[Resolvido] &nbspVirus Bankers

[Edvan 30]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:51:58, on 16/07/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17099)

Boot mode: Normal

 

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\csrss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\windows\system32\svchost.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\svchost.exe

C:\windows\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\windows\system32\spoolsv.exe

C:\windows\system32\svchost.exe

C:\windows\Explorer.EXE

C:\windows\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE

C:\windows\System32\alg.exe

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\windows\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.live.com/1rew3set/pt-brz_error?!wli80040002&ec=0x80070002

O2 - BHO: Windows Media Sharing Plugin - {0F1CCA92-3FE5-448B-A519-D3F53A80663C} - C:\ProgramData\Windows\ntfs64.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - (no file)

O2 - BHO: IEWebHook - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Documents and Settings\f001869\Dados de aplicativos\Media Finder\Extensions\IEPlugin32.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIV~1\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O2 - BHO: G-Buster Browser Defense Sicredi - {C41A1C0E-EA6C-11D4-B1B8-444553540011} - C:\ARQUIV~1\GbPlugin\gbiehscd.dll

O2 - BHO: G-Buster Browser Defense ISG - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\ARQUIV~1\GbPlugin\gbiehisg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O4 - Startup: Internet Explorer.lnk = C:\Arquivos de programas\Internet Explorer\iexplore.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\windows\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\windows\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - AppInit_DLLs: C:\ARQUIV~1\WINDOW~4\Datamngr\datamngr.dll

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\ARQUIV~1\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: GbPluginIsg - C:\ARQUIV~1\GbPlugin\gbiehIsg.dll

O20 - Winlogon Notify: GbPluginScd - C:\ARQUIV~1\GbPlugin\gbiehScd.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)

 

--

End of file - 7295 bytes

 

 

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2012-07-16 - 14:38

-------------------------------------------------------

Lista de Definição: 2012-07-05-1 | CORE: 2012-01-27-1

=======================================================

 

Arquivo infectado detectado: C:\ProgramData\WLSetup

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Documents and Settings\All Users\Dados de aplicativos\ConfDown

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Documents and Settings\All Users\Dados de aplicativos\Winapdonw.exe

Arquivo infectado removido com sucesso!

 

 

 

----- Fim -------------------------

 

 

 

Dois Logs do Malwarebytes:

 

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

 

Versão da Base de Dados: v2012.07.16.09

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.13

Administrador :: FUN0105 [administrador]

 

16/07/2012 14:50:56

mbam-log-2012-07-16 (14-50-56).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 373335

Tempo decorrido: 33 minuto(s), 29 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 7

HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Nenhuma ação foi feita.

HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> Enviado para a Quarentena e deletado com sucesso.

 

Valores de Registro Detectadas: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\DOCUMENTS AND SETTINGS\F001869\DADOS DE APLICATIVOS\MEDIA FINDER\EXTENSIONS\GENCRAWLER_GC.DLL (Trojan.Downloader) -> Data: 1 -> Enviado para a Quarentena e deletado com sucesso.

 

Itens de Dados no Registro Detectadas: 1

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Ruim: (1) Bom: (0) -> Enviado para a Quarentena e reparado com sucesso.

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 9

C:\Documents and Settings\f001869\Configurações locais\Temp\FNMD\FM\1.5.11.16\FM4ie.exe (PUP.FunMoods) -> Nenhuma ação foi feita.

C:\Documents and Settings\f001869\Dados de aplicativos\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Enviado para a Quarentena e deletado com sucesso.

c:\arquivos de programas\arquivos comuns\jtjvfhk\xbxpxak.exexmjiqbt (Malware.Packer.T) -> Enviado para a Quarentena e deletado com sucesso.

C:\Documents and Settings\f001869\Configurações locais\Temp\ICReinstall_PDFCreatorSetup[1].exe (Adware.Agent) -> Enviado para a Quarentena e deletado com sucesso.

C:\Documents and Settings\f001869\Configurações locais\Temp\ICReinstall_ICReinstall_PDFCreatorSetup[1].exe (Adware.Agent) -> Enviado para a Quarentena e deletado com sucesso.

c:\documents and settings\f001869\configurações locais\temp\yory.exe (Trojan.Downloader) -> Enviado para a Quarentena e deletado com sucesso.

C:\WINDOWS\AdxuxyA (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.

C:\WINDOWS\JpsmhkA (Malware.Packer.T) -> Enviado para a Quarentena e deletado com sucesso.

C:\WINDOWS\JuwyldI (Malware.Packer.T) -> Enviado para a Quarentena e deletado com sucesso.

 

(fim)

 

 

---------------------\----------------------------\----------------------------

 

 

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

 

Versão da Base de Dados: v2012.07.16.09

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.13

Administrador :: FUN0105 [administrador]

 

16/07/2012 15:37:19

mbam-log-2012-07-16 (15-37-19).txt

 

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 318724

Tempo decorrido: 4 minuto(s), 7 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 1

HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Enviado para a Quarentena e deletado com sucesso.

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 1

C:\Documents and Settings\f001869\Configurações locais\Temp\FNMD\FM\1.5.11.16\FM4ie.exe (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.

 

(fim)

 

 

-----------------------\-------------------------\------------------------

 

# AdwCleaner v1.702 - Logfile created 07/16/2012 at 16:06:29

# Updated 13/07/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Administrador - FUN0105

# Running from : C:\Documents and Settings\Administrador\Meus documentos\Downloads\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Documents and Settings\Administrador\Dados de aplicativos\searchquband

Folder Deleted : C:\Documents and Settings\f001869\Dados de aplicativos\Babylon

Folder Deleted : C:\Documents and Settings\f001869\Dados de aplicativos\Media Finder

Folder Deleted : C:\Documents and Settings\f001869\Dados de aplicativos\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

Folder Deleted : C:\Documents and Settings\f001869\Dados de aplicativos\PriceGong

Folder Deleted : C:\Documents and Settings\f001869\Dados de aplicativos\searchquband

Folder Deleted : C:\Documents and Settings\f001869\Dados de aplicativos\Searchqutoolbar

Folder Deleted : C:\Documents and Settings\f002024\Dados de aplicativos\searchquband

Folder Deleted : C:\Documents and Settings\f002024\Dados de aplicativos\Searchqutoolbar

Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon

Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer

Folder Deleted : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Media Finder

Folder Deleted : C:\Arquivos de programas\Conduit

Folder Deleted : C:\Arquivos de programas\DealPly

File Deleted : C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\searchqutoolbar-manifest.xml

File Deleted : C:\Arquivos de programas\Mozilla Firefox\searchplugins\fcmdSrch.xml

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\noebaifjopccondbkcieccphcpijhdne

Key Deleted : HKLM\SOFTWARE\Tarma Installer

 

***** [Registre - GUID] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3F39D17D-50C7-4AC4-A63A-CDF6CDBD0C61}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{71E3A30E-9444-49D9-ABDB-B4B531D0BBA3}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v7.0.5730.13

 

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 --> hxxp://www.google.com

 

*************************

 

AdwCleaner[R1].txt - [6178 octets] - [16/07/2012 16:06:07]

AdwCleaner[s1].txt - [6213 octets] - [16/07/2012 16:06:29]

 

########## EOF - C:\AdwCleaner[s1].txt - [6341 octets] ##########

 

# AdwCleaner v1.702 - Logfile created 07/16/2012 at 16:06:29

# Updated 13/07/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Administrador - FUN0105

# Running from : C:\Documents and Settings\Administrador\Meus documentos\Downloads\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Documents and Settings\Administrador\Dados de aplicativos\searchquband

Folder Deleted : C:\Documents and Settings\f001869\Dados de aplicativos\Babylon

Folder Deleted : C:\Documents and Settings\f001869\Dados de aplicativos\Media Finder

Folder Deleted : C:\Documents and Settings\f001869\Dados de aplicativos\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

Folder Deleted : C:\Documents and Settings\f001869\Dados de aplicativos\PriceGong

Folder Deleted : C:\Documents and Settings\f001869\Dados de aplicativos\searchquband

Folder Deleted : C:\Documents and Settings\f001869\Dados de aplicativos\Searchqutoolbar

Folder Deleted : C:\Documents and Settings\f002024\Dados de aplicativos\searchquband

Folder Deleted : C:\Documents and Settings\f002024\Dados de aplicativos\Searchqutoolbar

Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon

Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer

Folder Deleted : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Media Finder

Folder Deleted : C:\Arquivos de programas\Conduit

Folder Deleted : C:\Arquivos de programas\DealPly

File Deleted : C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\searchqutoolbar-manifest.xml

File Deleted : C:\Arquivos de programas\Mozilla Firefox\searchplugins\fcmdSrch.xml

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\noebaifjopccondbkcieccphcpijhdne

Key Deleted : HKLM\SOFTWARE\Tarma Installer

 

***** [Registre - GUID] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3F39D17D-50C7-4AC4-A63A-CDF6CDBD0C61}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{71E3A30E-9444-49D9-ABDB-B4B531D0BBA3}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v7.0.5730.13

 

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 --> hxxp://www.google.com

 

*************************

 

AdwCleaner[R1].txt - [6178 octets] - [16/07/2012 16:06:07]

AdwCleaner[s1].txt - [6213 octets] - [16/07/2012 16:06:29]

 

########## EOF - C:\AdwCleaner[s1].txt - [6341 octets] ##########

[wings 22]

Olá Edvan

 

 

:seta: Baixe o SystemLook (...de jpshortstuff) e salve-o no desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Cole as linhas em azul no espaço em branco:

:dir

C:\ProgramData\Windows

*Clique [Look] e cole o relatório apresentado

 

 

 

:seta: Baixe o OTL e salve-o no Desktop

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Selecione as opções:

Verificar All Users

Verificar Lop

Verificar Purity

 

*Cole as linhas, em marrom, no espaço abaixo de Exames Personalizados/Correções

netsvcs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes

 

*Clique [Verificar]

 

*Ao término, os relatórios OTL.txt e Extras.txt serão criados no Desktop (Área de Trabalho)

 

 

 

:seta: Acesse este link

 

*Clique [selecionar arquivo]

 

*Localize o arquivo OTL.txt no Desktop (Área de Trabalho) e clique [Abrir]

 

*Clique [Envoyer le fichier]

*Cole o link criado abaixo de Fichier envoyé avec succés! Copiez votre lien :

 

*Repita o procedimento para o relatório Extras.txt e cole o link

[Edvan 30]

SystemLook 30.07.11 by jpshortstuff

Log created at 16:58 on 16/07/2012 by Administrador

Administrator - Elevation successful

 

========== dir ==========

 

C:\ProgramData\Windows - Parameters: "(none)"

 

---Files---

locale.dat --a---- 426 bytes [19:41 12/07/2012] [12:51 16/07/2012]

ntfs64.dll --a---- 9453568 bytes [19:42 12/07/2012] [11:23 16/07/2012]

 

---Folders---

None found.

 

-= EOF =-

 

OTL Link http://mydoc.tk/3/6282OTL.Txt

EXTRAhttp://mydoc.tk/3/3298Extras.Txt

[wings 22]

:seta: Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Cole as linhas em azul no espaço abaixo de Exames Personalizados/Correções:

:OTL

@Alternate Data Stream - 765 bytes -> C:\windows\System32\drivers:GbpKmAp.lst

 

:Files

C:\ProgramData\Windows

 

:Services

McComponentHostService

HidServ

VcommMgr

VComm

FXDrv32

Btcsrusb

BT

 

:Reg

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F1CCA92-3FE5-448B-A519-D3F53A80663C}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F1CCA92-3FE5-448B-A519-D3F53A80663C}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A08F66E-CBA1-4C6F-831E-FD04AD85C074}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope" = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

 

:Commands

[emptytemp]

*Clique [Consertar]

 

*Clique [OK] e o PC será reiniciado

 

*Cole o relatório criado em C:\_OTL\MovedFiles\data_hora.log

[Edvan 30]

All processes killed

========== OTL ==========

ADS C:\windows\System32\drivers:GbpKmAp.lst deleted successfully.

========== FILES ==========

C:\ProgramData\Windows folder moved successfully.

========== SERVICES/DRIVERS ==========

Service McComponentHostService stopped successfully!

Service McComponentHostService deleted successfully!

Service HidServ stopped successfully!

Service HidServ deleted successfully!

Service VcommMgr stopped successfully!

Service VcommMgr deleted successfully!

Service VComm stopped successfully!

Service VComm deleted successfully!

Service FXDrv32 stopped successfully!

Service FXDrv32 deleted successfully!

Service Btcsrusb stopped successfully!

Service Btcsrusb deleted successfully!

Service BT stopped successfully!

Service BT deleted successfully!

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F1CCA92-3FE5-448B-A519-D3F53A80663C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F1CCA92-3FE5-448B-A519-D3F53A80663C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F1CCA92-3FE5-448B-A519-D3F53A80663C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F1CCA92-3FE5-448B-A519-D3F53A80663C}\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A08F66E-CBA1-4C6F-831E-FD04AD85C074}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A08F66E-CBA1-4C6F-831E-FD04AD85C074}\ not found.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope" | {0633EE93-D776-472f-A0FF-E1416B8B2E3A}] /E : value set successfully!

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrador

->Temp folder emptied: 238058000 bytes

->Temporary Internet Files folder emptied: 14511991 bytes

->Java cache emptied: 4341 bytes

->FireFox cache emptied: 23436245 bytes

->Flash cache emptied: 829 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56466 bytes

 

User: e0021

->Temp folder emptied: 1044361 bytes

->Temporary Internet Files folder emptied: 18318279 bytes

->Java cache emptied: 7140 bytes

->Flash cache emptied: 99591 bytes

 

User: f001869

->Temp folder emptied: 193905512 bytes

->Temporary Internet Files folder emptied: 87780150 bytes

->Java cache emptied: 1624603 bytes

->Flash cache emptied: 61922 bytes

 

User: f002024

->Temp folder emptied: 939 bytes

->Temporary Internet Files folder emptied: 4244362 bytes

->Flash cache emptied: 56466 bytes

 

User: f002873

->Temp folder emptied: 158323 bytes

->Temporary Internet Files folder emptied: 421608 bytes

 

User: f003140

->Temp folder emptied: 69925972 bytes

->Temporary Internet Files folder emptied: 116095735 bytes

->Java cache emptied: 2492747 bytes

->Flash cache emptied: 9868 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2134162 bytes

%systemroot%\System32 .tmp files removed: 2969 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2564409 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 741,00 mb

 

 

OTL by OldTimer - Version 3.2.54.0 log created on 07162012_174041

 

Files\Folders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

 

 

 

----------------------\\\-----------------------------------

[wings 22]

OK...o PC está limpo.

 

 

:seta: Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Clique [Limpeza] > [OK]

 

*O PC será reiniciado

 

 

Um abraço.

[Edvan 30]

Valeu Wings.

 

É preciso mudar a senha por causa dos Bankers que pegou?

[wings 22]

Valeu Wings.

 

É preciso mudar a senha por causa dos Bankers que pegou?

É uma decisão inteligente e preventiva.

 

Eu mudaria.

 

 

 

Um abraço.

[Edvan 30]

Vou mandar fazer isso!

 

Wings. fiz um scan pelo avast em modo de segurança agora e pegou mais virus, vou postar o print aqui:

 

[wings 22]

*Desative temporariamente seu antivírus

 

:seta: Baixe o ComboFix (...de sUBs) e salve-o no Desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Usuários do Windows XP: Se o Console de Recuperação do Microsoft Windows não estiver instalado, aceite a sua instalação. Após a instalação do Console, clique [sim].

 

*Aceite o contrato

 

 

*Aguarde a extração dos arquivos

 

 

*Aguarde a conclusão das etapas...pode demorar!

 

 

*Evite usar o mouse e o teclado. Não use nenhum outro programa até que o ComboFix termine![/b]

 

*Aguarde o término e cole o relatório apresentado

[Edvan 30]

Essas exclusoes são pastas infectadas??

 

 

 

ComboFix 12-07-16.01 - Administrador 17/07/2012 8:31:37.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2037.1518 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADO !!

 

ADS - system32: deleted 14 bytes in 7 streams.

ADS - drivers: deleted 718 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\BancoBrasil\officePLUGIN\index.html

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Internet Explorer.lnk

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Internet Explorer.lnk

C:\Documents and Settings\f001869\Favoritos\groupon.url

C:\Documents and Settings\f001869\Menu Iniciar\Programas\Inicializar\Internet Explorer.lnk

C:\windows\IsUn0416.exe

C:\windows\system\chron32.dll

C:\windows\system\libeay32.dll

C:\windows\system\ssleay32.dll

C:\windows\system32\autorun.in

C:\windows\system32\dllcache\dlimport.exe

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2012-06-17 to 2012-07-17 ))))))))))))))))))))))))))))

 

 

2012-07-17 11:29:56 . 2012-07-17 11:29:56 12568 ----a-w- C:\windows\system32\drivers\PROCEXP113.SYS

2012-07-16 20:14:21 . 2012-06-14 22:19:07 85472 ----a-w- C:\Arquivos de programas\Mozilla Firefox\components\browsercomps.dll

2012-07-16 20:14:20 . 2012-06-14 22:19:04 15757792 ----a-w- C:\Arquivos de programas\Mozilla Firefox\xul.dll

2012-07-16 19:21:48 . 2012-07-16 19:21:48 -------- d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\Auslogics

2012-07-16 19:21:39 . 2012-07-16 19:21:39 -------- d-----w- C:\Arquivos de programas\Auslogics

2012-07-16 19:03:39 . 2012-07-16 19:03:39 -------- d-----w- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla

2012-07-16 18:49:25 . 2012-07-16 18:49:26 388608 ----a-w- C:\HiJackThis.exe

2012-07-16 17:50:06 . 2012-07-16 17:50:06 -------- d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\Malwarebytes

2012-07-16 17:49:57 . 2012-07-16 17:49:57 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2012-07-16 17:49:56 . 2012-07-16 17:49:59 -------- d-----w- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2012-07-16 17:49:56 . 2012-07-03 16:46:44 22344 ----a-w- C:\windows\system32\drivers\mbam.sys

2012-07-16 17:28:51 . 2012-07-03 16:21:53 721000 ----a-w- C:\windows\system32\drivers\aswSnx.sys

2012-07-16 17:28:36 . 2012-07-16 17:28:36 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\AVAST Software

2012-07-16 14:15:10 . 2012-07-17 11:31:45 -------- d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\Scpad

2012-07-13 16:44:46 . 2012-07-13 16:44:46 -------- d-----w- C:\Intel

2012-07-12 19:42:00 . 2012-03-31 17:24:14 117248 ----a-w- C:\Arquivos de programas\Internet Explorer\libgcc_s_dw2-1.dll

2012-07-12 19:41:55 . 2012-03-31 17:24:14 117248 ----a-w- C:\windows\system32\libgcc_s_dw2-1.dll

2012-07-12 19:40:53 . 2012-07-16 20:40:42 -------- d-----w- C:\ProgramData

2012-07-11 17:10:51 . 2012-07-11 17:10:51 -------- d-----w- C:\Arquivos de programas\FLV_Runner

2012-07-11 14:35:45 . 2012-07-11 14:35:45 -------- d-----w- C:\Documents and Settings\f001869\PSafe

2012-07-11 14:35:22 . 2012-07-11 14:35:22 -------- d-----w- C:\Documents and Settings\LocalService\Dados de aplicativos\360Safe

2012-07-11 14:35:10 . 2012-06-01 00:21:04 146304 ----a-r- C:\windows\system32\drivers\360FileOem.sys

2012-07-11 14:35:09 . 2012-06-01 00:21:04 23168 ----a-r- C:\windows\system32\drivers\360RegOem.sys

2012-07-11 14:35:08 . 2012-06-01 00:21:04 54912 ----a-r- C:\windows\system32\drivers\360HookOem.sys

2012-07-04 14:26:53 . 2012-07-04 14:26:53 -------- d-----w- C:\Documents and Settings\f001869\Configurações locais\Dados de aplicativos\Rollpix

.

 

 

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2012-07-17 11:32:01 . 2011-12-28 10:46:16 28880 ----a-w- C:\windows\system32\drivers\GbpNdisrd.sys

2012-07-03 16:21:54 . 2010-05-24 11:28:27 54232 ----a-w- C:\windows\system32\drivers\aswTdi.sys

2012-07-03 16:21:53 . 2010-05-24 11:28:31 21256 ----a-w- C:\windows\system32\drivers\aswFsBlk.sys

2012-07-03 16:21:53 . 2010-05-24 11:28:30 353688 ----a-w- C:\windows\system32\drivers\aswSP.sys

2012-07-03 16:21:53 . 2010-05-24 11:28:28 35928 ----a-w- C:\windows\system32\drivers\aswRdr.sys

2012-07-03 16:21:53 . 2010-05-24 11:28:26 97608 ----a-w- C:\windows\system32\drivers\aswmon2.sys

2012-07-03 16:21:53 . 2010-05-24 11:28:26 89624 ----a-w- C:\windows\system32\drivers\aswmon.sys

2012-07-03 16:21:52 . 2010-05-24 11:28:25 25256 ----a-w- C:\windows\system32\drivers\aavmker4.sys

2012-07-03 16:21:32 . 2011-01-05 12:25:22 41224 ----a-w- C:\windows\avastSS.scr

2012-07-03 16:21:28 . 2010-05-24 11:28:18 227648 ----a-w- C:\windows\system32\aswBoot.exe

2012-06-13 13:55:09 . 2004-08-04 02:38:20 1866240 ----a-w- C:\windows\system32\win32k.sys

2012-06-05 15:49:24 . 2010-05-25 19:08:33 1372672 ------w- C:\windows\system32\msxml6.dll

2012-06-05 15:49:24 . 2004-08-04 02:45:26 1172480 ----a-w- C:\windows\system32\msxml3.dll

2012-06-04 04:32:08 . 2004-08-04 02:45:26 152576 ----a-w- C:\windows\system32\schannel.dll

2012-06-02 18:19:48 . 2008-10-16 17:08:12 15896 ----a-w- C:\windows\system32\wuapi.dll.mui

2012-06-02 18:19:38 . 2009-10-14 21:17:34 329240 ----a-w- C:\windows\system32\wucltui.dll

2012-06-02 18:19:38 . 2009-10-14 21:17:34 210968 ----a-w- C:\windows\system32\wuweb.dll

2012-06-02 18:19:38 . 2009-10-14 21:17:33 219160 ----a-w- C:\windows\system32\wuaucpl.cpl

2012-06-02 18:19:38 . 2008-10-16 17:07:32 18456 ----a-w- C:\windows\system32\wuaueng.dll.mui

2012-06-02 18:19:34 . 2009-10-14 21:17:33 53784 ----a-w- C:\windows\system32\wuauclt.exe

2012-06-02 18:19:34 . 2009-10-14 21:17:33 35864 ----a-w- C:\windows\system32\wups.dll

2012-06-02 18:19:34 . 2008-10-16 17:09:44 45080 ----a-w- C:\windows\system32\wups2.dll

2012-06-02 18:19:34 . 2008-10-16 17:08:12 15896 ----a-w- C:\windows\system32\wuaucpl.cpl.mui

2012-06-02 18:19:34 . 2004-08-04 02:45:22 97304 ----a-w- C:\windows\system32\cdm.dll

2012-06-02 18:19:24 . 2009-10-14 21:17:33 577048 ----a-w- C:\windows\system32\wuapi.dll

2012-06-02 18:19:24 . 2008-10-16 17:09:40 23576 ----a-w- C:\windows\system32\wucltui.dll.mui

2012-06-02 18:19:18 . 2009-10-14 21:17:33 1933848 ----a-w- C:\windows\system32\wuaueng.dll

2012-06-02 18:18:58 . 2010-05-25 19:16:39 275696 ----a-w- C:\windows\system32\mucltui.dll

2012-06-02 18:18:58 . 2010-05-25 19:16:39 214256 ----a-w- C:\windows\system32\muweb.dll

2012-06-02 18:18:58 . 2010-05-25 19:16:39 17648 ----a-w- C:\windows\system32\mucltui.dll.mui

2012-05-31 13:21:57 . 2004-08-04 02:45:22 605184 ----a-w- C:\windows\system32\crypt32.dll

2012-05-05 03:14:27 . 2004-08-04 02:40:12 2152448 ----a-w- C:\windows\system32\ntoskrnl.exe

2012-05-05 03:14:27 . 2004-08-04 00:40:24 2030592 ----a-w- C:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46:35 . 2009-10-14 21:16:10 139656 ----a-w- C:\windows\system32\drivers\rdpwd.sys

2011-07-28 17:57:08 . 2011-07-28 17:57:08 1809920 ----a-w- C:\Arquivos de programas\SpringPublisher.exe

2012-06-14 22:19:07 . 2012-07-16 20:14:21 85472 ----a-w- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll

 

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

 

 

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21:21 121528 ----a-w- C:\Arquivos de programas\Alwil Software\Avast5\ashShell.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast"="C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2012-07-03 16:21:30 4273976]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "C:\ARQUIV~1\GbPlugin\gbiehuni.dll" [2012-02-01 13:41:58 601592]

"{E37CB5F0-51F5-4395-A808-5FA49E399011}"= "C:\ARQUIV~1\GbPlugin\gbiehscd.dll" [2012-02-15 13:06:24 695864]

"{E37CB5F0-51F5-4395-A808-5FA49E399015}"= "C:\ARQUIV~1\GbPlugin\gbiehisg.dll" [2011-10-21 18:34:56 694960]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2012-02-15 11:40:20 607472 ----a-w- C:\ARQUIV~1\GbPlugin\gbiehabn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2012-05-09 12:01:54 1313864 ----a-w- C:\ARQUIV~1\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2012-01-11 17:01:26 726360 ----a-w- C:\ARQUIV~1\GbPlugin\gbiehcef.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginIsg]

2011-10-21 18:34:56 694960 ----a-w- C:\ARQUIV~1\GbPlugin\gbiehisg.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginScd]

2012-02-15 13:06:24 695864 ----a-w- C:\ARQUIV~1\GbPlugin\gbiehscd.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2012-02-01 13:41:58 601592 ----a-w- C:\ARQUIV~1\GbPlugin\gbiehuni.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Internet Explorer.lnk]

path=C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Internet Explorer.lnk

backup=C:\windows\pss\Internet Explorer.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Post-it® Digital Notes.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Post-it® Digital Notes.lnk

backup=C:\WINDOWS\pss\Post-it® Digital Notes.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37:53 843712 ----a-w- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-13 22:21:26 110592 ----a-w- C:\WINDOWS\system32\bthprops.cpl

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-13 22:20:56 15360 ----a-w- C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2008-12-18 06:28:14 178712 ----a-r- C:\WINDOWS\system32\hkcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]

2007-05-04 16:05:36 36864 ----a-w- C:\Arquivos de programas\HP\HP UT\bin\hppusg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-12-18 06:28:32 150040 ----a-r- C:\WINDOWS\system32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-12-18 06:28:26 150040 ----a-r- C:\WINDOWS\system32\igfxpers.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-03-02 08:01:18 17530368 -c--a-w- C:\WINDOWS\RTHDCPL.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-10-19 13:48:08 149280 ----a-w- C:\Arquivos de programas\Java\jre6\bin\jusched.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=

"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

 

R0 360HookOem;360HookOem;C:\WINDOWS\system32\drivers\360HookOem.sys [11/07/2012 11:35:08 54912]

R0 BtHidBus;Bluetooth HID Bus Service;C:\WINDOWS\system32\drivers\BtHidBus.sys [07/01/2009 23:39:36 20744]

R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\gbpkm.sys [19/10/2009 10:51:09 46408]

R1 aswSnx;aswSnx;C:\WINDOWS\system32\drivers\aswSnx.sys [16/07/2012 14:28:51 721000]

R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [24/05/2010 08:28:30 353688]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [24/05/2010 08:28:31 21256]

R2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [19/10/2009 10:51:09 214088]

R3 NdisrdMP;NdisrdMP;C:\WINDOWS\system32\drivers\GbpNdisrd.sys [28/12/2011 07:46:16 28880]

S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfilt.sys [14/10/2009 18:25:19 1684736]

S3 btnetBUs;Bluetooth PAN Bus Service;C:\WINDOWS\system32\drivers\btnetBus.sys [07/12/2008 12:44:54 30088]

S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\WINDOWS\system32\drivers\IvtBtBus.sys [02/07/2008 14:58:48 26248]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe [16/07/2012 16:01:44 113120]

S3 Ndisrd;GAS Tecnologia Service;C:\WINDOWS\system32\drivers\GbpNdisrd.sys [28/12/2011 07:46:16 28880]

 

Conteúdo da pasta 'Tarefas Agendadas'

 

2012-07-17 C:\windows\Tasks\avast! Emergency Update.job

- C:\Arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-16 17:36:03 . 2012-07-03 16:21:29]

 

2012-07-17 C:\windows\Tasks\User_Feed_Synchronization-{0C7BE09E-5960-4C06-8686-765A8F491B06}.job

- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 21:36:40 . 2007-08-13 21:36:40]

 

2012-07-16 C:\windows\Tasks\User_Feed_Synchronization-{16250015-7DF9-4DD2-A276-22084A105D91}.job

- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 21:36:40 . 2007-08-13 21:36:40]

 

 

------- Scan Suplementar -------

 

uInternet Connection Wizard,ShellNext = hxxp://g.live.com/1rew3set/pt-brz_error?!wli80040002&ec=0x80070002

IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.4.65.16

FF - ProfilePath - C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\6dhjraz6.default\

 

- - - - ORFÃOS REMOVIDOS - - - -

 

Toolbar-10 - (no file)

MSConfigStartUp-Adobe Reader Speed Launcher - C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-msnmsgr - C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-17 08:34:32

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

 

CreateFile("\\.\PHYSICALDRIVE0"): O arquivo já está sendo usado por outro processo.

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

user != kernel MBR !!!

 

**************************************************************************

 

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1454471165-796845957-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ff,1c,ff,4b,23,91,2b,4f,81,ca,69,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ff,1c,ff,4b,23,91,2b,4f,81,ca,69,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EA9A8FA-F5D2-49E1-99E8-C26EE07FCEEB}\Elevation]

@DACL=(02 0000)

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EA9A8FA-F5D2-49E1-99E8-C26EE07FCEEB}\LocalServer32]

@DACL=(02 0000)

@="C:\\ARQUIV~1\\ARQUIV~1\\MICROS~1\\OFFICE12\\OFFICE~1\\SETUP.EXE"

 

[HKEY_LOCAL_MACHINE\software\Classes\contact_oe_auto_file\shell]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\03076BB64DB02933C93976B1AC698DE0\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"114"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\0EB7ECFEE015239449574FC49DD01EA6\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"21693"=";Microsoft .NET Framework 1.1 Security Update (KB2572067)"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\13CA5F6F338977E3CAE8E819C0BA93EA\SourceList\Media]

@DACL=(02 0000)

"102"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\17AFD8C1970420F48BBB741BC2A165F5\SourceList\Media]

@DACL=(02 0000)

"100"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\17BB7F68F8EF60333A529FE30E46718B\SourceList\Media]

@DACL=(02 0000)

"111"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\1FA98C108219B99448EDF4C3B1EC100C\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"106"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\1FDE42FC632E233438BCC407A1B9BC0F\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"107"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\2451D69CF585D214C8A52004DB1A469B\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"106"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\24DF66A32D05A9E3185BCE3E5E3C90A7\SourceList\Media]

@DACL=(02 0000)

"111"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\256917180E811B74A9218FB20F574DBD\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"105"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\28C9EA2BB7CD1463FB8C7872C5F46370\SourceList\Media]

@DACL=(02 0000)

"101"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\295DC294DD789E13083868560A521636\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"111"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\2F2AEE7ADCFB45A45A57B7187A686E85\SourceList\Media]

@DACL=(02 0000)

"100"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\37297481046CEAF47BC8DC52A6399760\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"104"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\39A42FFE0FC238638B828E356BCFABA0\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"115"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\39D9350CFCD18153BBE9C69E85245243\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"114"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\3D90EFE177C6D6E478F667BC032D50C6\SourceList\Media]

@DACL=(02 0000)

"101"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\4152E9034D92C5043B1B417D32B1AF61\SourceList\Media]

@DACL=(02 0000)

"102"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\41A670B5874F6653EBA789C5C326F94A\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"111"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\425A33BDE5485584E9095A16B9DC5D72\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"103"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\43F3D5FAA348FB140A3FF2BB0AB09A9B\SourceList\Media]

@DACL=(02 0000)

"104"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\44D51B2A7D3B696448850A89C682FA0D\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"102"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\484CA1D2615EC8048852CA1B3C65CAA7\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"101"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\4C9878626E35BDD4F833D8F0E900B0AE\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"100"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\55399781A9D2FFB32AEFF88353F1ADAB\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"114"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\5E903427217EC6249BD46B4B52112CF9\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"104"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\5EDEE27DAF3D979329DEF894846ED2F0\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"114"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\645BC568E92815C458A6C140B262F43E\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"108"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\6BE374011DC2CCB3D99A1D1081FE29FF\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"113"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\6D0233A2508C08244B326B56DB3ED3F8\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"21685"=";Microsoft .NET Framework 1.1 Security Update (KB979906)"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\6ECFE6F2FD019F94E946A93E77B55288\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"21689"=";Microsoft .NET Framework 1.1 Security Update (KB2416447)"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\82B28DCEEB84C6245BB5E60C22162658\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"108"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\881B67FDBD11CD343A98012492599A97\SourceList\Media]

@DACL=(02 0000)

"107"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\8D81D36F6C56F404CB6CCB6111055157\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"101"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\91C30D4F0ACD90B4387EEBB3608C4DCD\SourceList\Media]

@DACL=(02 0000)

"109"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\91EFD319CE23990498CA72CF94A3A7E2\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft Office Enterprise 2007"

"117"="OFFICE12;1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\91F4988A8C952D83A857630CCC5EA6B5\SourceList\Media]

@DACL=(02 0000)

"102"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\9E0DE89293FE9BB33898F24ED18CCF08\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"109"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\A2A49AADD8A2B3D4D98B65BFCEDE80D2\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"21624"=";Microsoft .NET Framework 1.1 Security Update (KB953297)"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\B4C419EC05CA8E13D92A51BD928D65F8\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"113"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\B4DC2171CF6DE183589FF2E42C91F993\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"116"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\B8F6D1795C8E4A94E93D980C010B8D2D\SourceList\Media]

@DACL=(02 0000)

"103"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\BBBC54B31AC5BF448958CA8CF16725E1\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"107"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\BE7C28545F39D804F992A5B51E7E8654\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"103"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\C3CFBEEB1B8483A43A5C18AB91FDF504\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"109"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\CD9B5C7DC4E6EED4A9B71438ADD41C2C\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"100"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\DE6BA3F2C1597EC4A89C5864DFFCF1A5\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"102"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\E0337B0F8B42AE34C86D1D4124A8C1CE\SourceList\Media]

@DACL=(02 0000)

"108"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\E54DA494170E9184E8511E40F1FB0F37\SourceList\Media]

@DACL=(02 0000)

"110"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\E6C461BDA4E80374796CED4868BE63F7\SourceList\Media]

@DACL=(02 0000)

"106"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\E9030CAD6F70DA545BFBB5D0FE17FFEE\SourceList\Media]

@DACL=(02 0000)

"105"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\F3F86E863D2A6B148B1252798C5CCBBB\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"105"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\F9DC276355B3ECF3D85A5DC7A31B1005\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"114"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\FA6C3120265590D488C4A2CDCFC8F253\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"21704"=";Microsoft .NET Framework 1.1 Security Update (KB2656353)"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\00002109030000000000000000F01FEC\Patches]

@DACL=(02 0000)

"6D6C63B08D5FFAE4FB4934672A03DAB5"=":9000300000000012.0.4518.1014;:#9000300000000012.0.4518.1014"

"D582444CF4E54A8419DD74AAAA869ED2"=":9000300000000012.0.4518.1014;:#9000300000000012.0.4518.1014"

"9B247DCF55A7CB447A677F592FF1DECD"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"84125F966FB9CDC4FB6701D3AE3FDD80"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"ACD702F79933BC049A86E695191B24A1"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"895910D395B7A74408EA18B507B348FF"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"77772117C2B879F4FAA7C68FAC8C22D4"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"9A05092308FE9F046B334705F8451CFF"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"A187BCC8B6FCBCF46B8D956CD45F6CBD"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"3B0D90113AFE3554AADEC4E3A91D038E"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"CECC24119ACAB484AB093C5AAC91885C"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"5D34E4A5F858DB94AB27F8031E970306"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"B0F794C516029CC46AC1B6548B7653D4"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"AF47B5A729A79CF428A1D25D4D7EE384"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"205BF635F5774944ABEC0CC29CB0A7B5"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"733967DCCA8CBD647ACD46E305802936"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"EAEEC4B088AAC094CB2BAA3C2491184A"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"162039D5B5AA1D8439F124C5D9674709"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"DBC1F3FBC50B4464EA34E60ECF2C724A"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"38512CDB1065B2B4883F97916FEDF81B"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"95AC4D1007070244B9CCE0AFC7D567EB"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"D7FBC1A34074CB043BC1AA6781483A4E"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"2A21C346A9FA21748BEBB36705FA0EA0"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"7A46902C18155E54E928275F4D00EDFB"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"5FD3787BC1E9EE5488592DC9A60E2120"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"948F5D0A5D9DDE84990D7CD4B7AFA690"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"0F2378A5F02CB9A42A9A66EFA785C653"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"1D301765DC6967B4399B62181A78EDFF"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"BF4D0FE032BB5154AAAE2104CAD25A52"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"72A61AEA79B0076418F89AD860CEA0F6"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"72D202844D6A46241A48156A8EDAC704"=":9000300000000012.0.4518.1014;:#9000300000000012.0.4518.1014"

"Patches"=multi:"6D6C63B08D5FFAE4FB4934672A03DAB5\0095AC4D1007070244B9CCE0AFC7D567EB\00EAEEC4B088AAC094CB2BAA3C2491184A\00BF4D0FE032BB5154AAAE2104CAD25A52\003B0D90113AFE3554AADEC4E3A91D038E\00CECC24119ACAB484AB093C5AAC91885C\009A05092308FE9F046B334705F8451CFF\00D7FBC1A34074CB043BC1AA6781483A4E\00895910D395B7A74408EA18B507B348FF\00205BF635F5774944ABEC0CC29CB0A7B5\001D301765DC6967B4399B62181A78EDFF\005D34E4A5F858DB94AB27F8031E970306\000F2378A5F02CB9A42A9A66EFA785C653\00B0F794C516029CC46AC1B6548B7653D4\00162039D5B5AA1D8439F124C5D9674709\002A21C346A9FA21748BEBB36705FA0EA0\0084125F966FB9CDC4FB6701D3AE3FDD80\0077772117C2B879F4FAA7C68FAC8C22D4\00AF47B5A729A79CF428A1D25D4D7EE384\00ACD702F79933BC049A86E695191B24A1\00A187BCC8B6FCBCF46B8D956CD45F6CBD\00948F5D0A5D9DDE84990D7CD4B7AFA690\0072A61AEA79B0076418F89AD860CEA0F6\005FD3787BC1E9EE5488592DC9A60E2120\0038512CDB1065B2B4883F97916FEDF81B\00DBC1F3FBC50B4464EA34E60ECF2C724A\007A46902C18155E54E928275F4D00EDFB\00D582444CF4E54A8419DD74AAAA869ED2\00733967DCCA8CBD647ACD46E305802936\009B247DCF55A7CB447A677F592FF1DECD\0072D202844D6A46241A48156A8EDAC704\00\00"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\00002109030000000000000000F01FEC\SourceList]

@DACL=(02 0000)

"PackageName"="EnterpriseWW.msi"

"LastUsedSource"=expand:"n;1;C:\\MSOCache\\All Users\\{90120000-0030-0000-0000-0000000FF1CE}-C\\"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\000021599B0090400000000000F01FEC\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft Application Error Reporting"

"1"="OFFICE12;1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\00002159FA0061400000000000F01FEC\Patches]

@DACL=(02 0000)

"4328B5719D5860B4F81118A6D7D61E61"=":9500AF0416000012.0.4518.1019;:#9500AF0416000012.0.4518.1019"

"895910D395B7A74408EA18B507B348FF"=":9500AF0416000012.0.6425.1000;:#9500AF0416000012.0.6425.1000"

"EAEEC4B088AAC094CB2BAA3C2491184A"=":9500AF0416000012.0.6425.1000;:#9500AF0416000012.0.6425.1000"

"DBC1F3FBC50B4464EA34E60ECF2C724A"=":9500AF0416000012.0.6425.1000;:#9500AF0416000012.0.6425.1000"

"95AC4D1007070244B9CCE0AFC7D567EB"=":9500AF0416000012.0.6425.1000;:#9500AF0416000012.0.6425.1000"

"2A21C346A9FA21748BEBB36705FA0EA0"=":9500AF0416000012.0.6425.1000;:#9500AF0416000012.0.6425.1000"

"948F5D0A5D9DDE84990D7CD4B7AFA690"=":9500AF0416000012.0.6425.1000;:#9500AF0416000012.0.6425.1000"

"BF4D0FE032BB5154AAAE2104CAD25A52"=":9500AF0416000012.0.6425.1000;:#9500AF0416000012.0.6425.1000"

"306448DBD245F124E9CC86EE999FD556"=":9500AF0416000012.0.6425.1000;:#9500AF0416000012.0.6425.1000"

"Patches"=multi:"4328B5719D5860B4F81118A6D7D61E61\0095AC4D1007070244B9CCE0AFC7D567EB\00EAEEC4B088AAC094CB2BAA3C2491184A\00BF4D0FE032BB5154AAAE2104CAD25A52\00895910D395B7A74408EA18B507B348FF\002A21C346A9FA21748BEBB36705FA0EA0\00948F5D0A5D9DDE84990D7CD4B7AFA690\00DBC1F3FBC50B4464EA34E60ECF2C724A\00306448DBD245F124E9CC86EE999FD556\00\00"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\00002159FA0061400000000000F01FEC\SourceList]

@DACL=(02 0000)

"PackageName"="ppviewer.msi"

"LastUsedSource"=expand:"n;1;C:\\Arquivos de programas\\MSECache\\PPTViewer\\"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\080E7FFA4791FB54390101EDA1F1E50D\SourceList\Media]

@DACL=(02 0000)

"1"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\0D756077321A70C3E844C138CE981581\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\0DC1503A46F231838AD88BCDDC8E8F7C\SourceList\Media]

@DACL=(02 0000)

"1"=";1"

"100"=";"

"101"=";"

"102"=";"

"103"=";"

"104"=";"

"105"=";"

"106"=";"

"107"=";"

"108"=";"

"109"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\26DDC2EC4210AC63483DF9D4FCC5B59D\SourceList\Media]

@DACL=(02 0000)

"1"=";1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\313E2097F0FF3944CA1B8A41B787CD0D\SourceList]

@DACL=(02 0000)

"PackageName"="HPSSupply.msi"

"LastUsedSource"=expand:"n;1;C:\\hp_P1000_P1500_Full_Solution\\DTSS\\"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120661FF\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"="DISK1;1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\6E58EC68CABDDFF39B774E7BF9389C90\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\A35E09D5C7DB23F8B92877330D0FCBE8\SourceList\Media]

@DACL=(02 0000)

"1"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"2"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"3"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"4"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"5"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"6"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"7"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"8"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"9"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"10"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"11"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\C3B02CB566F11584AAC07B1BA5F7D368\SourceList\Media]

@DACL=(02 0000)

"1"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\Patches]

@DACL=(02 0000)

"CD9B5C7DC4E6EED4A9B71438ADD41C2C"=":oldTocurrent;:#oldTocurrent"

"8D81D36F6C56F404CB6CCB6111055157"=":oldTocurrent;:#oldTocurrent"

"44D51B2A7D3B696448850A89C682FA0D"=":oldTocurrent;:#oldTocurrent"

"425A33BDE5485584E9095A16B9DC5D72"=":oldTocurrent;:#oldTocurrent"

"37297481046CEAF47BC8DC52A6399760"=":oldTocurrent;:#oldTocurrent"

"F3F86E863D2A6B148B1252798C5CCBBB"=":oldTocurrent;:#oldTocurrent"

"1FA98C108219B99448EDF4C3B1EC100C"=":oldTocurrent;:#oldTocurrent"

"BBBC54B31AC5BF448958CA8CF16725E1"=":oldTocurrent;:#oldTocurrent"

"645BC568E92815C458A6C140B262F43E"=":oldTocurrent;:#oldTocurrent"

"Patches"=multi:"CD9B5C7DC4E6EED4A9B71438ADD41C2C\008D81D36F6C56F404CB6CCB6111055157\0044D51B2A7D3B696448850A89C682FA0D\00425A33BDE5485584E9095A16B9DC5D72\0037297481046CEAF47BC8DC52A6399760\00F3F86E863D2A6B148B1252798C5CCBBB\001FA98C108219B99448EDF4C3B1EC100C\00BBBC54B31AC5BF448958CA8CF16725E1\00645BC568E92815C458A6C140B262F43E\00\00"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"1"=";1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\DC3BF90CC0D3D2F398A9A6D1762F70F3\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";"

"100"=";"

"101"=";"

"102"=";"

"103"=";"

"104"=";"

"105"=";"

"106"=";"

"107"=";"

"108"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\DD3E9A158B73BB74E876B5673BFECB84\SourceList]

@DACL=(02 0000)

"PackageName"="wllogin.msi"

"LastUsedSource"=expand:"n;1;C:\\Arquivos de programas\\Arquivos comuns\\Windows Live\\.cache\\8c88ce841ca4d01\\"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\DDE7F2BCF1D91C3409CFF425AE1E271A\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";Microsoft .NET Framework 1.1 [Disk 1]"

"2"=";Microsoft .NET Framework 1.1 [Disk 1]"

"3"=";Microsoft .NET Framework 1.1 [Disk 1]"

"4"=";Microsoft .NET Framework 1.1 [Disk 1]"

"5"=";Microsoft .NET Framework 1.1 [Disk 1]"

"6"=";Microsoft .NET Framework 1.1 [Disk 1]"

"7"=";Microsoft .NET Framework 1.1 [Disk 1]"

"8"=";Microsoft .NET Framework 1.1 [Disk 1]"

"9"=";Microsoft .NET Framework 1.1 [Disk 1]"

"10"=";Microsoft .NET Framework 1.1 [Disk 1]"

"11"=";Microsoft .NET Framework 1.1 [Disk 1]"

"12"=";Microsoft .NET Framework 1.1 [Disk 1]"

"13"=";Microsoft .NET Framework 1.1 [Disk 1]"

"14"=";Microsoft .NET Framework 1.1 [Disk 1]"

"15"=";Microsoft .NET Framework 1.1 [Disk 1]"

"16"=";Microsoft .NET Framework 1.1 [Disk 1]"

"17"=";Microsoft .NET Framework 1.1 [Disk 1]"

"18"=";Microsoft .NET Framework 1.1 [Disk 1]"

"19"=";Microsoft .NET Framework 1.1 [Disk 1]"

"20"=";Microsoft .NET Framework 1.1 [Disk 1]"

"21"="URTSTDD1;Microsoft .NET Framework 1.1 [Disk 1]"

 

[HKEY_LOCAL_MACHINE\software\Macromedia\FlashPlayerActiveX\Components]

@DACL=(02 0000)

"Main"="1"

 

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(1056)

C:\ARQUIV~1\GbPlugin\gbieh.dll

C:\ARQUIV~1\GbPlugin\gbiehscd.dll

C:\ARQUIV~1\GbPlugin\gbiehcef.dll

C:\ARQUIV~1\GbPlugin\gbiehabn.dll

C:\ARQUIV~1\GbPlugin\gbiehuni.dll

C:\ARQUIV~1\GbPlugin\gbiehisg.dll

C:\windows\system32\wininet.dll

 

Tempo para conclusão: 2012-07-17 08:35:26

ComboFix-quarantined-files.txt 2012-07-17 11:35:24

 

Pré-execução: 14 pasta(s) 308.168.777.728 bytes disponíveis

Pós execução: 17 pasta(s) 308.174.364.672 bytes disponíveis

 

- - End Of File - - 441BE1AE5DA5C3D5E9612AE6E4098002

[wings 22]

Alguns arquivos são, outros são atalhos que você poderá criar novamente.

 

O log está limpo.

 

 

:seta: Renomei o Combofix para Uninstall

 

*Execute-o, aguarde a mensagem ComboFix foi desinstalado e clique [OK]

 

 

*Delete o arquivo C:\Combofix.txt

 

 

Um abraço.

[Edvan 30]

O pc está ok, mais notei o seguinte:

 

O ícone na área de trabalho do Word, está aparecendo como se fosse WordPad, porem abre o word normal, só achei estranho isso.. ha!! outra coisa, quando vou iniciar todos os programas o Microsoft Office 2007 não está listado lá, mais está instalado pois já vi.

 

P.S: Tentei desinstalar para instalar novamente mais nao conseguir, ele abre a tela e fecha automaticamente.

 

Estranho não é??

[wings 22]

O ícone na área de trabalho do Word, está aparecendo como se fosse WordPad, porem abre o word normal, só achei estranho isso..

Já criou um novo ícone do Word na área de Trabalho?

 

Vá lá na pasta do Office e envie um atalho para o Desktop.

 

ha!! outra coisa, quando vou iniciar todos os programas o Microsoft Office 2007 não está listado lá, mais está instalado pois já vi.

 

P.S: Tentei desinstalar para instalar novamente mais nao conseguir, ele abre a tela e fecha automaticamente.

Já clicou com o botão direito em Iniciar

 

Na aba Menu Iniciar clique [Personalizar...] > [usar Configuração Padrão] > [OK]

[Edvan 30]

Hurum, os atalhos do word eu já joguei para área de trabalho, agora não sei pq nao estou conseguindo nem instalar nem alterar alguma coisa do Microsoft Office 2007, no Adicionar e remover programas do painel de controle.

[wings 22]

Hurum, os atalhos do word eu já joguei para área de trabalho, agora não sei pq nao estou conseguindo nem instalar nem alterar alguma coisa do Microsoft Office 2007, no Adicionar e remover programas do painel de controle.

Leia aqui:

http://techlagarto.blogspot.com.br/2009/02/erro-na-instalacao-do-office-2007.html

 

http://support.microsoft.com/mats/Program_Install_and_Uninstall

 

http://support.microsoft.com/kb/2438651

[Edvan 30]

valeu pela ajuda wings, pode fechar o tópico!

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.