Jump to content



Foto

Malware redirecionando navegador

mytoolsapp.info chrome



Existem 12 respostas neste tópico

#1 dandefender    

dandefender
  • Participante
  • 52 mensagens

Publicado 26 February 2013 - 01:16 AM

Reparei que aparecia o dominio mytoolsap.info, na parte inferior, ao carregar qualquer pa´gina no meu navegador. Agora, 2 semanas depois quando carrego uma página ela redireciona para mytoolsapp.info.Rodei o malwarebytes e achei 12 entradas de malware.O Microsoft security essentials achou uma entrada referente ao mytoolsapp.info, moveu para a quarentena, mas o redirecionamento permanece.

 

Eis o log

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:11:32, on 26/02/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Keyboard status\Key_status.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Users\extra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\extra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\extra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\extra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\extra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Users\extra\Desktop\HijackThis (1).exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.searchonme.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: CrossriderApp0000435 - {11111111-1111-1111-1111-110011041135} - C:\Program Files\Premiumplay Codec-C\Premiumplay Codec-C.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MyTools - {C3A44133-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files\MyTools\MyTools.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Presto! PVR Monitor] "C:\Program Files\NewSoft\Presto! PVR\Monitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Google Update] "C:\Users\extra\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: Key_status.lnk = C:\Program Files\Keyboard status\Key_status.exe
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
 
--
End of file - 5908 bytes
 


#2 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65439 mensagens

Publicado 26 February 2013 - 09:51 AM

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções

Download bouton-telecharger.png Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar:Executar como administrador

AdwCleanerCustom-1.jpg

Clique [Delete]

Salve o Log criado.

Donload 1268r49.png Salve no seu Desktop (Área de trabalho).

Dê um duplo-clique para executar o Junkware Removal Tool (JRT)

* No Windows Vista e Windows 7:
Clique com o botão direito do mouse sobre o JRT.exe e selecione run_as_adm1.png

A Ferramenta começará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco, dependendo da quantidades de ítens a serem examinados.

Ao final, um Log se abrirá e salvo no Desktop com o nome de
JRT.txt.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + o Log do AdwCleaner e um novo Log do HijackThis.
MillionMPV.gif

#3 dandefender    

dandefender
  • Participante
  • 52 mensagens

Publicado 26 February 2013 - 01:05 PM

Fiz o que me pediu.Aqui estão os logs :
 

 

# AdwCleaner v2.113 - Relatório criado em 26/02/2013 às 12:49:42
# Atualizado em 23/02/2013 por Xplode
# Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)
# Usuário : extra - EXTRA-WIN
# Modo de Boot : Normal
# Executado de : C:\Users\extra\Desktop\adwcleaner.exe
# Opção [Remover]
 
 
***** [Serviços] *****
 
 
***** [Arquivos/Pastas] *****
 
Pasta Removido : C:\Program Files\Conduit
Pasta Removido : C:\ProgramData\InstallMate
Pasta Removido : C:\ProgramData\Premium
Pasta Removido : C:\Users\extra\AppData\Local\Conduit
Pasta Removido : C:\Users\extra\AppData\LocalLow\boost_interprocess
Pasta Removido : C:\Users\extra\AppData\LocalLow\Conduit
Pasta Removido : C:\Users\extra\AppData\LocalLow\PriceGong
 
***** [Registro] *****
 
Chave Removida : HKCU\Software\AppDataLow\Software\Conduit
Chave Removida : HKCU\Software\AppDataLow\Software\Crossrider
Chave Removida : HKCU\Software\AppDataLow\Software\PriceGong
Chave Removida : HKCU\Software\AppDataLow\Software\SmartBar
Chave Removida : HKCU\Software\Ask&Record
Chave Removida : HKCU\Software\Conduit
Chave Removida : HKCU\Software\Cr_Installer
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3A44133-7EAD-434C-AC9E-7F1DA176BA8C}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041135}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C3A44133-7EAD-434C-AC9E-7F1DA176BA8C}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3A44133-7EAD-434C-AC9E-7F1DA176BA8C}
Chave Removida : HKCU\Software\Softonic
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011041135}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022042235}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033043335}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C3A44133-7EAD-434C-AC9E-7F1DA176BA8C}
Chave Removida : HKLM\SOFTWARE\Classes\CrossriderApp0000435.BHO
Chave Removida : HKLM\SOFTWARE\Classes\CrossriderApp0000435.BHO.1
Chave Removida : HKLM\SOFTWARE\Classes\CrossriderApp0000435.FBApi
Chave Removida : HKLM\SOFTWARE\Classes\CrossriderApp0000435.FBApi.1
Chave Removida : HKLM\SOFTWARE\Classes\CrossriderApp0000435.Sandbox
Chave Removida : HKLM\SOFTWARE\Classes\CrossriderApp0000435.Sandbox.1
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055045535}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066046635}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077047735}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Chave Removida : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044044435}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Chave Removida : HKLM\Software\Conduit
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041135}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3A44133-7EAD-434C-AC9E-7F1DA176BA8C}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135}
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
 
***** [Navegadores] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
[OK] Registro está limpo.
 
-\\ Google Chrome v25.0.1364.97
 
Arquivo : C:\Users\extra\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] Arquivo está limpo.
 
*************************
 
AdwCleaner[S1].txt - [5198 octets] - [26/02/2013 12:49:42]
 
########## EOF - C:\AdwCleaner[S1].txt - [5258 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Starter x86
Ran by extra on 26/02/2013 at 12:55:18,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\Internet Explorer\toolbar\webbrowser\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} 
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\Internet Explorer\urlsearchhooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} 
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\Internet Explorer\main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\Internet Explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\extra\appdata\local\premiumplay codec-c"
Successfully deleted: [Folder] "C:\Program Files\mytools"
Successfully deleted: [Folder] "C:\Program Files\premiumplay codec-c"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/02/2013 at 13:01:16,19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:05:33, on 26/02/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Keyboard status\Key_status.exe
C:\Windows\explorer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\extra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\extra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\extra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\extra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\extra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\extra\Desktop\HijackThis (1).exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Presto! PVR Monitor] "C:\Program Files\NewSoft\Presto! PVR\Monitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Google Update] "C:\Users\extra\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: Key_status.lnk = C:\Program Files\Keyboard status\Key_status.exe
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
 
--
End of file - 5202 bytes
 


#4 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65439 mensagens

Publicado 26 February 2013 - 03:55 PM

Download Avast Browser Cleanup
 
Salve no Desktop (Área de Trabalho)

Execute o avast-browser-cleanup.exe e siga as instruções abaixo, usando o REMOVER:
 
"Remover" significa aqui desinstalar e remover a Barra de Ferramentas e todos os seus componentes completamente do seu computador. Esta ação não pode ser desfeita. No entanto, remover um complemento às vezes pode não ser desejado. Por este motivo avast! Browser Cleanup também oferece um botão "Desativar". Desabilitar apenas desliga a funcionalidade dos complementos. O complemento continua no disco rígido.
Você pode desfazer esta ação, bastando clicar em "Enable". Isto reativará o complemento e toda a funcionalidade estará de volta. Provavelmente, você precisará reiniciar o seu navegador de Internet.

Avast-Browser-Cleanup-warning-about-inst

Avast-Browser-Cleanup-standalone-UI_thum
 
Informe a situação atual do PC...
MillionMPV.gif

#5 dandefender    

dandefender
  • Participante
  • 52 mensagens

Publicado 26 February 2013 - 05:11 PM

Pronto!  Todas as extensões excluídas !O PC desde as etapas do adwcleaner não redireciona mais nada .
edit: Ah, Mr. Million, tentei reinstalar um complemento (o adblock) e diz que está bloqueado pelo administrador. Onde posso liberá-lo ?
Obrigado!

Editado por Mr.Million 26 February 2013 - 05:17 PM


#6 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65439 mensagens

Publicado 26 February 2013 - 05:17 PM

Desinstale completamente o AdBlock, baixe de novo reinstalando o complemento..


MillionMPV.gif

#7 dandefender    

dandefender
  • Participante
  • 52 mensagens

Publicado 26 February 2013 - 05:27 PM

Desinstale completamente o AdBlock, baixe de novo reinstalando o complemento...

Já tinha feito isso: todos os complementos haviam sido removidos. Tentei reinstalr o adblock mas não consegui. Fui ao avast-browser-cleanup, habilitei o adblock tentei instalar de novo mas ainda diz que está impedido pelo administrador

 

 

Ah, lembrando que o 

avast-browser-cleanup não removeu os complementos, ele apenas  restaura as confiurações padrão. Este botão de remover não existe no programa. =/



#8 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65439 mensagens

Publicado 26 February 2013 - 05:33 PM

Desinstale o avast-browser-cleanup, o Adblock, desinstale completamente também de seu navegador,faça uma limpeza completa do Registro com o CCleaner, reinicie e baixe de novo tentando reinstalar.


MillionMPV.gif

#9 dandefender    

dandefender
  • Participante
  • 52 mensagens

Publicado 26 February 2013 - 05:49 PM

Beleza Million ,farei isso, mas exatamente agora terei de sair. Postarei os resultados à noite, daqui a 2 horas mais ou menos.

 

Ps:eu não disse mas os complementos não estão instalados no chrome mas ,aparecem no avast-browser-cleanup. Na verdade só o adblock e o windows media player que eu optei por conservar estão no avast-browser-cleanup.

Obrigado, até daqui a pouco !



#10 dandefender    

dandefender
  • Participante
  • 52 mensagens

Publicado 26 February 2013 - 08:36 PM

Consegui reinstalá-lo sem o processo que você sugeriu.

Rodei o avast como administrador e então refiz o passo anterior (com todas as extensões desabilitadas) e então de novo com todas habilitadas.

Tentei instalar novamente e consegui !

Muito obrigado !













Tópicos com palavra-chave: mytoolsapp.info, chrome