Olá! Edvan

|- O que ocorre?

-/-

|- Sim! Execute o ComboFix e relate algum incidente.

A+

Maquina lenta, alguns arquivos sumiram do nada e notei arquivos, Dll suspeitos na raiz do "c".

ComboFix 12-12-17.02 - f001869 18/12/2012 17:39:23.2.2 - x86

Executando de: C:\Documents and Settings\f001869\Desktop\ComboFix.exe

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADO !!

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 679 bytes in 2 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

C:\Documents and Settings\f001869\WINDOWS

C:\install.exe

C:\windows\system32\URTTemp

C:\windows\system32\URTTemp\fusion.dll

C:\windows\system32\URTTemp\mscoree.dll

C:\windows\system32\URTTemp\mscoree.dll.local

C:\windows\system32\URTTemp\mscorsn.dll

C:\windows\system32\URTTemp\mscorwks.dll

C:\windows\system32\URTTemp\msvcr71.dll

C:\windows\system32\URTTemp\regtlib.exe

(((((((((((((((( Arquivos/Ficheiros criados de 2012-11-18 to 2012-12-18 ))))))))))))))))))))))))))))

2012-12-18 20:42:00 . 2012-12-18 20:42:00 0 ----a-w- C:\windows\system32\drivers\ntndis.sys

2012-12-18 11:16:12 . 2012-10-30 22:51:56 21256 ----a-w- C:\windows\system32\drivers\aswFsBlk.sys

2012-12-18 11:16:11 . 2012-10-30 22:51:58 361032 ----a-w- C:\windows\system32\drivers\aswSP.sys

2012-12-18 11:15:56 . 2012-10-30 22:51:58 35928 ----a-w- C:\windows\system32\drivers\aswRdr.sys

2012-12-18 11:15:55 . 2012-10-30 22:51:58 54232 ----a-w- C:\windows\system32\drivers\aswTdi.sys

2012-12-18 11:15:53 . 2012-10-30 22:51:58 738504 ----a-w- C:\windows\system32\drivers\aswSnx.sys

2012-12-18 11:15:52 . 2012-10-30 22:51:57 97608 ----a-w- C:\windows\system32\drivers\aswmon2.sys

2012-12-18 11:15:52 . 2012-10-30 22:51:57 89752 ----a-w- C:\windows\system32\drivers\aswmon.sys

2012-12-18 11:15:51 . 2012-10-30 22:51:56 25256 ----a-w- C:\windows\system32\drivers\aavmker4.sys

2012-12-18 11:15:40 . 2012-10-30 22:51:07 41224 ----a-w- C:\windows\avastSS.scr

2012-12-18 11:15:40 . 2012-10-30 22:50:59 227648 ----a-w- C:\windows\system32\aswBoot.exe

2012-12-18 11:15:26 . 2012-12-18 11:15:26 -------- d-----w- C:\Arquivos de programas\AVAST Software

2012-12-17 20:47:43 . 2012-12-17 20:47:43 -------- d-----w- C:\Documents and Settings\f001869\Dados de aplicativos\Malwarebytes

2012-12-17 20:40:16 . 2012-12-17 20:40:16 -------- d-----w- C:\LinhaDefensiva

2012-12-13 18:33:44 . 2012-12-11 16:13:28 64048 ----a-r- C:\windows\system32\drivers\360SpOEM.sys

2012-12-13 18:33:35 . 2012-12-14 11:11:25 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\PSafe

2012-12-11 19:15:06 . 2012-12-11 19:15:06 -------- d-----w- C:\Documents and Settings\f001869\Configurações locais\Dados de aplicativos\Google

2012-12-11 17:14:21 . 2012-12-11 18:27:17 16363960 ----a-w- C:\windows\system32\FlashPlayerInstaller.exe

2012-12-11 14:24:13 . 2012-12-11 18:27:20 697272 ----a-w- C:\windows\system32\FlashPlayerApp.exe

2012-12-04 14:36:38 . 2012-12-04 14:36:38 -------- d-----w- C:\Documents and Settings\f001869\Configurações locais\Dados de aplicativos\SpeedBIT

2012-12-04 14:36:38 . 2012-12-04 14:36:38 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\SpeedBit

2012-12-04 14:36:29 . 2012-12-04 14:36:29 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\SpeedBit

2012-12-04 14:36:26 . 2012-12-04 14:36:08 90824 ----a-w- C:\windows\system32\EasyHook32.dll

2012-12-04 14:36:26 . 2012-12-04 14:36:08 109256 ----a-w- C:\windows\system32\EasyHook64.dll

2012-12-04 14:36:25 . 2012-12-04 14:36:41 -------- d-----w- C:\Arquivos de programas\DAP

2012-12-04 14:36:06 . 2012-12-04 14:36:06 172032 ----a-w- C:\windows\system32\AniGIF.ocx

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-12-18 20:36:30 . 2012-07-17 11:29:56 12568 ----a-w- C:\windows\system32\drivers\PROCEXP113.SYS

2012-12-18 10:54:02 . 2012-07-16 18:49:25 388608 ----a-w- C:\HiJackThis.exe

2012-12-11 18:27:20 . 2011-06-27 20:15:41 73656 ----a-w- C:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-05 17:36:14 . 2009-10-19 13:51:09 47856 ----a-w- C:\windows\system32\drivers\gbpkm.sys

2012-09-29 22:54:26 . 2012-07-16 17:49:56 22856 ----a-w- C:\windows\system32\drivers\mbam.sys

2011-07-28 17:57:08 . 2011-07-28 17:57:08 1809920 ----a-w- C:\Arquivos de programas\SpringPublisher.exe

2012-10-29 13:58:53 . 2012-10-29 13:58:45 261600 ----a-w- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

Nota entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}]

2012-12-04 14:36:06 431784 ----a-w- C:\Arquivos de programas\DAP\LinkVerifier.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50:38 121528 ----a-w- C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2012-07-03 12:04:54 252848]

"avast"="C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" [2012-10-30 22:50:59 4297136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "C:\ARQUIV~1\GbPlugin\gbiehuni.dll" [2012-02-01 13:41:58 601592]

"{E37CB5F0-51F5-4395-A808-5FA49E399015}"= "C:\ARQUIV~1\GbPlugin\gbiehisg.dll" [2011-10-21 18:34:56 694960]

"{E37CB5F0-51F5-4395-A808-5FA49E399011}"= "C:\ARQUIV~1\GbPlugin\gbiehscd.dll" [2012-08-24 13:07:26 603224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2012-11-05 17:30:20 1608176 ------w- C:\ARQUIV~1\GbPlugin\gbiehabn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2012-11-22 19:05:56 1585768 ----a-w- C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2012-10-04 18:05:54 650088 ------w- C:\ARQUIV~1\GbPlugin\gbiehcef.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginIsg]

2011-10-21 18:34:56 694960 ------w- C:\ARQUIV~1\GbPlugin\gbiehisg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginScd]

2012-08-24 13:07:26 603224 ------w- C:\ARQUIV~1\GbPlugin\gbiehscd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2012-02-01 13:41:58 601592 ------w- C:\ARQUIV~1\GbPlugin\gbiehuni.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Internet Explorer.lnk]

path=C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Internet Explorer.lnk

backup=C:\windows\pss\Internet Explorer.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Post-it® Digital Notes.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Post-it® Digital Notes.lnk

backup=C:\WINDOWS\pss\Post-it® Digital Notes.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\init]

01 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-27 20:51:26 919008 ----a-w- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-13 22:21:26 110592 ----a-w- C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-13 22:20:56 15360 ----a-w- C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

2012-12-04 14:36:06 3811544 ----a-w- C:\Arquivos de programas\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2008-12-18 06:28:14 178712 ----a-r- C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]

2007-05-04 16:05:36 36864 ----a-w- C:\Arquivos de programas\HP\HP UT\bin\hppusg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-12-18 06:28:32 150040 ----a-r- C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-12-18 06:28:26 150040 ----a-r- C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-03-02 08:01:18 17530368 -c--a-w- C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-10-19 13:48:08 149280 ----a-w- C:\Arquivos de programas\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=

"C:\\Arquivos de programas\\Auslogics\\Auslogics Disk Defrag\\DiskDefrag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R3 Ambfilt;Ambfilt;C:\windows\system32\drivers\Ambfilt.sys [x]

R3 btnetBUs;Bluetooth PAN Bus Service;C:\windows\system32\Drivers\btnetBus.sys [x]

R3 IvtBtBUs;IVT Bluetooth Bus Service;C:\windows\system32\Drivers\IvtBtBus.sys [x]

R3 Ndisrd;GAS Tecnologia Service;C:\windows\system32\DRIVERS\gbpndisrd.sys [x]

S0 BtHidBus;Bluetooth HID Bus Service;C:\windows\System32\Drivers\BtHidBus.sys [x]

S0 GbpKm;Gbp KernelMode;C:\windows\system32\drivers\gbpkm.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [x]

S3 NdisrdMP;NdisrdMP;C:\windows\system32\DRIVERS\gbpndisrd.sys [x]

Conteúdo da pasta 'Tarefas Agendadas'

2012-12-18 C:\windows\Tasks\Adobe Flash Player Updater.job

• C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-11 14:24:13 . 2012-12-11 18:27:20]

2012-12-18 C:\windows\Tasks\avast! Emergency Update.job

• C:\Arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [2012-12-18 11:20:21 . 2012-10-30 22:50:59]

2012-12-18 C:\windows\Tasks\SBWUpdateTask_Logon_18f54a89-0022684E4D8A.job

• C:\ARQUIV~1\ARQUIV~1\SpeedBit\SBUpdate\SBUpdate.exe [2012-12-04 14:36:29 . 2012-12-04 14:36:08]

2012-12-18 C:\windows\Tasks\SBWUpdateTask_Time_18f54a89-0022684E4D8A.job

• C:\ARQUIV~1\ARQUIV~1\SpeedBit\SBUpdate\SBUpdate.exe [2012-12-04 14:36:29 . 2012-12-04 14:36:08]

2012-12-18 C:\windows\Tasks\User_Feed_Synchronization-{0C7BE09E-5960-4C06-8686-765A8F491B06}.job

• C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 21:36:40 . 2007-08-13 21:36:40]

2012-12-18 C:\windows\Tasks\User_Feed_Synchronization-{16250015-7DF9-4DD2-A276-22084A105D91}.job

• C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 21:36:40 . 2007-08-13 21:36:40]

------- Scan Suplementar -------

uStart Page = hxxp://www.google.com.br/

mStart Page = hxxp://www.google.com.br/

IE: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

IE: &Verify with DAP - C:\Arquivos de programas\DAP\dapverify.htm

IE: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bancoreal.com.br\www

Trusted Zone: bancosantander.com.br\www

Trusted Zone: bb.com.br\www

Trusted Zone: itau.com.br\bankline

Trusted Zone: itau.com.br\guardiao

Trusted Zone: itau.com.br\www

Trusted Zone: realsecureweb.com.br\www

Trusted Zone: realsecureweb.com.br\www2

Trusted Zone: realsecureweb.com.br\wwws

Trusted Zone: santander.com.br\www

Trusted Zone: santanderempresarial.com.br\www

Trusted Zone: santandernet.com.br\www

Trusted Zone: santandernet.com.br\wwws

Trusted Zone: santandernet.com.br\wwws2

Trusted Zone: santandernetibe.com.br\www

Trusted Zone: secureweb.com.br\www

TCP: DhcpNameServer = 10.4.65.16

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Arquivos de programas\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Arquivos de programas\DAP\dapie.dll

FF - ProfilePath - C:\Documents and Settings\f001869\Dados de aplicativos\Mozilla\Firefox\Profiles\elmohjy7.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.speedbit.com/search.aspx?s=CC4a105&q=

FF - prefs.js: browser.search.selectedEngine - Speedbit Search

FF - prefs.js: browser.startup.homepage - hxxp://search.speedbit.com/?s=CC4a105

FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/search.aspx?s=CC4a105&q=

FF - ExtSQL: 2012-10-23 14:13; {87F8774F-B485-47E2-A755-A40A8A5E8874}; C:\Documents and Settings\f001869\Dados de aplicativos\Mozilla\Firefox\Profiles\elmohjy7.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}

FF - ExtSQL: 2012-12-04 11:36; {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}; C:\Arquivos de programas\DAP\DAPFireFox

FF - ExtSQL: 2012-12-04 11:36; daplinkchecker@speedbit.com; C:\Arquivos de programas\DAP\daplinkchecker

FF - ExtSQL: 2012-12-18 08:22; wrc@avast.com; C:\Arquivos de programas\AVAST Software\Avast\WebRep\FF

user_pref('extensions.dealply.partner', 'iron');

user_pref('extensions.dealply.channel', 'iron3');

user_pref('extensions.dealply.installId', 'v23900275641024203017042012082117282521');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '1');

FF - user.js: extensions.claro.id - 18f54a890000000000000022684e4d8a

FF - user.js: extensions.claro.instlDay - 15582

FF - user.js: extensions.claro.vrsn - 1.6.4.1

FF - user.js: extensions.claro.vrsni - 1.6.4.1

FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.19:43:09

FF - user.js: extensions.claro.prtnrId - claro

FF - user.js: extensions.claro.prdct - claro

FF - user.js: extensions.claro.aflt - babsst

FF - user.js: extensions.claro_i.smplGrp - none

FF - user.js: extensions.claro.tlbrId - iclaro

FF - user.js: extensions.claro.instlRef - sst

FF - user.js: extensions.claro.dfltLng - en

FF - user.js: extensions.claro.excTlbr - false

FF - user.js: extensions.claro.admin - false

user_pref('extensions.dealply.partner', 'vn');

user_pref('extensions.dealply.channel', 'pcdealply');

user_pref('extensions.dealply.installId', 'v24300298056394650005402012121116144223');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '3');

FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=pcmega1&ir=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0EyE0Dzz0AyE0AzzzytN0D0Tzu0CtAyEyCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=431002285

FF - user.js: extensions.funmoods.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Funmoods

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=pcmega1&ir=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0EyE0Dzz0AyE0AzzzytN0D0Tzu0CtAyEyCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=431002285

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=pcmega1&ir=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0EyE0Dzz0AyE0AzzzytN0D0Tzu0CtAyEyCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=431002285&q=

FF - user.js: extensions.funmoods.id - 0022684E4D8A4A89

FF - user.js: extensions.funmoods.instlDay - 15685

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2216:14:41

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - pcmega1

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - pcmega1

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=18f54a890000000000000022684e4d8a&q=

FF - user.js: extensions.BabylonToolbar.id - 18f54a890000000000000022684e4d8a

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15687

FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.4.9

FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.4.9

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.4.915:33:06

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar_i.excTlbr - false

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110824&tt=5012_8

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar.autoRvrt - false

FF - user.js: extensions.BabylonToolbar.rvrt - false

• - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-AnySend Updater - C:\Arquivos de programas\AnySend\AnySendUpdater.exe

MSConfigStartUp-Media Finder - C:\Arquivos de programas\Media Finder\Media Finder.exe

AddRemove-Google Chrome - C:\Documents and Settings\f001869\Configurações locais\Dados de aplicativos\Google\Chrome\Application\20.0.1132.57\Installer\setup.exe

AddRemove-{9FDEF7FC-0D03-4CAE-9DC3-1F436A93BDA4} - C:\Documents and Settings\f001869\Configurações locais\Dados de aplicativos\{A91C477B-655B-4FEA-8B8E-CC6820970F3A}\setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-18 17:44:49

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@C:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="C:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EA9A8FA-F5D2-49E1-99E8-C26EE07FCEEB}\Elevation]

@DACL=(02 0000)

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EA9A8FA-F5D2-49E1-99E8-C26EE07FCEEB}\LocalServer32]

@DACL=(02 0000)

@="C:\\ARQUIV~1\\ARQUIV~1\\MICROS~1\\OFFICE12\\OFFICE~1\\SETUP.EXE"

[HKEY_LOCAL_MACHINE\software\Classes\contact_oe_auto_file\shell]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\03076BB64DB02933C93976B1AC698DE0\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"114"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\0EB7ECFEE015239449574FC49DD01EA6\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"21693"=";Microsoft .NET Framework 1.1 Security Update (KB2572067)"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\13CA5F6F338977E3CAE8E819C0BA93EA\SourceList\Media]

@DACL=(02 0000)

"102"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\17AFD8C1970420F48BBB741BC2A165F5\SourceList\Media]

@DACL=(02 0000)

"100"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\17BB7F68F8EF60333A529FE30E46718B\SourceList\Media]

@DACL=(02 0000)

"111"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\1FA98C108219B99448EDF4C3B1EC100C\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"106"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\1FDE42FC632E233438BCC407A1B9BC0F\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"107"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\2451D69CF585D214C8A52004DB1A469B\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"106"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\24DF66A32D05A9E3185BCE3E5E3C90A7\SourceList\Media]

@DACL=(02 0000)

"111"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\256917180E811B74A9218FB20F574DBD\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"105"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\28C9EA2BB7CD1463FB8C7872C5F46370\SourceList\Media]

@DACL=(02 0000)

"101"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\295DC294DD789E13083868560A521636\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"111"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\2F2AEE7ADCFB45A45A57B7187A686E85\SourceList\Media]

@DACL=(02 0000)

"100"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\37297481046CEAF47BC8DC52A6399760\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"104"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\39A42FFE0FC238638B828E356BCFABA0\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"115"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\39D9350CFCD18153BBE9C69E85245243\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"114"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\3D90EFE177C6D6E478F667BC032D50C6\SourceList\Media]

@DACL=(02 0000)

"101"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\4152E9034D92C5043B1B417D32B1AF61\SourceList\Media]

@DACL=(02 0000)

"102"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\41A670B5874F6653EBA789C5C326F94A\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"111"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\425A33BDE5485584E9095A16B9DC5D72\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"103"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\43F3D5FAA348FB140A3FF2BB0AB09A9B\SourceList\Media]

@DACL=(02 0000)

"104"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\44D51B2A7D3B696448850A89C682FA0D\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"102"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\484CA1D2615EC8048852CA1B3C65CAA7\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"101"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\4C9878626E35BDD4F833D8F0E900B0AE\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"100"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\55399781A9D2FFB32AEFF88353F1ADAB\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"114"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\5E903427217EC6249BD46B4B52112CF9\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"104"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\5EDEE27DAF3D979329DEF894846ED2F0\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"114"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\645BC568E92815C458A6C140B262F43E\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"108"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\6BE374011DC2CCB3D99A1D1081FE29FF\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"113"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\6D0233A2508C08244B326B56DB3ED3F8\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"21685"=";Microsoft .NET Framework 1.1 Security Update (KB979906)"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\6ECFE6F2FD019F94E946A93E77B55288\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"21689"=";Microsoft .NET Framework 1.1 Security Update (KB2416447)"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\82B28DCEEB84C6245BB5E60C22162658\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"108"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\881B67FDBD11CD343A98012492599A97\SourceList\Media]

@DACL=(02 0000)

"107"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\8D81D36F6C56F404CB6CCB6111055157\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"101"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\91C30D4F0ACD90B4387EEBB3608C4DCD\SourceList\Media]

@DACL=(02 0000)

"109"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\91EFD319CE23990498CA72CF94A3A7E2\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft Office Enterprise 2007"

"117"="OFFICE12;1"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\91F4988A8C952D83A857630CCC5EA6B5\SourceList\Media]

@DACL=(02 0000)

"102"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\9E0DE89293FE9BB33898F24ED18CCF08\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"109"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\A2A49AADD8A2B3D4D98B65BFCEDE80D2\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"21624"=";Microsoft .NET Framework 1.1 Security Update (KB953297)"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\B4C419EC05CA8E13D92A51BD928D65F8\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"113"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\B4DC2171CF6DE183589FF2E42C91F993\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"116"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\B8F6D1795C8E4A94E93D980C010B8D2D\SourceList\Media]

@DACL=(02 0000)

"103"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\BBBC54B31AC5BF448958CA8CF16725E1\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"107"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\BE7C28545F39D804F992A5B51E7E8654\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"103"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\C3CFBEEB1B8483A43A5C18AB91FDF504\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"109"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\CD9B5C7DC4E6EED4A9B71438ADD41C2C\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"100"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\DE6BA3F2C1597EC4A89C5864DFFCF1A5\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"102"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\E0337B0F8B42AE34C86D1D4124A8C1CE\SourceList\Media]

@DACL=(02 0000)

"108"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\E54DA494170E9184E8511E40F1FB0F37\SourceList\Media]

@DACL=(02 0000)

"110"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\E6C461BDA4E80374796CED4868BE63F7\SourceList\Media]

@DACL=(02 0000)

"106"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\E9030CAD6F70DA545BFBB5D0FE17FFEE\SourceList\Media]

@DACL=(02 0000)

"105"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\F3F86E863D2A6B148B1252798C5CCBBB\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"105"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\F9DC276355B3ECF3D85A5DC7A31B1005\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"114"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\FA6C3120265590D488C4A2CDCFC8F253\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"21704"=";Microsoft .NET Framework 1.1 Security Update (KB2656353)"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\00002109030000000000000000F01FEC\Patches]

@DACL=(02 0000)

"6D6C63B08D5FFAE4FB4934672A03DAB5"=":9000300000000012.0.4518.1014;:#9000300000000012.0.4518.1014"

"D582444CF4E54A8419DD74AAAA869ED2"=":9000300000000012.0.4518.1014;:#9000300000000012.0.4518.1014"

"9B247DCF55A7CB447A677F592FF1DECD"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"84125F966FB9CDC4FB6701D3AE3FDD80"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"ACD702F79933BC049A86E695191B24A1"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"895910D395B7A74408EA18B507B348FF"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"77772117C2B879F4FAA7C68FAC8C22D4"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"9A05092308FE9F046B334705F8451CFF"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"A187BCC8B6FCBCF46B8D956CD45F6CBD"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"3B0D90113AFE3554AADEC4E3A91D038E"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"CECC24119ACAB484AB093C5AAC91885C"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"5D34E4A5F858DB94AB27F8031E970306"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"B0F794C516029CC46AC1B6548B7653D4"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"AF47B5A729A79CF428A1D25D4D7EE384"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"205BF635F5774944ABEC0CC29CB0A7B5"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"733967DCCA8CBD647ACD46E305802936"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"EAEEC4B088AAC094CB2BAA3C2491184A"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"162039D5B5AA1D8439F124C5D9674709"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"DBC1F3FBC50B4464EA34E60ECF2C724A"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"38512CDB1065B2B4883F97916FEDF81B"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"95AC4D1007070244B9CCE0AFC7D567EB"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"D7FBC1A34074CB043BC1AA6781483A4E"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"2A21C346A9FA21748BEBB36705FA0EA0"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"7A46902C18155E54E928275F4D00EDFB"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"5FD3787BC1E9EE5488592DC9A60E2120"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"948F5D0A5D9DDE84990D7CD4B7AFA690"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"0F2378A5F02CB9A42A9A66EFA785C653"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"1D301765DC6967B4399B62181A78EDFF"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"BF4D0FE032BB5154AAAE2104CAD25A52"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"72A61AEA79B0076418F89AD860CEA0F6"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"72D202844D6A46241A48156A8EDAC704"=":9000300000000012.0.4518.1014;:#9000300000000012.0.4518.1014"

"Patches"=multi:"6D6C63B08D5FFAE4FB4934672A03DAB5\0095AC4D1007070244B9CCE0AFC7D567EB\00EAEEC4B088AAC094CB2BAA3C2491184A\00BF4D0FE032BB5154AAAE2104CAD25A52\003B0D90113AFE3554AADEC4E3A91D038E\00CECC24119ACAB484AB093C5AAC91885C\009A05092308FE9F046B334705F8451CFF\00D7FBC1A34074CB043BC1AA6781483A4E\00895910D395B7A74408EA18B507B348FF\00205BF635F5774944ABEC0CC29CB0A7B5\001D301765DC6967B4399B62181A78EDFF\005D34E4A5F858DB94AB27F8031E970306\000F2378A5F02CB9A42A9A66EFA785C653\00B0F794C516029CC46AC1B6548B7653D4\00162039D5B5AA1D8439F124C5D9674709\002A21C346A9FA21748BEBB36705FA0EA0\0084125F966FB9CDC4FB6701D3AE3FDD80\0077772117C2B879F4FAA7C68FAC8C22D4\00AF47B5A729A79CF428A1D25D4D7EE384\00ACD702F79933BC049A86E695191B24A1\00A187BCC8B6FCBCF46B8D956CD45F6CBD\00948F5D0A5D9DDE84990D7CD4B7AFA690\0072A61AEA79B0076418F89AD860CEA0F6\005FD3787BC1E9EE5488592DC9A60E2120\0038512CDB1065B2B4883F97916FEDF81B\00DBC1F3FBC50B4464EA34E60ECF2C724A\007A46902C18155E54E928275F4D00EDFB\00D582444CF4E54A8419DD74AAAA869ED2\00733967DCCA8CBD647ACD46E305802936\009B247DCF55A7CB447A677F592FF1DECD\0072D202844D6A46241A48156A8EDAC704\00\00"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\00002109030000000000000000F01FEC\SourceList]

@DACL=(02 0000)

"PackageName"="EnterpriseWW.msi"

"LastUsedSource"=expand:"n;1;C:\\MSOCache\\All Users\\{90120000-0030-0000-0000-0000000FF1CE}-C\\"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\000021599B0090400000000000F01FEC\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft Application Error Reporting"

"1"="OFFICE12;1"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\00002159FA0061400000000000F01FEC\Patches]

@DACL=(02 0000)

"4328B5719D5860B4F81118A6D7D61E61"=":9500AF0416000012.0.4518.1019;:#9500AF0416000012.0.4518.1019"

"895910D395B7A74408EA18B507B348FF"=":9500AF0416000012.0.6425.1000;:#9500AF0416000012.0.6425.1000"

"EAEEC4B088AAC094CB2BAA3C2491184A"=":9500AF0416000012.0.6425.1000;:#9500AF0416000012.0.6425.1000"

"DBC1F3FBC50B4464EA34E60ECF2C724A"=":9500AF0416000012.0.6425.1000;:#9500AF0416000012.0.6425.1000"

"95AC4D1007070244B9CCE0AFC7D567EB"=":9500AF0416000012.0.6425.1000;:#9500AF0416000012.0.6425.1000"

"2A21C346A9FA21748BEBB36705FA0EA0"=":9500AF0416000012.0.6425.1000;:#9500AF0416000012.0.6425.1000"

"948F5D0A5D9DDE84990D7CD4B7AFA690"=":9500AF0416000012.0.6425.1000;:#9500AF0416000012.0.6425.1000"

"BF4D0FE032BB5154AAAE2104CAD25A52"=":9500AF0416000012.0.6425.1000;:#9500AF0416000012.0.6425.1000"

"306448DBD245F124E9CC86EE999FD556"=":9500AF0416000012.0.6425.1000;:#9500AF0416000012.0.6425.1000"

"Patches"=multi:"4328B5719D5860B4F81118A6D7D61E61\0095AC4D1007070244B9CCE0AFC7D567EB\00EAEEC4B088AAC094CB2BAA3C2491184A\00BF4D0FE032BB5154AAAE2104CAD25A52\00895910D395B7A74408EA18B507B348FF\002A21C346A9FA21748BEBB36705FA0EA0\00948F5D0A5D9DDE84990D7CD4B7AFA690\00DBC1F3FBC50B4464EA34E60ECF2C724A\00306448DBD245F124E9CC86EE999FD556\00\00"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\00002159FA0061400000000000F01FEC\SourceList]

@DACL=(02 0000)

"PackageName"="ppviewer.msi"

"LastUsedSource"=expand:"n;1;C:\\Arquivos de programas\\MSECache\\PPTViewer\\"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\080E7FFA4791FB54390101EDA1F1E50D\SourceList\Media]

@DACL=(02 0000)

"1"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\0D756077321A70C3E844C138CE981581\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\0DC1503A46F231838AD88BCDDC8E8F7C\SourceList\Media]

@DACL=(02 0000)

"1"=";1"

"100"=";"

"101"=";"

"102"=";"

"103"=";"

"104"=";"

"105"=";"

"106"=";"

"107"=";"

"108"=";"

"109"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\26DDC2EC4210AC63483DF9D4FCC5B59D\SourceList\Media]

@DACL=(02 0000)

"1"=";1"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\313E2097F0FF3944CA1B8A41B787CD0D\SourceList]

@DACL=(02 0000)

"PackageName"="HPSSupply.msi"

"LastUsedSource"=expand:"n;1;C:\\hp_P1000_P1500_Full_Solution\\DTSS\\"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120661FF\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"="DISK1;1"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\6E58EC68CABDDFF39B774E7BF9389C90\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\A35E09D5C7DB23F8B92877330D0FCBE8\SourceList\Media]

@DACL=(02 0000)

"1"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"2"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"3"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"4"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"5"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"6"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"7"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"8"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"9"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"10"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"11"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\C3B02CB566F11584AAC07B1BA5F7D368\SourceList\Media]

@DACL=(02 0000)

"1"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\Patches]

@DACL=(02 0000)

"CD9B5C7DC4E6EED4A9B71438ADD41C2C"=":oldTocurrent;:#oldTocurrent"

"8D81D36F6C56F404CB6CCB6111055157"=":oldTocurrent;:#oldTocurrent"

"44D51B2A7D3B696448850A89C682FA0D"=":oldTocurrent;:#oldTocurrent"

"425A33BDE5485584E9095A16B9DC5D72"=":oldTocurrent;:#oldTocurrent"

"37297481046CEAF47BC8DC52A6399760"=":oldTocurrent;:#oldTocurrent"

"F3F86E863D2A6B148B1252798C5CCBBB"=":oldTocurrent;:#oldTocurrent"

"1FA98C108219B99448EDF4C3B1EC100C"=":oldTocurrent;:#oldTocurrent"

"BBBC54B31AC5BF448958CA8CF16725E1"=":oldTocurrent;:#oldTocurrent"

"645BC568E92815C458A6C140B262F43E"=":oldTocurrent;:#oldTocurrent"

"Patches"=multi:"CD9B5C7DC4E6EED4A9B71438ADD41C2C\008D81D36F6C56F404CB6CCB6111055157\0044D51B2A7D3B696448850A89C682FA0D\00425A33BDE5485584E9095A16B9DC5D72\0037297481046CEAF47BC8DC52A6399760\00F3F86E863D2A6B148B1252798C5CCBBB\001FA98C108219B99448EDF4C3B1EC100C\00BBBC54B31AC5BF448958CA8CF16725E1\00645BC568E92815C458A6C140B262F43E\00\00"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"1"=";1"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\DC3BF90CC0D3D2F398A9A6D1762F70F3\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";"

"100"=";"

"101"=";"

"102"=";"

"103"=";"

"104"=";"

"105"=";"

"106"=";"

"107"=";"

"108"=";"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\DD3E9A158B73BB74E876B5673BFECB84\SourceList]

@DACL=(02 0000)

"PackageName"="wllogin.msi"

"LastUsedSource"=expand:"n;1;C:\\Arquivos de programas\\Arquivos comuns\\Windows Live\\.cache\\8c88ce841ca4d01\\"

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\DDE7F2BCF1D91C3409CFF425AE1E271A\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";Microsoft .NET Framework 1.1 [Disk 1]"

"2"=";Microsoft .NET Framework 1.1 [Disk 1]"

"3"=";Microsoft .NET Framework 1.1 [Disk 1]"

"4"=";Microsoft .NET Framework 1.1 [Disk 1]"

"5"=";Microsoft .NET Framework 1.1 [Disk 1]"

"6"=";Microsoft .NET Framework 1.1 [Disk 1]"

"7"=";Microsoft .NET Framework 1.1 [Disk 1]"

"8"=";Microsoft .NET Framework 1.1 [Disk 1]"

"9"=";Microsoft .NET Framework 1.1 [Disk 1]"

"10"=";Microsoft .NET Framework 1.1 [Disk 1]"

"11"=";Microsoft .NET Framework 1.1 [Disk 1]"

"12"=";Microsoft .NET Framework 1.1 [Disk 1]"

"13"=";Microsoft .NET Framework 1.1 [Disk 1]"

"14"=";Microsoft .NET Framework 1.1 [Disk 1]"

"15"=";Microsoft .NET Framework 1.1 [Disk 1]"

"16"=";Microsoft .NET Framework 1.1 [Disk 1]"

"17"=";Microsoft .NET Framework 1.1 [Disk 1]"

"18"=";Microsoft .NET Framework 1.1 [Disk 1]"

"19"=";Microsoft .NET Framework 1.1 [Disk 1]"

"20"=";Microsoft .NET Framework 1.1 [Disk 1]"

"21"="URTSTDD1;Microsoft .NET Framework 1.1 [Disk 1]"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Macromedia\FlashPlayerActiveX\Components]

@DACL=(02 0000)

"Main"="1"

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

• - - - - - - > 'winlogon.exe'(1004)

C:\ARQUIV~1\GBPLUGIN\gbieh.dll

C:\ARQUIV~1\GbPlugin\gbiehscd.dll

C:\ARQUIV~1\GbPlugin\gbiehcef.dll

C:\ARQUIV~1\GbPlugin\gbiehabn.dll

C:\ARQUIV~1\GbPlugin\gbiehuni.dll

C:\ARQUIV~1\GbPlugin\gbiehisg.dll

C:\windows\system32\MPRUI.dll

Tempo para conclusão: 2012-12-18 17:45:56

ComboFix-quarantined-files.txt 2012-12-18 20:45:54

ComboFix2.txt 2012-07-17 11:35:27

Pré-execução: 19 pasta(s) 286.826.930.176 bytes disponíveis

Pós execução: 20 pasta(s) 288.123.437.056 bytes disponíveis

• - End Of File - - 51210C31B7B89575A7023D775F045AFD

Boa Noite! Edvan

|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Silent.jpg&key=b108c6f3da4b9ebe004c6fc63c6e29fc4f2043056612e16f58c8a6da9600eaea" alt="ZHPDiag_Silent.jpg" /> > ( ... par Nicolas Coolman )

|- Salve-o no desktop!

|- Desabilite seu antivírus!

|- Caso utilize o Avast,estabeleça esta configuração à SandBox.

|- Para Windows Vista ou 7,clique direito e execute o arquivo como /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_4cones.jpg&key=1fa875282159446f710d915aa0f19515c10ea929b8487f1466b6ce34a529ae11" alt="ZHPDiag_4cones.jpg" />

|- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abi6rX9e.jpg&key=92c78ea35f87f8eb069ae0f2916f89217f86c2317aef892b27e6440e4dd75740" alt="abi6rX9e.jpg" />

|- Poste e/ou cole aqui,o link que será gerado,logo após o relatório.

|- Ou acesse: /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" />

|- Ou acesse: /applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abmdaZsE.jpg&key=433ccdd2cd040bd965a0b2bee3887132a2fd78ca8d607165658bf45467e220f0" alt="abmdaZsE.jpg" />

|- Maiores informações: < |Link| >

A+

Logs: http://pjjoint.malekal.com/files.php?read=ZHPDiag_20121219_f12v9l6t7w5

ou

Link: http://cjoint.com/12dc/BLtmEzZbEbK.htm

Veja esse log no perfil do usuário, veja se muda alguma coisa;

Link http://pjjoint.malekal.com/files.php?read=ZHPDiag_20121219_q14v9n8z10n11

ou

Link: http://cjoint.com/12dc/BLtmW4V2LCQ.htm

Bom Dia! Edvan

|- Caso possua,desinstale: C:\Arquivos de programas\Spybot - Search & Destroy <<

-/-

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHPFix_silent_zps532d2db6.jpg&key=e3bca71d24a0067fad1910903f2d756650c2d526a3a3b4495f41f8a5e073328a" alt="ZHPFix_silent_zps532d2db6.jpg" />

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas".

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://search.speedbit.com
O2 - BHO: (no name) - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} Orphean Key
O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} Orphean Key
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} Orphean Key
O2 - BHO: (no name) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} Orphean Key
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Orphean Key
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Orphean Key
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} Orphean Key
O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} Orphean Key
O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} Orphean Key
O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} Orphean Key
O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540011} Orphean Key
O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540015} Orphean Key
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} Orphean Key
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} Orphean Key
O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (...) -- (.not file.)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\avast! Emergency Update.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\SBWUpdateTask_Logon_18f54a89-0022684E4D8A.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\SBWUpdateTask_Time_18f54a89-0022684E4D8A.job
O43 - CFD: 04/01/2012 - 09:23:29 - [1,114] ----D C:\Arquivos de programas\Spybot - Search & Destroy
O44 - LFC:[MD5.3C0D63FBA3CA416471F90C9BDF7BF8E2] - 18/12/2012 - 07:54:45 ---A- . (...) -- C:\hijackthis.log [8167]

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: Modified => Infection BT (Hijacker.Intl)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: Modified
[HKLM\Software\360Safe] => Infection Diverse (Lozavita.Troj)

proxyfix
emptytemp
emptyflash
firewallraz
sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_PasteClipboard.jpg&key=e48613cfa6f79756d0d3087d1f9470f91a4d063f3d1285295d93d87cacbfb63d" alt="ZHPDiag_PasteClipboard.jpg" />

|- Clique no menu,"Paste ClipBoard".

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acerMAbC.jpg&key=8f6573385f94e5beff1160ce0a8e6778a7b84bd7dbdcfdd2ee7c4058d85bf88a" alt="acerMAbC.jpg" />

|- Clique "GO" -> Oui.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPFix_GO.jpg&key=558fe81face1e694faa61f1e0c3985db203e8ad910d59aa68f5da5f2fd114f02" alt="ZHPFix_GO.jpg" />

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

A+

Rapport de ZHPFix 1.3.05 par Nicolas Coolman, Update du 09/10/2012

Fichier d'export Registre :

Run by f001869 at 19/12/2012 10:24:37

Windows XP Professional Service Pack 3 (Build 2600)

Web site : http://nicolascoolman.skyrock.com/

========== Registry Key ==========

DELETED Key: CLSID BHO: {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}

DELETED Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540003}

DELETED Key: CLSID BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}

DELETED Key: CLSID BHO: {2E3C3651-B19C-4DD9-A979-901EC3E930AF}

DELETED Key: CLSID BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

DELETED Key: CLSID BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

DELETED Key: CLSID BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6}

DELETED Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540000}

DELETED Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540007}

DELETED Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540008}

DELETED [HKLM\SOFTWARE\Classes\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540008}]

DELETED [HKCR\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540008}]

DELETED Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540011}

DELETED Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540015}

DELETED Key: CLSID BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9}

DELETED Key: CLSID BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

DELETED Key: HKLM\Software\360Safe

========== Registry Value ==========

DELETED Toolbar: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe

DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe

DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe

DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe

No Value in Firewall Exception Register Key (FirewallRaz)

========== Registry Data Items ==========

REMOVED R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs

REMOVED Explorer Association Data Application: http://www.fileextensionpro.com/redir.aspx?LangID=%04x&Ext=%s

REMOVED Explorer Association Data Intl: http://www.fileextensionpro.com/redir.aspx?LangID=%04x&Ext=%s

REMOVED Explorer Association Data XMLLookup: http://www.fileextensionpro.com/redir.aspx?LangID=%04x&Ext=%s

========== Repertory ==========

DELETED Folder: C:\Arquivos de programas\Spybot - Search & Destroy

DELETED Window Temporary:

DELETED Flash Cookies:

========== File ==========

DELETED File: c:\windows\tasks\adobe flash player updater.job

DELETED File: c:\windows\tasks\avast! emergency update.job

DELETED File: c:\windows\tasks\sbwupdatetask_logon_18f54a89-0022684e4d8a.job

DELETED File: c:\windows\tasks\sbwupdatetask_time_18f54a89-0022684e4d8a.job

DELETED File: c:\hijackthis.log

DELETED Window Temporary:

DELETED Flash Cookies:

========== Restoration ==========

Restore System Point created succefully

========== Summary ==========

17 : Registry Key

12 : Registry Value

4 : Registry Data Items

3 : Repertory

7 : File

1 : Restoration

End of clean in 01mn 09s

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 19/12/2012 10:24:43 [3210]

Bom Dia! Edvan

|- Desabilite seu antivírus!

|- Vá em Iniciar -> Executar -> Digite ou cole: combofix.exe /uninstall -> Clique OK.

|- Clique em Executar -> Aguarde!

|- Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" -> Clique OK.

|- Caso encontre,apague: C:\ComboFix <- A pasta! + C:\ComboFix.txt <- Relatório!

|- Ou,vá em Iniciar -> Executar -> Digite ou cole ( Paste ):

|- /applications/core/interface/imageproxy/imageproxy.php?img=http://i275.photobucket.com/albums/jj285/Bleeping/Combofix/CFuninstall.gif&key=9b3a0075b9283fbb9aaeb68a1c1728fbc49ab565333ff2c34d67b985952b1bae" alt="CFuninstall.gif" />

"%userprofile%\desktop\combofix" /uninstall

|- Clique OK.

|- Aguarde a desinstalação,e clique OK na mensagem.

|- Ps: Outra opção,seria renomear o Combofix.exe para uninstall.exe e executá-lo.

|- Ps: Muitos confundem com nova execução,mas a ferramenta fará a auto-desinstalação.

-/-

|- Baixe: < Pre_Scan > ( ... par g3n-h@ckm@n & Saachaa )

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abdEsti0.jpg&key=306e5e8937adc596f5852760e6d438ec0ae97226c2d18cf1665813cc8cbdf2c4" alt="abdEsti0.jpg" />

|- Ou aqui: < Pre-Scan > Mirror!

|- Ou aqui: < Pre_Scan.pif > Caso ocorra impedimentos por malwares!

|- Estando na página,clique na seta verde ou Mirror 1.

|- Salve-o no desktop! < /applications/core/interface/imageproxy/imageproxy.php?img=http://general-changelog-team.fr/images/jdownloads/screenshots/thumbnails/images_2.jpg&key=eaa93ac922e9c9c238a3489394f1822336d55b865180941b2067866cf0f53d64" alt="images_2.jpg" /> ( winlogon ) >

|- Desabilite seu antivírus,antispyware,sandbox e/ou firewall.

|- Feche programas que estejam abertos e execute a ferramenta!

|- Duplo-clique em Pre_scan.exe. < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/Pre_scan_Logo.jpg&key=e21981b8fefeae87e12f0758f7cff7521d74b41fe9f74f7d390e6dde7f05c2e4" alt="Pre_scan_Logo.jpg" /> >

|- Ps: Durante o scan,sua área de trabalho irá desaparecer e janelas pretas irão surgir na tela. Tudo isso é normal e faz parte do funcionamento da ferramenta.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Pre_Scan_Kill.jpg&key=24eb807fdfde3783a7735edb355ce5b2e48156fce7f9bbc579af84bb47c8bcb0" alt="Pre_Scan_Kill.jpg" />

|- Encontrando infecções,pode ocorrer reinicialização e aparecer essa tela,logo àcima.

|- Ps: Caso apareça e não mostre nenhuma solicitação,clique em "Kill".

|- Neste caso,haverá novo scan e,ao final,será disponibilizado o relatório.

|- Poderá haver reboot(s) e prosseguimento do scan. << Aguarde!

|- Poste ao concluir,o relatório! ( Pre_Scan.txt ) << Link ao relatório!

|- Para enviar,acesse!: /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" />

|- Ou...1fichier.com

|- Ou...myfile.tk

A+

Boa tarde amigo.

Ao tentar rodar o Pre_Scan > gerou o erro abaixo:

/applications/core/interface/imageproxy/imageproxy.php?img=http://img59.imageshack.us/img59/1615/erroan.jpg&key=e44b54a7f77598c8e146e4357a8980e92656c81682af9114956638f2259644aa" alt="erroan.jpg" />

Ao executar o scan a área de trabalho e ícones desapareceram e gerou esse erro.

Daí precionei Alt+Ctrl, entrei no Gerenciador de tarefas do windows e ativei o explorer.exe para aparecer novamente a área de trabalho.

/applications/core/interface/imageproxy/imageproxy.php?img=http://img826.imageshack.us/img826/6796/exploreri.jpg&key=64d5553e142e5fb845cb7e09a5c3753647a952664bb8d1231388179dbec3d0c8" alt="exploreri.jpg" />

Boa Tarde! Edvan

|- Utilize Pre_Scan.pif que,ao operar,não dará stop ao desktop.

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abyHHS5Y.jpg&key=f7c285bbcc915d8c9341400b1ac1240aae2854aedda12971afcbbe52dad3847e" alt="abyHHS5Y.jpg" />

|- Ao surgir essa tela,dê a opção diagnóstico ao clicar "DiaG".

|- Ao concluir,poste o link ao relatório. ( CJoint.com ou MyFile.tk )

A+

>
Boa Tarde! Edvan

|- Utilize Pre_Scan.pif que,ao operar,não dará stop ao desktop.

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abyHHS5Y.jpg&key=f7c285bbcc915d8c9341400b1ac1240aae2854aedda12971afcbbe52dad3847e" alt="abyHHS5Y.jpg" />

|- Ao surgir essa tela,dê a opção diagnóstico ao clicar "DiaG".

|- Ao concluir,poste o link ao relatório. ( CJoint.com ou MyFile.tk )

A+

Estranho amigo, pois ao clicar "DiaG" gera o erro.

/applications/core/interface/imageproxy/imageproxy.php?img=http://img821.imageshack.us/img821/7899/virusrq.jpg&key=3311e14b22c1daa5d009710d20cb5b9bb70b6e6dcd34ef47b362baa7324c7746" alt="virusrq.jpg" />

No "C" encontrei esse log aqui.

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Diag | 2.1219 | g3n-h@ckm@n & Saachaa ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤

~ Update on 19/12/2012 | 18.30 by g3n-h@ckm@n

~ Evolution : http://gen-hackman.forum-pro.fr/t64-historique-de-l-outil

~ Pre_Script Infos : http://gen-hackman.forum-pro.fr/t89-les-switchs

~ Pre_scan Feedbacks : http://gen-hackman.forum-pro.fr/t93-feedback-pre_scan#505

~ [f001869 (Administrator)] - [FUN0105]

~ SID = S-1-5-21-2586132527-314635491-3328972525-21052

~ System : Microsoft Windows XP (32 bits) Service Pack 3

~ ProcessorNameString : Pentium® Dual-Core CPU E5300 @ 2.60GHz

~ Identifier : x86 Family 6 Model 23 Stepping 10

17:10:04

¤¤¤¤¤¤¤¤¤¤ | MD5 Control

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Diag | 2.1219 | g3n-h@ckm@n & Saachaa ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤

~ Update on 19/12/2012 | 18.30 by g3n-h@ckm@n

~ Evolution : http://gen-hackman.forum-pro.fr/t64-historique-de-l-outil

~ Pre_Script Infos : http://gen-hackman.forum-pro.fr/t89-les-switchs

~ Pre_scan Feedbacks : http://gen-hackman.forum-pro.fr/t93-feedback-pre_scan#505

~ [f001869 (Administrator)] - [FUN0105]

~ SID = S-1-5-21-2586132527-314635491-3328972525-21052

~ System : Microsoft Windows XP (32 bits) Service Pack 3

~ ProcessorNameString : Pentium® Dual-Core CPU E5300 @ 2.60GHz

~ Identifier : x86 Family 6 Model 23 Stepping 10

17:14:17

¤¤¤¤¤¤¤¤¤¤ | MD5 Control

Boa Noite! Edvan

|- Vamos tentar com a OTL. Delete Pre_Scan.exe ou winlogon.exe ou Pre_Scan.pif.

-/-

|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/OTL/otlDesktopIcon.png&key=1894e5d356219721410c3360cbf9af74877ae24ccc81ed88026fc2d95dd96a07" alt="otlDesktopIcon.png" /> > ( ... by OldTimer Tools )

|- Salve-o no desktop!

|- Duplo clique em OTL.exe >> Executar ou /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />

|- Ps: Tendo dificuldades ao executar OTL.exe,delete o arquivo e baixe-o daqui ou aqui.

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acbYKMx0.jpg&key=956637f2de1bf97f9519e151336a4238161d36fe56a7bd50d0667620da5dd24e" alt="acbYKMx0.jpg" />

|- Configure a ferramenta,segundo a screenshot!

|- Em "Exame Extra do Registro",assinale "Nenhum".

crack /s
keygen /s
serial /s
AutoKMS /s
loader /s
%SYSTEMDRIVE%\.
%APPDATA%\Local\*.
%APPDATA%\*.exe /s
%APPDATA%\*.
%systemdrive%\drivers\*.exe
%USERPROFILE%\AppData\Local\.
%USERPROFILE%\AppData\Roaming\.
%systemroot%\system32\drivers\. /90
%systemroot%\assembly\tmp\. /S /MD5
%systemroot%\assembly\temp\. /S /MD5
%systemroot%\assembly\GAC\. /S /MD5
%systemroot%\assembly\GAC_32\. /S /MD5
%systemroot%\system32\config\systemprofile\AppData\Local\.
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\.
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
/md5start
services.exe
/md5stop
regedit /e c:\registrybackup.reg /c
%windir%\tasks\. /s

|- Copie estas informações que estão no Code,para o Bloco de Notas.

|- Salve-as em Meus Documentos ou desktop,com o nome scan. << Texto!

|- Clique na área "Exames Personalizados/Correções".

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acvcVUrd.jpg&key=db0fed5b23d09625588d8b5ed5b03efe9a64bb5fdd50957d617e8b044de082da" alt="acvcVUrd.jpg" />

|- Clique em Ok para procurar um arquivo com exame personalizado.

|- Clique "Abrir". ( scan.txt )

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acqlW68e.jpg&key=51d7a6c7e3539bcb6c0a92e46b99db282782947af7f9a4ce208742fee824c2e1" alt="acqlW68e.jpg" />

|- Após colar as informações na área branca,clique em /applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acng1cS9.jpg&key=fb1e02409683f8329d0b244b9220e36e79615ed69c4f8fed8fb2c273e8653d04" alt="acng1cS9.jpg" />

|- Concluindo,poste o relatório: OTL.txt << Link ao relatório!

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abmdaZsE.jpg&key=433ccdd2cd040bd965a0b2bee3887132a2fd78ca8d607165658bf45467e220f0" alt="abmdaZsE.jpg" />

|- Para enviar,acesse: < MyFile.tk >

|- Ou acesse: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" /> >

|- Maiores informações: < |Link| >

Abraços!

Link http://cjoint.com/12dc/BLumScMzmXc.htm

Estamos com um problema aqui no IE 8.0, não consigo ativar os cookites, usamos um sistema aqui que precisa dos cookites, já desinstalei e instalei o IE e nada.

Ate para bater o ponto que é online nao conseguimos, já pelo FF consigo normalmente, rodei o Fix it da MS e nada.

O que pode ser amigo?

>
Link http://cjoint.com/12dc/BLumScMzmXc.htm

Estamos com um problema aqui no IE 8.0, não consigo ativar os cookites, usamos um sistema aqui que precisa dos cookites, já desinstalei e instalei o IE e nada.

Ate para bater o ponto que é online nao conseguimos, já pelo FF consigo normalmente, rodei o Fix it da MS e nada.

O que pode ser amigo?

Bom Dia! Edvan

|- Já tentou inserir ou configurar,esse link,com endereço preferencial ao IE?

-/-

|- Baixe: < FixPolicies > ( ... by Bill Castner )

|- Salve-o no desktop!

|- Execute o arquivo FixPolicies.exe,com um duplo-clique.

|- Clique em Install.

|- Abra a pasta FixPolicies,que foi criada.

|- Duplo-clique em Fix_policies.cmd.

|- Surgirá,por breve momento,uma caixa preta.

-/-

|- Execute o OTL.exe.

|- Copie estas informações que estão no Code,para o campo clipboard da ferramenta. ( "Exames Personalizados/Correções" )

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\f001869\CONFIG~1\Temp\catchme.sys -- (catchme)
IE - HKLM\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://search.speedbit.com/search.aspx?s=CC4a105&q={searchTerms}
IE - HKU\S-1-5-21-2586132527-314635491-3328972525-21052\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://search.speedbit.com/search.aspx?s=CC4a105&q={searchTerms}
FF - user.js - File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\f001869\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\f001869\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = ""

:Commands
[CLEARALLRESTOREPOINTS]
[purity]
[resethosts]
[emptytemp]
[Reboot]

|- Clique no botão Consertar -> Aguarde a conclusão!

|- O computador vai reiniciar! -> Clique em "Executar".

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/OTL_RunFix.jpg&key=09e9249e416710368096f3071f572470adab328652ebc1420e14063af4dbfd77" alt="OTL_RunFix.jpg" />

|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

A+

Bom Dia! Edvan 

|- Já tentou inserir ou configurar,esse link,com endereço preferencial ao IE?

Feito tudo amigo.

O que o FixPolicies faz? pois nao gerou nada de log!.

All processes killed

========== OTL ==========

Service WDICA stopped successfully!

Service WDICA deleted successfully!

Service PDRFRAME stopped successfully!

Service PDRFRAME deleted successfully!

Service PDRELI stopped successfully!

Service PDRELI deleted successfully!

Service PDFRAME stopped successfully!

Service PDFRAME deleted successfully!

Service PDCOMP stopped successfully!

Service PDCOMP deleted successfully!

Service PCIDump stopped successfully!

Service PCIDump deleted successfully!

Service lbrtfdc stopped successfully!

Service lbrtfdc deleted successfully!

Service i2omgmt stopped successfully!

Service i2omgmt deleted successfully!

Service Changer stopped successfully!

Service Changer deleted successfully!

Service catchme stopped successfully!

Service catchme deleted successfully!

File C:\DOCUME~1\f001869\CONFIG~1\Temp\catchme.sys not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ not found.

Registry key HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21052\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ not found.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21052\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{61628E2A-4FF9-4454-992D-D92A8CD27399} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}\ not found.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

C:\Pre_Scan\Save\Scan\Users\00000002 folder moved successfully.

C:\Pre_Scan\Save\Scan\Users\00000001 folder moved successfully.

C:\Pre_Scan\Save\Scan\Users folder moved successfully.

C:\Pre_Scan\Save\Scan folder moved successfully.

C:\Pre_Scan\Save folder moved successfully.

C:\Pre_Scan\Replace folder moved successfully.

C:\Pre_Scan\Quarantine folder moved successfully.

C:\Pre_Scan\Process folder moved successfully.

C:\Pre_Scan\MBR folder moved successfully.

C:\Pre_Scan\Infected folder moved successfully.

C:\Pre_Scan\dll folder moved successfully.

C:\Pre_Scan folder moved successfully.

C:\Arquivos de programas\ZHPDiag\Quarantine folder moved successfully.

C:\Arquivos de programas\ZHPDiag\Liste Spéciale folder moved successfully.

C:\Arquivos de programas\ZHPDiag folder moved successfully.

C:\ComboFix folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\PSafe\logs folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\PSafe folder moved successfully.

C:\Documents and Settings\f001869\Configurações locais\Dados de aplicativos\funmoods.crx moved successfully.

C:\Documents and Settings\f001869\Meus documentos\Atalho para ComboFix.exe.lnk moved successfully.

C:\Documents and Settings\f001869\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.

C:\Pre_Diag.txt moved successfully.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ not found.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope" | "" /E : value set successfully!

========== COMMANDS ==========

System Restore Service not available.

File move failed. C:\windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Error: Unble to create default HOSTS file!

[EMPTYTEMP]

User: Administrador

->Temp folder emptied: 508778 bytes

->Temporary Internet Files folder emptied: 112094 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 33981709 bytes

->Flash cache emptied: 492 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: e0021

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: f001869

->Temp folder emptied: 90708 bytes

->Temporary Internet Files folder emptied: 32822404 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 90656977 bytes

->Flash cache emptied: 5885 bytes

User: f002024

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: f002873

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: f003140

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 65748 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 16384 bytes

RecycleBin emptied: 4326337 bytes

Total Files Cleaned = 155,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12202012_140255

Files\Folders moved on Reboot...

C:\windows\System32\drivers\etc\Hosts moved successfully.

C:\Documents and Settings\f001869\Configurações locais\Temporary Internet Files\SuggestedSites.dat moved successfully.

File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Boa Noite! Edvan

O que o FixPolicies faz? pois nao gerou nada de log!.

|- Essa ferramenta não gera relatório e corrige políticas incorretas,que costumam ser impostas por malwares ou adwares,ao registro.

Estamos com um problema aqui no IE 8.0, não consigo ativar os cookites, usamos um sistema aqui que precisa dos cookites, já desinstalei e instalei o IE e nada.

|- Aqui,você está referindo-se à cookies?

A+

Aqui,você está referindo-se à cookies?

Isso mesmo amigo, usamos um sistema aqui na empresa, quando vamos gerar um relatório para poder imprimir, a tela com o relatório vem com alguns erros, daí quando clicamos em imprimir nao mostra as impressoras para poder imprimir.

P>S:, vou lá na maquina agora para dar um print screen, para você ter uma ideia do que se trata, isso só acontece na maquina dessa menina, o programador disse para mim que nosso sistema usa cookies e nao estava conseguindo ativar o mesmo no IE da maquina dela, daí fui lá e desinstalei e instalei denovo e nada, passei o fix it mais nada resolveu, muito estranho isso.

Veja na imagem onde circulei em vermelho:

Quando clico em imprimir não sai nada como se estivesse travado tudo.

Acho que vou agendar com a menina para formatar essa maquina em Janeiro/2013, esse pc deve está todo bugado. hehehe.

Bom Dia! Edvan

< html_associationfix >

|- Utilize este Fix,ao descompactá-lo.

< Microsoft Fix it 50198 >

|- Utilize este FixIt.

|- Se não resolver,pode formatar!

A+

Ok.. mais eu executo primeiro o html_associationfix > depois o Microsoft Fix it 50198 >??

>
Ok.. mais eu executo primeiro o html_associationfix > depois o Microsoft Fix it 50198 >??

Olá! Edvan

|- Execute,primeiramente,o html_associationfix.

-/-

|- Baixe: < Re-Enable > /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/TangoSoft.jpg&key=def285c8528cdaa81f9466d3546c8880f89b9dd14f5b10d96d685d0007d0e012" alt="TangoSoft.jpg" /> ( ... by TangoSoft )

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Re-Enable_Installer.jpg&key=a9b5d98202013833969796d3b446234a3a027c0bdca51f1e035ce6337120831c" alt="Re-Enable_Installer.jpg" />

|- Clique em "Download Now" e salve "Installer, Setup.exe" no desktop!

|- Instale-o com um duplo-clique!

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/Re-Enable_NetFramework.jpg&key=b4fcbff4a98a1a96bf3b8a09489ddc5d26ae224d7d1195824b3ca6a9e32a52db" alt="Re-Enable_NetFramework.jpg" />

|- Ps: A sua funcionalidade,requer primeiro a instalação do .Net Framework 3.5.

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/ablE7NHH.jpg&key=1bbd6001cddb6eb0906a66f1e76206281b14aa92dc3e61a5a02e6f9b27115f42" alt="ablE7NHH.jpg" />

|- Desejando a versão portable,essa instalação pode ser dispensada.

|- Para Windows Vista ou 7: Clique direto em "Setup.exe e escolha sua execução como "Administrador".

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Re-Enable20.jpg&key=db77ae9ecdfca1997f699239bef1630004080174fb2676eb639aee4bf0e41266" alt="Re-Enable20.jpg" />

|- Desmarque todos os botões,clicando em 'Check/Uncheck All'

|- Marque: As funções que estejam 'bugadas'

|- Clique em "Re-Enable" -> Aguarde!

|- À seguir,ao concluir,reinicie o computador!

A+

OK. farei o procedimento mais tarde, qualquer coisa retorno com alguma novidade. :thumbsup:

>
OK. farei o procedimento mais tarde, qualquer coisa retorno com alguma novidade. :thumbsup:/>/>

Ok!

|- Mas...você utilizava um FixIt. Qual seria,dentre os que são disponibilizados?

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/Fixit_50371_zps7a46279b.jpg&key=357621693063bfca68b84f1d4de0111c429c64467fdda443ad4eac52a6e5d9ec" alt="Fixit_50371_zps7a46279b.jpg" />

< FixIt >

|- Talvez seja este o Fix it que venha utilizando,mas se não for,pode executá-lo!

A+

Mas...você utilizava um FixIt. Qual seria,dentre os que são disponibilizados?

Não tenho certeza qual utilizei, mais só posso mexer nessa maquina agora em Janeiro/2013, se nao resolver vou formatar mesmo, desde já agradeço pela ajuda. :thumbsup:/>

Pode fechar o tópico! : :lol:/>

PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.