[Resolvido] &nbspLentidão do micro

[DigRam 144]

Boa Tarde! Soraya Lourenço

 

|- Somente uma pergunta! Nessa movimentação espontânea do cursor,você está com o Firefox aberto?

 

-/-

 

|- Baixe: < AD-Remover > ( ... de C-XX )

 

|- Ou... < Aqui! > <- Link!

 

|- Salve-o em C:\ ( Disco local )

|- Duplo clique em AD-R.exe

|- Para Windows Vista ou 7,dê clique direito no arquivo e execute-o como administrador!

 

 

|- Aperte a opção "Clean".

|- Ao concluir,aceite/confirme o reboot,para que Adwares sejam removidos.

|- Ou seja,o computador irá reiniciar!

|- Poste o relatório: C:\Ad-Report-CLEAN[1].txt

 

-/-

 

|- Selecione e copie,o conteúdo que está em "vermelho",para o Bloco de Notas.

|- Salve-o,no desktop,com o nome: CFScript <-- Texto!

 

#########

 

RegLock::

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

 

Firefox::

FF - prefs.js: network.proxy.type - 0

user_pref('extensions.dealply.partner', 'iron');

user_pref('extensions.dealply.channel', 'iron3');

user_pref('extensions.dealply.installId', 'v23900293429171670743002012080417283720');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '0');

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tt=010812_hpdel_3112_6

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

FF - user.js: extensions.BabylonToolbar.id - d47eecd5000000000000e0ca9478f907

FF - user.js: extensions.BabylonToolbar.instlDay - 15556

FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1

FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.116:29

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

 

File::

C:\user.js

 

Folder::

c:\programdata\Babylon

c:\users\Soraya\AppData\Roaming\Babylon

 

#########

 

|- Ps: Desabilite,temporariamente,seu antivírus.

|- Ps: Não utilizem este script em outra máquina!

|- Arraste,o CFScript.txt para o ícone/interior do ComboFix.

|- Veja a demonstração!

 

 

|- Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

|- Ps: Faça o arraste,até surgir essa solicitação! ( janela )

|- Concluindo,poste: C:\ComboFix.txt

 

Abraços!

[Soraya Lourenço 0]

Boa tarde, DigRam!

 

O movimento do mouse acontece com qualquer programa que estiver aberto.

 

Vou fazer os procedimentos e depois vou posta-los.

 

Um abraço!

 

Não estou conseguindo salvar o AD_Remover no drive c:. O que faço?

 

Agora o AVG travou o escaneamento do AD-Remover. Vou ter que refazer o ascaneamento.

 

Segue o primeiro scan:

 

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

 

Updated by TeamXscript on 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

 

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 15:31:11 on 09/08/2012, Normal boot

 

Microsoft Windows 7 Starter Service Pack 1 (X86)

Soraya@LOURENÇO-PC (SAMSUNG ELECTRONICS CO., LTD. RV415/RV515)

 

============== ACTION(S) ==============

 

 

Folder deleted: C:\Users\Soraya\AppData\Roaming\OpenCandy

 

(!) -- Temporary files deleted.

 

 

Key deleted: HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{4DF1E8FD-FBA0-36E8-4176-40D549A35E8E}

 

 

============== ADDITIONNAL SCAN ==============

 

**** Mozilla Firefox Version [14.0.1 (pt-BR)] ****

 

HKLM_MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin (x)

HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)

HKLM_MozillaPlugins\Adobe Reader (x)

HKCU_MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin (x)

Searchplugins\avg-secure-search.xml ( hxxps://isearch.avg.com/search?cid={CECFBF51-F240-4F51-80BB-034C667A321D}&mid=0da03d91c6a747d0ab243183d2a17996-308ca89a0655160c05dcfa20e2aa9263276bc729&ds=AVG&lang=pt-br&v=12.1.0.21&pr=fr&d=&sap=dsp&q={searchTerms}/)

Searchplugins\babylon.xml (hxxp://search.babylon.com/)

Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)

Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)

Searchplugins\twitter.xml (hxxps://twitter.com/search/{searchTerms})

Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)

Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)

Components\browsercomps.dll (Mozilla Foundation)

HKLM_Extensions|smartwebprinting@hp.com - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

HKLM_Extensions|support@vdownloader.com - C:\Program Files\VDownloader\Addons\FireFox (x)

HKLM_Extensions|{F53C93F1-07D5-430c-86D4-C9531B27DFAF} - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\

HKLM_Extensions|avg@toolbar - C:\ProgramData\AVG Secure Search\12.1.0.21\

HKCU_Extensions|smartwebprinting@hp.com - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

 

-- C:\Users\Soraya\AppData\Roaming\Mozilla\FireFox\Profiles\d9gpgnfs.default --

Extensions\staged (?)

Searchplugins\Search.xml (?)

Prefs.js - browser.download.lastDir, C:\\Users\\Soraya\\Desktop

Prefs.js - browser.search.defaultenginename, AVG Secure Search

Prefs.js - browser.search.selectedEngine, Google

Prefs.js - browser.startup.homepage, hxxp://www.google.com.br/

Prefs.js - browser.startup.homepage_override.buildID, 20120713134347

Prefs.js - browser.startup.homepage_override.mstone, 14.0.1

Prefs.js - keyword.URL, hxxps://isearch.avg.com/search?cid=%7B2f010106-f734-4489-80e7-48293eda4da7%7D&mid=0da03d91c6a747d0ab243183d...

 

========================================

 

**** Internet Explorer Version [9.0.8112.16421] ****

 

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_SearchScopes\{4DF1E8FD-FBA0-36E8-4176-40D549A35E8E} - "?" (?)

HKCU_SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} - "AVG Secure Search" (hxxps://isearch.avg.com/search?cid={CECFBF51-F240-4F51-80BB-034C667A321D}&mid=0d...)

HKLM_Toolbar|{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll)

HKCU_ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA} - C:\Users\Soraya\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe (Skype Limited)

HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)

HKLM_ElevationPolicy\{08FF730A-494F-4cba-AA0B-E4F1D44715F9} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\symerr.exe (x)

HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)

HKLM_ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA} - C:\Users\Soraya\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe (Skype Limited)

HKLM_ElevationPolicy\{4E4F55C7-1B5E-448d-97DD-78B719829E0D} - C:\windows\system32\spool\drivers\w32x86\3\spd__sm.exe (Samsung Electronics)

HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)

HKLM_ElevationPolicy\{8DDBEC40-04EE-40E2-9AA5-AFE0025E0339} - C:\Program Files\Samsung AnyWeb Print\W2PServer.exe (?)

HKLM_ElevationPolicy\{C804A76B-FC71-47f6-B8B2-7D83C520864F} - C:\Program Files\Samsung AnyWeb Print\GwHH.exe (?)

HKLM_ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - C:\Program Files\AVG Secure Search\lip.exe (?)

HKLM_ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} - C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\12.1.5\ScriptHelper.exe (?)

HKLM_Extensions\{328ECD19-C167-40eb-A0C7-16FE7634105E} - "Samsung AnyWeb Print" (C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll,300)

HKLM_Extensions\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - "AVG Do Not Track" (C:\Program Files\AVG\AVG2012\avgdtiex.dll,202)

HKLM_Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} - "@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" (C:\Program Files\WIDCOMM\Bluetooth Software\bt_cold_icon.ico)

BHO\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - "AVG Do Not Track" (C:\Program Files\AVG\AVG2012\avgdtiex.dll)

BHO\{95B7759C-8C7F-4BF1-B163-73684A933233} - "AVG Security Toolbar" (C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll)

BHO\{AA609D72-8482-4076-8991-8CDAE5B93BCB} - "Samsung BHO Class" (C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll)

 

========================================

 

C:\Program Files\Ad-Remover\Quarantine: 1 File(s)

C:\Program Files\Ad-Remover\Backup: 14 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 09/08/2012 15:32:01 (6636 Byte(s))

 

End at: 15:34:25, 09/08/2012

 

============== E.O.F ==============

[DigRam 144]

Boa tarde, DigRam!

 

O movimento do mouse acontece com qualquer programa que estiver aberto.

 

Vou fazer os procedimentos e depois vou posta-los.

 

Um abraço!

 

Não estou conseguindo salvar o AD_Remover no drive c:. O que faço?

Olá!

 

|- Pode salvá-lo no desktop!

 

Abs!

[Soraya Lourenço 0]

Já fiz isso.

Salvei no DeskTop e depois transferi para o C: .

Segue o Scan feito depois que desativei o AVG:

 

 

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

 

Updated by TeamXscript on 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

 

C:\Program Files\Ad-Remover\main.exe (CLEAN [2]) -> Launched at 15:42:14 on 09/08/2012, Normal boot

 

Microsoft Windows 7 Starter Service Pack 1 (X86)

Soraya@LOURENÇO-PC (SAMSUNG ELECTRONICS CO., LTD. RV415/RV515)

 

============== ACTION(S) ==============

 

 

 

(!) -- Temporary files deleted.

 

 

 

 

============== ADDITIONNAL SCAN ==============

 

**** Mozilla Firefox Version [14.0.1 (pt-BR)] ****

 

HKLM_MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin (x)

HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)

HKLM_MozillaPlugins\Adobe Reader (x)

HKCU_MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin (x)

Searchplugins\avg-secure-search.xml ( hxxps://isearch.avg.com/search?cid={CECFBF51-F240-4F51-80BB-034C667A321D}&mid=0da03d91c6a747d0ab243183d2a17996-308ca89a0655160c05dcfa20e2aa9263276bc729&ds=AVG&lang=pt-br&v=12.1.0.21&pr=fr&d=&sap=dsp&q={searchTerms}/)

Searchplugins\babylon.xml (hxxp://search.babylon.com/)

Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)

Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)

Searchplugins\twitter.xml (hxxps://twitter.com/search/{searchTerms})

Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)

Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)

Components\browsercomps.dll (Mozilla Foundation)

HKLM_Extensions|smartwebprinting@hp.com - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

HKLM_Extensions|support@vdownloader.com - C:\Program Files\VDownloader\Addons\FireFox (x)

HKLM_Extensions|{F53C93F1-07D5-430c-86D4-C9531B27DFAF} - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\

HKLM_Extensions|avg@toolbar - C:\ProgramData\AVG Secure Search\12.1.0.21\

HKCU_Extensions|smartwebprinting@hp.com - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

 

-- C:\Users\Soraya\AppData\Roaming\Mozilla\FireFox\Profiles\d9gpgnfs.default --

Searchplugins\Search.xml (?)

Prefs.js - browser.download.lastDir, C:\\Users\\Soraya\\Desktop

Prefs.js - browser.search.defaultenginename, AVG Secure Search

Prefs.js - browser.search.selectedEngine, Google

Prefs.js - browser.startup.homepage, hxxp://www.google.com.br/

Prefs.js - browser.startup.homepage_override.buildID, 20120713134347

Prefs.js - browser.startup.homepage_override.mstone, 14.0.1

Prefs.js - keyword.URL, hxxps://isearch.avg.com/search?cid=%7B2f010106-f734-4489-80e7-48293eda4da7%7D&mid=0da03d91c6a747d0ab243183d...

 

========================================

 

**** Internet Explorer Version [9.0.8112.16421] ****

 

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_SearchScopes\{4DF1E8FD-FBA0-36E8-4176-40D549A35E8E} - "?" (?)

HKCU_SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} - "AVG Secure Search" (hxxps://isearch.avg.com/search?cid={CECFBF51-F240-4F51-80BB-034C667A321D}&mid=0d...)

HKLM_Toolbar|{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll)

HKCU_ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA} - C:\Users\Soraya\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe (Skype Limited)

HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)

HKLM_ElevationPolicy\{08FF730A-494F-4cba-AA0B-E4F1D44715F9} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\symerr.exe (x)

HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)

HKLM_ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA} - C:\Users\Soraya\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe (Skype Limited)

HKLM_ElevationPolicy\{4E4F55C7-1B5E-448d-97DD-78B719829E0D} - C:\windows\system32\spool\drivers\w32x86\3\spd__sm.exe (Samsung Electronics)

HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)

HKLM_ElevationPolicy\{8DDBEC40-04EE-40E2-9AA5-AFE0025E0339} - C:\Program Files\Samsung AnyWeb Print\W2PServer.exe (?)

HKLM_ElevationPolicy\{C804A76B-FC71-47f6-B8B2-7D83C520864F} - C:\Program Files\Samsung AnyWeb Print\GwHH.exe (?)

HKLM_ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - C:\Program Files\AVG Secure Search\lip.exe (?)

HKLM_ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} - C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\12.1.5\ScriptHelper.exe (?)

HKLM_Extensions\{328ECD19-C167-40eb-A0C7-16FE7634105E} - "Samsung AnyWeb Print" (C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll,300)

HKLM_Extensions\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - "AVG Do Not Track" (C:\Program Files\AVG\AVG2012\avgdtiex.dll,202)

HKLM_Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} - "@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" (C:\Program Files\WIDCOMM\Bluetooth Software\bt_cold_icon.ico)

BHO\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - "AVG Do Not Track" (C:\Program Files\AVG\AVG2012\avgdtiex.dll)

BHO\{95B7759C-8C7F-4BF1-B163-73684A933233} - "AVG Security Toolbar" (C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll)

BHO\{AA609D72-8482-4076-8991-8CDAE5B93BCB} - "Samsung BHO Class" (C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll)

 

========================================

 

C:\Program Files\Ad-Remover\Quarantine: 1 File(s)

C:\Program Files\Ad-Remover\Backup: 16 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 09/08/2012 15:32:01 (6775 Byte(s))

C:\Ad-Report-CLEAN[2].txt - 09/08/2012 15:42:37 (6318 Byte(s))

 

End at: 15:44:49, 09/08/2012

 

============== E.O.F ==============

 

LOG do ComboFix:

 

ComboFix 12-08-09.01 - Soraya 09/08/2012 15:58:13.2.2 - x86

Microsoft Windows 7 Starter 6.1.7601.1.1252.55.1046.18.1788.1123 [GMT -3:00]

Executando de: c:\users\Soraya\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\Soraya\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"C:\user.js"

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Babylon

c:\users\Soraya\AppData\Roaming\Babylon

c:\users\Soraya\AppData\Roaming\Babylon\log_file.txt

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-07-09 to 2012-08-09 ))))))))))))))))))))))))))))

.

.

2012-08-09 19:15 . 2012-08-09 19:15 -------- d-----w- c:\users\Soraya\AppData\Local\temp

2012-08-09 19:15 . 2012-08-09 19:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-09 18:31 . 2012-08-09 18:31 -------- d-----w- c:\program files\Ad-Remover

2012-08-04 19:52 . 2012-08-04 19:54 -------- d-----w- c:\users\Soraya\AppData\Roaming\GetRightToGo

2012-08-04 19:39 . 2012-08-04 19:39 -------- d-----w- c:\users\Soraya\PSafe

2012-08-04 19:36 . 2012-08-07 18:52 -------- d-----w- c:\program files\VDownloader

2012-08-04 19:29 . 2012-08-04 19:29 317 ----a-w- C:\user.js

2012-08-04 19:29 . 2012-07-29 04:00 829920 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll

2012-08-02 02:13 . 2012-08-02 02:13 -------- d-----w- c:\users\Soraya\AppData\Roaming\AVG2012

2012-08-02 02:12 . 2012-08-02 02:12 -------- d-----w- c:\users\Soraya\AppData\Local\AVG Secure Search

2012-08-02 02:12 . 2012-08-02 02:12 -------- d-----w- c:\programdata\AVG Secure Search

2012-08-02 02:12 . 2012-08-02 02:12 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-08-02 02:12 . 2012-08-02 02:12 -------- d-----w- c:\program files\AVG Secure Search

2012-08-02 02:12 . 2012-08-02 02:12 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-08-02 02:10 . 2012-08-02 02:10 -------- d-----w- C:\$AVG

2012-08-02 02:10 . 2012-08-09 12:53 -------- d-----w- c:\windows\system32\drivers\AVG

2012-08-02 02:10 . 2012-08-02 02:27 -------- d-----w- c:\programdata\AVG2012

2012-08-02 02:09 . 2012-08-02 02:09 -------- d-----w- c:\program files\AVG

2012-08-02 02:02 . 2012-08-09 12:53 -------- d-----w- c:\programdata\MFAData

2012-07-31 15:47 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AED15800-E9DD-4C01-8144-8C8E62033EFB}\mpengine.dll

2012-07-28 16:16 . 2012-07-28 16:17 -------- d-----w- c:\users\Soraya\AppData\Roaming\TP

2012-07-28 16:09 . 2012-07-28 16:09 -------- d-----w- c:\program files\Oi

2012-07-27 16:58 . 2012-07-27 16:58 -------- d-----w- c:\users\Soraya\AppData\Local\SoftGrid Client

2012-07-27 16:57 . 2012-08-09 18:34 -------- d-----w- c:\users\Soraya\AppData\Roaming\SoftGrid Client

2012-07-27 13:56 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-07-27 13:50 . 2012-07-27 13:50 -------- d-----w- c:\windows\Panther

2012-07-27 13:16 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-07-27 13:16 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-07-27 13:16 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-07-27 13:16 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll

2012-07-27 13:16 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-07-27 13:02 . 2012-07-27 13:02 -------- d-----w- c:\program files\MSXML 4.0

2012-07-27 12:55 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-07-27 12:55 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-07-27 12:55 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-07-27 12:55 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-07-27 12:53 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl

2012-07-27 12:52 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-07-27 12:52 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll

2012-07-27 12:52 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll

2012-07-27 12:52 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-07-27 12:50 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-07-27 12:50 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-07-27 12:50 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-07-27 12:49 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-07-27 01:28 . 2012-07-27 01:28 -------- d-----w- c:\users\Soraya\AppData\Local\Apps

2012-07-27 01:26 . 2012-07-27 01:26 -------- d-----w- c:\users\Soraya\AppData\Local\ATI

2012-07-26 03:51 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-07-26 03:51 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-07-26 03:51 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-07-26 03:51 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-07-26 03:51 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-07-26 03:51 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-07-26 03:51 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-07-26 03:50 . 2012-06-02 18:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-07-26 03:50 . 2012-06-02 18:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-07-24 18:48 . 2012-07-28 16:15 -------- d-----w- c:\programdata\Lightcomm

2012-07-23 15:35 . 2012-07-23 15:35 -------- d-----w- c:\programdata\Oi

2012-07-18 06:40 . 2012-07-18 06:40 0 ----a-w- c:\windows\system32\sho420D.tmp

2012-07-18 05:53 . 2012-07-18 05:54 -------- d-----w- c:\programdata\TuneUp Software

2012-07-18 05:53 . 2012-07-18 05:53 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2012-07-18 05:53 . 2012-07-18 05:53 -------- d--h--w- c:\programdata\Common Files

2012-07-18 05:50 . 2012-06-01 00:21 146304 ----a-r- c:\windows\system32\drivers\360FileOem.sys

2012-07-18 05:50 . 2012-06-01 00:21 23168 ----a-r- c:\windows\system32\drivers\360RegOem.sys

2012-07-18 05:49 . 2012-06-01 00:21 54912 ----a-r- c:\windows\system32\drivers\360HookOem.sys

2012-07-17 02:37 . 2012-07-18 06:07 -------- d-----w- c:\users\Soraya\AppData\Local\Unity

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-04 18:53 . 2012-05-02 20:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-04 18:53 . 2012-01-28 12:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-31 15:25 . 2012-01-30 16:18 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-07-29 04:00 . 2012-06-19 22:36 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-08-02 02:12 2086496 ----a-w- c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-08-02 2086496]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OiVelox"="c:\program files\Oi\Programmer\OiVeloxCheck.exe" [2011-07-20 614400]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-02 1147488]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-25 840992]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [x]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]

R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [x]

S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 avgwd;Watchdog do AVG;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]

S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 12:46]

.

2012-08-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1980178241-1392328930-356032191-1000Core.job

- c:\users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-02 22:34]

.

2012-08-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1980178241-1392328930-356032191-1000UA.job

- c:\users\Soraya\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-02 22:34]

.

.

------- Scan Suplementar -------

.

IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.254.254

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll

FF - ProfilePath - c:\users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B2f010106-f734-4489-80e7-48293eda4da7%7D&mid=0da03d91c6a747d0ab243183d2a17996-308ca89a0655160c05dcfa20e2aa9263276bc729&ds=AVG&v=12.1.0.21〈=pt-br&pr=fr&d=2012-08-01%2023%3A12%3A08&sap=ku&q=

FF - prefs.js: network.proxy.type - 0

user_pref('extensions.dealply.partner', 'iron');

user_pref('extensions.dealply.channel', 'iron3');

user_pref('extensions.dealply.installId', 'v23900293429171670743002012080417283720');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '0');

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tt=010812_hpdel_3112_6

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

FF - user.js: extensions.BabylonToolbar.id - d47eecd5000000000000e0ca9478f907

FF - user.js: extensions.BabylonToolbar.instlDay - 15556

FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1

FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.116:29

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

Tempo para conclusão: 2012-08-09 16:19:26

ComboFix-quarantined-files.txt 2012-08-09 19:19

ComboFix2.txt 2012-08-07 18:48

.

Pré-execução: 155.406.258.176 bytes disponíveis

Pós execução: 155.853.803.520 bytes disponíveis

.

- - End Of File - - 889BFEE3FA8BF62DD8582B459BF6E950

 

Abraço!

[DigRam 144]

Boa Tarde! Soraya Lourenço

 

|- Execute escaneamento online em | Eset |

|- Utilize o navegador "Internet Explorer",para essa tarefa!

 

 

|- Siga,conforme a imagem,essa verificação ou scan.

|- Ao concluir,marque a caixa "Delete Quarantined files".

|- Clique em "Finish".

 

|- <1> C:\Arquivos de programas\EsetOnlineScanner\log.txt

|- <2> C:\Arquivos de programas\ESET\EsetOnlineScanner\log.txt

 

|- Poste o relatório que estará em um destes caminhos.

|- Faça novo scan com ZHPDiag,e poste seu link ao relatório.

 

Abraços!

[Soraya Lourenço 0]

Boa noite, DigRam!

 

Esse é o log:

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

 

Achei estranho. Só isso? O que aconteceu? Ele encontrou um virus. Mas não entendi.

 

Log ZHPDiag:

http://pjjoint.malekal.com/files.php?read=ZHPDiag_20120817_g6p7h9j5x7

 

Abraço!

[DigRam 144]

Boa Noite! Soraya Lourenço

 

Soraya Lourenço, em 29 julho 2012 - 18:26 , disse:

Esse é o log:

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

 

Achei estranho. Só isso? O que aconteceu? Ele encontrou um virus. Mas não entendi.

|- Pelo visto,você não localizou o relatório!

 

-/-

 

|- Desinstale: C:\Program Files\uTorrent

 

-/-

 

|- Baixe: < ZHPFix.zip >

 

|- Descompacte-o para o desktop.

 

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

 

>>

 

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

 

M3 - MFPP: Plugins - [soraya] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml => Infection BT (Toolbar.Babylon)

O4 - Global Startup: C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk . (.BitTorrent, Inc..) -- C:\Program Files\uTorrent\uTorrent.exe

O43 - CFD: 09/08/2012 - 20:01:08 - [0] ----D C:\Users\Soraya\AppData\Local\{23F7AB6E-3E60-4ED0-9A66-9921410CE7C2}

O43 - CFD: 11/08/2012 - 16:00:00 - [0] ----D C:\Users\Soraya\AppData\Local\{38103C0B-ED1B-4A9B-8182-500152D9E06E}

O43 - CFD: 10/08/2012 - 21:16:43 - [0] ----D C:\Users\Soraya\AppData\Local\{4D96A246-D14E-4B95-A05B-1A173E1D527D}

O43 - CFD: 15/08/2012 - 21:11:15 - [0] ----D C:\Users\Soraya\AppData\Local\{58DB8EE4-62AE-4781-9750-90EE90F0EE6B}

O43 - CFD: 08/08/2012 - 20:18:07 - [0] ----D C:\Users\Soraya\AppData\Local\{64E4C6F6-C27D-4766-94F6-B0F2345268AE}

O43 - CFD: 12/08/2012 - 18:09:12 - [0] ----D C:\Users\Soraya\AppData\Local\{7C047936-36E9-4EE7-9940-A36C32CEE255}

O43 - CFD: 11/08/2012 - 14:58:15 - [0] ----D C:\Users\Soraya\AppData\Local\{7E058A5D-5F2A-4A2D-B59C-690D9FFD61CA}

O43 - CFD: 11/08/2012 - 15:56:28 - [0] ----D C:\Users\Soraya\AppData\Local\{85FDBBB6-AC8F-4CC3-9184-E04D33DD1407}

O43 - CFD: 15/08/2012 - 21:11:02 - [0] ----D C:\Users\Soraya\AppData\Local\{8F2D2B33-FDBF-4E00-8301-D3797454C75C}

O43 - CFD: 12/08/2012 - 18:09:08 - [0] ----D C:\Users\Soraya\AppData\Local\{D5CF71B7-4278-4A77-BD7B-65A513D9614E}

O43 - CFD: 11/08/2012 - 15:04:54 - [0] ----D C:\Users\Soraya\AppData\Local\{E42180F9-FDC1-47A0-BA40-3E84E9F90397}

O43 - CFD: 11/08/2012 - 14:58:03 - [0] ----D C:\Users\Soraya\AppData\Local\{EB95DD38-EBDB-42D0-B1BC-8A68D4C695CB}

O43 - CFD: 11/08/2012 - 15:59:48 - [0] ----D C:\Users\Soraya\AppData\Local\{F4A1914F-A86B-4D81-BCDB-2A2D9DC9602B}

O43 - CFD: 11/08/2012 - 15:04:42 - [0] ----D C:\Users\Soraya\AppData\Local\{FB3B3832-305E-4A10-8699-71620371E60A}

O43 - CFD: 26/05/2012 - 19:43:10 - [0,840] ----D C:\Program Files\uTorrent => µTorrent PeerToPeer

O43 - CFD: 15/08/2012 - 01:31:06 - [1,576] ----D C:\Users\Soraya\AppData\Roaming\uTorrent => µTorrent PeerToPeer

O44 - LFC:[MD5.0F8C28234871843FA7D9829115194A4F] - 04/08/2012 - 16:29:20 ---A- . (...) -- C:\user.js [317]

O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 26/06/2011 - 03:45:56 ---A- . (...) -- C:\Windows\PEV.exe [256000]

O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 07/11/2010 - 14:20:24 ---A- . (...) -- C:\Windows\MBR.exe [208896]

O44 - LFC:[MD5.D6584B64B39A139E0A20BCCEDC67E776] - 09/08/2012 - 15:44:49 ---A- . (...) -- C:\Ad-Report-CLEAN[2].txt [6457]

O44 - LFC:[MD5.2031FD713CA6F6EE25F5B43AA8BA647C] - 09/08/2012 - 15:34:26 ---A- . (...) -- C:\Ad-Report-CLEAN[1].txt [6775]

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar.admin", false);

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar.aflt", "babsst");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar.dfltLng", "en");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar.excTlbr", false);

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar.id", "d47eecd5000000000000e0ca9478f907");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar.instlDay", "15556");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar.instlRef", "sst");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar_i.babExt", "");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480tt=010812_hpdel_3112_6");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.116:29:14");

O87 - FAEL: "TCP Query User{AAB2F785-45AB-49E5-B655-56523F131FBB}C:\users\soraya\desktop\system\l2.bin" |In - Public - P6 - TRUE | .(...) -- C:\users\soraya\desktop\system\l2.bin (.not file.)

O87 - FAEL: "UDP Query User{26F71472-37DD-42A0-B0BC-28CDA750A65F}C:\users\soraya\desktop\system\l2.bin" |In - Public - P17 - TRUE | .(...) -- C:\users\soraya\desktop\system\l2.bin (.not file.)

O87 - FAEL: "{44BF6846-2C99-403E-BCA7-8C208D00EE6A}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe

O87 - FAEL: "{A488EB14-A432-4320-8E53-FB3EBE5CDCAE}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe

[MD5.BF002198346E311E676F427190276D86] [sPRF][09/08/2012] (.Swearware - ComboFix NSIS Installer.) -- C:\Users\Soraya\Desktop\ComboFix.exe [4728003]

 

[HKLM\Software\V9Software]

[HKLM\Software\360Safe] => Infection Diverse (Lozavita.Troj)

[HKLM\Software\Babylon] => Infection BT (Toolbar.Babylon)

[HKCU\Software\BitTorrent] => Bittorent PeerToPeer

[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] => Infection BT (Toolbar.Babylon)

 

emptytemp

emptyflash

proxyfix

firewallraz

sysrestore

 

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

 

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

 

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

Abraços!

[Soraya Lourenço 0]

Boa tarde!

 

Segue o relatorio:

 

Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012

Fichier d'export Registre :

Run by Soraya at 17/08/2012 16:55:42

Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

 

========== Memory Process ==========

DELETED Memory Process: C:\Users\Soraya\Desktop\ComboFix.exe

 

========== Registry Key ==========

DELETED Key*: HKLM\Software\V9Software

DELETED Key*: HKLM\Software\360Safe

DELETED Key*: HKLM\Software\Babylon

DELETED Key*: HKCU\Software\BitTorrent

DELETED Key*: HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}

 

========== Registry Value ==========

NOT FOUND TCP Query User{AAB2F785-45AB-49E5-B655-56523F131FBB}C:/users/soraya/desktop/system/l2.bin

NOT FOUND UDP Query User{26F71472-37DD-42A0-B0BC-28CDA750A65F}C:/users/soraya/desktop/system/l2.bin

DELETED {44BF6846-2C99-403E-BCA7-8C208D00EE6A}

DELETED {A488EB14-A432-4320-8E53-FB3EBE5CDCAE}

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

DELETED FirewallRaz (Public) : TCP Query User{AAB2F785-45AB-49E5-B655-56523F131FBB}C:\users\soraya\desktop\system\l2.bin

DELETED FirewallRaz (Public) : UDP Query User{26F71472-37DD-42A0-B0BC-28CDA750A65F}C:\users\soraya\desktop\system\l2.bin

 

========== Browser Profiles ==========

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar.admin", false);

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar.aflt", "babsst");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar.dfltLng", "en");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar.excTlbr", false);

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar.id", "d47eecd5000000000000e0ca9478f907");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar.instlDay", "15556");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar.instlRef", "sst");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar_i.babExt", "");

NOT FOUND Mozilla Pref: user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480tt=010812_hpdel_3112_6");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.116:29:14");

 

========== Repertory ==========

DELETED Folder: C:\Users\Soraya\AppData\Local\{23F7AB6E-3E60-4ED0-9A66-9921410CE7C2}

DELETED Folder: C:\Users\Soraya\AppData\Local\{38103C0B-ED1B-4A9B-8182-500152D9E06E}

DELETED Folder: C:\Users\Soraya\AppData\Local\{4D96A246-D14E-4B95-A05B-1A173E1D527D}

DELETED Folder: C:\Users\Soraya\AppData\Local\{58DB8EE4-62AE-4781-9750-90EE90F0EE6B}

DELETED Folder: C:\Users\Soraya\AppData\Local\{64E4C6F6-C27D-4766-94F6-B0F2345268AE}

DELETED Folder: C:\Users\Soraya\AppData\Local\{7C047936-36E9-4EE7-9940-A36C32CEE255}

DELETED Folder: C:\Users\Soraya\AppData\Local\{7E058A5D-5F2A-4A2D-B59C-690D9FFD61CA}

DELETED Folder: C:\Users\Soraya\AppData\Local\{85FDBBB6-AC8F-4CC3-9184-E04D33DD1407}

DELETED Folder: C:\Users\Soraya\AppData\Local\{8F2D2B33-FDBF-4E00-8301-D3797454C75C}

DELETED Folder: C:\Users\Soraya\AppData\Local\{D5CF71B7-4278-4A77-BD7B-65A513D9614E}

DELETED Folder: C:\Users\Soraya\AppData\Local\{E42180F9-FDC1-47A0-BA40-3E84E9F90397}

DELETED Folder: C:\Users\Soraya\AppData\Local\{EB95DD38-EBDB-42D0-B1BC-8A68D4C695CB}

DELETED Folder: C:\Users\Soraya\AppData\Local\{F4A1914F-A86B-4D81-BCDB-2A2D9DC9602B}

DELETED Folder: C:\Users\Soraya\AppData\Local\{FB3B3832-305E-4A10-8699-71620371E60A}

NOT FOUND C:\Program Files\uTorrent

DELETED Folder: C:\Users\Soraya\AppData\Roaming\uTorrent

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== File ==========

DELETED c:\program files\mozilla firefox\searchplugins\babylon.xml

DELETED c:\users\soraya\appdata\roaming\microsoft\internet explorer\quick launch\µtorrent.lnk

NOT FOUND File: c:\program files\utorrent\utorrent.exe

DELETED c:\user.js

DELETED c:\windows\pev.exe

DELETED c:\windows\mbr.exe

DELETED c:\ad-report-clean[2].txt

DELETED c:\ad-report-clean[1].txt

DELETED File*: c:\users\soraya\desktop\combofix.exe

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== Restoration ==========

Restore System Point created succefully

 

 

========== Summary ==========

1 : Memory Process

5 : Registry Key

14 : Registry Value

18 : Repertory

11 : File

17 : Browser Profiles

1 : Restoration

 

 

End of clean in 00mn 40s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 17/08/2012 16:55:43 [5217]

 

Abraço!

[DigRam 144]

Boa Tarde! Soraya Lourenço

 

|- Informe a condição em que se encontra o PC.

|- Abra a ferramenta ZHPDiag_silent e faça novo scan.

|- Poste o link ao relatório!

 

Abraços!

[Soraya Lourenço 0]

Boa madrugada!

 

O computador não está mais lento.

O problema com o cursor continua o mesmo. Mas dá pra superar.

 

Segue o log do ZHPDiag_Silent:

 

http://pjjoint.malekal.com/files.php?read=ZHPDiag_20120819_p13r9w7e5t8

 

Abraço! E, obrigado DigRam!

[DigRam 144]

Bom Dia! Soraya Lourenço

 

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

 

>>

 

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

 

O43 - CFD: 16/08/2012 - 22:41:40 - [0] ----D C:\Users\Soraya\AppData\Local\{56A7E8FC-15AF-4582-A1DB-443F3653D7D5}

O43 - CFD: 16/08/2012 - 22:31:39 - [0] ----D C:\Users\Soraya\AppData\Local\{7ACA2EA8-8118-4365-A738-41E033CC7BBA}

O43 - CFD: 16/08/2012 - 22:41:29 - [0] ----D C:\Users\Soraya\AppData\Local\{AA0CF306-9380-464F-A340-DDB39810AE01}

O43 - CFD: 16/08/2012 - 22:31:54 - [0] ----D C:\Users\Soraya\AppData\Local\{E83A9F00-6707-4AAF-B373-51556C30BD13}

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar.admin", false);

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar.aflt", "babsst");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar.dfltLng", "en");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar.excTlbr", false);

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar.id", "d47eecd5000000000000e0ca9478f907");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar.instlDay", "15556");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar.instlRef", "sst");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar_i.babExt", "");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480tt=010812_hpdel_3112_6");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.116:29:14");

 

emptytemp

emptyflash

firewallraz

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

 

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

 

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

Abraços!

[Soraya Lourenço 0]

Boa noite!

 

Segue o relatorio:

Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012

Fichier d'export Registre :

Run by Soraya at 23/08/2012 19:43:51

Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

 

========== Registry Value ==========

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

 

========== Browser Profiles ==========

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar.admin", false);

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar.aflt", "babsst");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar.dfltLng", "en");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar.excTlbr", false);

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar.id", "d47eecd5000000000000e0ca9478f907");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar.instlDay", "15556");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar.instlRef", "sst");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar_i.babExt", "");

NOT FOUND Mozilla Pref: user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480tt=010812_hpdel_3112_6");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

DELETED Mozilla Pref: user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.116:29:14");

 

========== Repertory ==========

DELETED Folder: C:\Users\Soraya\AppData\Local\{56A7E8FC-15AF-4582-A1DB-443F3653D7D5}

DELETED Folder: C:\Users\Soraya\AppData\Local\{7ACA2EA8-8118-4365-A738-41E033CC7BBA}

DELETED Folder: C:\Users\Soraya\AppData\Local\{AA0CF306-9380-464F-A340-DDB39810AE01}

DELETED Folder: C:\Users\Soraya\AppData\Local\{E83A9F00-6707-4AAF-B373-51556C30BD13}

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== File ==========

DELETED Window Temporary:

DELETED Flash Cookies:

 

 

========== Summary ==========

2 : Registry Value

6 : Repertory

2 : File

17 : Browser Profiles

 

 

End of clean in 00mn 04s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 17/08/2012 16:55:43 [5269]

C:\ZHP\ZHPFix[R2].txt - 23/08/2012 19:43:51 [2664]

[DigRam 144]

Boa Noite! Soraya Lourenço

 

|- Baixe: < ToolbarShooter > ( ... de 2011N2 )

|- Salve-o no desktop!

|- Ps: Se baixar daqui,descompacte-o para o desktop!

|- Desabilite seu antivírus.

|- Ps: Retire-o do zip ao executá-lo!

 

 

|- Escolha a opção 1. ( Recherche )

|- Ps: Para Windows Vista ou 7,execute Toolbarshooter.exe como administrador!

|- Aperte a opção 1 -> Enter!

|- Ao concluir,aperte Enter,para dispormos do relatório.

|- Busque-o na pasta: C:\Rapport de recherche de ToolbarShooter

 

Abs!

[Soraya Lourenço 0]

Boa tarde!

 

Segue o relatorio:

 

================================== Informations ==================================

 

Rapport de recherche de ToolbarShooter.

 

Outil développé par 2011N2

Contact : lot12@hotmail.fr

Site : http://2011n2.forumgratuit.fr/

Mis à jour le : 20/01/2012 à 19h45 par 2011N2

 

Début du scan de recherche : 15:18:20

Nom du PC : LOUREN€O-PC

 

Système d'exploitation : Windows 7 Starter

Internet Explorer : 9.0.8112.16421

Mozilla Firefox : 14.0.1 (pt-BR)

Mozilla Firefox : version 5

Mozilla Firefox : version 6

 

############################# Toolbars, pups et adwares néfastes détéctés #############################

 

 

 

 

 

 

 

 

 

 

 

===============================================

 

Fin du scan de recherche de ToolbarShooter à 15:19:41 par LOUREN€O-PC

 

############### EOF ###############

 

Merci d'envoyer le rapport à cette adresse, en précisant la raison d'emploi de cet outil. Cela permettera au développeur d'effectuer d'éventuelles modifications : lot12@hotmail.fr

 

Merci de votre contribution !

[DigRam 144]

Boa Tarde! Soraya Lourenço

 

...##### Toolbars, pups et adwares néfastes détéctés ####...

 

{ NADA FOI DETECTADO NESTE INTERVALO! }

=======

=======

 

|- Execute,novamente,DelFix para remover algumas ferramentas que foram empregadas.

|- Seus logs estão limpos!

|- Bom trabalho!

 

Abs!

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.