02ABCECA5DE72FC5EEBC861BB
sample\unins002.exe renamed to AD6E810B9CE3D8C0C1FF0203C68C6FA6
C:\Users\Public\Desktop\sample_012014_2250.zip created successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-781025469-2809880305-665702492-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
HKEY_USERS\S-1-5-21-781025469-2809880305-665702492-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
HKEY_USERS\S-1-5-21-781025469-2809880305-665702492-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{09F58E74-42B4-4D70-BA26-35FC954E7A17} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Users\Daniele\AppData\Local\cache deleted
C:\WINDOWS\Syswow64\InstallUtil.InstallLog deleted
C:\Users\Daniele\AppData\Roaming\unins001.exe deleted
C:\Users\Daniele\AppData\Roaming\unins002.exe deleted
"C:\ProgramData\boost_interprocess\20140109195016.493497\Nobu64AgentService2.8.1.10" deleted
"C:\ProgramData\boost_interprocess\20140109195016.493497\Nobu64TrayIcon2.8.1.10" deleted
"C:\ProgramData\boost_interprocess" not deleted
"C:\ProgramData\boost_interprocess\20140109195016.493497" not deleted
==== Chrome Look ======================
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
abmojiekfpcmkkfamgfcpgfgipocface - C:\Users\Daniele\AppData\Local\GAS Tecnologia\GBBD\abn\sf.crx[06/01/2014 12:30]
nnjbodopomfddehlalfilheomcahbpei - C:\Users\Daniele\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[22/10/2013 01:47]
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Daniele\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[17/10/2013 19:54]
GBBD Banco Santander (Brasil) S.A. - Daniele\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface
GBBD Caixa Economica Federal - Daniele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
GBBD Banco do Brasil - Daniele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
==== Chrome Fix ======================
C:\Users\Daniele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.com.br_0.localstorage deleted successfully
C:\Users\Daniele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.com.br_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Search Bar"="http://www.bing.com/search?q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0FFFF810-20D8-3690-D6E9-4478B495D859} Bing Url="http://www.bing.com/search?q={searchTerms}"
{4062BADF-95DC-45FB-ADC4-2B137AEC676B} Google Url="http://www.google.com/search?hl=en&q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== shortcuts on Users Desktops ======================
C:\Users\Daniele\Desktop\Atalhos\Central de Soluções HP.lnk -
C:\Users\Daniele\Desktop\Atalhos\CyberLink DVD Suite.lnk - C:\Program Files (x86)\CyberLink\DVD Suite\PowerStarter.exe
C:\Users\Daniele\Desktop\Atalhos\Install Now AutoCAD 2013.lnk - C:\Autodesk\AutoCAD_2013_Brazilian_Portuguese_Win_32_64bit_wi_pt-BR_Setup1\setup.exe /URL "http://studentsdownload.autodesk.com/SWDLDDLM/2013/ACD/WI/AutoCAD_2013_Brazilian_Portuguese_Win_32_64bit_wi_pt-BR_Setup1.exe" /Student /SN 900-41905648 /PK 001E1 /akamai
C:\Users\Daniele\Desktop\Atalhos\Inventor Fusion 2013.lnk - C:\Program Files (x86)\Autodesk\Inventor Fusion 2013\Inventor Fusion.exe
C:\Users\Daniele\Desktop\Atalhos\Loja de Suprimentos HP.lnk - C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe
C:\Users\Daniele\Desktop\Atalhos\My Photo Creations (DATAPHOTO COM DE FOTOGRAFIAS LTDA Edition).lnk - C:\Program Files (x86)\My Photo Creations (DATAPHOTO COM DE FOTOGRAFIAS LTDA Edition)\MyPhotoCreations.exe
C:\Users\Daniele\Desktop\Atalhos\Nero Burning ROM 2014.lnk - C:\Windows\Installer\{F2B9C8D6-C69C-4BA7-95D2-66F1C68D15DA}\ARPPRODUCTICON.exe
C:\Users\Daniele\Desktop\Atalhos\Norton Online Backup.lnk - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe OPEN
C:\Users\Daniele\Desktop\Atalhos\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe
C:\Users\Daniele\Desktop\Atalhos\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\AutoCAD 2013 – Português – Brasil (Brazilian Portuguese).lnk -
C:\Users\Public\Desktop\Norton Online Backup.lnk - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe OPEN
C:\Users\Public\Desktop\The Sims™ 3.lnk -
==== shortcuts in Users Start Menu ======================
C:\Users\Daniele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Daniele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDVD\Ajuda do PowerDVD.lnk - C:\Program Files (x86)\CyberLink\PowerDVD\Language\Ptg\PowerDVD.CHM
C:\Users\Daniele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDVD\CyberLink PowerDVD.lnk - C:\Program Files (x86)\CyberLink\PowerDVD\PowerDVD.exe
C:\Users\Daniele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDVD\Desinstalar o PowerDVD.lnk - C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
C:\Users\Daniele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDVD\Leia-me.lnk - C:\Program Files (x86)\CyberLink\PowerDVD\Language\Ptg\Readme.htm
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup\Norton Online Backup.lnk - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe OPEN
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Desinstalar Origin.lnk - C:\Program Files (x86)\Origin\OriginUninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus\Ajuda.lnk - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe /URL:WebHelp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus\Atualizar para Panda Cloud Antivirus PRO.lnk - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe /Upselling
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus\Ideias e soluções.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus\Instalar Panda Security Toolbar.lnk - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSINanoRun.exe /LaunchToolbar
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus\Panda Cloud Antivirus.lnk - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus\Suporte técnico on-line.lnk -
==== shortcuts in Quick Launch ======================
C:\Users\Daniele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Daniele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Daniele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Daniele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Daniele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\Daniele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Daniele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== shortcuts After Repair ======================
C:\Users\Daniele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Daniele\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Daniele\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Daniele\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=117 folders=22 2594510 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Daniele\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Daniele\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\ProgramData\boost_interprocess" not found
==== EOF on 09/01/2014 at 22:59:53,97 ======================
Tool run by Daniele on 09/01/2014 at 22:38:00,44.
Microsoft Windows 8.1 Single Language 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Daniele\Desktop\zoek\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
09/01/2014 22:40:00 Zoek.exe System Restore Point Created Succesfully.
==== Creating Sample_012014_2250.zip ======================
Copied file C:\Users\Daniele\AppData\Roaming\unins001.exe to sample\unins001.exe
Copied file C:\Users\Daniele\AppData\Roaming\unins002.exe to sample\unins002.exe
sample\unins001.exe renamed to 169180F02ABCECA5DE72FC5EEBC861BB
sample\unins002.exe renamed to AD6E810B9CE3D8C0C1FF0203C68C6FA6
C:\Users\Public\Desktop\sample_012014_2250.zip created successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-781025469-2809880305-665702492-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
HKEY_USERS\S-1-5-21-781025469-2809880305-665702492-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
HKEY_USERS\S-1-5-21-781025469-2809880305-665702492-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{09F58E74-42B4-4D70-BA26-35FC954E7A17} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Users\Daniele\AppData\Local\cache deleted
C:\WINDOWS\Syswow64\InstallUtil.InstallLog deleted
C:\Users\Daniele\AppData\Roaming\unins001.exe deleted
C:\Users\Daniele\AppData\Roaming\unins002.exe deleted
"C:\ProgramData\boost_interprocess\20140109195016.493497\Nobu64AgentService2.8.1.10" deleted
"C:\ProgramData\boost_interprocess\20140109195016.493497\Nobu64TrayIcon2.8.1.10" deleted
"C:\ProgramData\boost_interprocess" not deleted
"C:\ProgramData\boost_interprocess\20140109195016.493497" not deleted
==== Chrome Look ======================
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
abmojiekfpcmkkfamgfcpgfgipocface - C:\Users\Daniele\AppData\Local\GAS Tecnologia\GBBD\abn\sf.crx[06/01/2014 12:30]
nnjbodopomfddehlalfilheomcahbpei - C:\Users\Daniele\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[22/10/2013 01:47]
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Daniele\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[17/10/2013 19:54]
GBBD Banco Santander (Brasil) S.A. - Daniele\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface
GBBD Caixa Economica Federal - Daniele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
GBBD Banco do Brasil - Daniele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
==== Chrome Fix ======================
C:\Users\Daniele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.com.br_0.localstorage deleted successfully
C:\Users\Daniele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.com.br_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Search Bar"="http://www.bing.com/search?q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0FFFF810-20D8-3690-D6E9-4478B495D859} Bing Url="http://www.bing.com/search?q={searchTerms}"
{4062BADF-95DC-45FB-ADC4-2B137AEC676B} Google Url="http://www.google.com/search?hl=en&q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== shortcuts on Users Desktops ======================
C:\Users\Daniele\Desktop\Atalhos\Central de Soluções HP.lnk -
C:\Users\Daniele\Desktop\Atalhos\CyberLink DVD Suite.lnk - C:\Program Files (x86)\CyberLink\DVD Suite\PowerStarter.exe
C:\Users\Daniele\Desktop\Atalhos\Install Now AutoCAD 2013.lnk - C:\Autodesk\AutoCAD_2013_Brazilian_Portuguese_Win_32_64bit_wi_pt-BR_Setup1\setup.exe /URL "http://studentsdownload.autodesk.com/SWDLDDLM/2013/ACD/WI/AutoCAD_2013_Brazilian_Portuguese_Win_32_64bit_wi_pt-BR_Setup1.exe" /Student /SN 900-41905648 /PK 001E1 /akamai
C:\Users\Daniele\Desktop\Atalhos\Inventor Fusion 2013.lnk - C:\Program Files (x86)\Autodesk\Inventor Fusion 2013\Inventor Fusion.exe
C:\Users\Daniele\Desktop\Atalhos\Loja de Suprimentos HP.lnk - C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe
C:\Users\Daniele\Desktop\Atalhos\My Photo Creations (DATAPHOTO COM DE FOTOGRAFIAS LTDA Edition).lnk - C:\Program Files (x86)\My Photo Creations (DATAPHOTO COM DE FOTOGRAFIAS LTDA Edition)\MyPhotoCreations.exe
C:\Users\Daniele\Desktop\Atalhos\Nero Burning ROM 2014.lnk - C:\Windows\Installer\{F2B9C8D6-C69C-4BA7-95D2-66F1C68D15DA}\ARPPRODUCTICON.exe
C:\Users\Daniele\Desktop\Atalhos\Norton Online Backup.lnk - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe OPEN
C:\Users\Daniele\Desktop\Atalhos\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe
C:\Users\Daniele\Desktop\Atalhos\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\AutoCAD 2013 – Português – Brasil (Brazilian Portuguese).lnk -
C:\Users\Public\Desktop\Norton Online Backup.lnk - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe OPEN
C:\Users\Public\Desktop\The Sims™ 3.lnk -
==== shortcuts in Users Start Menu ======================
C:\Users\Daniele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Daniele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDVD\Ajuda do PowerDVD.lnk - C:\Program Files (x86)\CyberLink\PowerDVD\Language\Ptg\PowerDVD.CHM
C:\Users\Daniele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDVD\CyberLink PowerDVD.lnk - C:\Program Files (x86)\CyberLink\PowerDVD\PowerDVD.exe
C:\Users\Daniele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDVD\Desinstalar o PowerDVD.lnk - C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
C:\Users\Daniele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDVD\Leia-me.lnk - C:\Program Files (x86)\CyberLink\PowerDVD\Language\Ptg\Readme.htm
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup\Norton Online Backup.lnk - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe OPEN
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Desinstalar Origin.lnk - C:\Program Files (x86)\Origin\OriginUninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus\Ajuda.lnk - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe /URL:WebHelp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus\Atualizar para Panda Cloud Antivirus PRO.lnk - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe /Upselling
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus\Ideias e soluções.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus\Instalar Panda Security Toolbar.lnk - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSINanoRun.exe /LaunchToolbar
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus\Panda Cloud Antivirus.lnk - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus\Suporte técnico on-line.lnk -
==== shortcuts in Quick Launch ======================
C:\Users\Daniele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Daniele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Daniele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Daniele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Daniele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\Daniele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Daniele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== shortcuts After Repair ======================
C:\Users\Daniele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Daniele\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Daniele\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Daniele\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=117 folders=22 2594510 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Daniele\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Daniele\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\ProgramData\boost_interprocess" not found
==== EOF on 09/01/2014 at 22:59:53,97 ======================
Danizinhas2- Iniciante
- Mensagens : 18
Reputação : 1
Data de inscrição : 19/10/2013
Re: Sites com propagandas e páginas aleatórias
por Power Max Qui 09 Jan 2014, 23:16
Mais problemas foram removidos._____________________________
Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis e nos diga como está o seu PC após este procedimento.
Ficamos no aguardo.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Sites com propagandas e páginas aleatórias
por Danizinhas2 Sex 10 Jan 2014, 01:08
Malwarebytes Anti-Malware 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Versão da Base de Dados: v2014.01.10.01
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
Daniele :: DANI_SZ [administrador]
09/01/2014 23:26:16
mbam-log-2014-01-09 (23-26-16).txt
Tipo de Verificação: Verificação Completa (C:\|D:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 401147
Tempo decorrido: 1 hora(s), 13 minuto(s), 40 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
Arquivos Detectados: 16
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bg.exe.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho64.dll.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil.exe.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil64.exe.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\utils.exe.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Daniele\Downloads\jre-7u7-windows-x64-aoc-jd.exe (PUP.Optional.OpenCandy) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Daniele\Downloads\nero-burning-rom-2014-15002100-32-bits.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Daniele\Downloads\nero-incd-665100-32-bits.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Daniele\Downloads\nerovision-express-31025-32-bits.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Daniele\Downloads\skype.exe (PUP.Optional.Firseria) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Daniele\Local Settings\Application Data\Bundled software uninstaller\bi_client.exe (PUP.Optional.Somoto.A) -> Enviado para a Quarentena e deletado com sucesso.
(fim)
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Versão da Base de Dados: v2014.01.10.01
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
Daniele :: DANI_SZ [administrador]
09/01/2014 23:26:16
mbam-log-2014-01-09 (23-26-16).txt
Tipo de Verificação: Verificação Completa (C:\|D:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 401147
Tempo decorrido: 1 hora(s), 13 minuto(s), 40 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
Arquivos Detectados: 16
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bg.exe.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho64.dll.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil.exe.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil64.exe.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\utils.exe.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Daniele\Downloads\jre-7u7-windows-x64-aoc-jd.exe (PUP.Optional.OpenCandy) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Daniele\Downloads\nero-burning-rom-2014-15002100-32-bits.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Daniele\Downloads\nero-incd-665100-32-bits.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Daniele\Downloads\nerovision-express-31025-32-bits.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Daniele\Downloads\skype.exe (PUP.Optional.Firseria) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Daniele\Local Settings\Application Data\Bundled software uninstaller\bi_client.exe (PUP.Optional.Somoto.A) -> Enviado para a Quarentena e deletado com sucesso.
(fim)
Danizinhas2- Iniciante
- Mensagens : 18
Reputação : 1
Data de inscrição : 19/10/2013
Re: Sites com propagandas e páginas aleatórias
por Power Max Sex 10 Jan 2014, 09:59
Os problemas do seu PC foram removidos. Como está o computador depois destas limpezas?
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Sites com propagandas e páginas aleatórias
por Danizinhas2 Sex 10 Jan 2014, 11:45
então... por enquanto não apareceu mais nada.. rs
Obrigada.
Obrigada.
Danizinhas2- Iniciante
- Mensagens : 18
Reputação : 1
Data de inscrição : 19/10/2013
Re: Sites com propagandas e páginas aleatórias
por Power Max Sex 10 Jan 2014, 11:50
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve no Desktop (Área de Trabalho)*Depois disto é só executá-lo, deixar selecionadas as opções Remove disinfection tools e Purge system restore
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique em [Run]
Depois de executar o Delfix conforme descrito acima, é só deletar o DelFix e o arquivo C:\DelFix.txtUm abraço!
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Sites com propagandas e páginas aleatórias
por Admin Sex 10 Jan 2014, 11:52
CASO RESOLVIDO
Caso a autora do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Caso a autora do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Admin- Administrador Fundador
- Mensagens : 515
Reputação : 49
Data de inscrição : 26/05/2008
Idade : 46
Localização : Brasil -
Tópicos semelhantes» Propagandas indesejaveis nos sites
» Kaspersky bloqueando propagandas e sites maliciosos
» Me ajudem por favor. Estou com problemas com propagandas nos sites
» Propagandas pelo navegador e abrindo novas páginas!
» Redirecionamento de páginas!
» Kaspersky bloqueando propagandas e sites maliciosos
» Me ajudem por favor. Estou com problemas com propagandas nos sites
» Propagandas pelo navegador e abrindo novas páginas!
» Redirecionamento de páginas!
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos