Logo Hardware.com.br
Ratinho
Ratinho Membro Senior Registrado
410 Mensagens 5 Curtidas

Computador contaminado com Ad ware...

#1 Por Ratinho 07/02/2015 - 14:15
Boa tarde,

Recentemente fui instalar um programa para converter jpg em pdf e o mesmo instalou vários ad wares e mesmo com a desinstalação dos programas meu computador continua sendo dominado por eles, principalmente quando vou utilizar o chrome para navegar na internet (pois fica abrindo páginas sem que eu queira e coloca propaganda a todo momento). Instalei o YAC e instalei recentemente o Spyboot. Com esses programas eu consigo me livrar do problema ou somente com a formatação com computador e nova instalação do Windows?

Desde já agradeço a ajuda.
computador programa boa recentemente ad contaminado ware tarde
Responder
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#2 Por Power Max
07/02/2015 - 15:36
Sugiro que desinstale este YAC e o Spybot.
_____________________________________________________________________________

Depois de desinstalar os programas acima, baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
http://www.bleepingcomputer.com/download/adwcleaner/

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Ratinho
Ratinho Membro Senior Registrado
410 Mensagens 5 Curtidas
#4 Por Ratinho
08/02/2015 - 22:01
Power Max disse:
Sugiro que desinstale este YAC e o Spybot.
_____________________________________________________________________________

Depois de desinstalar os programas acima, baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
http://www.bleepingcomputer.com/download/adwcleaner/

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.


Desinstalei os programas e instalei o adwcleaner e acho que o consegui resolver o problema, pois até o momento não voltaram as propagandas indesejáveis.

Obrigado pela ajuda.
[Pessimista é aquele que reclama do barulho quando a oportunidade bate na porta.]

Conclusão: Deixe a porta aberta!
Ratinho
Ratinho Membro Senior Registrado
410 Mensagens 5 Curtidas
#5 Por Ratinho
09/02/2015 - 19:13
Power Max disse:
Sugiro que desinstale este YAC e o Spybot.
_____________________________________________________________________________

Depois de desinstalar os programas acima, baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
http://www.bleepingcomputer.com/download/adwcleaner/

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

O problema voltou e instalei novamente o adwcleaner e agora não detectou nada, mas as propagandas voltaram.
O primeiro relatório foi esse:



# AdwCleaner v4.110 - Logfile created 07/02/2015 at 14:49:53

# Updated 05/02/2015 by Xplode

# Database : 2015-02-05.2 [Server]

# Operating system : Windows 7 Ultimate Service Pack 1 (x64)

# Username : Ana_e_Luis - ANA_E_LUIS-PC

# Running from : C:\Users\Ana_e_Luis\Downloads\adwcleaner_4.110.exe

# Option : Scan



***** [ Services ] *****



Service Found : iSafeKrnlMon



***** [ Files / Folders ] *****



File Found : C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage

File Found : C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal

File Found : C:\Windows\System32\log\iSafeKrnlCall.log



***** [ Scheduled tasks ] *****



Task Found : SaveSense

Task Found : 1d65ee57-8602-421b-a0f0-fc7f07374bbc-1-6

Task Found : 1d65ee57-8602-421b-a0f0-fc7f07374bbc-1-7

Task Found : 1d65ee57-8602-421b-a0f0-fc7f07374bbc-4

Task Found : 1d65ee57-8602-421b-a0f0-fc7f07374bbc-5

Task Found : 1d65ee57-8602-421b-a0f0-fc7f07374bbc-5_user

Task Found : 1d65ee57-8602-421b-a0f0-fc7f07374bbc-6

Task Found : 1d65ee57-8602-421b-a0f0-fc7f07374bbc-7



***** [ Shortcuts ] *****





***** [ Registry ] *****



Key Found : HKCU\Software\InstalledBrowserExtensions

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}

Key Found : HKCU\Software\Softonic

Key Found : [x64] HKCU\Software\InstalledBrowserExtensions

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428A-92C9-0CFC28B9D1BF}

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}

Key Found : [x64] HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}

Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe

Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions



***** [ Web browsers ] *****



-\\ Internet Explorer v10.0.9200.16521



Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st1000dm003-1ch162_z1d6jkfaxxxxz1d6jkfa

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st1000dm003-1ch162_z1d6jkfaxxxxz1d6jkfa

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st1000dm003-1ch162_z1d6jkfaxxxxz1d6jkfa

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st1000dm003-1ch162_z1d6jkfaxxxxz1d6jkfa

Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st1000dm003-1ch162_z1d6jkfaxxxxz1d6jkfa

Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st1000dm003-1ch162_z1d6jkfaxxxxz1d6jkfa



-\\ Mozilla Firefox v



[hziutebs.default] - Line Found : user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%2[...]

[hziutebs.default] - Line Found : user_pref("extensions.crossrider.bic", "14b59a0c6c0569619a0141d17f05d02d&quot;



-\\ Google Chrome v40.0.2214.111



[C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://<a href="'http://www.softonic.com.br/s/{searchTerms}'" target="_blank">www.softonic.com.br/s/{searchTerms}</a>

[C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=st1000dm003-1ch162_z1d6jkfaxxxxz1d6jkfa&ts=1423323753

*************************



AdwCleaner[R0].txt - [4134 bytes] - [07/02/2015 14:49:53]



########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4193 bytes] ##########

Agora está o relatório está assim:


# AdwCleaner v4.110 - Logfile created 09/02/2015 at 19:03:47

# Updated 05/02/2015 by Xplode

# Database : 2015-02-09.1 [Server]

# Operating system : Windows 7 Ultimate Service Pack 1 (x64)

# Username : Ana_e_Luis - ANA_E_LUIS-PC

# Running from : C:\Users\Ana_e_Luis\Downloads\AdwCleaner.exe

# Option : Cleaning



***** [ Services ] *****





***** [ Files / Folders ] *****





***** [ Scheduled tasks ] *****





***** [ Shortcuts ] *****





***** [ Registry ] *****





***** [ Web browsers ] *****



-\\ Internet Explorer v10.0.9200.16521





-\\ Mozilla Firefox v





-\\ Google Chrome v40.0.2214.111





*************************



AdwCleaner[R0].txt - [4300 bytes] - [07/02/2015 14:49:53]

AdwCleaner[R1].txt - [902 bytes] - [09/02/2015 18:58:47]

AdwCleaner[R2].txt - [1018 bytes] - [09/02/2015 19:02:44]

AdwCleaner[S0].txt - [3476 bytes] - [07/02/2015 14:53:19]

AdwCleaner[S1].txt - [967 bytes] - [09/02/2015 18:59:47]

AdwCleaner[S2].txt - [947 bytes] - [09/02/2015 19:03:47]



########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1005  bytes] ##########

O adware que está causando isso é um tal de Ads by Info e ADVERTISEMENT | Powered by Info

Tem como me ajudar.
[Pessimista é aquele que reclama do barulho quando a oportunidade bate na porta.]

Conclusão: Deixe a porta aberta!
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#6 Por Power Max
09/02/2015 - 19:18
Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
http://www.hijackthis.nl/smeenk/

Para executá-lo corretamente siga as dicas deste tutorial:

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Ratinho
Ratinho Membro Senior Registrado
410 Mensagens 5 Curtidas
#7 Por Ratinho
09/02/2015 - 20:28
Power Max disse:
Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
http://www.hijackthis.nl/smeenk/

Para executá-lo corretamente siga as dicas deste tutorial:

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Executei o programa e o relatório está logo abaixo, mas adianto que o problema persiste! Já não sei mais o que fazer!


Zoek.exe v5.0.0.0 Updated 08-February-2015

Tool run by Ana_e_Luis on 09/02/2015 at 20:11:01,40.

Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Ana_e_Luis\Downloads\zoek.exe [Scan all users] [Script inserted]



==== System Restore Info ======================



09/02/2015 20:13:49 Zoek.exe System Restore Point Created Succesfully.



==== Reset Hosts File ======================



# Copyright (c) 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

#      102.54.94.97     rhino.acme.com          # source server

#       38.25.63.10     x.acme.com              # x client host



# localhost name resolution is handle within DNS itself.

127.0.0.1       localhost

::1             localhost



==== Empty Folders Check ======================



C:\PROGRA~2\AGEIA Technologies deleted successfully

C:\PROGRA~2\Avira deleted successfully

C:\PROGRA~2\TomTom DesktopSuite deleted successfully

C:\PROGRA~3\Oracle deleted successfully

C:\Users\Ana_e_Luis\AppData\Roaming\Baidu Security deleted successfully

C:\Users\Ana_e_Luis\AppData\Local\calibre-cache deleted successfully



==== Deleting CLSID Registry Keys ======================





==== Deleting CLSID Registry Values ======================





==== Deleting Services ======================





==== FireFox Fix ======================



Deleted from C:\Users\ANA_E_~1\AppData\Roaming\Mozilla\Firefox\Profiles\hziutebs.default\prefs.js:

user_pref("browser.startup.homepage", "<a href="'http://www.jogostempo.com?oem=brsoftv3&uid=Z1D6JKFA_ST1000DM003-1CH162&tm=1423137466'" target="_blank">www.jogostempo.com?oem=brsoftv3&uid=Z1D6JKFA_ST1000DM003-1CH162&tm=1423137466</a>&quot;

user_pref("browser.newtab.url", "<a href="'http://www.jogostempo.com?oem=brsoftv3&uid=Z1D6JKFA_ST1000DM003-1CH162&tm=1423137466'" target="_blank">www.jogostempo.com?oem=brsoftv3&uid=Z1D6JKFA_ST1000DM003-1CH162&tm=1423137466</a>&quot;



Added to C:\Users\ANA_E_~1\AppData\Roaming\Mozilla\Firefox\Profiles\hziutebs.default\prefs.js:

user_pref("browser.startup.homepage", "about:home&quot;

user_pref("browser.newtab.url", "about:newtab&quot;



Deleted from C:\Users\ANA_E_~1\AppData\Roaming\Thunderbird\Profiles\su2vmi4y.default\prefs.js:



Added to C:\Users\ANA_E_~1\AppData\Roaming\Thunderbird\Profiles\su2vmi4y.default\prefs.js:

user_pref("browser.startup.homepage", "about:home&quot;

user_pref("browser.newtab.url", "about:newtab&quot;



Deleted from C:\Users\ANA_E_~1\AppData\Roaming\TomTom\HOME\Profiles\gb8dbc9i.default\prefs.js:



Added to C:\Users\ANA_E_~1\AppData\Roaming\TomTom\HOME\Profiles\gb8dbc9i.default\prefs.js:

user_pref("browser.startup.homepage", "about:home&quot;

user_pref("browser.newtab.url", "about:newtab&quot;



ProfilePath: C:\Users\ANA_E_~1\AppData\Roaming\Mozilla\Firefox\Profiles\hziutebs.default



user.js not found

---- Lines aOIBMBKA115048682HYKFIU97176590com69065 removed from prefs.js ----

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.active", true);

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.addressbar", "NA&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.addressbarenhanced", "&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.asyncdb.was_copied", "true&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.asyncinternaldb.was_copied", "true&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.backgroundver", 1);

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.certdomaininstaller", "&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.changeprevious", false);

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora ofic

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.cookie.InstallationTime.value", "%221423137578%22&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora ofici

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22002161%22%2C%22sub_id%22%3

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.cookie.load_balancer.expiration", "Thu Feb 05 2015 16:45:17 GMT-0200 (Hora oficial

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.cookie.load_balancer.value", "%22%7B%20%5C%22Status%5C%22%3A%201%2C%5C%22Endpoint%

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.cookie.previous_page.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.cookie.previous_page.value", "%22https%3A//<a href="'http://www.google.com/chrome/browser/thankyou'" target="_blank">www.google.com/chrome/browser/thankyou</a>.

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.cookie.user_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Br

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.cookie.user_id.value", "%2214b59a0c6c0569619a0141d17f05d02d%22&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.description", "Lights out for YouTube&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.domain", "&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.enablesearch", false);

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.homepage", "&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.iframe", false);

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.InstallationThankYouPage", true);

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.InstallationTime", 1423137578);

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Ho

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.__defualt_browser__.value", "%22ch%22&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb._installer_additional_info.expiration", "Fri Feb 01 2030 00:00:00 GMT-0

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb._installer_additional_info.value", "%7B%22asw%22%3A%5B4%2C-2147483643%2

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (H

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22DEA4A6BD4FA94

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora o

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22002161%22%2C%22sub_id%

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (H

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22002161%22%2C%22su

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GM

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22DEA4

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.monetization_plugin_bundledWithHash.value", "null&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.monetization_plugin_last_executable_request.expiration", "Thu Feb 05 20

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.monetization_plugin_last_executable_request.value", "%22https%3A//dl.go

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb 01 203

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.reporting_user_key_index.expiration", "Sun Feb 02 2025 10:04:48 GMT-020

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.reporting_user_key_index.value", "428&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.Resources_appVer.value", "57&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.Resources_lastVersion.value", "1&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora of

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.Resources_meta.value", "%7B%7D&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.Resources_nextCheck.expiration", "Thu Feb 05 2015 16:04:49 GMT-0200 (Ho

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.Resources_nextCheck.value", "true&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora o

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.Resources_queue.value", "%7B%7D&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.lastDailyReport", "1423137885717&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.lastUpdate", "1423137884766&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.manifesturl", "&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.name", "HQ_Vid_Quality_1.5vV05.02&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.newtab", "&quot;

user_pref("[EMAIL]extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.OIBMBKA115048682@HYKFIU97176590.comaOIBMBKA[/EMAIL]115048682HYKFIU97176590com69065_dbWasSe

user_pref("[EMAIL]extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.OIBMBKA115048682@HYKFIU97176590.comaOIBMBKA[/EMAIL]115048682HYKFIU97176590com69065_dbWasSe

user_pref("[EMAIL]extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.OIBMBKA115048682@HYKFIU97176590.comasyncdb[/EMAIL]_dbWasSet", true);

user_pref("[EMAIL]extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.OIBMBKA115048682@HYKFIU97176590.comasyncdb[/EMAIL]_dbWasSet_FF25_FIX", true);

user_pref("[EMAIL]extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.OIBMBKA115048682@HYKFIU97176590.comasyncinternaldb[/EMAIL]_dbWasSet", true);

user_pref("[EMAIL]extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.OIBMBKA115048682@HYKFIU97176590.comasyncinternaldb[/EMAIL]_dbWasSet_FF25_FIX", true);

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.opensearch", "&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.pluginsurl", "<a href="http://js.ourdatagenserv.com/plugin/apps/69065/plugins/na/ff/plugins" target="_blank">http://js.ourdatagenserv.com/plugin/apps/69065/plugins/na/ff/plugins</a>

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.pluginsversion", 52);

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.publisher", "HQ_Vid_Quality_1.5vV05.02&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.searchstatus", 0);

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.setnewtab", false);

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.thankyou", "&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.updateinterval", 360);

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.ver", 57);

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.apps", "69065&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.bic", "14b59a0c6c0569619a0141d17f05d02d&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.cid", 69065);

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.firstrun", false);

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.hadappinstalled", true);

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.installationdate", 1423137884);

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.installerAdditionalInfo", "{\"asw\":[4, -2147483643, 0, 0],\"browser_name\":\"ff\",\"pro

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.modetype", "production&quot;

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.reportInstall", true);

user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.statsDailyCounter", 1);

---- Lines browser.startup.page removed from prefs.js ----

user_pref("browser.startup.page", 3);

---- FireFox user.js and prefs.js backups ----



prefs_022015_2020_.backup



ProfilePath: C:\Users\ANA_E_~1\AppData\Roaming\Thunderbird\Profiles\su2vmi4y.default



user.js not found

---- FireFox user.js and prefs.js backups ----



prefs_022015_2020_.backup



ProfilePath: C:\Users\ANA_E_~1\AppData\Roaming\TomTom\HOME\Profiles\gb8dbc9i.default



user.js not found

---- FireFox user.js and prefs.js backups ----



prefs_022015_2020_.backup



==== Deleting Files \ Folders ======================



C:\Program Files (x86)\Acro Software\f6a9b4e3-3f12-4f0e-9991-944f02d096f0.dll deleted

C:\Program Files (x86)\Acro Software\d4583476-7694-4f7d-af0f-e36e7180d4f9.dll deleted

C:\Users\Ana_e_Luis\.android deleted

C:\PROGRA~2\SamsungPrinterLiveUpdateInstaller deleted

C:\PROGRA~2\d4583476-7694-4f7d-af0f-e36e7180d4f9 deleted

C:\install.exe deleted

C:\Users\Ana_e_Luis\AppData\Roaming\WB.CFG deleted

C:\Users\Ana_e_Luis\AppData\Roaming\alsoft.ini deleted

C:\PROGRA~3\Package Cache deleted

C:\Users\Ana_e_Luis\AppData\Local\BIT7501.tmp deleted

C:\windows\SysNative\GroupPolicy\Machine deleted

C:\windows\SysNative\GroupPolicy\User deleted

C:\windows\SysNative\GroupPolicy\GPT.INI deleted

C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted

C:\Users\ANA_E_~1\AppData\Roaming\Mozilla\Firefox\Profiles\hziutebs.default\extensions\[EMAIL]OIBMBKA115048682@HYKFIU97176590.com[/EMAIL] deleted

"C:\Users\Ana_e_Luis\AppData\Local\{A4039A48-C84D-4267-81C9-7A9C877221CA}" deleted



==== Firefox Start and Search pages ======================



ProfilePath: C:\Users\ANA_E_~1\AppData\Roaming\Mozilla\Firefox\Profiles\hziutebs.default

user_pref("browser.startup.homepage", "about:home&quot;

user_pref("browser.newtab.url", "about:newtab&quot;



ProfilePath: C:\Users\ANA_E_~1\AppData\Roaming\Thunderbird\Profiles\su2vmi4y.default

user_pref("browser.startup.homepage", "about:home&quot;

user_pref("browser.newtab.url", "about:newtab&quot;



ProfilePath: C:\Users\ANA_E_~1\AppData\Roaming\TomTom\HOME\Profiles\gb8dbc9i.default

user_pref("browser.startup.homepage", "about:home&quot;

user_pref("browser.newtab.url", "about:newtab&quot;



==== Firefox Extensions ======================



ProfilePath: C:\Users\ANA_E_~1\AppData\Roaming\Mozilla\Firefox\Profiles\hziutebs.default

- Undetermined - C:\Users\Ana_e_Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hziutebs.default\extensions\[EMAIL]OIBMBKA115048682@HYKFIU97176590.com[/EMAIL]

- ffext_basicvideoextstartpage24 - C:\Users\Ana_e_Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hziutebs.default\extensions\ffext_basicvideoext@startpage24

- Undetermined - [EMAIL]OIBMBKA115048682@HYKFIU97176590.com[/EMAIL]

- ffext_basicvideoextstartpage24 - %ProfilePath%\extensions\ffext_basicvideoext@startpage24



ProfilePath: C:\Users\ANA_E_~1\AppData\Roaming\TomTom\HOME\Profiles\gb8dbc9i.default

- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[EMAIL]MapShare-status@tomtom.com[/EMAIL]

- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[EMAIL]baseTheme@tomtom.com[/EMAIL]



==== Firefox Plugins ======================



Profilepath: C:\Users\Ana_e_Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hziutebs.default

C62322C77D1AAB77B1CF1130FCC3673A    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll -    Shockwave Flash





==== Chromium Look ======================



Google Chrome Version: 40.0.2214.111 (Possible outdated, latest Stable version: 40.0.2214.94)





Google Docs - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

emafblcdglliigbabbcjbmeabppnecgj - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\emafblcdglliigbabbcjbmeabppnecgj

Google Wallet - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

Google Slides - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek

Google Docs - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

emafblcdglliigbabbcjbmeabppnecgj - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\emafblcdglliigbabbcjbmeabppnecgj

Google Sheets - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap

Google Wallet - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia



==== Chromium Fix ======================



C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_<a href="'http://www.superfish.com_0.localstorage'" target="_blank">www.superfish.com_0.localstorage</a> deleted successfully

C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_<a href="'http://www.superfish.com_0.localstorage-journal'" target="_blank">www.superfish.com_0.localstorage-journal</a> deleted successfully

C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_<a href="'http://www.superfish.com_0.localstorage'" target="_blank">www.superfish.com_0.localstorage</a> deleted successfully

C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_<a href="'http://www.superfish.com_0.localstorage-journal'" target="_blank">www.superfish.com_0.localstorage-journal</a> deleted successfully

C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.boostsaves.com_0.localstorage deleted successfully

C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.boostsaves.com_0.localstorage-journal deleted successfully

C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_offers.boostsaves.com_0.localstorage deleted successfully

C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_offers.boostsaves.com_0.localstorage-journal deleted successfully

C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_static.boostsaves.com_0.localstorage deleted successfully

C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_static.boostsaves.com_0.localstorage-journal deleted successfully



==== Set IE to Default ======================



Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="<a href="http://www.google.com" target="_blank">http://www.google.com</a>"

"Default_Page_URL"="<a href="http://www.google.com" target="_blank">http://www.google.com</a>"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="<a href="http://www.google.com" target="_blank">http://www.google.com</a>"

"Default_Page_URL"="<a href="http://www.google.com" target="_blank">http://www.google.com</a>"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Start Page"="<a href="http://www.google.com" target="_blank">http://www.google.com</a>"

"Default_Page_URL"="<a href="http://www.google.com" target="_blank">http://www.google.com</a>"



New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>"

"Start Page"="<a href="http://www.google.com" target="_blank">http://www.google.com</a>"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>"

"Default_Page_URL"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Start Page"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>"

"Default_Page_URL"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>"



==== All HKCU SearchScopes ======================



HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="<a href="http://www.google.com/search?q={searchTerms}" target="_blank">http://www.google.com/search?q={searchTerms}</a>"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="<a href="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" target="_blank">http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC</a>"

{79456162-BA89-4389-A927-AA814BC4E7EB} Google  Url="<a href="https://www.google.com/search?q={searchTerms}" target="_blank">https://www.google.com/search?q={searchTerms}</a>"



==== Reset Google Chrome ======================



C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully

C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully



==== shortcuts on All Users Desktop ======================



C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe



==== shortcuts in All Users Start Menu ======================



C:\ProgramData\Microsoft\Windows\Start Menu\Program Updates.lnk - C:\Windows\Installer\{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\STREET FIGHTER IV.lnk - 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigabyte\App Center\APP Center.lnk - C:\Program Files (x86)\GIGABYTE\AppCenter\RunUpd.exe -sh

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigabyte\App Center\Uninstall AppCenter.lnk - C:\Program Files (x86)\InstallShield Installation Information\{F3D47276-0E35-42CF-A677-B45118470E21}\setup.exe -uninst

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin Error Reporter.lnk - C:\Program Files (x86)\Origin\OriginER.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigil\Sigil.lnk - C:\Program Files (x86)\Sigil\Sigil.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigil\Uninstall Sigil.lnk - C:\Program Files (x86)\Sigil\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer\Assassin's Creed II\Atualizador Tribo Gamer.lnk - C:\Program Files (x86)\Tribo Gamer\Assassin's Creed II\Atualizador.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer\Assassin's Creed II\Créditos da Tradução.lnk - 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer\Assassin's Creed II\Desinstalar a Tradução.lnk - 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer\Assassin's Creed II\Notas da Tradução.lnk - 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer\Borderlands 2 - GOTY Edition\Atualizador Tribo Gamer.lnk - C:\Program Files (x86)\Tribo Gamer\Borderlands 2 - GOTY Edition\Atualizador.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer\Borderlands 2 - GOTY Edition\Créditos da Tradução.lnk - 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer\Borderlands 2 - GOTY Edition\Desinstalar a Tradução.lnk - 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer\Borderlands 2 - GOTY Edition\Notas da Tradução.lnk - 



==== shortcuts in Quick Launch ======================



C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - 

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - 

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - 

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - 

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - 

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - 



==== Reset IE Proxy ======================



Value(s) before fix:

"ProxyEnable"=dword:00000000



Value(s) after fix:

"ProxyEnable"=dword:00000000



==== Deleting Registry Keys ======================



HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully



==== Empty IE Cache ======================



C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Ana_e_Luis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Ana_e_Luis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully



==== Empty FireFox Cache ======================



C:\Users\Ana_e_Luis\AppData\Local\Mozilla\Firefox\Profiles\hziutebs.default\cache2 emptied successfully



==== Empty Chrome Cache ======================



C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully



==== Empty All Flash Cache ======================



Flash Cache Emptied Successfully



==== Empty All Java Cache ======================



Java Cache cleared successfully



==== C:\zoek_backup content ======================



C:\zoek_backup (files=170 folders=28 13750160 bytes)



==== Empty Temp Folders ======================



C:\Users\Ana_e_Luis\AppData\Local\Temp will be emptied at reboot

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\USURIO~1\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot



==== After Reboot ======================



==== Empty Temp Folders ======================



C:\Windows\Temp successfully emptied

C:\Users\ANA_E_~1\AppData\Local\Temp successfully emptied



==== Empty Recycle Bin ======================



C:\$RECYCLE.BIN successfully emptied



==== EOF on 09/02/2015 at 20:24:51,08 ======================
[Pessimista é aquele que reclama do barulho quando a oportunidade bate na porta.]

Conclusão: Deixe a porta aberta!
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#8 Por Power Max
09/02/2015 - 22:14
Calma, companheiro. São necessárias algumas etapas para se fazer a limpeza completa dos problemas.
_________________________________________

Faça o download do < ZHPCleaner > < Imagem> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPCleaner para baixá-lo, tal como mostra a imagem abaixo:

Imagem

Para executá-lo corretamente siga as dicas desta postagem:

Tutorial completo do ZHPCleaner

Após a utilização dele, copie todo o conteúdo do seu relatório ZHPCleaner.txt e poste em sua próxima resposta.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Ratinho
Ratinho Membro Senior Registrado
410 Mensagens 5 Curtidas
#9 Por Ratinho
10/02/2015 - 21:59
Power Max disse:
Calma, companheiro. São necessárias algumas etapas para se fazer a limpeza completa dos problemas.
_________________________________________

Faça o download do < ZHPCleaner > < Imagem> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPCleaner para baixá-lo, tal como mostra a imagem abaixo:

Imagem

Para executá-lo corretamente siga as dicas desta postagem:

Tutorial completo do ZHPCleaner

Após a utilização dele, copie todo o conteúdo do seu relatório ZHPCleaner.txt e poste em sua próxima resposta.


Boa noite,

Fiz esse novo procedimento e o resultado está postado logo abaixo, mas as propagandas continuam.

~ ZHPCleaner v2015.2.10.61 by Nicolas Coolman (10/02/2015)
~ Run by Ana_e_Luis (Administrator) (10/02/2015 21:50:07)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Ana_e_Luis\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Ana_e_Luis\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\ Services (0)
~ No malicious items found.


---\\ Browser internet (0)
~ No malicious items found.


---\\ Hosts file (2)
REPLACED:
Number of found redirections 1/22


---\\ Scheduled automatic tasks. (0)
~ No malicious items found.


---\\ Explorer ( File, Folder) (2)
MOVED file: C:\Windows\Prefetch\YET_ANOTHER_CLEANER_SK_406632-3E643EBD.pf (PUP.YetAnotherCleaner)
MOVED file: C:\Users\Ana_e_Luis\Downloads\yet_another_cleaner_sk_4066329.exe [Elex do Brasil Participações Ltda - standard installer] (PUP.YetAnotherCleaner)


---\\ Registry ( Key, Value, Data) (8)
DELETED data: HKCR\htmlfile\Shell\Open\Command\\Default [Bad : "C:\Program Files\Internet Explorer\iexplore.exe" %1] (Broken.OpenCommand)
DELETED key: HKCU\SOFTWARE\HQ_Vid_Quality_1.5vV05.02-nv [] (Heuristic.CrossRider)
DELETED key: HKLM\SOFTWARE\Wow6432Node\b6f6c5c7-9699-4ed4-8869-8d0f402f648b [] (PUP.CrossRider)
DELETED key: HKLM\SOFTWARE\Wow6432Node\HQ_Vid_Quality_1.5vV05.02-nv [] (Heuristic.CrossRider)
DELETED key: HKCR\setup.player [InstallShield Setup Player V11] (Spyware.MarketScore)
DELETED key: HKCR\setup.player.2k2 [InstallShield Setup Player V11] (Spyware.MarketScore)
DELETED key: HKCR\DisplayServer.TVWizard [TVWizard Class] (PUP.TVWizard)
DELETED key: HKCR\DisplayServer.TVWizard.1 [TVWizard Class] (PUP.TVWizard)



---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 75125
~ Items found : 1
~ Items repaired : 10


End of clean at 21:54:04
===================
ZHPCleaner-[R]-10022015-21_54_04.txt
Power Max disse:
Calma, companheiro. São necessárias algumas etapas para se fazer a limpeza completa dos problemas.
_________________________________________

Faça o download do < ZHPCleaner > < Imagem> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPCleaner para baixá-lo, tal como mostra a imagem abaixo:

Imagem

Para executá-lo corretamente siga as dicas desta postagem:

Tutorial completo do ZHPCleaner

Após a utilização dele, copie todo o conteúdo do seu relatório ZHPCleaner.txt e poste em sua próxima resposta.


Boa noite,

Fiz os procedimentos indicados e o relatório está logo abaixo, mas ainda continuam as propagandas indesejadas e janelas abertas sem solicitação:

~ ZHPCleaner v2015.2.10.61 by Nicolas Coolman (10/02/2015)
~ Run by Ana_e_Luis (Administrator) (10/02/2015 21:50:07)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Ana_e_Luis\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Ana_e_Luis\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\ Services (0)
~ No malicious items found.


---\\ Browser internet (0)
~ No malicious items found.


---\\ Hosts file (2)
REPLACED:
Number of found redirections 1/22


---\\ Scheduled automatic tasks. (0)
~ No malicious items found.


---\\ Explorer ( File, Folder) (2)
MOVED file: C:\Windows\Prefetch\YET_ANOTHER_CLEANER_SK_406632-3E643EBD.pf (PUP.YetAnotherCleaner)
MOVED file: C:\Users\Ana_e_Luis\Downloads\yet_another_cleaner_sk_4066329.exe [Elex do Brasil Participações Ltda - standard installer] (PUP.YetAnotherCleaner)


---\\ Registry ( Key, Value, Data) (8)
DELETED data: HKCR\htmlfile\Shell\Open\Command\\Default [Bad : "C:\Program Files\Internet Explorer\iexplore.exe" %1] (Broken.OpenCommand)
DELETED key: HKCU\SOFTWARE\HQ_Vid_Quality_1.5vV05.02-nv [] (Heuristic.CrossRider)
DELETED key: HKLM\SOFTWARE\Wow6432Node\b6f6c5c7-9699-4ed4-8869-8d0f402f648b [] (PUP.CrossRider)
DELETED key: HKLM\SOFTWARE\Wow6432Node\HQ_Vid_Quality_1.5vV05.02-nv [] (Heuristic.CrossRider)
DELETED key: HKCR\setup.player [InstallShield Setup Player V11] (Spyware.MarketScore)
DELETED key: HKCR\setup.player.2k2 [InstallShield Setup Player V11] (Spyware.MarketScore)
DELETED key: HKCR\DisplayServer.TVWizard [TVWizard Class] (PUP.TVWizard)
DELETED key: HKCR\DisplayServer.TVWizard.1 [TVWizard Class] (PUP.TVWizard)



---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 75125
~ Items found : 1
~ Items repaired : 10


End of clean at 21:54:04
===================
ZHPCleaner-[R]-10022015-21_54_04.txt
[Pessimista é aquele que reclama do barulho quando a oportunidade bate na porta.]

Conclusão: Deixe a porta aberta!
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#10 Por Power Max
10/02/2015 - 22:50
veja.png Faça o download do Malwarebytes em um destes links abaixo:
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
http://downloads.malwarebytes.org/mbam-download.php

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

Tutorial do Malwarebytes Anti-Malware

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Ratinho
Ratinho Membro Senior Registrado
410 Mensagens 5 Curtidas
#11 Por Ratinho
11/02/2015 - 18:13
Power Max disse:
veja.png Faça o download do Malwarebytes em um destes links abaixo:
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
http://downloads.malwarebytes.org/mbam-download.php

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

Tutorial do Malwarebytes Anti-Malware

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.


Boa tarde,

Usei o programa que você me indicou e fiz os procedimentos. O problema persiste! Sempre que eu fizer esses procedimentos devo desinstalar o navegador e baixa-lo novamente? Pois , sempre que carrego o Chrome aparece na barra do navegador os sites das propagandas indesejadas sendo carregadas para depois aparecer as janelas. Com relação ao relatório ele está colado no texto abaixo:

Desde já agradeço a ajuda!

Malwarebytes Anti-Malware
www.malwarebytes.org

Data da Verificação: 11/02/2015
Hora da Verificação: 16:20:33
Arquivo de Log: relatorio_MalWare_01.txt
Administrador: Sim

Versão: 2.00.4.1028
Base de Dados de Malware: v2015.02.11.06
Base de Dados de Rootkit: v2015.02.03.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Auto-Proteção: Desabilitado

SO: Windows 7 Service Pack 1
Processador: x64
Sistema de Arquivos: NTFS
Usuário: Ana_e_Luis

Tipo da Verificação: Verificação Personalizada
Resultado: Terminado
Objetos Verificados: 604305
Tempo Decorrido: 1 hr, 39 min, 39 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de Arquivos: Habilitado
Arquivos Compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

Processos: 0
(Nenhum item malicioso detectado)

Módulos: 0
(Nenhum item malicioso detectado)

Chaves de Registro: 0
(Nenhum item malicioso detectado)

Valores de Registro: 0
(Nenhum item malicioso detectado)

Dados de Registro: 0
(Nenhum item malicioso detectado)

Pastas: 0
(Nenhum item malicioso detectado)

Arquivos: 8
PUP.Optional.Nova.A, C:\Program Files (x86)\HQ_Vid_Quality_1.5vV05.02\b6f6c5c7-9699-4ed4-8869-8d0f402f648b.dll, Quarentena, [6da5f426b0da4cea13eb7b8b966ce719],
PUP.Optional.Firseria, C:\Users\Ana_e_Luis\Downloads\CutePDF Writer.exe, Quarentena, [8a8830ea3d4dcd6949c144692adbcd33],
PUP.Optional.Nova.A, C:\zoek_backup\C_Program Files (x86)_Acro Software_f6a9b4e3-3f12-4f0e-9991-944f02d096f0.dll.vir, Quarentena, [90824ecc3b4f93a3936bc3437a8854ac],
PUP.Optional.Nova.A, C:\zoek_backup\C_PROGRA~2_d4583476-7694-4f7d-af0f-e36e7180d4f9\bf5e26be-7794-42c3-b6e0-e213ec3562b3.dll, Quarentena, [a27060baabdf48ee2dd1f80ed03208f8],
Malware.Packer.Gen, E:\Meus Documentos\Projeto\Textos_Projeto\Rafael_20JUL2004\SRTM\GlobalMapper\Keygen.exe, Quarentena, [6ea4e832800a43f341ad076bc04017e9],
Trojan.Agent.W, E:\Meus Downloads\Windows 7 activators.rar, Quarentena, [a46e53c7cac0aa8c9ed1e28500053dc3],
Adware.WhenU, E:\Meus Downloads\Games\Hitman Blood Money\daemon403-x86.exe, Quarentena, [52c0ce4cc3c72b0b9ed1bb0943c2a957],
Trojan.HTKeyGen, E:\Meus Downloads\Programas\AUTODESK.MAYA.V2011.WIN32-ISO\xf-a2011-32bits.exe, Quarentena, [e0325bbf91f92d093cbf2147c73a7d83],

Setores Físicos: 0
(Nenhum item malicioso detectado)


(end)
[Pessimista é aquele que reclama do barulho quando a oportunidade bate na porta.]

Conclusão: Deixe a porta aberta!
tadeuboato
tadeuboato Geek Registrado
1.5K Mensagens 407 Curtidas
#12 Por tadeuboato
11/02/2015 - 19:20
Dando um auxilio enquanto nosso colega Power Max está offline.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
http://www.hijackthis.nl/smeenk/

*Clique com o botão direito do mouse no Zoek.exe e selecione Imagem

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

createsrpoint;
autoclean;
emptyalltemp;
iedefaults;
resetieproxy;
resethosts;
shortcutfix;
ffdefaults;
firefoxlook;
reset chrome;
chrdefaults;
chromelook;

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

Imagem

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta
É nas urnas que o povo brasileiro mostra a força e o tamanho de sua ignorância .

"Nascer, morrer, renascer ainda e progredir sempre, tal é a lei"
Allan Kardec
Ratinho
Ratinho Membro Senior Registrado
410 Mensagens 5 Curtidas
#13 Por Ratinho
11/02/2015 - 20:59
tadeuboato disse:
Dando um auxilio enquanto nosso colega Power Max está offline.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
http://www.hijackthis.nl/smeenk/

*Clique com o botão direito do mouse no Zoek.exe e selecione Imagem

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

createsrpoint;
autoclean;
emptyalltemp;
iedefaults;
resetieproxy;
resethosts;
shortcutfix;
ffdefaults;
firefoxlook;
reset chrome;
chrdefaults;
chromelook;

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

Imagem

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta


Boa noite!

Rodei o programa Zoek como você havia solicitado e o resultado do relatório está colado no texto abaixo.
Vou desinstalar o Chrome e instalar o firefox para ver se o problema está nele, já que abri com o internet explorer e inicialmente parece que os programas maliciosos sairam.


Zoek.exe v5.0.0.0 Updated 10-February-2015
Tool run by Ana_e_Luis on 11/02/2015 at 20:42:50,57.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ana_e_Luis\Downloads\zoek (1).exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-02-09-222451.log 29086 bytes
==== System Restore Info ======================
11/02/2015 20:43:42 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\Acro Software deleted successfully
==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================
Deleted from C:\Users\ANA_E_~1\AppData\Roaming\Mozilla\Firefox\Profiles\hziutebs.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Added to C:\Users\ANA_E_~1\AppData\Roaming\Mozilla\Firefox\Profiles\hziutebs.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\ANA_E_~1\AppData\Roaming\Thunderbird\Profiles\su2vmi4y.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Added to C:\Users\ANA_E_~1\AppData\Roaming\Thunderbird\Profiles\su2vmi4y.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\ANA_E_~1\AppData\Roaming\TomTom\HOME\Profiles\gb8dbc9i.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Added to C:\Users\ANA_E_~1\AppData\Roaming\TomTom\HOME\Profiles\gb8dbc9i.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\ANA_E_~1\AppData\Roaming\Mozilla\Firefox\Profiles\hziutebs.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\ANA_E_~1\AppData\Roaming\Thunderbird\Profiles\su2vmi4y.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\ANA_E_~1\AppData\Roaming\TomTom\HOME\Profiles\gb8dbc9i.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
ProfilePath: C:\Users\ANA_E_~1\AppData\Roaming\Mozilla\Firefox\Profiles\hziutebs.default
- Undetermined - C:\Users\Ana_e_Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hziutebs.default\extensions\[email]OIBMBKA115048682@HYKFIU97176590.com[/email]
- ffext_basicvideoextstartpage24 - C:\Users\Ana_e_Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hziutebs.default\extensions\ffext_basicvideoext@startpage24
- Undetermined - [EMAIL]OIBMBKA115048682@HYKFIU97176590.com[/EMAIL]
- ffext_basicvideoextstartpage24 - %ProfilePath%\extensions\ffext_basicvideoext@startpage24
ProfilePath: C:\Users\ANA_E_~1\AppData\Roaming\TomTom\HOME\Profiles\gb8dbc9i.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email]MapShare-status@tomtom.com[/email]
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email]baseTheme@tomtom.com[/email]
==== Firefox Plugins ======================
Profilepath: C:\Users\Ana_e_Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hziutebs.default
C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash

==== Chromium Look ======================
Google Chrome Version: 40.0.2214.111 (Up to date, latest Stable version: 40.0.2214.111)

Google Docs - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
emafblcdglliigbabbcjbmeabppnecgj - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\emafblcdglliigbabbcjbmeabppnecgj
Google Wallet - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
emafblcdglliigbabbcjbmeabppnecgj - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\emafblcdglliigbabbcjbmeabppnecgj
Google Sheets - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Wallet - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chromium Fix ======================
C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{79456162-BA89-4389-A927-AA814BC4E7EB} Google Url="https://www.google.com/search?q={searchTerms}"
==== Reset Google Chrome ======================
C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Program Updates.lnk - C:\Windows\Installer\{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\STREET FIGHTER IV.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigabyte\App Center\APP Center.lnk - C:\Program Files (x86)\GIGABYTE\AppCenter\RunUpd.exe -sh
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigabyte\App Center\Uninstall AppCenter.lnk - C:\Program Files (x86)\InstallShield Installation Information\{F3D47276-0E35-42CF-A677-B45118470E21}\setup.exe -uninst
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin Error Reporter.lnk - C:\Program Files (x86)\Origin\OriginER.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigil\Sigil.lnk - C:\Program Files (x86)\Sigil\Sigil.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigil\Uninstall Sigil.lnk - C:\Program Files (x86)\Sigil\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer\Assassin's Creed II\Atualizador Tribo Gamer.lnk - C:\Program Files (x86)\Tribo Gamer\Assassin's Creed II\Atualizador.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer\Assassin's Creed II\Créditos da Tradução.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer\Assassin's Creed II\Desinstalar a Tradução.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer\Assassin's Creed II\Notas da Tradução.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer\Borderlands 2 - GOTY Edition\Atualizador Tribo Gamer.lnk - C:\Program Files (x86)\Tribo Gamer\Borderlands 2 - GOTY Edition\Atualizador.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer\Borderlands 2 - GOTY Edition\Créditos da Tradução.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer\Borderlands 2 - GOTY Edition\Desinstalar a Tradução.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer\Borderlands 2 - GOTY Edition\Notas da Tradução.lnk -
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ana_e_Luis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ana_e_Luis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Ana_e_Luis\AppData\Local\Mozilla\Firefox\Profiles\hziutebs.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Ana_e_Luis\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=168 folders=28 13394936 bytes)
==== Empty Temp Folders ======================
C:\Users\Ana_e_Luis\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\ANA_E_~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 11/02/2015 at 20:53:41,40 ======================
[Pessimista é aquele que reclama do barulho quando a oportunidade bate na porta.]

Conclusão: Deixe a porta aberta!
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#14 Por Power Max
12/02/2015 - 09:49
Baixe o programa Junkware Removal Tool no link abaixo:
http://thisisudax.org/downloads/JRT.exe

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Ratinho
Ratinho Membro Senior Registrado
410 Mensagens 5 Curtidas
#15 Por Ratinho
12/02/2015 - 16:26
Power Max disse:
Baixe o programa Junkware Removal Tool no link abaixo:
http://thisisudax.org/downloads/JRT.exe

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.


Fiz o procedimento descrito e o relatório está colado ne texto abaixo:
Por enquanto só estou usando o internet explorer e até o presente momento os problemas de propaganda e janelas abrindo pararam.
Como eu faço para retirar completamente qualquer registro do Chrome no computador? Pois suspeito que esse adware deve ter se alocado nele, pois quando desinstalei o Chrome e passei o programa o internet explorer ficou funcionando sem problemas.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x64
Ran by Ana_e_Luis on 12/02/2015 at 16:19:02,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\baidu security"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/02/2015 at 16:21:14,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[Pessimista é aquele que reclama do barulho quando a oportunidade bate na porta.]

Conclusão: Deixe a porta aberta!
Responder Tópico
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal