Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Edvan

[Resolvido] &nbspLog para analise

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Edvan    30

Edvan
Postado

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:28:34, on 25/06/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\system32\SearchFilterHost.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

 

--

End of file - 5524 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Olá Edvan!

 

|- O que ocorre? Pois o log não mostra entradas ruins.

|- Poste o log do OTL.txt,já que o do HijackThis não expõe algumas informações.

 

|- Baixe: < otlDesktopIcon.png > ( ...by OldTimer Tools )

 

|- Clique em Salvar! < 0e5c629f14858f5bf77e61d46c160e317c6d8c5d3ee101e311e440e99d7fd7b06g.jpg >

 

|- Salve-o no desktop! < 98c0f1ab3823c58ea05c695fd153839feac6fb6b44aaa3f7f5a2cd4a87354c946g.jpg >

 

|- Duplo clique em OTL.exe --> Executar:

 

c19ede0bf8817fba1b9a9c0e9dae6ede3b8983c41017d8926efac3638b95aee16g.jpg

 

OTL_Configuracao.jpg >> OTL_Padrao.jpg

 

|- Configure "Verificação de Arquivos",segundo a screenshot!

 

OTL_SemExt2.jpg

 

|- Ps: Faça o mesmo para estes!

|- Assinale,também,a inclusão da verificação para 64bits.

|- Em "Exame Extra do Registro",assinale "Nenhum".

 

netsvcs

%APPDATA%\*.exe /s

%APPDATA%\*.

/md5start

explorer.exe

userinit.exe

winlogon.exe

wininit.exe

csrss.exe

smss.exe

svchost.exe

services.exe

uninst.exe

/md5stop

%systemroot%\system32\tasks\*.* /s /64

%windir%\tasks\*.* /s

CREATERESTOREPOINT

6659d256325569c6e621117dc332966313a07d11cb5fb0ea4d9176217c7aefa76g.jpg

 

|- Cole estas informações,que estão em verde,para o campo "Exames Personalizados/Correções".

 

|- Clique em Verificar: OTL_Verificar.jpg

 

|- Concluindo,poste o relatório: OTL.txt

|- Ps: Para grandes relatórios,acesse: < wikisend.jpg >

 

|- Para enviar,siga o caminho: Selecionar arquivo... -> Abrir -> Upload file

|- Poste o endereço que estará em "Download link" ou "Forum link".

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

Boa noite amigo.

 

Log doOTL.Txt:

Link http://wikisend.com/download/129070/OTL.Txt

 

P.S: Minha irmã instalou um monte de porcarias na maquina, tive que desinstalar algumas coisas e fazer limpeza, resolvir postar o log só para diagnostico mesmo para saber se está tudo ok.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Edvan

 

|- Baixe: < createsrp > ( ... by Ramesh Srinivasan )

|- Salve-o no desktop!

|- Execute o createsrp.vbs < createsrp_vbs.jpg >

 

createsrp_novocomp.jpg

 

|- Clique OK,na caixa de mensagem.

|- Ps: Este ponto de restauração terá a seguinte descrição: "Novo Computador"

 

-/-

 

|- Baixe: < AdwCleaner > ( ... par Xplode )

 

|- Ao acessar,clique na imagem: < AdwCleaner_Tlcharger.jpg >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".

|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

 

AdwCleaner_Suppression.jpg

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt

 

-/-

 

|- Execute o OTL.exe.

|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )

 

:OTL

IE - HKU\S-1-5-21-3283121256-3860278007-7778617-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-3283121256-3860278007-7778617-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-3283121256-3860278007-7778617-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox

IE - HKU\S-1-5-21-3283121256-3860278007-7778617-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=060612_5_&babsrc=SP_ss&mntrId=e4e052c60000000000000015831216c9

IE - HKU\S-1-5-21-3283121256-3860278007-7778617-1001\..\SearchScopes\{5E98E012-741C-4EDB-9D01-AF2050A5A0E7}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYBR&apn_uid=fd2449e0-ad7c-4be2-8f1c-cf3c7ced74ee&apn_sauid=F2D46D62-6F41-4840-83E5-D93A2656E393

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"

FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_Prot"

FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=pt_BR&apn_uid=fd2449e0-ad7c-4be2-8f1c-cf3c7ced74ee&apn_ptnrs=FV&apn_sauid=F2D46D62-6F41-4840-83E5-D93A2656E393&apn_dtid=YYYYYYYYBR&&q="

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

[2012/06/25 22:12:24 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Edvan\AppData\Roaming\mozilla\Firefox\Profiles\jy7spq6u.default\extensions\ffxtlbr@babylon.com

[2012/06/25 23:02:56 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Edvan\AppData\Roaming\mozilla\Firefox\Profiles\jy7spq6u.default\extensions\toolbar@ask.com

[2012/06/25 23:02:55 | 000,002,322 | ---- | M] () -- C:\Users\Edvan\AppData\Roaming\Mozilla\Firefox\Profiles\jy7spq6u.default\searchplugins\askcom.xml

[2012/06/25 20:20:29 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-21-3283121256-3860278007-7778617-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)

O13 - gopher Prefix: missing

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

[2012/06/25 23:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com

[2012/06/25 20:20:01 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Roaming\Babylon

[2012/06/25 20:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

[2012/06/25 20:21:14 | 000,000,250 | ---- | M] () -- C:\user.js

[2012/06/25 20:21:13 | 000,000,250 | ---- | C] () -- C:\user.js

[2012/06/25 20:20:01 | 000,000,000 | ---D | M] -- C:\Users\Edvan\AppData\Roaming\Babylon

[2012/04/24 19:44:11 | 000,000,000 | ---D | M] -- C:\Users\Edvan\AppData\Roaming\OpenCandy

[2012/02/06 15:18:56 | 002,081,208 | ---- | M] (Speedchecker Limited) -- C:\Users\Edvan\AppData\Roaming\OpenCandy\9E685DD66558432096548278ECCA5661\pcspeedup_oc.exe

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A1EDB939

 

:Files

Type C:\Windows\system32\tasks\{36FD0441-C013-45E5-8D21-1BDD14BC6CF9} /C

Type C:\Windows\system32\tasks\{4DA4CB26-06D4-431C-906A-DE62763557B6} /C

C:\Users\Edvan\AppData\Local\{*}

C:\user.js

 

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]

"Gopher"="gopher://"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]

""=""%1" %*"

 

:Commands

[emptytemp]

[purity]

[reboot]

|- Clique no botão Consertar.

|- Ps: A ferramenta irá reiniciar o computador.

|- Ao surgir,clique em executar.

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

Ta aqui amigo,

 

Parece que tinha alguma coisa né?

 

# AdwCleaner v1.700 - Logfile created 06/27/2012 at 21:35:59

# Updated 26/06/2012 by Xplode

# Operating system : Windows 7 Professional (32 bits)

# User : Edvan - EDVAN-PC

# Running from : C:\Users\Edvan\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Users\Edvan\AppData\Local\Temp\AskSearch

Folder Deleted : C:\Users\Edvan\AppData\Local\Temp\BabylonToolbar

Folder Deleted : C:\Users\Edvan\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\Edvan\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Edvan\AppData\Roaming\OpenCandy

Folder Deleted : C:\Users\Edvan\AppData\Roaming\Mozilla\Firefox\Profiles\jy7spq6u.default\extensions\ffxtlbr@babylon.com

Folder Deleted : C:\Users\Edvan\AppData\Roaming\Mozilla\Firefox\Profiles\jy7spq6u.default\extensions\toolbar@ask.com

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\Program Files\Ask.com

Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

File Deleted : C:\Users\Edvan\AppData\Roaming\Mozilla\Firefox\Profiles\jy7spq6u.default\searchplugins\Askcom.xml

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\APN

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

Key Deleted : HKLM\SOFTWARE\APN

Key Deleted : HKLM\SOFTWARE\AskToolbar

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

 

***** [Registre - GUID] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v11.0 (pt-BR)

 

Profile name : default

File : C:\Users\Edvan\AppData\Roaming\Mozilla\Firefox\Profiles\jy7spq6u.default\prefs.js

 

C:\Users\Edvan\AppData\Roaming\Mozilla\Firefox\Profiles\jy7spq6u.default\user.js ... Deleted !

 

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

Deleted : user_pref("browser.search.order.1", "Ask.com");

Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");

Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?babsrc=HP_Prot");

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110819&tt=060612_5_");

Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 27);

Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);

Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);

Deleted : user_pref("extensions.BabylonToolbar.id", "e4e052c60000000000000015831216c9");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15516");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.lastDP", 27);

Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1720:21:09");

Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "11.0");

Deleted : user_pref("extensions.BabylonToolbar.newTab", true);

Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");

Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 79403752);

Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);

Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);

Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1720:21:09");

Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819&tt=060612_5_");

Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "e4e052c60000000000000015831216c9");

Deleted : user_pref("extensions.BabylonToolbar_i.id", "e4e052c60000000000000015831216c9");

Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15516");

Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);

Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&tt=06061[...]

Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:21:09");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.babylon.com/?affID=110819&tt=06[...]

Deleted : user_pref("extensions.enabledAddons", "wrc@avast.com:7.0.1426,ffxtlbr@babylon.com:1.1.9,{972ce4c6-7e[...]

Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=pt[...]

 

*************************

 

AdwCleaner[s1].txt - [8819 octets] - [27/06/2012 21:35:59]

 

########## EOF - C:\AdwCleaner[s1].txt - [8947 octets] ##########

 

 

 

 

 

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-3283121256-3860278007-7778617-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.

File C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll not found.

HKEY_USERS\S-1-5-21-3283121256-3860278007-7778617-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-3283121256-3860278007-7778617-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-3283121256-3860278007-7778617-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_USERS\S-1-5-21-3283121256-3860278007-7778617-1001\Software\Microsoft\Internet Explorer\SearchScopes\{5E98E012-741C-4EDB-9D01-AF2050A5A0E7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E98E012-741C-4EDB-9D01-AF2050A5A0E7}\ not found.

Prefs.js: "Ask.com" removed from browser.search.defaultengine

Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename

Prefs.js: "Ask.com" removed from browser.search.order.1

Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine

Prefs.js: "http://search.babylon.com/?babsrc=HP_Prot" removed from browser.startup.homepage

Prefs.js: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=pt_BR&apn_uid=fd2449e0-ad7c-4be2-8f1c-cf3c7ced74ee&apn_ptnrs=FV&apn_sauid=F2D46D62-6F41-4840-83E5-D93A2656E393&apn_dtid=YYYYYYYYBR&&q=" removed from keyword.URL

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Folder C:\Users\Edvan\AppData\Roaming\mozilla\Firefox\Profiles\jy7spq6u.default\extensions\ffxtlbr@babylon.com\ not found.

Folder C:\Users\Edvan\AppData\Roaming\mozilla\Firefox\Profiles\jy7spq6u.default\extensions\toolbar@ask.com\ not found.

File C:\Users\Edvan\AppData\Roaming\Mozilla\Firefox\Profiles\jy7spq6u.default\searchplugins\askcom.xml not found.

File C:\Program Files\mozilla firefox\searchplugins\babylon.xml not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_USERS\S-1-5-21-3283121256-3860278007-7778617-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.

File C:\Program Files\Ask.com\Updater\Updater.exe not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Folder C:\Program Files\Ask.com\ not found.

Folder C:\Users\Edvan\AppData\Roaming\Babylon\ not found.

Folder C:\ProgramData\Babylon\ not found.

C:\user.js moved successfully.

File C:\user.js not found.

Folder C:\Users\Edvan\AppData\Roaming\Babylon\ not found.

Folder C:\Users\Edvan\AppData\Roaming\OpenCandy\ not found.

File C:\Users\Edvan\AppData\Roaming\OpenCandy\9E685DD66558432096548278ECCA5661\pcspeedup_oc.exe not found.

ADS C:\ProgramData\TEMP:A1EDB939 deleted successfully.

========== FILES ==========

< Type C:\Windows\system32\tasks\{36FD0441-C013-45E5-8D21-1BDD14BC6CF9} /C >

<?xml version="1.0" encoding="UTF-16"?>

<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">

<RegistrationInfo />

<Triggers>

<RegistrationTrigger>

<Enabled>true</Enabled>

</RegistrationTrigger>

</Triggers>

<Settings>

<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>

<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>

<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>

<AllowHardTerminate>true</AllowHardTerminate>

<StartWhenAvailable>false</StartWhenAvailable>

<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>

<IdleSettings>

<Duration>PT10M</Duration>

<WaitTimeout>PT1H</WaitTimeout>

<StopOnIdleEnd>true</StopOnIdleEnd>

<RestartOnIdle>false</RestartOnIdle>

</IdleSettings>

<AllowStartOnDemand>true</AllowStartOnDemand>

<Enabled>true</Enabled>

<Hidden>false</Hidden>

<RunOnlyIfIdle>false</RunOnlyIfIdle>

<WakeToRun>false</WakeToRun>

<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>

<Priority>7</Priority>

</Settings>

<Actions Context="Author">

<Exec>

<Command>C:\Windows\system32\pcalua.exe</Command>

<Arguments>-a "C:\Users\Edvan\Desktop\Programas\Ahead Nero 9 Lite v9.4.13.2d-1.6 ptBR & Multilang (Inc Serial) - by argoboy\Ahead Nero 9 Lite v9.4.13.2d-1.6 ptBR & Multilang (Inc Serial) - by argoboy\Nero_Lite_Installer Multilanguage.exe" -d "C:\Users\Edvan\Desktop\Programas\Ahead Nero 9 Lite v9.4.13.2d-1.6 ptBR & Multilang (Inc Serial) - by argoboy\Ahead Nero 9 Lite v9.4.13.2d-1.6 ptBR & Multilang (Inc Serial) - by argoboy"</Arguments>

</Exec>

</Actions>

<Principals>

<Principal id="Author">

<UserId>Edvan-PC\Edvan</UserId>

<LogonType>InteractiveToken</LogonType>

<RunLevel>LeastPrivilege</RunLevel>

</Principal>

</Principals>

</Task>

C:\Users\Edvan\Desktop\cmd.bat deleted successfully.

C:\Users\Edvan\Desktop\cmd.txt deleted successfully.

< Type C:\Windows\system32\tasks\{4DA4CB26-06D4-431C-906A-DE62763557B6} /C >

<?xml version="1.0" encoding="UTF-16"?>

<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">

<RegistrationInfo />

<Triggers>

<RegistrationTrigger>

<Enabled>true</Enabled>

</RegistrationTrigger>

</Triggers>

<Settings>

<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>

<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>

<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>

<AllowHardTerminate>true</AllowHardTerminate>

<StartWhenAvailable>false</StartWhenAvailable>

<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>

<IdleSettings>

<Duration>PT10M</Duration>

<WaitTimeout>PT1H</WaitTimeout>

<StopOnIdleEnd>true</StopOnIdleEnd>

<RestartOnIdle>false</RestartOnIdle>

</IdleSettings>

<AllowStartOnDemand>true</AllowStartOnDemand>

<Enabled>true</Enabled>

<Hidden>false</Hidden>

<RunOnlyIfIdle>false</RunOnlyIfIdle>

<WakeToRun>false</WakeToRun>

<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>

<Priority>7</Priority>

</Settings>

<Actions Context="Author">

<Exec>

<Command>C:\Windows\system32\pcalua.exe</Command>

<Arguments>-a C:\Users\Edvan\Desktop\51942_bankerfix_30.exe -d C:\Users\Edvan\Desktop</Arguments>

</Exec>

</Actions>

<Principals>

<Principal id="Author">

<UserId>Edvan-PC\Edvan</UserId>

<LogonType>InteractiveToken</LogonType>

<RunLevel>LeastPrivilege</RunLevel>

</Principal>

</Principals>

</Task>

C:\Users\Edvan\Desktop\cmd.bat deleted successfully.

C:\Users\Edvan\Desktop\cmd.txt deleted successfully.

C:\Users\Edvan\AppData\Local\{00555F69-EC5B-4FC9-89DC-F50CE862A71F} folder moved successfully.

C:\Users\Edvan\AppData\Local\{0182A629-E976-44D9-B0B8-70469EA1A45F} folder moved successfully.

C:\Users\Edvan\AppData\Local\{02B4B2F2-C43F-4C56-BA9B-287DD7F6BCF0} folder moved successfully.

C:\Users\Edvan\AppData\Local\{02DDC813-2C1F-4AF6-B310-9C7CFC9CE034} folder moved successfully.

C:\Users\Edvan\AppData\Local\{02DFA61A-1A33-4A04-8E54-DA40029ED25A} folder moved successfully.

C:\Users\Edvan\AppData\Local\{02E9BAFE-93D4-498F-9836-49F008895FAF} folder moved successfully.

C:\Users\Edvan\AppData\Local\{042F452B-1911-42F0-949A-2535962FAC29} folder moved successfully.

C:\Users\Edvan\AppData\Local\{04ACF2EC-0F99-4324-8480-7D8AAA8DDE82} folder moved successfully.

C:\Users\Edvan\AppData\Local\{04BC8300-AD9A-4BBF-A27A-047B093B3A96} folder moved successfully.

C:\Users\Edvan\AppData\Local\{0587EB6C-10AA-484F-9E88-6932A181350D} folder moved successfully.

C:\Users\Edvan\AppData\Local\{07F7E9A0-4DDB-47C7-BF52-F048F4F937BD} folder moved successfully.

C:\Users\Edvan\AppData\Local\{096A5ED7-90CE-42D0-8A27-C8F8622C4412} folder moved successfully.

C:\Users\Edvan\AppData\Local\{0C801CDF-140B-47DB-801F-B2A4DB43C625} folder moved successfully.

C:\Users\Edvan\AppData\Local\{0D982C30-B8AF-48E6-8366-437FB49CD237} folder moved successfully.

C:\Users\Edvan\AppData\Local\{0E11413E-4DCA-47C8-AE35-FC570381E1A5} folder moved successfully.

C:\Users\Edvan\AppData\Local\{0EBADBF6-5CF5-4CA5-84A8-7054593A4B19} folder moved successfully.

C:\Users\Edvan\AppData\Local\{0F8D68D3-90B9-481B-B7E3-CF6301C3B94A} folder moved successfully.

C:\Users\Edvan\AppData\Local\{10964185-09F5-43A7-9A85-11EEBF2D1714} folder moved successfully.

C:\Users\Edvan\AppData\Local\{11617EBC-0DB4-4245-AC55-E92769C50A6E} folder moved successfully.

C:\Users\Edvan\AppData\Local\{118F0039-1F7A-41A0-86AF-3327E42F2FD1} folder moved successfully.

C:\Users\Edvan\AppData\Local\{12A47F4C-6B4D-419F-A0DE-3634779E2109} folder moved successfully.

C:\Users\Edvan\AppData\Local\{1328D385-AE2F-40FE-B4E1-C78305802605} folder moved successfully.

C:\Users\Edvan\AppData\Local\{13B62224-143B-4859-97EE-81D3A2B1CA5B} folder moved successfully.

C:\Users\Edvan\AppData\Local\{1544656C-0082-45CA-A05F-DE8EAAA369BE} folder moved successfully.

C:\Users\Edvan\AppData\Local\{16D35B87-5A11-40D9-B6F5-CEAD253B53EC} folder moved successfully.

C:\Users\Edvan\AppData\Local\{17BA843E-25A9-4D13-BD1C-3921E0A9E5E4} folder moved successfully.

C:\Users\Edvan\AppData\Local\{1834DA55-72AC-41E9-9DA9-D73392E8C458} folder moved successfully.

C:\Users\Edvan\AppData\Local\{193DC46B-2CF6-4817-B700-E7948E89843E} folder moved successfully.

C:\Users\Edvan\AppData\Local\{1BD281E1-B228-457D-80EC-F70F47FBAEFA} folder moved successfully.

C:\Users\Edvan\AppData\Local\{1E243280-9733-4758-9770-4F07C7D9075C} folder moved successfully.

C:\Users\Edvan\AppData\Local\{1F91FD06-15C2-4577-AFE9-A5D76852303D} folder moved successfully.

C:\Users\Edvan\AppData\Local\{20AEF38C-F09D-4787-9C73-EE67DF4B4BF9} folder moved successfully.

C:\Users\Edvan\AppData\Local\{20D09EF5-B9F6-4B0C-96AC-F466E40D4EA2} folder moved successfully.

C:\Users\Edvan\AppData\Local\{20F4E0E7-F9CF-4858-B7A1-8ED1D71559BC} folder moved successfully.

C:\Users\Edvan\AppData\Local\{237DBF2A-E9E2-42B4-8871-6F41898F88D6} folder moved successfully.

C:\Users\Edvan\AppData\Local\{25350F44-78F9-4B74-B460-1D59A73FA147} folder moved successfully.

C:\Users\Edvan\AppData\Local\{26246401-50A4-47F2-B3B6-BAE23C06D3F1} folder moved successfully.

C:\Users\Edvan\AppData\Local\{264D6924-FB2A-4B7D-A8DB-54F7FAB15958} folder moved successfully.

C:\Users\Edvan\AppData\Local\{27F23F17-9E00-4849-8673-AC02B28D9133} folder moved successfully.

C:\Users\Edvan\AppData\Local\{29052B85-96B3-4A9D-9D38-708EBD1FFBE2} folder moved successfully.

C:\Users\Edvan\AppData\Local\{2955B095-2594-455D-A1E5-1672A2825936} folder moved successfully.

C:\Users\Edvan\AppData\Local\{2A6ABDAF-6321-4715-BB1B-C586DA124458} folder moved successfully.

C:\Users\Edvan\AppData\Local\{30938F7B-04E6-44FD-9DAE-2CB8B56A82B6} folder moved successfully.

C:\Users\Edvan\AppData\Local\{3496F54A-F4F4-4C57-B05C-D33AE2507CD1} folder moved successfully.

C:\Users\Edvan\AppData\Local\{34DF18FC-3E9E-4DC0-A2DC-D76931077F76} folder moved successfully.

C:\Users\Edvan\AppData\Local\{357ED26F-61AA-425F-81A3-2201094EBF40} folder moved successfully.

C:\Users\Edvan\AppData\Local\{35A06C9D-D36D-4C1D-9289-6354117A4FE8} folder moved successfully.

C:\Users\Edvan\AppData\Local\{3627FB54-E002-4C2F-886D-6806E57A5CDC} folder moved successfully.

C:\Users\Edvan\AppData\Local\{365D71A8-FEAC-4431-BF2F-7DF6E1B0C9FA} folder moved successfully.

C:\Users\Edvan\AppData\Local\{37993C11-1C30-4174-B3B9-DDC422040CED} folder moved successfully.

C:\Users\Edvan\AppData\Local\{3805A307-6DA0-46E8-AF7A-194BEABE313F} folder moved successfully.

C:\Users\Edvan\AppData\Local\{38C7D392-BEE4-4B40-A066-578356F0F839} folder moved successfully.

C:\Users\Edvan\AppData\Local\{3B6DB065-F915-4176-87ED-0C00E67B7064} folder moved successfully.

C:\Users\Edvan\AppData\Local\{3B97707A-F048-4E88-A5B4-4360D0E89316} folder moved successfully.

C:\Users\Edvan\AppData\Local\{3BE83CB5-1FAC-46AD-84DB-44BB094433E7} folder moved successfully.

C:\Users\Edvan\AppData\Local\{3D5BE310-9E55-485E-A323-2D2477364EA2} folder moved successfully.

C:\Users\Edvan\AppData\Local\{3FEF1B71-C817-4B30-82E9-8CF3F313B4A5} folder moved successfully.

C:\Users\Edvan\AppData\Local\{41946705-3577-4A17-B511-E6D2D4CC71E2} folder moved successfully.

C:\Users\Edvan\AppData\Local\{42FF968C-3856-4E20-89DF-23BD9D563D9E} folder moved successfully.

C:\Users\Edvan\AppData\Local\{433F2AF6-6EE6-4999-A224-C0DA5F5FF450} folder moved successfully.

C:\Users\Edvan\AppData\Local\{449D0F8C-F642-4193-8922-B3609E5BC503} folder moved successfully.

C:\Users\Edvan\AppData\Local\{47180962-F5FD-490D-8839-6E20BF51CB2D} folder moved successfully.

C:\Users\Edvan\AppData\Local\{47E5C2ED-6127-47FF-8B84-DEF1B3FF476F} folder moved successfully.

C:\Users\Edvan\AppData\Local\{4980B697-3CA1-4FA8-90B5-1377A1FD573B} folder moved successfully.

C:\Users\Edvan\AppData\Local\{4D15F0A8-1365-47E7-A635-9ECBE9FA57CE} folder moved successfully.

C:\Users\Edvan\AppData\Local\{50D231F4-3872-4340-9134-1E98F86C6867} folder moved successfully.

C:\Users\Edvan\AppData\Local\{516F83A7-1FDC-422A-9905-239096D3D423} folder moved successfully.

C:\Users\Edvan\AppData\Local\{52B2DBF2-760B-4444-8E4E-B0026B013605} folder moved successfully.

C:\Users\Edvan\AppData\Local\{52B9268B-3517-4D84-BF7B-56E27998BA97} folder moved successfully.

C:\Users\Edvan\AppData\Local\{54FEA72D-4C64-4385-BBB1-3EC698B4B44D} folder moved successfully.

C:\Users\Edvan\AppData\Local\{55368C24-3F0C-4140-A248-532CEA272020} folder moved successfully.

C:\Users\Edvan\AppData\Local\{55552BBF-15EF-4D68-A672-FAC731D97661} folder moved successfully.

C:\Users\Edvan\AppData\Local\{58232EE7-FFF0-4C44-998E-812654D21821} folder moved successfully.

C:\Users\Edvan\AppData\Local\{5A5109D0-1866-4FB9-ACE5-FDF8D8ED3460} folder moved successfully.

C:\Users\Edvan\AppData\Local\{5E50D737-2951-449A-BA45-DD7A290E6C12} folder moved successfully.

C:\Users\Edvan\AppData\Local\{5E5FEA57-8CC4-4001-A5FE-1E04E9739A08} folder moved successfully.

C:\Users\Edvan\AppData\Local\{60E46748-26BC-4409-AFA3-AB5C7A8E5226} folder moved successfully.

C:\Users\Edvan\AppData\Local\{62671734-3516-482D-B657-CC084638AADD} folder moved successfully.

C:\Users\Edvan\AppData\Local\{6916AF0D-0323-42CE-B427-BFE1C8E5C2A7} folder moved successfully.

C:\Users\Edvan\AppData\Local\{6A8D7553-4C49-408A-B53B-1691F3A55881} folder moved successfully.

C:\Users\Edvan\AppData\Local\{6AAA6ADC-A6C3-4D60-9EA1-0FE1B625064D} folder moved successfully.

C:\Users\Edvan\AppData\Local\{6ABA1A21-344C-40C7-B86A-6CB9EAB5D068} folder moved successfully.

C:\Users\Edvan\AppData\Local\{6D19A678-7CBD-4584-981E-D37A34C65E6D} folder moved successfully.

C:\Users\Edvan\AppData\Local\{6E8FF50E-7FEA-402D-A9DE-42E982990E3F} folder moved successfully.

C:\Users\Edvan\AppData\Local\{6F22BCD0-D10A-4937-B8D4-1B7DB2E3FA43} folder moved successfully.

C:\Users\Edvan\AppData\Local\{6FB80ACF-779A-4C45-9E73-615B2CE900BC} folder moved successfully.

C:\Users\Edvan\AppData\Local\{7172795D-5702-40E9-A116-5F66BD6B2183} folder moved successfully.

C:\Users\Edvan\AppData\Local\{71E99592-ADCC-4287-A929-BEE3E0EEDBEE} folder moved successfully.

C:\Users\Edvan\AppData\Local\{764BA554-D1B5-40D7-8E0F-ED1006F0C471} folder moved successfully.

C:\Users\Edvan\AppData\Local\{772EC612-7CAA-463E-B6B1-3C232BA5054B} folder moved successfully.

C:\Users\Edvan\AppData\Local\{789C0748-3493-4521-95FD-FF67C18AB706} folder moved successfully.

C:\Users\Edvan\AppData\Local\{79DE35E3-0712-4374-ADBD-534EC64D1CD1} folder moved successfully.

C:\Users\Edvan\AppData\Local\{7A426DDC-A61B-4166-B954-F72465807557} folder moved successfully.

C:\Users\Edvan\AppData\Local\{7A978FA1-B619-48DA-9F46-AC9EED48570F} folder moved successfully.

C:\Users\Edvan\AppData\Local\{7BDD1FFB-6E64-4AA8-B359-E2DE877422FE} folder moved successfully.

C:\Users\Edvan\AppData\Local\{7BF16290-4E41-4A70-906C-B740FD79C3CA} folder moved successfully.

C:\Users\Edvan\AppData\Local\{7DDCCEF4-9E6B-4AF1-B6E2-B37515243A8F} folder moved successfully.

C:\Users\Edvan\AppData\Local\{80ABB460-8906-4227-AD89-3E40A14333B2} folder moved successfully.

C:\Users\Edvan\AppData\Local\{827DD29C-6640-4AC1-9057-DEBCF537B52C} folder moved successfully.

C:\Users\Edvan\AppData\Local\{84C9B3B9-6438-4D8B-A78A-F54B228A0510} folder moved successfully.

C:\Users\Edvan\AppData\Local\{858AC4BC-B828-4B07-8FCF-2A850011A685} folder moved successfully.

C:\Users\Edvan\AppData\Local\{85CD2AD6-4764-49C2-A966-DBB0ED4F249F} folder moved successfully.

C:\Users\Edvan\AppData\Local\{87AAFBCB-2C47-4AD5-9D50-001720631AF0} folder moved successfully.

C:\Users\Edvan\AppData\Local\{87BEF7A9-4995-4F8D-B585-596122443C74} folder moved successfully.

C:\Users\Edvan\AppData\Local\{88670E0F-C69D-4050-B419-6BD7A6FC2E28} folder moved successfully.

C:\Users\Edvan\AppData\Local\{8914475C-F153-409B-9FD6-C0F9528F6B01} folder moved successfully.

C:\Users\Edvan\AppData\Local\{8AA2585A-EC9A-4F7E-8CE4-EFD91A62111A} folder moved successfully.

C:\Users\Edvan\AppData\Local\{8AC0A687-83A5-4A2A-9105-3B741F279A55} folder moved successfully.

C:\Users\Edvan\AppData\Local\{8B00B225-0169-443C-B22F-67E39C05C742} folder moved successfully.

C:\Users\Edvan\AppData\Local\{8D14F9FC-3E51-44B2-9317-44087281AF7A} folder moved successfully.

C:\Users\Edvan\AppData\Local\{8D3E2131-D3E4-44E5-A7DF-B519D9D89EE3} folder moved successfully.

C:\Users\Edvan\AppData\Local\{8EDE1D17-ADBE-4526-95B8-388C349256F6} folder moved successfully.

C:\Users\Edvan\AppData\Local\{90D1015F-8778-4977-B31B-034BCB717CF6} folder moved successfully.

C:\Users\Edvan\AppData\Local\{96644646-7DC1-4C85-8E61-185F1CB39084} folder moved successfully.

C:\Users\Edvan\AppData\Local\{9772D540-78C4-4057-9874-E4DDEFAC8DB4} folder moved successfully.

C:\Users\Edvan\AppData\Local\{97F9C0EC-5F18-46F6-9454-D6337737EE44} folder moved successfully.

C:\Users\Edvan\AppData\Local\{9AACD4EB-37D4-4FEF-8C96-03C0922AB6A9} folder moved successfully.

C:\Users\Edvan\AppData\Local\{9BFF00D6-D0FF-44E6-86A8-B4A9B48381F2} folder moved successfully.

C:\Users\Edvan\AppData\Local\{9E9BDB4E-46DC-422D-88D4-1C2602D9BCC6} folder moved successfully.

C:\Users\Edvan\AppData\Local\{A053737C-9C21-4122-9558-07BB5BC185F8} folder moved successfully.

C:\Users\Edvan\AppData\Local\{A11EA4F4-AE0B-4D46-A9E1-C892E28A6611} folder moved successfully.

C:\Users\Edvan\AppData\Local\{A1907E79-D80A-473B-A806-2C110F8CB337} folder moved successfully.

C:\Users\Edvan\AppData\Local\{A1A3115F-1487-4C75-BF4B-D3CD2696367E} folder moved successfully.

C:\Users\Edvan\AppData\Local\{A2BF84A3-48BE-4F44-9631-4FA2DF494143} folder moved successfully.

C:\Users\Edvan\AppData\Local\{A4E5AE20-2A2E-49CC-BD54-1DF5C0D34841} folder moved successfully.

C:\Users\Edvan\AppData\Local\{A533B88A-F65A-4C75-BBA3-A6EE66B4F5A7} folder moved successfully.

C:\Users\Edvan\AppData\Local\{A98612C0-9AB9-4AF3-A32C-B049CB48297F} folder moved successfully.

C:\Users\Edvan\AppData\Local\{ABBE57A6-37B0-48A1-83FB-7057C607E075} folder moved successfully.

C:\Users\Edvan\AppData\Local\{AC086D29-8162-4862-ADED-27B9913B2C69} folder moved successfully.

C:\Users\Edvan\AppData\Local\{ACDCB6B7-E9E7-40A9-9698-E0D8082D5EE1} folder moved successfully.

C:\Users\Edvan\AppData\Local\{AD97DD6E-9679-4246-9663-D5D4E94804FB} folder moved successfully.

C:\Users\Edvan\AppData\Local\{ADAED05A-4117-4B48-9FAB-D0902DF354A5} folder moved successfully.

C:\Users\Edvan\AppData\Local\{B094283B-EE10-403B-80B3-4F3FE6531A18} folder moved successfully.

C:\Users\Edvan\AppData\Local\{B1CF08E2-A863-472B-87ED-74D7866130E8} folder moved successfully.

C:\Users\Edvan\AppData\Local\{B3A7B9D2-8D87-4483-8657-5815CAB8B7D0} folder moved successfully.

C:\Users\Edvan\AppData\Local\{B3A9E51B-159F-4763-BE15-8C77C709BE7D} folder moved successfully.

C:\Users\Edvan\AppData\Local\{B4C1B28A-ED99-4622-8317-358C7249481C} folder moved successfully.

C:\Users\Edvan\AppData\Local\{B51A51A7-BDC1-495B-88A4-D89DC4EEF764} folder moved successfully.

C:\Users\Edvan\AppData\Local\{B5E735CD-5814-4CD4-8E9F-0A09E6DEF5DC} folder moved successfully.

C:\Users\Edvan\AppData\Local\{B7B117D2-D504-4D2A-B194-36D5E9106D42} folder moved successfully.

C:\Users\Edvan\AppData\Local\{B9DD8E84-DB7B-42D9-A8B7-E833F5E62DB1} folder moved successfully.

C:\Users\Edvan\AppData\Local\{B9FD95D7-C86F-422E-B458-A5513FD92B89} folder moved successfully.

C:\Users\Edvan\AppData\Local\{BA0D3401-8BC4-4BFF-90E2-26E2757E5DC2} folder moved successfully.

C:\Users\Edvan\AppData\Local\{BBEE8738-891C-4CEC-98DB-71215F5B7821} folder moved successfully.

C:\Users\Edvan\AppData\Local\{BC4F6A48-93F1-49AB-A04A-118E6ADCFB6D} folder moved successfully.

C:\Users\Edvan\AppData\Local\{BCD73B57-254C-4AED-A146-5E3CB4734D2F} folder moved successfully.

C:\Users\Edvan\AppData\Local\{C0B2408F-2D10-43A5-BDFE-119DDA5C8EB7} folder moved successfully.

C:\Users\Edvan\AppData\Local\{C3FEFF66-50B9-4535-92B1-48F0E2FFFBA6} folder moved successfully.

C:\Users\Edvan\AppData\Local\{C49F05D8-7658-44CA-9E78-20BF3401A614} folder moved successfully.

C:\Users\Edvan\AppData\Local\{C6F9D78C-14ED-4009-A8FF-544BAEC9622F} folder moved successfully.

C:\Users\Edvan\AppData\Local\{CB781C25-FC51-4642-8B7E-026D9A083F9C} folder moved successfully.

C:\Users\Edvan\AppData\Local\{CCE14883-87AE-4DF9-AF44-A8C75ED9099D} folder moved successfully.

C:\Users\Edvan\AppData\Local\{CD487D26-0C5E-4CA4-9F5F-B96F8628C934} folder moved successfully.

C:\Users\Edvan\AppData\Local\{CD68FFED-9352-41D6-A905-529AEECE6161} folder moved successfully.

C:\Users\Edvan\AppData\Local\{CD9938F2-1502-42CF-9895-AAD7087D0CC1} folder moved successfully.

C:\Users\Edvan\AppData\Local\{CECA49CC-72A1-4AA2-AB01-D8F62A06603D} folder moved successfully.

C:\Users\Edvan\AppData\Local\{CEFD729B-BA88-4ED1-B505-DE5963C7870D} folder moved successfully.

C:\Users\Edvan\AppData\Local\{CF9B7174-6015-4508-A2A5-B666E0C5CF5E} folder moved successfully.

C:\Users\Edvan\AppData\Local\{D2501DD4-4E8F-4754-B46E-52A03107F4C4} folder moved successfully.

C:\Users\Edvan\AppData\Local\{D28AD3CD-930C-419F-A664-6B7DA409791A} folder moved successfully.

C:\Users\Edvan\AppData\Local\{D3EB27E8-DF62-4AC5-AAA3-C74460874644} folder moved successfully.

C:\Users\Edvan\AppData\Local\{D4038CB9-C122-4B79-B0FB-EBB1AC48C261} folder moved successfully.

C:\Users\Edvan\AppData\Local\{D79BFEDF-442B-4135-9BE4-FF6DD2CD9346} folder moved successfully.

C:\Users\Edvan\AppData\Local\{DB0B4F8C-1F8A-41BB-B594-7D57FE394969} folder moved successfully.

C:\Users\Edvan\AppData\Local\{DC0C2460-A58E-46FE-BC07-C6585F15243F} folder moved successfully.

C:\Users\Edvan\AppData\Local\{DC7EAAF9-C052-484A-AE57-FAD2C218E203} folder moved successfully.

C:\Users\Edvan\AppData\Local\{DCA247DA-6E41-4555-87CD-77B81D2F3CF0} folder moved successfully.

C:\Users\Edvan\AppData\Local\{DE984F6B-F3A4-45A2-9536-AD8F80D312E3} folder moved successfully.

C:\Users\Edvan\AppData\Local\{E35F82E9-A15A-4F05-AFA2-0C80535F174D} folder moved successfully.

C:\Users\Edvan\AppData\Local\{E39D10EE-4B39-40B9-806E-AFAE636A061E} folder moved successfully.

C:\Users\Edvan\AppData\Local\{E3B0159D-46C5-470D-8216-75C5F2410E4B} folder moved successfully.

C:\Users\Edvan\AppData\Local\{E3CABDE0-548A-4553-8E29-E14B2FC41035} folder moved successfully.

C:\Users\Edvan\AppData\Local\{E5B07BB3-7D3E-49C1-8F28-A7A6AD457B39} folder moved successfully.

C:\Users\Edvan\AppData\Local\{E611DBFD-9503-4629-9AD1-F8CB5BDAD9F4} folder moved successfully.

C:\Users\Edvan\AppData\Local\{E6FC5B3A-CF4D-4D03-BCCE-E41F05C58037} folder moved successfully.

C:\Users\Edvan\AppData\Local\{E73B477F-8195-4197-A9BE-77EF0E52FD8B} folder moved successfully.

C:\Users\Edvan\AppData\Local\{E7AA865B-BFA5-4E52-A905-A36B418271C0} folder moved successfully.

C:\Users\Edvan\AppData\Local\{E936CF85-0D95-4C2B-B8A0-22595EC9D9F6} folder moved successfully.

C:\Users\Edvan\AppData\Local\{EC7B2363-FA38-42EC-AC72-D99ECFE74715} folder moved successfully.

C:\Users\Edvan\AppData\Local\{EC98E83B-2993-4AA2-8E94-42092ED2CB55} folder moved successfully.

C:\Users\Edvan\AppData\Local\{ECBF449C-5809-44F7-86BF-82C021111940} folder moved successfully.

C:\Users\Edvan\AppData\Local\{ECC56E69-4B63-4426-8C9C-370DC79D22B0} folder moved successfully.

C:\Users\Edvan\AppData\Local\{ECC8CA43-5052-409C-A031-33AAE7D3F0FB} folder moved successfully.

C:\Users\Edvan\AppData\Local\{ED536E79-32BC-4036-B42B-11FAAD4D445A} folder moved successfully.

C:\Users\Edvan\AppData\Local\{F2676B71-DB77-444B-BE71-3A43745606E5} folder moved successfully.

C:\Users\Edvan\AppData\Local\{F2C51173-E0BF-4311-B575-815A68E49698} folder moved successfully.

C:\Users\Edvan\AppData\Local\{F7E39BBD-0190-4995-B5D0-E81BED327489} folder moved successfully.

C:\Users\Edvan\AppData\Local\{F852A37D-CF4A-4B9B-BF72-D48FD3D49D78} folder moved successfully.

C:\Users\Edvan\AppData\Local\{F9EEC169-C272-43ED-90A9-EB92D1E4BDDC} folder moved successfully.

C:\Users\Edvan\AppData\Local\{FA7A57DA-7F2D-479E-9DC2-C61225D8C88B} folder moved successfully.

C:\Users\Edvan\AppData\Local\{FB15676F-4CE5-4FBB-954C-C41E19CF227E} folder moved successfully.

C:\Users\Edvan\AppData\Local\{FBCDD7C3-F786-49FE-9E3D-AD14C0EB2A79} folder moved successfully.

C:\Users\Edvan\AppData\Local\{FC6110E8-99FF-41E2-9B85-84A074B4B723} folder moved successfully.

C:\Users\Edvan\AppData\Local\{FC7CC796-4474-47DC-916F-D343D7E04081} folder moved successfully.

C:\Users\Edvan\AppData\Local\{FD753A57-E192-4938-BA4A-DFA6012B6440} folder moved successfully.

C:\Users\Edvan\AppData\Local\{FE9A0C66-90A9-4F02-85C6-4A31691E7B6D} folder moved successfully.

C:\Users\Edvan\AppData\Local\{FECDDF4B-CE40-43D2-897E-75989FCDADB1} folder moved successfully.

C:\Users\Edvan\AppData\Local\{FFC57A76-8ED4-48E5-A9F1-C3F6D8CACE24} folder moved successfully.

C:\Users\Edvan\AppData\Local\{FFF335DE-AD2C-4E88-856A-49AFB1B7B9B6} folder moved successfully.

File\Folder C:\user.js not found.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\"Gopher"|"gopher://" /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Edvan

->Temp folder emptied: 18972574 bytes

->Temporary Internet Files folder emptied: 58880660 bytes

->FireFox cache emptied: 216144370 bytes

->Flash cache emptied: 744 bytes

 

User: Public

 

User: Todos os Usuários

 

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 291090140 bytes

RecycleBin emptied: 337955641 bytes

 

Total Files Cleaned = 880,00 mb

 

 

OTL by OldTimer - Version 3.2.53.0 log created on 06272012_214137

 

Files\Folders moved on Reboot...

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

 

PendingFileRenameOperations files...

[2012/06/27 21:44:08 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

 

Registry entries deleted on Reboot...

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! Edvan

 

Parece que tinha alguma coisa né?

|- Sim! Ainda restava algumas coisinhas...rsr..

 

AdwCleaner_Uninstall2.jpg

 

|- Abra a ferramenta AdwCleaner e clique em "Uninstall".

 

|- Baixe: < ZHPDiag_Silent.jpg >

 

|- Salve-o no desktop!

|- Para Windows Vista ou 7,clique direito e execute o arquivo como administrador.

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

|- Poste e/ou cole aqui,o link que foi gerado!

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! Edvan

 

|- Baixe: < ZHPFix.zip >

 

|- Descompacte-o para o desktop. < ZHPFix_logo.jpg >

 

|- Feche programas/pastas que estejam abertos.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

 

ZHPFix_Logo.jpg

 

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

 

O4 - Global Startup: C:\Users\Edvan\Desktop\Continue Video Converter Installation.lnk . (...) -- C:\Users\Edvan\AppData\Local\Temp\ICReinstall_ICReinstall_VideoConverterSetup.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{4DA4CB26-06D4-431C-906A-DE62763557B6}] (...) -- C:\Users\Edvan\Desktop\51942_bankerfix_30.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe (.not file.)

O43 - CFD: 28/06/2012 - 08:18:52 - [0] ----D C:\Users\Edvan\AppData\Local\{1922FB27-7531-4839-9389-75213FF21288}

O43 - CFD: 28/06/2012 - 08:19:09 - [0] ----D C:\Users\Edvan\AppData\Local\{61FA290B-56D1-4F1C-B686-9584721BC860}

O44 - LFC:[MD5.D284503876687029DF81F69724F475A4] - 25/06/2012 - 22:28:34 ---A- . (...) -- C:\hijackthis.log [5525]

 

C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => Toolbar.Ask

 

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

 

emptytemp

emptyflash

firewallraz

sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

ZHPDiag_PasteClipboard.jpg

 

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

 

ZHPFix_GO.jpg

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012

Fichier d'export Registre :

Run by Edvan at 28/06/2012 22:58:02

Windows 7 Business Edition, 32-bit (Build 7600)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

 

========== Registry Value ==========

NOT FOUND [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

 

========== Repertory ==========

DELETED Folder: C:\Users\Edvan\AppData\Local\{1922FB27-7531-4839-9389-75213FF21288}

DELETED Folder: C:\Users\Edvan\AppData\Local\{61FA290B-56D1-4F1C-B686-9584721BC860}

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== File ==========

DELETED c:\users\edvan\desktop\continue video converter installation.lnk

NOT FOUND File: c:\users\edvan\appdata\local\temp\icreinstall_icreinstall_videoconvertersetup.exe

DELETED c:\hijackthis.log

NOT FOUND Folder/File: c:\windows\system32\tasks\scheduled update for ask toolbar

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== Task ==========

DELETED Task: {4DA4CB26-06D4-431C-906A-DE62763557B6}

DELETED Task: Scheduled Update for Ask Toolbar

 

========== Restoration ==========

Restore System Point created succefully

 

 

========== Summary ==========

3 : Registry Value

4 : Repertory

6 : File

2 : Task

1 : Restoration

 

 

End of clean in 00mn 20s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 28/06/2012 22:58:02 [1538]

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! Edvan

 

|- Abra o OTL.exe -> Clique em Limpeza. <-- Confirme!

|- Ps: O computador irá reiniciar!

 

-/-

 

|- Seus logs estão limpos!

|- Bom trabalho!

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

Obrigado DigRam, fico muito contente de sempre poder contar com você, continue sempre sendo esse excelente profissional. :clap:

 

Um braço. :thumbsup:

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito