Logo Hardware.com.br
Luiz Eduardo Brandão
Luiz Eduardo... Membro Senior Registrado
316 Mensagens 9 Curtidas

[Resolvido] Como eliminar sites indesejados

#1 Por Luiz Eduardo... 11/05/2015 - 12:45
Boa tarde. Outro dia baixei o utorrent e vieram de brinde sites que abrem novas abas -- como "jogostempo", "megaofertas", "nuterre.me/ud" -- ou que aparecem na forma de pops-up. Como fazer para impedir que isso aconteça, isto é, que esses sites se abram em novas janelas ou apareçam em sites que abri?
Grato desde já.
boa abrem sites baixei eliminar indesejados dia tarde
Responder
edutango
edutango Cyber Highlander Registrado
9.3K Mensagens 6.3K Curtidas
#2 Por edutango
11/05/2015 - 12:50
Luiz Eduardo Brandão disse:
Boa tarde. Outro dia baixei o utorrent e vieram de brinde sites que abrem novas abas -- como "jogostempo", "megaofertas", "nuterre.me/ud" -- ou que aparecem na forma de pops-up. Como fazer para impedir que isso aconteça, isto é, que esses sites se abram em novas janelas ou apareçam em sites que abri?
Grato desde já.

Boa tarde
Navegadores contaminados [ou o PC]

Use este aplicativo e depois poste o log
Remova adwares e toolbars maliciosas com o Adwcleaner
AMD Duron 900mhz/mobo PCCHIPS
mouse em forma de arco leadrshhep

256mb RAM SDR=WINDOWS 98
Video integrado SiS
Luiz Eduardo Brandão
Luiz Eduardo... Membro Senior Registrado
316 Mensagens 9 Curtidas
#3 Por Luiz Eduardo...
11/05/2015 - 14:31
edutango, segue o log. Mas parece que não adiantou nada passar o adw: quando reabriu não só voltaram a aparecer páginas indesejáveis, como foi alterada a página inicial do Firefox para um tal de 123.

# AdwCleaner v4.203 - Relatório criado 11/05/2015 às 14:07:11
# Atualizado 30/04/2015 por Xplode
# Base de dados : 2015-05-09.1 [Servidor]
# Sistema operacional : Windows 8 Single Language (x64)
# Usuário : Luiz Eduardo - NOTE2014
# Executando de : C:\Users\Luiz Eduardo\Downloads\adwcleaner_4.203.exe
# Opção : Limpar

***** [ Serviços ] *****

[x] Não Excluído : IHProtect Service
[x] Não Excluído : WindowsMangerProtect
Serviço Excluído : {9edd0ea8-2819-47c2-8320-b007d5996f8a}w64

***** [ Arquivos / Pastas ] *****

[!] Pasta Excluído : C:\ProgramData\Browser
Pasta Excluído : C:\ProgramData\ParetoLogic
Pasta Excluído : C:\ProgramData\Systweak
Pasta Excluído : C:\ProgramData\WindowsMangerProtect
Pasta Excluído : C:\ProgramData\IHProtectUpDate
Pasta Excluído : C:\ProgramData\NetEngine
Pasta Excluído : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced~System Protector
Pasta Excluído : C:\Program Files (x86)\AnyProtectEx
Pasta Excluído : C:\Program Files (x86)\ASP
Pasta Excluído : C:\Program Files (x86)\predm
Pasta Excluído : C:\Program Files (x86)\XTab
Pasta Excluído : C:\Users\Luiz Eduardo\AppData\Local\SmartWeb
Pasta Excluído : C:\Users\Luiz Eduardo\AppData\Local\BreakingNewsAlert
Pasta Excluído : C:\Users\Luiz Eduardo\AppData\LocalLow\SmartWeb
Pasta Excluído : C:\Users\Luiz Eduardo\AppData\Roaming\AnyProtectEx
Pasta Excluído : C:\Users\Luiz Eduardo\AppData\Roaming\ParetoLogic
Pasta Excluído : C:\Users\Luiz Eduardo\AppData\Roaming\Systweak
Pasta Excluído : C:\Users\Luiz Eduardo\AppData\Roaming\0004022F-1430858707-382A-FFFF-74D02BAC6CFC
Pasta Excluído : C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Pasta Excluído : C:\Users\Luiz Eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\gk70kyht.default-1400951411541\Extensions\[email]sweetsearch@gmail.com[/email]
Pasta Excluído : C:\Users\Luiz Eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\gk70kyht.default-1400951411541\Extensions\[email]quick_searchff@gmail.com[/email]
Arquivo Excluído : C:\END
Arquivo Excluído : C:\Users\Public\Desktop\Advanced~System Protector.lnk
Arquivo Excluído : C:\Users\LUIZED~1\AppData\Local\Temp\Uninstall.exe
Arquivo Excluído : C:\Windows\System32\roboot64.exe
Arquivo Excluído : C:\Windows\System32\sasnative64.exe
Arquivo Excluído : C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys
Arquivo Excluído : C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
Arquivo Excluído : C:\Users\Luiz Eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\gk70kyht.default-1400951411541\searchplugins\mystartsearch.xml
Arquivo Excluído : C:\Users\Luiz Eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\gk70kyht.default-1400951411541\user.js

***** [ Tarefas agendadas ] *****

[x] Não Apagado : SmartWeb Upgrade Trigger Task
[x] Não Apagado : NetEngine
[x] Não Apagado : Advanced~System Protector_startup

***** [ Atalhos ] *****

Atalho Desinfectado : C:\Users\Public\Desktop\Google Chrome.lnk
Atalho Desinfectado : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Atalho Desinfectado : C:\Users\Public\Desktop\Opera.lnk
Atalho Desinfectado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Atalho Desinfectado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
Atalho Desinfectado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Atalho Desinfectado : C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectado : C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Atalho Desinfectado : C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Desinfectado : C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Atalho Desinfectado : C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Atalho Desinfectado : C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk

***** [ Registro ] *****

Valor Apagado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email]sweetsearch@gmail.com[/email]]
Valor Apagado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email]quick_searchff@gmail.com[/email]]
Chave Apagado : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee
Chave Apagado : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Chave Apagado : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Chave Apagado : HKCU\Software\Mozilla\Extends
Valor Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SmartWeb]
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Apagado : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Chave Apagado : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Chave Apagado : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Apagado : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Dados Restaurado : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Chave Apagado : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Apagado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Apagado : HKCU\Software\AnyProtect
Chave Apagado : HKCU\Software\ParetoLogic
Chave Apagado : HKCU\Software\systweak
Chave Apagado : HKCU\Software\Tune
Chave Apagado : HKCU\Software\TutoTag
Chave Apagado : HKCU\Software\Baidu
Chave Apagado : HKCU\Software\AppDataLow\Software\DynConIE
Chave Apagado : HKCU\Software\AppDataLow\Software\SmartWeb
Chave Apagado : HKLM\SOFTWARE\ParetoLogic
Chave Apagado : HKLM\SOFTWARE\SupDp
Chave Apagado : HKLM\SOFTWARE\SupTab
Chave Apagado : HKLM\SOFTWARE\supWindowsMangerProtect
Chave Apagado : HKLM\SOFTWARE\systweak
Chave Apagado : HKLM\SOFTWARE\Tune
Chave Apagado : HKLM\SOFTWARE\Tutorials
Chave Apagado : HKLM\SOFTWARE\mystartsearchSoftware
Chave Apagado : HKLM\SOFTWARE\Baidu
Chave Apagado : HKLM\SOFTWARE\IHProtect
Chave Apagado : HKU\.DEFAULT\Software\Baidu
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConvertAd
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.17267

Configuração Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Configuração Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configuração Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configuração Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configuração Restaurado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configuração Restaurado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configuração Restaurado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configuração Restaurado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v37.0.2 (x86 pt-BR)

[gk70kyht.default-1400951411541\prefs.js] - Linha Apagado : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[gk70kyht.default-1400951411541\prefs.js] - Linha Apagado : user_pref("browser.search.defaultenginename", "mystartsearch");
[gk70kyht.default-1400951411541\prefs.js] - Linha Apagado : user_pref("browser.search.searchengine.alias", "mystartsearch");
[gk70kyht.default-1400951411541\prefs.js] - Linha Apagado : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/web/favicon.ico");
[gk70kyht.default-1400951411541\prefs.js] - Linha Apagado : user_pref("browser.search.searchengine.name", "mystartsearch");
[gk70kyht.default-1400951411541\prefs.js] - Linha Apagado : user_pref("browser.search.searchengine.url", "hxxp://"]www.mystartsearch.com/web/?type=dspp&ts=1430858730&z=357f10104cdb53bfaf4ddbdgazac4e8b4w2bbm1c2e&from=slbnew&uid=HitachiXHTS545050A7E380_TE851749H1R[...]
[gk70kyht.default-1400951411541\prefs.js] - Linha Apagado : user_pref("browser.search.selectedEngine", "mystartsearch");
[gk70kyht.default-1400951411541\prefs.js] - Linha Apagado : user_pref("extensions.quick_start.enable_search1", false);
[gk70kyht.default-1400951411541\prefs.js] - Linha Apagado : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v

[C:\Users\Luiz Eduardo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Apagado [Default_Search_Provider_Data] :

-\\ Opera v29.0.1795.47


*************************

AdwCleaner[R0].txt - [25651 bytes] - [11/05/2015 12:58:14]
AdwCleaner[R1].txt - [25711 bytes] - [11/05/2015 13:12:34]
AdwCleaner[S0].txt - [11240 bytes] - [11/05/2015 14:07:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11300 bytes] ##########
NOTEBOOK ASUS
CORE i3
4 GB - HD 500 GB
WINDOWS 10
Naldo Volpe
Naldo Volpe Cyber Highlander Registrado
20.8K Mensagens 3.5K Curtidas
#4 Por Naldo Volpe
12/05/2015 - 00:51
; Dica, baixe sempre do Site original...
Brazilian Game Player:| Brawl Stars BR |
- Atenção:Não seja um idiota, não saia de casa sem máscara.!.
- Continue utilizando máscara em ambientes abertos e fechados.!.
- A Pandemia não acabou, não faça festas / não faça aglomeração / 
não fique em lugares com muitas pessoas próximas /
Brasil: +22.590 novos casos. Situação atual. | Japão: +53.911 novos casos | Cachaceiro L detonando o Brasil |
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#5 Por Power Max
13/05/2015 - 14:16
Olá Luiz Eduardo.

Baixe o programa Junkware Removal Tool no link abaixo:
http://thisisudax.org/downloads/JRT.exe

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Luiz Eduardo Brandão
Luiz Eduardo... Membro Senior Registrado
316 Mensagens 9 Curtidas
#6 Por Luiz Eduardo...
13/05/2015 - 17:37
Aqui vai o log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.0 (05.09.2015:1)
OS: Windows 8 Single Language x64
Ran by Luiz Eduardo on 13/05/2015 at 16:40:40,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Advanced~System Protector_startup
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3566295101-3051360901-2891763386-1001
Successfully deleted: [Task] C:\Windows\system32\tasks\SmartWeb Upgrade Trigger Task



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3566295101-3051360901-2891763386-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\browser



~~~ FireFox

Successfully deleted the following from C:\Users\Luiz Eduardo\AppData\Roaming\mozilla\firefox\profiles\gk70kyht.default-1400951411541\prefs.js

user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.ptid, slbnew);
user_pref(browser.search.searchengine.uid, HitachiXHTS545050A7E380_TE851749H1R9ALH1R9ALX);
user_pref(extensions.xpiState, {\app-profile\:{\[email]iobitascsurfingprotection@iobit.com[/email]\:{\d\:\C:\\\\Users\\\\Luiz Eduardo\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\
Emptied folder: C:\Users\Luiz Eduardo\AppData\Roaming\mozilla\firefox\profiles\gk70kyht.default-1400951411541\minidumps [5 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/05/2015 at 16:48:25,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTEBOOK ASUS
CORE i3
4 GB - HD 500 GB
WINDOWS 10
tadeuboato
tadeuboato Geek Registrado
1.5K Mensagens 407 Curtidas
#7 Por tadeuboato
13/05/2015 - 20:56
Estás em boas mão: Edutango e Power Max

Mas dando uma ajudinha...

Siga essa dica:


Leia atentamente para fazer o procedimento correto.

Tutorial do Malwarebytes Anti-Malware

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficaremos aguardando.

*Lembrando que esse procedimento é relativamente demorado.
É nas urnas que o povo brasileiro mostra a força e o tamanho de sua ignorância .

"Nascer, morrer, renascer ainda e progredir sempre, tal é a lei"
Allan Kardec
Luiz Eduardo Brandão
Luiz Eduardo... Membro Senior Registrado
316 Mensagens 9 Curtidas
#9 Por Luiz Eduardo...
13/05/2015 - 22:24
Aqui vai o log do Malware anti-m:
Malwarebytes Anti-Malware
www.malwarebytes.org

Data da Verificação: 13/05/2015
Hora da Verificação: 21:31:00
Arquivo de Log:
Administrador: Sim

Versão: 2.01.6.1022
Base de Dados de Malware: v2015.05.13.06
Base de Dados de Rootkit: v2015.04.21.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Auto-Proteção: Desabilitado

SO: Windows 8
Processador: x64
Sistema de Arquivos: NTFS
Usuário: Luiz Eduardo

Tipo da Verificação: Verificar Ameaça
Resultado: Terminado
Objetos Verificados: 352942
Tempo Decorrido: 29 min, 0 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de Arquivos: Habilitado
Arquivos Compactados: Habilitado
Rootkits: Desabilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

Processos: 1
PUP.Optional.MultiPlug.A, C:\Users\Luiz Eduardo\AppData\Local\0004022F-1430848191-382A-FFFF-74D02BAC6CFC\cnsdE5FD.tmp, 3928, Apagar ao Reiniciar, [38f27e15ec9ea29437110462c63fd828]

Módulos: 0
(Nenhum item malicioso detectado)

Chaves de Registro: 3
PUP.Optional.BreakingNewsAlert.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\vykWFyBuoV, Quarentena, [2703efa4ed9d75c145153cf559a94eb2],
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\zepyxizo, Quarentena, [38f27e15ec9ea29437110462c63fd828],
PUP.Optional.FFPluginHp.A, HKLM\SOFTWARE\WOW6432NODE\FFPluginHp, Quarentena, [bf6b99fad0ba072f3bf94093679cb848],

Valores de Registro: 3
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\zepyxizo|ImagePath, C:\Users\Luiz Eduardo\AppData\Local\0004022F-1430848191-382A-FFFF-74D02BAC6CFC\cnsdE5FD.tmp, Quarentena, [002a3e556d1d5dd91bb7006420e546ba]
PUP.Optional.Jogostempo.A, HKU\S-1-5-21-3566295101-3051360901-2891763386-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\GROUP POLICY OBJECTS\{7FE9A53E-4E9A-4DF4-AEEC-116C5244632F}Machine\SOFTWARE\POLICIES\GOOGLE\CHROME|HomepageLocation, www.jogostempo.com?oem=mbtkv3&uid=TE851749H1R9AL_HitachiHTS545050A7E380&tm=1430876805, Quarentena, [7cae7b18a1e90531e5fcda8c4abbba46]
PUP.Optional.Jogostempo.A, HKU\S-1-5-21-3566295101-3051360901-2891763386-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\GROUP POLICY OBJECTS\{8F6987A9-EAB3-4405-BC6B-518AF27FC551}Machine\SOFTWARE\POLICIES\GOOGLE\CHROME|HomepageLocation, www.jogostempo.com?oem=mbtkv3&uid=TE851749H1R9AL_HitachiHTS545050A7E380&tm=1430876805, Quarentena, [f139870c107ab08611d03e28ae5728d8]

Dados de Registro: 0
(Nenhum item malicioso detectado)

Pastas: 7
PUP.Optional.BreakingNewsAlert.A, C:\Users\Luiz Eduardo\AppData\Local\BreakingNewsAlert, Quarentena, [91993063444677bfdba8509b04ff12ee],
PUP.Optional.MultiPlug.A, C:\Users\Luiz Eduardo\AppData\Local\0004022F-1430848191-382A-FFFF-74D02BAC6CFC, Apagar ao Reiniciar, [38f27e15ec9ea29437110462c63fd828],
PUP.Optional.NetEngine.A, C:\ProgramData\NetEngine, Quarentena, [f931167d404a92a4006e77f18e7728d8],
PUP.Optional.NetEngine.A, C:\ProgramData\NetEngine\bin, Quarentena, [f931167d404a92a4006e77f18e7728d8],
PUP.Optional.NetEngine.A, C:\ProgramData\NetEngine\bin\D10, Quarentena, [f931167d404a92a4006e77f18e7728d8],
PUP.Optional.PullUpdate.A, C:\ProgramData\PKrcCjYk\dat, Quarentena, [5fcbfe95820802345b09be9ab35310f0],
PUP.Optional.PullUpdate.A, C:\ProgramData\PKrcCjYk, Quarentena, [5fcbfe95820802345b09be9ab35310f0],

Arquivos: 22
PUP.Optional.BreakingNewsAlert.A, C:\ProgramData\PKrcCjYk\vykWFyBuoV.exe, Quarentena, [2703efa4ed9d75c145153cf559a94eb2],
PUP.Optional.PullUpdate.A, C:\ProgramData\PKrcCjYk\dat\hBvhCZol.dll, Quarentena, [ef3baee52f5be650ee1e2f28679f6b95],
PUP.Optional.BreakingNewsAlert.A, C:\ProgramData\PKrcCjYk\dat\kYYGaQSec.exe, Quarentena, [3af0eda60783c076f06aa988b64c827e],
PUP.Optional.BreakingNewsAlert.A, C:\ProgramData\PKrcCjYk\dat\ojvtcfqw.exe, Quarentena, [4ae06f241b6f2d0908522b0625dd619f],
PUP.Optional.ZombieInvasion.A, C:\ProgramData\PKrcCjYk\dat\UvcuFmPdn.dll, Quarentena, [3feb82116129d2647af824e17591e719],
PUP.Optional.Popeler, C:\Users\Luiz Eduardo\Downloads\uTorrent.exe, Quarentena, [b07a098a593174c25159b6a0b353c43c],
PUP.Optional.Solimba, C:\Users\Luiz Eduardo\Downloads\Opera.exe, Quarentena, [52d8fd968a005cdabff1f3f6ba47e21e],
PUP.Optional.Solimba, C:\Users\Luiz Eduardo\Downloads\BitTorrent.exe, Quarentena, [7dadf69d7416979f5327c1469b67ac54],
PUP.Optional.BreakingNewsAlert.A, C:\Users\Luiz Eduardo\AppData\Local\BreakingNewsAlert\data2.dat, Quarentena, [91993063444677bfdba8509b04ff12ee],
PUP.Optional.MultiPlug.A, C:\Users\Luiz Eduardo\AppData\Local\0004022F-1430848191-382A-FFFF-74D02BAC6CFC\cnsdE5FD.tmp, Apagar ao Reiniciar, [38f27e15ec9ea29437110462c63fd828],
PUP.Optional.MultiPlug.A, C:\Users\Luiz Eduardo\AppData\Local\0004022F-1430848191-382A-FFFF-74D02BAC6CFC\anscD85F.exe, Quarentena, [38f27e15ec9ea29437110462c63fd828],
PUP.Optional.MultiPlug.A, C:\Users\Luiz Eduardo\AppData\Local\0004022F-1430848191-382A-FFFF-74D02BAC6CFC\Uninstall.exe, Quarentena, [38f27e15ec9ea29437110462c63fd828],
PUP.Optional.NetEngine.A, C:\ProgramData\NetEngine\dat.dat, Quarentena, [f931167d404a92a4006e77f18e7728d8],
PUP.Optional.NetEngine.A, C:\ProgramData\NetEngine\bin\D10\netengine.exe, Quarentena, [f931167d404a92a4006e77f18e7728d8],
PUP.Optional.NetEngine.A, C:\ProgramData\NetEngine\bin\D10\netengine.exe.config, Quarentena, [f931167d404a92a4006e77f18e7728d8],
PUP.Optional.NetEngine.A, C:\ProgramData\NetEngine\bin\D10\sqlite3.dll, Quarentena, [f931167d404a92a4006e77f18e7728d8],
PUP.Optional.NetEngine.A, C:\Windows\System32\Tasks\NetEngine, Quarentena, [ae7cbcd77614f83ed61f57140ff6e21e],
PUP.Optional.PullUpdate.A, C:\ProgramData\PKrcCjYk\dat\kYYGaQSec.exe.config, Quarentena, [5fcbfe95820802345b09be9ab35310f0],
PUP.Optional.PullUpdate.A, C:\ProgramData\PKrcCjYk\dat\ojvtcfqw.exe.config, Quarentena, [5fcbfe95820802345b09be9ab35310f0],
PUP.Optional.PullUpdate.A, C:\ProgramData\PKrcCjYk\info.dat, Quarentena, [5fcbfe95820802345b09be9ab35310f0],
PUP.Optional.PullUpdate.A, C:\ProgramData\PKrcCjYk\vykWFyBuoV.dat, Quarentena, [5fcbfe95820802345b09be9ab35310f0],
PUP.Optional.PullUpdate.A, C:\ProgramData\PKrcCjYk\vykWFyBuoV.exe.config, Quarentena, [5fcbfe95820802345b09be9ab35310f0],

Setores Físicos: 0
(Nenhum item malicioso detectado)


(end)
NOTEBOOK ASUS
CORE i3
4 GB - HD 500 GB
WINDOWS 10
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#10 Por Power Max
14/05/2015 - 10:28
Olá Luiz Eduardo.

Você usou só a verificação de ameaças no Malwarebytes, que não é tão completa como a que é mostrada no tutorial que o tadeuboato te indicou. Siga as dicas abaixo para fazer a limpeza completa:

Alterando o idioma do Malwarebytes para o português:

Caso o idioma do seu Malwarebytes esteja em inglês é bem simples mudá-lo para nossa língua. Para isto abra o Malwarebytes e clique em Settings > Clique na palavra English > Clique na opção Português (Brasil) > como mostra esta imagem:

78a6c24c1f1debebd76211ecea5169a4
___________________________________________________________________________

Como executar uma verificação personalizada com o Malwarebytes:

- Abra o Malwarebytes > Clique em Verificar > clique em Verificação Personalizada > Clique em Configurar Varredura:
baed00ad12090d4427d1fba9a9752ef3

Surgirá mais esta tela abaixo na qual você marcará todas as caixinhas do lado direito da tela para que todas as áreas de seu PC e mídias removíveis ligadas a ele possam ser escaneadas. E do lado esquerdo da tela deixe marcadas todas estas opções:

Verificar Objetos na Memória
Verificar Inicialização e Registro
Verificar Arquivos Compactados
Verificar Rootkits

Quanto ao restante, deixe da forma já pré-configurada pelo Malwarebytes.

Depois disto clique no botão Verificar Agora como mostra a imagem abaixo:
1255fe50b22e3237131617b9b5252c44

Aguarde enquanto o escaneamento é realizado. Ele demora de acordo com a quantidade de arquivos que você possua em seu computador:

80d9460931ffd2e18e63ae6e0ff54f5e

Assim que a verificação terminar, aparecerá a frase Verificação Personalizada completada com sucesso. Caso seu PC esteja seguro e sem ameaças, uma mensagem parecida com esta abaixo aparecerá informando que "Ameaças Identificadas: 0" (Ou seja: Nenhum ítem malicioso foi detectado). Neste caso tudo está certo, seu computador está normal e você clicará no botão Terminar:

4738ec773b60d5252fb596d26ccead94

Caso seja detectada alguma ameaça em seu PC surgirá uma mensagem como esta abaixo próximo ao relógio do Windows com a frase Verificação Terminada - Malware Detectado na qual você clicará nela:

40f33d0b048074fc1aae908c3725c2c3

Neste momento aparecerá quais os malwares e itens potencialmente indesejáveis que foram detectados e os locais onde eles se encontram. Para remover a infecção, deixe todas as caixinhas marcadas em todos os itens que queira remover e clique no botão Remover Selecionadas, como mostra esta imagem:
82d6bdb976db115916440a0716044524

Surgirá então uma outra tela parecida com esta abaixo informando que as ameaças foram enviadas à quarentena, na qual você clicará no botão Terminar:

e6de6348fc8b23f60bd2cdfec180167a

Alguns malwares são rebeldes e podem necessitar de uma reinicialização do PC para que sejam removidos. Caso isto seja solicitado pelo Malwarebytes, aceite esta reinicialização pelo Malwarebytes.

Depois disto é só postar o novo Scan Log (log de verificação) que o Malwarebytes irá criar em sua próxima resposta:

50525573e5611ad133d5e8223bb95259
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Luiz Eduardo Brandão
Luiz Eduardo... Membro Senior Registrado
316 Mensagens 9 Curtidas
#11 Por Luiz Eduardo...
14/05/2015 - 15:53
Opa, Max, que cochilada. Aqui vai o log, da forma indicada. Reiniciei o micro, depois de passar o MaM. Hoje de manhã, qdo liguei, estava lá o tal site 123. Ah, seguindo a dica do edutango, desistalei (com o Revo uninstaller) o Iobit, antes de reiniciar.

Malwarebytes Anti-Malware
www.malwarebytes.org

Data da Verificação: 14/05/2015
Hora da Verificação: 11:48:14
Arquivo de Log:
Administrador: Sim

Versão: 2.01.6.1022
Base de Dados de Malware: v2015.05.14.03
Base de Dados de Rootkit: v2015.04.21.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Auto-Proteção: Desabilitado

SO: Windows 8
Processador: x64
Sistema de Arquivos: NTFS
Usuário: Luiz Eduardo

Tipo da Verificação: Verificação Personalizada
Resultado: Terminado
Objetos Verificados: 531117
Tempo Decorrido: 2 hr, 55 min, 17 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de Arquivos: Habilitado
Arquivos Compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

Processos: 0
(Nenhum item malicioso detectado)

Módulos: 0
(Nenhum item malicioso detectado)

Chaves de Registro: 0
(Nenhum item malicioso detectado)

Valores de Registro: 0
(Nenhum item malicioso detectado)

Dados de Registro: 1
PUP.Optional.Hao123.A, HKU\S-1-5-21-3566295101-3051360901-2891763386-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://br.hao123.com/?tn=sdkp_inner_hp_02_hao123_br, Bom: (www.google.com), Ruim: (http://br.hao123.com/?tn=sdkp_inner_hp_02_hao123_br),Substituído,[7a111f749feb55e1e46e2ee4eb1b9769]

Pastas: 0
(Nenhum item malicioso detectado)

Arquivos: 13
PUP.Optional.Browserwatch, C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir, Quarentena, [c0cb6330e8a27db918e268a518ee629e],
PUP.Optional.Browserwatch, C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir, Quarentena, [d2b91c774b3f65d1bc3e51bc4eb8e11f],
PUP.Optional.SearchProtect, C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir, Quarentena, [cebd1b785535e452143a98ade919e818],
PUP.Optional.Giner, C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir, Quarentena, [6f1cdfb43b4f43f306c12c2b7294f10f],
PUP.Optional.ELEX, C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir, Quarentena, [7813563d58320d2984502a0b9e64b44c],
PUP.Optional.SearchProtect, C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir, Quarentena, [ddae3f5492f84ee8f133e12a74929c64],
PUP.Optional.XTab.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir, Quarentena, [3c4f781baae004324ea5888c61a126da],
PUP.Optional.SupTab.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir, Quarentena, [5635e7ac7d0d89ad6a2f84b332cea759],
PUP.Optional.Elex, C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir, Quarentena, [f09b3360404af1451be4e88d4bb5837d],
PUP.Optional.SmartWeb.A, C:\AdwCleaner\Quarantine\C\Users\Luiz Eduardo\AppData\Local\SmartWeb\SmartWebApp.exe.vir, Quarentena, [1477bdd6e4a674c2848d976c659dfd03],
PUP.Optional.SmartWeb.A, C:\AdwCleaner\Quarantine\C\Users\Luiz Eduardo\AppData\Local\SmartWeb\SmartWebHelper.exe.vir, Quarentena, [a1ea0291ccbe191d868bf70c689a9070],
PUP.Optional.SmartWeb.A, C:\AdwCleaner\Quarantine\C\Users\Luiz Eduardo\AppData\Local\SmartWeb\swhk.dll.vir, Quarentena, [7d0e147f6c1e9b9bc24f61a2cb3716ea],
PUP.Optional.AdvancedSystemProtector, C:\AdwCleaner\Quarantine\C\Windows\System32\sasnative64.exe.vir, Quarentena, [90fbbcd7800a0f27760003cc926ff907],

Setores Físicos: 0
(Nenhum item malicioso detectado)


(end)
NOTEBOOK ASUS
CORE i3
4 GB - HD 500 GB
WINDOWS 10
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#12 Por Power Max
14/05/2015 - 16:08
Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
http://www.hijackthis.nl/smeenk/

Salve-o no Desktop (Área de Trabalho).

Para executá-lo corretamente siga as dicas deste tutorial:

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Luiz Eduardo Brandão
Luiz Eduardo... Membro Senior Registrado
316 Mensagens 9 Curtidas
#13 Por Luiz Eduardo...
14/05/2015 - 17:40
Aqui vai o log. Bato na madeira, mas depois do Zoek o 123rede não apareceu quando recarreguei o FF e o Chrome (abria uma aba em ambos).


Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Luiz Eduardo on 14/05/2015 at 16:26:36,11.
Microsoft Windows 8 Single Language 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luiz Eduardo\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

14/05/2015 16:31:51 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Citrix deleted successfully
C:\PROGRA~2\McAfee deleted successfully
C:\PROGRA~3\FolderView deleted successfully
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully
C:\PROGRA~3\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\LUIZED~1\AppData\Roaming\Mozilla\Firefox\Profiles\gk70kyht.default-1400951411541\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "www.123rede.com?oem=mbtkv3&uid=TE851749H1R9AL_HitachiHTS545050A7E380&tm=1431365200");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\LUIZED~1\AppData\Roaming\Mozilla\Firefox\Profiles\gk70kyht.default-1400951411541\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\LUIZED~1\AppData\Roaming\Mozilla\Firefox\Profiles\gk70kyht.default-1400951411541

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs_052015_1652_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Citrix not found
C:\PROGRA~2\McAfee not found
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found
C:\PROGRA~3\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} not found
C:\Users\Luiz Eduardo\AppData\Local\Aplicativo Itau deleted
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\search_the_web.xml deleted
C:\Users\Luiz Eduardo\AppData\Roaming\LogFile.txt deleted
C:\Users\Luiz Eduardo\AppData\Roaming\ProductData deleted
C:\PROGRA~3\SetStretch.VBS deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Luiz Eduardo\AppData\Local\nsh39F1.tmp deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\Luiz Eduardo\AppData\Roaming\unins000.exe deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\LUIZED~1\AppData\Roaming\Mozilla\Firefox\Profiles\gk70kyht.default-1400951411541
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8873}"="C:\Users\Luiz Eduardo\AppData\Local\GAS Tecnologia\GBBD\uni\xpi" [26/08/2014 16:23]

==== Firefox Extensions ======================

ProfilePath: C:\Users\LUIZED~1\AppData\Roaming\Mozilla\Firefox\Profiles\gk70kyht.default-1400951411541
- Guardio - Ita 30 horas - C:\Users\Luiz Eduardo\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\[email]iobitascsurfingprotection@iobit.com[/email]
- Gmail Notifier restartless - %ProfilePath%\extensions\[email]jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi[/email]

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Luiz Eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\gk70kyht.default-1400951411541
9AE02005247DA91AB1743F5208DBEF76 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll - Shockwave Flash
F6419D3B99616C80C947B9D7B427348B - C:\Users\Luiz Eduardo\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll - Guardião Itaú 30 horas
E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\Luiz Eduardo\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104
B8CFF778A75C685AAC275BFC00BB8FD8 - C:\Users\Luiz Eduardo\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll - Guardião Itaú 30 horas


==== Chromium Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

Google Docs - Luiz Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Luiz Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Untitled audio - Luiz Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne
Bookmark Manager - Luiz Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Chrome Hotword Shared Module - Luiz Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Google Drive App Launcher - Luiz Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Google Maps - Luiz Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh
Google Mail Checker - Luiz Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff
Google Wallet - Luiz Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chromium Startpages ======================

C:\Users\Luiz Eduardo\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com.br/ig?hl=pt-BR",
"startup_urls": [ "https://www.google.com.br/?gws_rd=ssl", "http://www.wordreference.com/", "http://www.rae.es/recursos/diccionarios/drae", "http://www.diccionarios.com/", "http://www.collinsdictionary.com/dictionary/spanish-english", "http://www.aulete.com.br/", "http://www.corpusdoportugues.org/", "http://www.corpusdelespanol.org/" ]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://br.hao123.com/?tn=sdkp_inner_hp_02_hao123_br"
"Search Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Luiz Eduardo\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Luiz Eduardo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Luiz Eduardo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bad was reset successfully
C:\Users\Luiz Eduardo\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Luiz Eduardo\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Luiz Eduardo\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Luiz Eduardo\AppData\Local\Google\Chrome\User Data\Default\Web Data.ReadOnly was reset successfully
C:\Users\Luiz Eduardo\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3566295101-3051360901-2891763386-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-3566295101-3051360901-2891763386-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Luiz Eduardo\Desktop\FeedDemon - Atalho.lnk - C:\Program Files (x86)\FeedDemon\FeedDemon.exe
C:\Users\Luiz Eduardo\Desktop\Google Drive.lnk - C:\Users\Luiz Eduardo\Google Drive
C:\Users\Luiz Eduardo\Desktop\IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Luiz Eduardo\Desktop\Itaú.lnk -
C:\Users\Luiz Eduardo\Desktop\Kindle.lnk - C:\Users\Luiz Eduardo\AppData\Local\Amazon\Kindle\application\Kindle.exe
C:\Users\Luiz Eduardo\Desktop\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Central de Soluções HP.lnk -
C:\Users\Public\Desktop\Dicionário eletrônico Houaiss.lnk -
C:\Users\Public\Desktop\Driver Booster 2.lnk - C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
C:\Users\Public\Desktop\Glary Utilities 5.lnk - C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=mbtkv3&uid=TE851749H1R9AL_HitachiHTS545050A7E380&tm=1431365200
C:\Users\Public\Desktop\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document
C:\Users\Public\Desktop\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet
C:\Users\Public\Desktop\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation
C:\Users\Public\Desktop\IObit Unlocker.lnk - C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.exe
C:\Users\Public\Desktop\Loja de Suprimentos HP.lnk - C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe www.123rede.com?oem=mbtkv3&uid=TE851749H1R9AL_HitachiHTS545050A7E380&tm=1431365200
C:\Users\Public\Desktop\Receitanet 1.07 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe www.123rede.com?oem=mbtkv3&uid=TE851749H1R9AL_HitachiHTS545050A7E380&tm=1431365200
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú\Desinstalador.lnk -
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú\Itaú.lnk -
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2015\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Ajuda do IRPF2015.lnk -
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2015\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2015.lnk -
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2015\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2015\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Leia-me do IRPF2015.lnk -
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_56998202.lnk - C:\Users\Luiz Eduardo\AppData\Local\Temp\_uninst_56998202.bat

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe www.123rede.com?oem=mbtkv3&uid=TE851749H1R9AL_HitachiHTS545050A7E380&tm=1431365200
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dicionário Houaiss 2009\Desinstalar Dicionário eletrônico Houaiss 2009.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dicionário Houaiss 2009\Dicionário eletrônico Houaiss.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dicionário Houaiss 2009\Manual do Dicionário Houaiss.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2\Desinstalar Driver Booster 2.lnk - C:\Program Files (x86)\IObit\Driver Booster\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2\Driver Booster 2.lnk - C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=mbtkv3&uid=TE851749H1R9AL_HitachiHTS545050A7E380&tm=1431365200
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB\Receitanet\Ajuda do Receitanet 1.07 .lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB\Receitanet\Desinstalar o Receitanet 1.07.lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Desinstalador.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB\Receitanet\Receitanet 1.07 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4\Desinstalar Smart Defrag 4.lnk - C:\Program Files (x86)\IObit\Smart Defrag 4\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4\Smart Defrag 4.lnk - C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8\Desinstalar Start Menu 8.lnk - C:\Program Files (x86)\IObit\Start Menu 8\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8\Start Menu 8.lnk - C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe startmenu

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 5.lnk - C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=mbtkv3&uid=TE851749H1R9AL_HitachiHTS545050A7E380&tm=1431365200
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe www.123rede.com?oem=mbtkv3&uid=TE851749H1R9AL_HitachiHTS545050A7E380&tm=1431365200
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}\SC_Reader.ico
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 8 (2).lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /manual
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 8.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /manual
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CCleaner.lnk - C:\Users\Luiz Eduardo\Documents\MANUTENÇÃO\CCleaner\CCleaner64.exe
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Control Panel.lnk -
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Dicionário eletrônico Houaiss.lnk -
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster 2.lnk - C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\FeedDemon.lnk - C:\Program Files (x86)\FeedDemon\FeedDemon.exe
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=mbtkv3&uid=TE851749H1R9AL_HitachiHTS545050A7E380&tm=1431365200
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Itaú.lnk -
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe www.123rede.com?oem=mbtkv3&uid=TE851749H1R9AL_HitachiHTS545050A7E380&tm=1431365200
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Task Manager.lnk - C:\Windows\system32\taskmgr.exe /7

==== shortcuts After Repair ======================

C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Luiz Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Luiz Eduardo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Luiz Eduardo\AppData\Local\Mozilla\Firefox\Profiles\gk70kyht.default-1400951411541\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Luiz Eduardo\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Luiz Eduardo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=106 folders=21 103343983 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Luiz Eduardo\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\LUIZED~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 14/05/2015 at 17:30:08,00 ======================
NOTEBOOK ASUS
CORE i3
4 GB - HD 500 GB
WINDOWS 10
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#14 Por Power Max
15/05/2015 - 09:20
Faça o download do < ZHPCleaner > < 4560c2e838537857a70e37b22927665a> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPCleaner para baixá-lo, tal como mostra a imagem abaixo:

58de70529772c242f9f9a79cb07a1430

Para executá-lo corretamente siga as dicas desta postagem:

Tutorial completo do ZHPCleaner

Após a utilização dele, copie todo o conteúdo do seu relatório ZHPCleaner.txt e poste em sua próxima resposta.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Responder Tópico
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal