Manain 0 Denunciar post Postado Outubro 27, 2012 Obs: não tenho feito limpeza de log a algum tempo 11 meses. Segue Log para analise Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:10:33, on 27/10/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\cmEvtSrv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe c:\ARQUIV~1\mcafee\SITEAD~1\mcsacore.exe C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\mfevtps.exe C:\OBBPLUS\aplicacao\infra\tomcat\bin\obbplus.exe C:\WINDOWS\system32\HPZipm12.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mcshield.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfefire.exe C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\aetcrss1.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\folhawin\atualizador\atualizador.exe C:\folhawin\backup\autobkp\autobkp.exe C:\OBBPLUS\aplicacao\infra\tomcat\bin\obbplusmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Hijackthis\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\ScriptSn.20121026142513.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [mcui_exe] "C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Atualizador Automatico - Folhamatic.lnk = atualizador\atualizador.exe O4 - Global Startup: Auto Backup - Folhamatic.LNK = backup\autobkp\autobkp.exe O4 - Global Startup: Certificate Registration.lnk = C:\Arquivos de programas\Charismathics\Smart Security Interface\CSPregtool.exe O4 - Global Startup: Iniciar o Office Banking Bradesco Plus.lnk = C:\OBBPLUS\aplicacao\infra\tomcat\bin\obbplusmgr.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {9C9AC92C-5DDC-4BF1-B2A5-A36A9691EBB4} (BrowserPrint.clsWebPrint) - http://sistemas.anatel.gov.br/Apoio_Sitarweb/Includes/Impressao/BrowserPrint.CAB O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} (GeraCert Class) - https://cpne.bradesco.com.br/CA.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\arquiv~1\mcafee\msc\mcsniepl.dll O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Charismathics Smart Security Service (cmevtsrv) - charismathics GmbH - C:\WINDOWS\system32\cmEvtSrv.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\ARQUIV~1\mcafee\SITEAD~1\mcsacore.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Office Banking Bradesco Plus (OBBPLUS) - Banco Bradesco S.A. - C:\OBBPLUS\aplicacao\infra\tomcat\bin\obbplus.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe -- End of file - 11764 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 29, 2012 Bom Dia! Manain |- Desinstale: < Spybot > ( Software ultrapassado! ) |- Baixe: < > ( ... by Old Timer Tools ) |- Salve-o no desktop. |- Execute-a,clicando em OTC.exe |- Clique em --> Yes. |- Terminando,reinicie o computador! -/- |- Baixe: < > ( ... by OldTimer Tools ) |- Salve-o no desktop! |- Duplo clique em OTL.exe >> Executar. |- Configure a ferramenta,segundo a screenshot! |- Em "Exame Extra do Registro",assinale "Nenhum". *crack* /s *keygen* /s *serial* /s *AutoKMS* /s *loader* /s %SYSTEMDRIVE%\*.* %APPDATA%\Local\*. %APPDATA%\*.exe /s %APPDATA%\*. %systemdrive%\drivers\*.exe %USERPROFILE%\AppData\Local\*.* %USERPROFILE%\AppData\Roaming\*.* %systemroot%\system32\drivers\*.* /90 %systemroot%\assembly\tmp\*.* /S /MD5 %systemroot%\assembly\temp\*.* /S /MD5 %systemroot%\assembly\GAC\*.* /S /MD5 %systemroot%\assembly\GAC_32\*.* /S /MD5 %systemroot%\system32\config\systemprofile\AppData\Local\*.* %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes /md5start services.exe /md5stop regedit /e c:\registrybackup.reg /c %windir%\tasks\*.* /s |- Copie estas informações que estão no Code,para o Bloco de Notas. |- Salve-as em Meus Documentos ou desktop,com o nome scan. << Texto! |- Clique na área "Exames Personalizados/Correções". |- Clique em Ok para procurar um arquivo com exame personalizado. |- Clique "Abrir". ( scan.txt ) |- Após colar as informações na área branca,clique em |- Concluindo,poste o relatório: OTL.txt << Link ao relatório! |- Para grandes relatórios,acesse: < > |- Maiores informações: < |Link| > Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Novembro 4, 2012 Bom Dia! Manain |- Desinstale: < Spybot > ( Software ultrapassado! ) |- Baixe: < > ( ... by Old Timer Tools ) |- Salve-o no desktop. |- Execute-a,clicando em OTC.exe |- Clique em --> Yes. |- Terminando,reinicie o computador! -/- |- Baixe: < > ( ... by OldTimer Tools ) |- Salve-o no desktop! |- Duplo clique em OTL.exe >> Executar. |- Configure a ferramenta,segundo a screenshot! |- Em "Exame Extra do Registro",assinale "Nenhum". *crack* /s *keygen* /s *serial* /s *AutoKMS* /s *loader* /s %SYSTEMDRIVE%\*.* %APPDATA%\Local\*. %APPDATA%\*.exe /s %APPDATA%\*. %systemdrive%\drivers\*.exe %USERPROFILE%\AppData\Local\*.* %USERPROFILE%\AppData\Roaming\*.* %systemroot%\system32\drivers\*.* /90 %systemroot%\assembly\tmp\*.* /S /MD5 %systemroot%\assembly\temp\*.* /S /MD5 %systemroot%\assembly\GAC\*.* /S /MD5 %systemroot%\assembly\GAC_32\*.* /S /MD5 %systemroot%\system32\config\systemprofile\AppData\Local\*.* %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes /md5start services.exe /md5stop regedit /e c:\registrybackup.reg /c %windir%\tasks\*.* /s |- Copie estas informações que estão no Code,para o Bloco de Notas. |- Salve-as em Meus Documentos ou desktop,com o nome scan. << Texto! |- Clique na área "Exames Personalizados/Correções". |- Clique em Ok para procurar um arquivo com exame personalizado. |- Clique "Abrir". ( scan.txt ) |- Após colar as informações na área branca,clique em |- Concluindo,poste o relatório: OTL.txt << Link ao relatório! |- Para grandes relatórios,acesse: < > |- Maiores informações: < |Link| > Abraços! OK Spyboot desistalado. Segue link do log OTL.txt http://cjoint.com/?BKebmu45ulx Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 4, 2012 Bom Dia! Manain |- Execute o OTL.exe. |- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" ) :OTLDRV - File not found [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\Gravity\Ragnarok Online\npkcrypt.sys -- (npkcrypt) DRV - [2010/02/11 20:01:37 | 000,054,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\52e4D.sys -- (52e4D) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{A7E5303A-7575-4E7C-9F60-47D3511F0F5B}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=pt_BR&apn_ptnrs=U3&apn_dtid=OSJ000YYBR&apn_uid=08E34A27-DCAC-474A-9D08-24D3FD4C8C74&apn_sauid=A1B8060A-92D2-4A54-9E51-F37AAE75170B& O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.) [41 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\Documents and Settings\Administrador\Meus documentos\*.tmp files -> C:\Documents and Settings\Administrador\Meus documentos\*.tmp -> ] [2012/07/23 09:45:03 | 000,000,902 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:DFC5A2B2 :reg [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A7E5303A-7575-4E7C-9F60-47D3511F0F5B}] :Files c:\*.sqm :Commands [CREATERESTOREPOINT] [purity] [emptytemp] [Reboot] |- Clique no botão Consertar -> Aguarde a conclusão! |- O computador vai reiniciar! -> Clique em "Executar". |- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar. |- Poste o relatório: C:\_OTL\MovedFiles\*.log Abs! Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Novembro 5, 2012 All processes killed ========== OTL ========== Service npkcrypt stopped successfully! Service npkcrypt deleted successfully! File C:\Arquivos de programas\Gravity\Ragnarok Online\npkcrypt.sys not found. Service 52e4D stopped successfully! Service 52e4D deleted successfully! C:\WINDOWS\system32\52e4D.sys moved successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A7E5303A-7575-4E7C-9F60-47D3511F0F5B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7E5303A-7575-4E7C-9F60-47D3511F0F5B}\ not found. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found. File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found. Starting removal of ActiveX control Microsoft XML Parser for Java Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found. C:\WINDOWS\002872_.tmp deleted successfully. C:\WINDOWS\DUMP374c.tmp deleted successfully. C:\WINDOWS\DUMP3c9b.tmp deleted successfully. C:\WINDOWS\DUMP41eb.tmp deleted successfully. C:\WINDOWS\DUMP448a.tmp deleted successfully. C:\WINDOWS\DUMP45e2.tmp deleted successfully. C:\WINDOWS\DUMP4601.tmp deleted successfully. C:\WINDOWS\DUMP4630.tmp deleted successfully. C:\WINDOWS\DUMP467e.tmp deleted successfully. C:\WINDOWS\DUMP4b70.tmp deleted successfully. C:\WINDOWS\DUMP4b80.tmp deleted successfully. C:\WINDOWS\DUMP4b81.tmp deleted successfully. C:\WINDOWS\DUMP4c1c.tmp deleted successfully. C:\WINDOWS\DUMP4cd7.tmp deleted successfully. C:\WINDOWS\DUMP4dd1.tmp deleted successfully. C:\WINDOWS\DUMP4df1.tmp deleted successfully. C:\WINDOWS\DUMP5042.tmp deleted successfully. C:\WINDOWS\DUMP515c.tmp deleted successfully. C:\WINDOWS\DUMP517b.tmp deleted successfully. C:\WINDOWS\DUMP5340.tmp deleted successfully. C:\WINDOWS\DUMP53fc.tmp deleted successfully. C:\WINDOWS\DUMP540b.tmp deleted successfully. C:\WINDOWS\DUMP542a.tmp deleted successfully. C:\WINDOWS\DUMP54e6.tmp deleted successfully. C:\WINDOWS\DUMP5505.tmp deleted successfully. C:\WINDOWS\DUMP563e.tmp deleted successfully. C:\WINDOWS\DUMP568c.tmp deleted successfully. C:\WINDOWS\DUMP568d.tmp deleted successfully. C:\WINDOWS\DUMP56bb.tmp deleted successfully. C:\WINDOWS\DUMP56bc.tmp deleted successfully. C:\WINDOWS\DUMP56ca.tmp deleted successfully. C:\WINDOWS\DUMP56ea.tmp deleted successfully. C:\WINDOWS\DUMP5709.tmp deleted successfully. C:\WINDOWS\DUMP5812.tmp deleted successfully. C:\WINDOWS\DUMP61e6.tmp deleted successfully. C:\WINDOWS\DUMP633e.tmp deleted successfully. C:\WINDOWS\DUMP705d.tmp deleted successfully. C:\WINDOWS\NV25443352.TMP\nvapps.nvb deleted successfully. C:\WINDOWS\NV25443352.TMP folder deleted successfully. C:\WINDOWS\SET3.tmp deleted successfully. C:\WINDOWS\SET4.tmp deleted successfully. C:\WINDOWS\SET8.tmp deleted successfully. C:\WINDOWS\System32\CONFIG.TMP deleted successfully. C:\WINDOWS\System32\SET1CA.tmp deleted successfully. C:\WINDOWS\System32\SET1CE.tmp deleted successfully. C:\WINDOWS\System32\SET1D6.tmp deleted successfully. C:\Documents and Settings\Administrador\Meus documentos\~WRD0003.tmp deleted successfully. C:\Documents and Settings\Administrador\Meus documentos\~WRL1398.tmp deleted successfully. C:\WINDOWS\Tasks\Adobe Flash Player Updater.job moved successfully. ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:DFC5A2B2 deleted successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A7E5303A-7575-4E7C-9F60-47D3511F0F5B}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7E5303A-7575-4E7C-9F60-47D3511F0F5B}\ not found. ========== FILES ========== c:\sqmdata00.sqm moved successfully. c:\sqmdata01.sqm moved successfully. c:\sqmdata02.sqm moved successfully. c:\sqmdata03.sqm moved successfully. c:\sqmdata04.sqm moved successfully. c:\sqmdata05.sqm moved successfully. c:\sqmdata06.sqm moved successfully. c:\sqmdata07.sqm moved successfully. c:\sqmdata08.sqm moved successfully. c:\sqmdata09.sqm moved successfully. c:\sqmdata10.sqm moved successfully. c:\sqmdata11.sqm moved successfully. c:\sqmdata12.sqm moved successfully. c:\sqmdata13.sqm moved successfully. c:\sqmdata14.sqm moved successfully. c:\sqmdata15.sqm moved successfully. c:\sqmdata16.sqm moved successfully. c:\sqmdata17.sqm moved successfully. c:\sqmdata18.sqm moved successfully. c:\sqmdata19.sqm moved successfully. c:\sqmnoopt00.sqm moved successfully. c:\sqmnoopt01.sqm moved successfully. c:\sqmnoopt02.sqm moved successfully. c:\sqmnoopt03.sqm moved successfully. c:\sqmnoopt04.sqm moved successfully. c:\sqmnoopt05.sqm moved successfully. c:\sqmnoopt06.sqm moved successfully. c:\sqmnoopt07.sqm moved successfully. c:\sqmnoopt08.sqm moved successfully. c:\sqmnoopt09.sqm moved successfully. c:\sqmnoopt10.sqm moved successfully. c:\sqmnoopt11.sqm moved successfully. c:\sqmnoopt12.sqm moved successfully. c:\sqmnoopt13.sqm moved successfully. c:\sqmnoopt14.sqm moved successfully. c:\sqmnoopt15.sqm moved successfully. c:\sqmnoopt16.sqm moved successfully. c:\sqmnoopt17.sqm moved successfully. c:\sqmnoopt18.sqm moved successfully. c:\sqmnoopt19.sqm moved successfully. ========== COMMANDS ========== Error creating restore point. [EMPTYTEMP] User: Administrador ->Temp folder emptied: 154129 bytes ->Temporary Internet Files folder emptied: 25675768 bytes ->Java cache emptied: 9338327 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 984 bytes User: Administrador.USU-6DB957D561F ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Administrador.USU-6DB957D561F.000 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 82400 bytes ->Temporary Internet Files folder emptied: 49353 bytes User: LocalService.AUTORIDADE NT ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService.AUTORIDADE NT ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService.AUTORIDADE NT.000 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16384 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 34,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11052012_072939 Files\Folders moved on Reboot... C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\VHMWXN65\478517-congelando-telas[2].htm moved successfully. C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\VHMWXN65\xd_arbiter[2].htm moved successfully. C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\GO6YP0CU\si[1].htm moved successfully. C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\B4RTIICM\ads[6].htm moved successfully. C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\B4RTIICM\like[1].htm moved successfully. C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\B4RTIICM\xd_arbiter[1].htm moved successfully. C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 5, 2012 Bom Dia! Manain |- Caso esteja tudo Ok,apague seus Pontos de restauração. |- Abra a ferramenta OTL. :COMMANDS[CLEARALLRESTOREPOINTS] [reboot] |- Rode este script. |- Cole as informações que estão no Código,para o campo "Exames Personalizados Correções". |- Clique em Consertar. |- Ps: Haverá reboot! <- Aguarde! |- Abra,novamente,a ferramenta OTL -> Clique em Limpeza. <- Confirme! |- O computador irá reiniciar! |- Seus logs estão limpos! |- Tudo Ok? Abs! Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Novembro 6, 2012 OK Deu tudo certo, muito obrigado pelo resultado obtido. abraços. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 6, 2012 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites