Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Amigos, estou com uma maquina aqui que está horrível para navegar, trava muito nos sites, as vezes abre pop-up do nada, estou pensando que está com virus.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:50:13, on 05/02/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Windows Defender\MSASCui.exe
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\3M\PDNotes\PDNotes.exe
C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\msfeedssync.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jucheck.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
C:\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.funpec.br/ponto_online/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AddLyrics - {4145006D-47F8-42F2-8186-2225AAFECDD3} - C:\Arquivos de programas\AddLyrics\AddLyrics.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Post-it® Digital Notes - {735abc4c-9266-4008-9ef6-bc60be8de31f} - mscoree.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BrOffice.org 3.2.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe
O4 - Global Startup: Post-it® Digital Notes.lnk = C:\Arquivos de programas\3M\PDNotes\PDNotes.exe
O4 - Global Startup: Post-it® Digital Notes.lnk = ?
O8 - Extra context menu item: Create a Post-it® Note - C:\Arquivos de programas\3M\PDNotes\\PSNBookMark.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
--
End of file - 7702 bytes
--------------------xx-----------------------------------
*** [services] ***
*** [Files / Folders] ***
File Deleted : C:\Arquivos de programas\Mozilla Firefox\.autoreg
File Deleted : C:\Arquivos de programas\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Arquivos de programas\Mozilla Firefox\searchplugins\fcmdSrch.xml
Folder Deleted : C:\Arquivos de programas\Conduit
Folder Deleted : C:\Arquivos de programas\DealPly
Folder Deleted : C:\Arquivos de programas\facemoods.com
Folder Deleted : C:\Arquivos de programas\FileConverter_1.1
*** [Registry] ***
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\facemoods.com
Key Deleted : HKCU\Software\FileConverter_1.1
Key Deleted : HKCU\Software\Funmoods
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4E8F6CB8-79E6-4DEF-8F44-6FFD56E07774}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E8F6CB8-79E6-4DEF-8F44-6FFD56E07774}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E8F6CB8-79E6-4DEF-8F44-6FFD56E07774}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C604C02-E91D-4173-8857-97D30BBACBFA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3241941
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DealPly
Key Deleted : HKLM\Software\facemoods.com
Key Deleted : HKLM\Software\FileConverter_1.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AD32B77-CD31-4670-A860-97FD57275DF1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AD43ECB-859E-4CD8-B94E-5FA5F29DB774}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FileConverter_1.1 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E8F6CB8-79E6-4DEF-8F44-6FFD56E07774}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C604C02-E91D-4173-8857-97D30BBACBFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileConverter_1.1 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4E8F6CB8-79E6-4DEF-8F44-6FFD56E07774}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4E8F6CB8-79E6-4DEF-8F44-6FFD56E07774}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [facemoods]
*** [internet Browsers] ***
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
*************************
AdwCleaner[s1].txt - [9369 octets] - [05/02/2013 08:21:59]
########## EOF - C:\AdwCleaner[s1].txt - [9429 octets] ##########
1º log do Malwarebytes.
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Versão da Base de Dados: v2013.02.05.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
f002733 :: FUN0023 [administrador]
05/02/2013 08:59:45
mbam-log-2013-02-05 (08-59-45).txt
Tipo de Verificação: Verificação Completa (C:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 283785
Tempo decorrido: 2 hora(s), 21 minuto(s), 24 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 2
HKCU\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
Arquivos Detectados: 4
C:\Documents and Settings\f002733.FUNPEC.BR\Meus documentos\Downloads\PDFCreatorSetup.exe (Adware.Agent) -> Enviado para a Quarentena e deletado com sucesso.
C:\Documents and Settings\f002733.FUNPEC.BR\Meus documentos\Downloads\SoftonicDownloader_para_adobe-reader.exe (PUP.OfferBundler.ST) -> Enviado para a Quarentena e deletado com sucesso.
C:\Documents and Settings\f002733.FUNPEC.BR\Meus documentos\Downloads\FLVPlayerSetup.exe (Adware.Agent) -> Enviado para a Quarentena e deletado com sucesso.
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Funmoods\UpdateProc\UpdateTask.exe (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.
(fim)
2º AT-Destroyer By Infospyware
######################## AT-Destroyer By Infospyware.
Hora/Día/Mes/Año: 11:46:19 \\\ 05/02/2013
AT-Destroyer 2.1 By Infospyware ---> www.infospyware.com
Última actualización: 30/11/2012
Opción escogida: 1 :Buscar
Versión Internet Explorer:8.0.6001.18702
Mozilla Firefox:1.9.2.4448
Privilegios: f002733 - Administrador
Modo Actual: Modo Normal.
Nombre del pc: FUN0023
Información del sistema operativo:X86-WIN_XP-Service Pack 3
nombre del usuario:f002733
Lenguaje del sistema: Portugués
>>>>>> Servicios <<<<<<
>>>>>> Carpetas <<<<<<
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\PriceGong\Data (W32/PND.PriceGong)
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\PriceGong\Data\mru.xml (W32/PND.PriceGong)
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\PriceGong (W32/PND.PriceGong)
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\facemoods.com ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Funmoods (W32/PND.Funmoods Toolbar)
>>>>>> Archivos <<<<<<
>>>>>> Registro <<<<<<
>>>>>> Heurística <<<<<<
Encontrado: C:\Arquivos de programas\DiagnosticoBB.exe (Heur malware.win32.generic)
Encontrado: C:\Arquivos de programas\Firefox Setup 3.6.15.exe (Heur malware.win32.generic)
>>>>>> Internet Explorer <<<<<<
Start Page==http://go.microsoft.com/fwlink/?LinkId=69157
Local Page==C:\WINDOWS\system32\blank.htm
Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
Default_search_url==http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL==http://go.microsoft.com/fwlink/?LinkId=69157
''HKCU\Software\Microsoft\Internet Explorer\Main''
Start Page==http://funpec.br/ponto_online/
Local Page==C:\WINDOWS\system32\blank.htm
Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
Default_search_url==
Default_Page_URL==
HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-101208\Software\Microsoft\Internet Explorer\Main''
Start Page==http://funpec.br/ponto_online/
Local Page==C:\WINDOWS\system32\blank.htm
Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
Default_search_url==
Default_Page_URL==
>>>>>> Firefox <<<<<<
user_pref("browser.startup.homepage", "[http://www.funpec.br/ponto_online/](http://www.funpec.br/ponto_online/)");
user_pref("browser.startup.homepage_override.mstone", "rv:1.9.2.28");
user_pref("pref.browser.homepage.disable_button.current_page", false);>>>>>> Plugins Firefox <<<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.1
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader
>>>>>> Google Chrome <<<<<<
"homepage": "http://www.google.com",
"homepage_is_newtabpage": false,
"homepage": "http://www.google.com",
"homepage_is_newtabpage": false,
>>>>>> Extensiones Google Chrome <<<<<<
C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\5
C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
======== Listado ===========
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\1B2Y1E1P1C1Q1F2W1G1I1F1T1Q1BtF1R1F1HtF1S1C [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\3M [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Adobe [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\ArcSoft [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\BabylonToolbar [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\BrOffice.org [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\DealPly [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\desktop.ini [HSA] 1 KB ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\ElevatedDiagnostics [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\facemoods.com [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Funmoods [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\GetRightToGo [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Google [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Identities [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Macromedia [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Malwarebytes [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Microsoft 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Mozilla [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Nero [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Oracle [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\PhotoFiltre Studio X [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\PriceGong [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Sun [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Thunderbird [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\WinRAR [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\xrecode2 [0] 0 ( )
C:\Arquivos de programas\7-Zip [0] 0 ( )
C:\Arquivos de programas\AA Antimalware [0] 0 ( )
C:\Arquivos de programas\AddLyrics [0] 0 ( )
C:\Arquivos de programas\Adobe [0] 0 ( )
C:\Arquivos de programas\Alwil Software [0] 0 ( )
C:\Arquivos de programas\Arquivos comuns [0] 0 ( )
C:\Arquivos de programas\AvRack [0] 0 ( )
C:\Arquivos de programas\BrOffice.org 3 [0] 0 ( )
C:\Arquivos de programas\Canon [0] 0 ( )
C:\Arquivos de programas\CCleaner [0] 0 ( )
C:\Arquivos de programas\ComPlus Applications [0] 0 ( )
C:\Arquivos de programas\DiagnosticoBB.exe [A] 2.221 KB( 0)
C:\Arquivos de programas\Diagnóstico BB.log [A] 3 KB( 0)
C:\Arquivos de programas\DIFX [0] 0 ( )
C:\Arquivos de programas\Firefox Setup 3.6.15.exe [A] 280 KB( 0)
C:\Arquivos de programas\FreeTime [0] 0 ( )
C:\Arquivos de programas\GbPlugin [0] 0 ( )
C:\Arquivos de programas\Google [0] 0 ( )
C:\Arquivos de programas\HP [0] 0 ( )
C:\Arquivos de programas\InstallShield Installation Information [H] 0( 0)
C:\Arquivos de programas\Internet Explorer [0] 0 ( )
C:\Arquivos de programas\Java [0] 0 ( )
C:\Arquivos de programas\Malwarebytes' Anti-Malware [0] 0 ( )
C:\Arquivos de programas\microsoft frontpage [0] 0 ( )
C:\Arquivos de programas\Microsoft Office [0] 0 ( )
C:\Arquivos de programas\Microsoft Visual Studio [0] 0 ( )
C:\Arquivos de programas\Microsoft Works [0] 0 ( )
C:\Arquivos de programas\Movie Maker [0] 0 ( )
C:\Arquivos de programas\Mozilla Firefox [0] 0 ( )
C:\Arquivos de programas\MSN Gaming Zone [0] 0 ( )
C:\Arquivos de programas\Nero [0] 0 ( )
C:\Arquivos de programas\NetMeeting [0] 0 ( )
C:\Arquivos de programas\Oracle [0] 0 ( )
C:\Arquivos de programas\Outlook Express [0] 0 ( )
C:\Arquivos de programas\PDFCreator [0] 0 ( )
C:\Arquivos de programas\Photo! [0] 0 ( )
C:\Arquivos de programas\PhotoFiltre Studio X [0] 0 ( )
C:\Arquivos de programas\Realtek AC97 [0] 0 ( )
C:\Arquivos de programas\Realtek Sound Manager [0] 0 ( )
C:\Arquivos de programas\S3 [0] 0 ( )
C:\Arquivos de programas\Serviços on-line [0] 0 ( )
C:\Arquivos de programas\Uninstall Information [H] 0( 0)
C:\Arquivos de programas\v9Soft [0] 0 ( )
C:\Arquivos de programas\VIA [0] 0 ( )
C:\Arquivos de programas\Windows Defender [0] 0 ( )
C:\Arquivos de programas\Windows Media Connect 2 [0] 0 ( )
C:\Arquivos de programas\Windows Media Player [0] 0 ( )
C:\Arquivos de programas\Windows NT [0] 0 ( )
C:\Arquivos de programas\WindowsUpdate [H] 0( 0)
C:\Arquivos de programas\WinRAR [0] 0 ( )
C:\Arquivos de programas\WinXMedia [0] 0 ( )
C:\Arquivos de programas\wllogin_32.msi [A] 4.546 KB( 0)
C:\Arquivos de programas\xerox [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini [HSA] 1 KB 0
C:\Documents and Settings\All Users\Dados de aplicativos\gas [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\Google [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\hpzinstall.log [A] 2 KB 0
C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft 0 0
C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\Nero [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\Pianosoft [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\Sun [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\TEMP [A] 0 0
C:\Documents and Settings\All Users\Dados de aplicativos\Windows Genuine Advantage [0] 0 ( )
======================EOF=======================
3º ZHPDiag.txt.
Boa Tarde! Edvan
|- Execute,novamente,a ferramenta AT-Destroyer e escolha a opção "Buscar y Destruir".
|- Poste o relatório! ( C:\AT-Destroyer.txt )
-/-
|- Feche programas/pastas que estejam abertas.
|- Feche,também,o navegador!
|- Para Windows Vista,desabilite a UAC.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPFix_Logo.jpg&key=e1490e388cb3365073cd3d8484ad299330f9c980ec992ca5e2d4b57fd46b5d7b" alt="ZHPFix_Logo.jpg" />
|- Dê um duplo clique em ZHPFix.
|- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas".
O44 - LFC:[MD5.33EFF91FA513BADD92FFDB0EA8217E5A] - 05/02/2013 - 08:50:13 ---A- . (...) -- C:\hijackthis.log [7703]
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\PDFConverterSetup.exe" [Enabled] .(...) -- C:\Arquivos de programas\PDFConverterSetup.exe (.not file.)
C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Conduit => Toolbar.Conduit
[HKLM\Software\Adware Away] => Infection Rogue (Rogue.AdwareAway)proxyfix
emptytemp
emptyflash
firewallraz
sysrestore
|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
|- Minimize o Bloco de Notas.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_PasteClipboard.jpg&key=e48613cfa6f79756d0d3087d1f9470f91a4d063f3d1285295d93d87cacbfb63d" alt="ZHPDiag_PasteClipboard.jpg" />
|- Clique no menu,"Paste ClipBoard".
|- Clique em "GO" -> Oui.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPFix_GO.jpg&key=558fe81face1e694faa61f1e0c3985db203e8ad910d59aa68f5da5f2fd114f02" alt="ZHPFix_GO.jpg" />
|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt
A+
Obrigado pela ajuda amigo, sempre dando aquela força! :joia:
######################## AT-Destroyer [2.1] By Infospyware.
Hora/Día/Mes/Año: 14:01:58 \\\ 05/02/2013
AT-Destroyer 2.1 By Infospyware ---> www.infospyware.com
Última actualización: 30/11/2012
Opción escogida: 2 :Buscar y Destruir
Versión Internet Explorer:8.0.6001.18702
Mozilla Firefox:1.9.2.4448
Privilegios: f002733 - Administrador
Modo Actual: Modo Normal.
Nombre del pc: FUN0023
Información del sistema operativo:X86-WIN_XP-Service Pack 3
nombre del usuario:f002733
Lenguaje del sistema: Portugués
>>>>>>> Servicios <<<<<<<
>>>>>> Carpetas <<<<<<
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\PriceGong\Data (W32/PND.PriceGong)
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\PriceGong\Data\mru.xml (W32/PND.PriceGong)
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\PriceGong (W32/PND.PriceGong)
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\facemoods.com 33
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Funmoods (W32/PND.Funmoods Toolbar)
>>>>>> Archivos <<<<<<
>>>>>> Registro <<<<<<
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
>>>>>> Heurística <<<<<<
C:\Arquivos de programas\DiagnosticoBB.exe (Heur malware.win32.generic)
C:\Arquivos de programas\Firefox Setup 3.6.15.exe (Heur malware.win32.generic)
>>>>>> Internet Explorer <<<<<<
Start Page==www.google.com
Local Page==C:\WINDOWS\system32\blank.htm
Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
Default_search_url==http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL==http://go.microsoft.com/fwlink/?LinkId=69157
''HKCU\Software\Microsoft\Internet Explorer\Main''
Start Page==www.google.com
Local Page==C:\WINDOWS\system32\blank.htm
Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
Default_search_url==
Default_Page_URL==
HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-101208\Software\Microsoft\Internet Explorer\Main''
Start Page==www.google.com
Local Page==C:\WINDOWS\system32\blank.htm
Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
Default_search_url==
Default_Page_URL==
>>>>>> Firefox <<<<<<
user_pref("browser.startup.homepage", "[http://www.funpec.br/ponto_online/](http://www.funpec.br/ponto_online/)");
user_pref("browser.startup.homepage_override.mstone", "rv:1.9.2.28");
user_pref("pref.browser.homepage.disable_button.current_page", false);>>>>>> Plugins Firefox <<<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.1
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader
>>>>>> Google Chrome <<<<<<
"homepage": "http://www.google.com/",
"homepage_changed": true,
"homepage_is_newtabpage": false,
>>>>>> Extensiones Google Chrome <<<<<<
C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\5
C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
======== Listado ===========
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\1B2Y1E1P1C1Q1F2W1G1I1F1T1Q1BtF1R1F1HtF1S1C [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\3M [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Adobe [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\ArcSoft [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\BabylonToolbar [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\BrOffice.org [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\DealPly [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\desktop.ini [HSA] 1 KB ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\ElevatedDiagnostics [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\GetRightToGo [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Google [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Identities [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Macromedia [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Malwarebytes [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Microsoft 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Mozilla [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Nero [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Oracle [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\PhotoFiltre Studio X [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Sun [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Thunderbird [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\WinRAR [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\xrecode2 [0] 0 ( )
C:\Arquivos de programas\7-Zip [0] 0 ( )
C:\Arquivos de programas\AA Antimalware [0] 0 ( )
C:\Arquivos de programas\AddLyrics [0] 0 ( )
C:\Arquivos de programas\Adobe [0] 0 ( )
C:\Arquivos de programas\Alwil Software [0] 0 ( )
C:\Arquivos de programas\Arquivos comuns [0] 0 ( )
C:\Arquivos de programas\AvRack [0] 0 ( )
C:\Arquivos de programas\BrOffice.org 3 [0] 0 ( )
C:\Arquivos de programas\Canon [0] 0 ( )
C:\Arquivos de programas\CCleaner [0] 0 ( )
C:\Arquivos de programas\ComPlus Applications [0] 0 ( )
C:\Arquivos de programas\Diagnóstico BB.log [A] 3 KB( 0)
C:\Arquivos de programas\DIFX [0] 0 ( )
C:\Arquivos de programas\FreeTime [0] 0 ( )
C:\Arquivos de programas\GbPlugin [0] 0 ( )
C:\Arquivos de programas\Google [0] 0 ( )
C:\Arquivos de programas\HP [0] 0 ( )
C:\Arquivos de programas\InstallShield Installation Information [H] 0( 0)
C:\Arquivos de programas\Internet Explorer [0] 0 ( )
C:\Arquivos de programas\Java [0] 0 ( )
C:\Arquivos de programas\Malwarebytes' Anti-Malware [0] 0 ( )
C:\Arquivos de programas\microsoft frontpage [0] 0 ( )
C:\Arquivos de programas\Microsoft Office [0] 0 ( )
C:\Arquivos de programas\Microsoft Visual Studio [0] 0 ( )
C:\Arquivos de programas\Microsoft Works [0] 0 ( )
C:\Arquivos de programas\Movie Maker [0] 0 ( )
C:\Arquivos de programas\Mozilla Firefox [0] 0 ( )
C:\Arquivos de programas\MSN Gaming Zone [0] 0 ( )
C:\Arquivos de programas\Nero [0] 0 ( )
C:\Arquivos de programas\NetMeeting [0] 0 ( )
C:\Arquivos de programas\Oracle [0] 0 ( )
C:\Arquivos de programas\Outlook Express [0] 0 ( )
C:\Arquivos de programas\PDFCreator [0] 0 ( )
C:\Arquivos de programas\Photo! [0] 0 ( )
C:\Arquivos de programas\PhotoFiltre Studio X [0] 0 ( )
C:\Arquivos de programas\Realtek AC97 [0] 0 ( )
C:\Arquivos de programas\Realtek Sound Manager [0] 0 ( )
C:\Arquivos de programas\S3 [0] 0 ( )
C:\Arquivos de programas\Serviços on-line [0] 0 ( )
C:\Arquivos de programas\Uninstall Information [H] 0( 0)
C:\Arquivos de programas\v9Soft [0] 0 ( )
C:\Arquivos de programas\VIA [0] 0 ( )
C:\Arquivos de programas\Windows Defender [0] 0 ( )
C:\Arquivos de programas\Windows Media Connect 2 [0] 0 ( )
C:\Arquivos de programas\Windows Media Player [0] 0 ( )
C:\Arquivos de programas\Windows NT [0] 0 ( )
C:\Arquivos de programas\WindowsUpdate [H] 0( 0)
C:\Arquivos de programas\WinRAR [0] 0 ( )
C:\Arquivos de programas\WinXMedia [0] 0 ( )
C:\Arquivos de programas\wllogin_32.msi [A] 4.546 KB( 0)
C:\Arquivos de programas\xerox [0] 0 ( )
C:\Arquivos de programas\ZHPDiag [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini [HSA] 1 KB 0
C:\Documents and Settings\All Users\Dados de aplicativos\gas [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\Google [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\hpzinstall.log [A] 2 KB 0
C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft 0 0
C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\Nero [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\Pianosoft [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\Sun [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\TEMP [A] 0 0
C:\Documents and Settings\All Users\Dados de aplicativos\Windows Genuine Advantage [0] 0 ( )
==================== EOF ==================
----------------------------------------xx----------------------------------------
Rapport de ZHPFix 1.3.13 par Nicolas Coolman, Update du 26/01/2013
Fichier d'export Registre :
Run by f002733 at 05/02/2013 14:18:30
Windows XP Professional Service Pack 3 (Build 2600)
========== Registry Key ==========
DELETED Key: HKLM\Software\Adware Away
========== Registry Value ==========
DELETED AAKE KeyValue: C:\Arquivos de programas\PDFConverterSetup.exe
DELETED [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe
DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe
DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe
DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe
DELETED FirewallRaz (DP) : C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe
DELETED FirewallRaz (DP) : C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe
DELETED FirewallRaz (DP) : C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe
No Value in Firewall Exception Register Key (FirewallRaz)
========== Repertory ==========
DELETED Folder: c:\documents and settings\f002733.funpec.br\configurações locais\dados de aplicativos\conduit
DELETED Window Temporary:
DELETED Flash Cookies:
========== File ==========
DELETED c:\hijackthis.log
NOT FOUND File: c:\arquivos de programas\pdfconvertersetup.exe
DELETED Window Temporary:
DELETED Flash Cookies:
========== Restoration ==========
Restore System Point created succefully
========== Summary ==========
1 : Registry Key
19 : Registry Value
3 : Repertory
4 : File
1 : Restoration
End of clean in 02mn 19s
========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 05/02/2013 14:18:30 [2110]
Boa Tarde! Edvan
|- Baixe: < http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe'>/applications/core/interface/imageproxy/imageproxy.php?img=http://www.sur-la-toile.com/RogueKiller/rendu2.png&key=7a6fd68bf88174f77cd3af470da31a699c56a43e8f71ee1e4ce3425b3699dbb4" alt="rendu2.png" /> > ( ... par tigzy )
|- Salve-o no desktop! /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/RogueKiller_Logo.jpg&key=99f754ad8ac3afe28f2674c5df4045eed7cd3d0d73384947ed6af1127ec30157" alt="RogueKiller_Logo.jpg" />
|- Feche aplicativos que estejam abertos!
|- Execute RogueKiller.exe e aceite a Eula.
http://imgbox.com/achBCZtJ'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/achBCZtJ.jpg&key=67463d429a0ed29b997196fafe826006225ebd8acce90c3a2d2f87ec1972a564" alt="achBCZtJ.jpg" />
|- Ps: Para Windows Vista ou 7,execute RogueKiller.exe como administrador.
|- Aguarde a finalização de seu Pre-scan.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/RogueKiller_Scan2.jpg&key=02afd4d0311ea8fed8ddb59a023987cb25f7d895ebf760d1c7192afebdbba6f1" alt="RogueKiller_Scan2.jpg" />
|- Dê início ao diagnóstico,clicando no botão "Verificar".
|- Exemplo: Mode: Verificar -- Date: mm/dd/2013 00:52:24
|- Poste o relatório: RKreport[1].txt
A+
RogueKiller V8.4.4 [Feb 5 2013] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Site : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Sistema Operacional : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Iniciado em : Modo Normal
Usuario : f002733 [Privilegios de Admnistrador]
Modo : Verificar -- Data : 02/05/2013 17:07:58
| ARK || MBR |
¤¤¤ Entradas ruins : 0 ¤¤¤
¤¤¤ Entradas do Registro : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO
¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤
¤¤¤ Driver : [Carregado] ¤¤¤
¤¤¤ Arquivo de Hosts: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Verificaçao do MBR: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG SV4002H +++++
--- User ---
[MBR] 8a67571b555d98013aadd1db2273e8fa
[bSP] e77f27b3bd0ae014e542d5dec684938e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38193 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Concluido : << RKreport[1]_S_02052013_02d1707.txt >>
RKreport[1]_S_02052013_02d1707.txt
Boa Noite! Edvan
|- Tudo Ok,onde o único Fix com RogueKiller,pode ser efetuado indo em Atalhos,em sua guia correspondente.
-/-
|- Baixe: |http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/9-delfix'>DelFix| ( ... de Xplode )
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/DelFix_SetaVerde.jpg&key=a562af283f81224b0096f109e2c85fcde8abae0d109a59c91160b5f99a23e243" alt="DelFix_SetaVerde.jpg" />
|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abcgIEZi.jpg&key=4c3c7c470fcebd53ccb10bb6ad78bbc2ce2f945d3993852135de2df3c1ef4ae7" alt="abcgIEZi.jpg" />
|- Com a checkbox marcada! ( Remove disinfection tools )
|- Clique "Run".
|- Seus logs estão limpos!
|- Bom trabalho!
Abs!
- Tudo Ok,onde o único Fix com RogueKiller,pode ser efetuado indo em Atalhos,em sua guia correspondente
DigRam, quando rodei o RogueKiller me precipitei e cliquei em delete, algum problema ? :upset:
P.S<> Se nao me falha a memoria apareceu a mensagem arquivo ou ficheiro substituído!
>
DigRam, quando rodei o RogueKiller me precipitei e cliquei em delete, algum problema ? :upset:
P.S<> Se nao me falha a memoria apareceu a mensagem arquivo ou ficheiro substituído!
Olá! Edvan
|- Sem problemas,onde a entrada ao registro poderia ser substituída. O amigo Sam Spade,costuma preservá-la e a maoria dos analistas optam pelo replace.
|- Pode executar o DelFix. :bye:
A+
Amanha postarei, pq a maquina esta na empresa.
Valeu amigão!
>
Amanha postarei, pq a maquina esta na empresa.
Valeu amigão!
Ok! Edvan
######
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\BabylonToolbar
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\PriceGong
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\facemoods.com
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Funmoods
######
|- Verifique,manualmente,se as pastas em destaque,permanecem.
|- Constatando esses diretórios,pode deletá-los!
A+
Só achei esse aqui:
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\BabylonToolbar
Pode fechar o tópico, valeu pela ajuda. :lock:
PROBLEMA RESOLVIDO
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Bom Dia! Edvan
|- Desinstale: C:\Arquivos de programas\AddLyrics
-/-
|- Baixe: < http://www.infospyware.com/antispyware/at-destroyer/'>AT-Destroyer >
|- Salve-o no desktop!
|- Desabilite seu antivírus ou antispyware,para que a ferramenta não seja detectada como malware.
|- Execute AT-Destroyer.exe como administrador,caso utilize Windows Vista ou 7.
http://imgbox.com/abk7atSf'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abk7atSf.jpg&key=69557aa0687b2c4858670d41b6221864c71a30a71ac341f73c3b0de51656ed41" alt="abk7atSf.jpg" />
|- Escolha a opção "Buscar" e aguarde a finalização do scan.
|- Poste o relatório! ( C:\AT-Destroyer.txt )
-/-
|- Baixe: | ftp://zebulon.fr/ZHPDiag2.exe'>ZHPDiag2 | ºº < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/NicolasCoolman.jpg&key=31eaca9d787a5cb7b785eaca882cfe95bdd41bfffaf35086b6e7ecf044ef83cf" alt="NicolasCoolman.jpg" /> > ºº ( ... de Nicolas Coolman )
|- Salve-o no desktop!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag2.jpg&key=178ad18b812c89ff002c2f7a6a9d26b7ea0a5b5c562a6b193a3cfe4a954dd513" alt="ZHPDiag2.jpg" />
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag_Installation.jpg&key=96a003c16d3f0c4253ed9d913f8dbccdccf05e2d319057541335ce11db36eedb" alt="ZHPDiag_Installation.jpg" />
|- Confirme todos os passos,ao instalar ZHPDiag.
|- Conclua a instalação,clicando em "Termine".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_MBRCheck.jpg&key=422695ace691aac35aeb3c90e3a6a983cfe4bf8e09e8b7c24f682693d9ed8b14" alt="ZHPDiag_MBRCheck.jpg" />
|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:
|- <1> MBRCheck
|- <2> ZHPDiag2
|- <3> ZHPFix
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_cones.jpg&key=28df64f28f8eccaf2ff09c97b834aecbbd25cab9f58be4d67df683b802f5731a" alt="ZHPDiag_cones.jpg" />
|- Clique no ícone do pergaminho. ( ZHPScript )
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Update.jpg&key=023d5cefa9a24da0bb233d6c3e9cfa2c6e9791d4b2e637615413003efcd1974c" alt="ZHPDiag_Update.jpg" />
|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )
|- Habilite todas as opções de diagnóstico,clicando em "Options".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPDiag_All.jpg&key=3039b3237721774c7ab0d572b8e334e5c59ce98a6435f488397e0b5452ea4640" alt="ZHPDiag_All.jpg" />
|- Clique em All.
|- Desmarque,à seguir,as caixinhas de n° O45,O61,O62,O65,O82.
|- /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_30days.jpg&key=4e2e7f7c08dde47e5d0f7001510ca78ffc8d42a4df5b5c0087e1aee884192fea" alt="ZHPDiag_30days.jpg" />
|- Clique em "Calendar" e escolha 30 dias!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHPDiag_UAC.jpg&key=f03b919472ff9f0d8a3597cdd2980adb445695813761dfe0f41961f0b4893a7b" alt="ZHPDiag_UAC.jpg" />
|- Clique no botão UAC,para desabilitar essa proteção.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Lupa.jpg&key=8c7d977ff17da07a9b2472916401a7cf33c310788cb5a2891a5ebdc78642cd4e" alt="ZHPDiag_Lupa.jpg" />
|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )
|- Ao concluir,clique em "Save Report".
|- Salve-o em um local conveniente! ( ZHPDiag.txt )
|- Ps: Não poste,diretamente,esse arquivo texto.
|- Envie-o à http://forum.imasters.com.br/topic/452207-pjjointmalekal-hospedagem-inteligente/'>Pjjoint.malekal,clicando na seta azul! < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag_Pjjoint-1.jpg&key=e6b4e6e3b19c50d6f2496ead0bcc87ac5ce8da02d5c381929fc5543e68ca06b0" alt="ZHPDiag_Pjjoint-1.jpg" /> >
|- Ou acesse: http://cjoint.com/'>/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" />
|- Ou acesse: http://imgbox.com/abmdaZsE'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abmdaZsE.jpg&key=433ccdd2cd040bd965a0b2bee3887132a2fd78ca8d607165658bf45467e220f0" alt="abmdaZsE.jpg" />
|- Maiores informações: < |http://forum.imasters.com.br/topic/452911-myfiletk-cjoint/'>Link| >
Abraços!