Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Manain

[Resolvido] &nbspCongelando telas

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Manain    0

Manain
Postado

Obs: não tenho feito limpeza de log a algum tempo 11 meses.

 

Segue Log para analise

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:10:33, on 27/10/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\cmEvtSrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\ARQUIV~1\mcafee\SITEAD~1\mcsacore.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\mfevtps.exe

C:\OBBPLUS\aplicacao\infra\tomcat\bin\obbplus.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mcshield.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfefire.exe

C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\aetcrss1.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\folhawin\atualizador\atualizador.exe

C:\folhawin\backup\autobkp\autobkp.exe

C:\OBBPLUS\aplicacao\infra\tomcat\bin\obbplusmgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Hijackthis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\ScriptSn.20121026142513.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [mcui_exe] "C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Atualizador Automatico - Folhamatic.lnk = atualizador\atualizador.exe

O4 - Global Startup: Auto Backup - Folhamatic.LNK = backup\autobkp\autobkp.exe

O4 - Global Startup: Certificate Registration.lnk = C:\Arquivos de programas\Charismathics\Smart Security Interface\CSPregtool.exe

O4 - Global Startup: Iniciar o Office Banking Bradesco Plus.lnk = C:\OBBPLUS\aplicacao\infra\tomcat\bin\obbplusmgr.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {9C9AC92C-5DDC-4BF1-B2A5-A36A9691EBB4} (BrowserPrint.clsWebPrint) - http://sistemas.anatel.gov.br/Apoio_Sitarweb/Includes/Impressao/BrowserPrint.CAB

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} (GeraCert Class) - https://cpne.bradesco.com.br/CA.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\arquiv~1\mcafee\msc\mcsniepl.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Charismathics Smart Security Service (cmevtsrv) - charismathics GmbH - C:\WINDOWS\system32\cmEvtSrv.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\ARQUIV~1\mcafee\SITEAD~1\mcsacore.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Office Banking Bradesco Plus (OBBPLUS) - Banco Bradesco S.A. - C:\OBBPLUS\aplicacao\infra\tomcat\bin\obbplus.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 11764 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Manain

 

|- Desinstale: < Spybot > ( Software ultrapassado! )

 

|- Baixe: < OTC_Icon.jpg > ( ... by Old Timer Tools )

|- Salve-o no desktop.

|- Execute-a,clicando em OTC.exe

|- Clique em CleanUp.jpg --> Yes.

|- Terminando,reinicie o computador!

 

-/-

 

|- Baixe: < otlDesktopIcon.png > ( ... by OldTimer Tools )

 

|- Salve-o no desktop!

|- Duplo clique em OTL.exe >> Executar.

 

acbYKMx0.jpg

 

|- Configure a ferramenta,segundo a screenshot!

|- Em "Exame Extra do Registro",assinale "Nenhum".

 

*crack* /s 
*keygen* /s 
*serial* /s 
*AutoKMS* /s
*loader* /s
%SYSTEMDRIVE%\*.*
%APPDATA%\Local\*.
%APPDATA%\*.exe /s
%APPDATA%\*.
%systemdrive%\drivers\*.exe
%USERPROFILE%\AppData\Local\*.*
%USERPROFILE%\AppData\Roaming\*.*
%systemroot%\system32\drivers\*.* /90
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\temp\*.* /S /MD5
%systemroot%\assembly\GAC\*.* /S /MD5
%systemroot%\assembly\GAC_32\*.* /S /MD5
%systemroot%\system32\config\systemprofile\AppData\Local\*.*
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
/md5start
services.exe
/md5stop
regedit /e c:\registrybackup.reg /c
%windir%\tasks\*.* /s

|- Copie estas informações que estão no Code,para o Bloco de Notas.

|- Salve-as em Meus Documentos ou desktop,com o nome scan. << Texto!

|- Clique na área "Exames Personalizados/Correções".

 

acvcVUrd.jpg

 

|- Clique em Ok para procurar um arquivo com exame personalizado.

|- Clique "Abrir". ( scan.txt )

 

acqlW68e.jpg

 

|- Após colar as informações na área branca,clique em acng1cS9.jpg

 

|- Concluindo,poste o relatório: OTL.txt << Link ao relatório!

 

|- Para grandes relatórios,acesse: < Cjoint_Logo.jpg >

 

|- Maiores informações: < |Link| >

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Manain    0

Manain
Postado

Bom Dia! Manain

 

|- Desinstale: < Spybot > ( Software ultrapassado! )

 

|- Baixe: < OTC_Icon.jpg > ( ... by Old Timer Tools )

|- Salve-o no desktop.

|- Execute-a,clicando em OTC.exe

|- Clique em CleanUp.jpg --> Yes.

|- Terminando,reinicie o computador!

 

-/-

 

|- Baixe: < otlDesktopIcon.png > ( ... by OldTimer Tools )

 

|- Salve-o no desktop!

|- Duplo clique em OTL.exe >> Executar.

 

acbYKMx0.jpg

 

|- Configure a ferramenta,segundo a screenshot!

|- Em "Exame Extra do Registro",assinale "Nenhum".

 

*crack* /s 
*keygen* /s 
*serial* /s 
*AutoKMS* /s
*loader* /s
%SYSTEMDRIVE%\*.*
%APPDATA%\Local\*.
%APPDATA%\*.exe /s
%APPDATA%\*.
%systemdrive%\drivers\*.exe
%USERPROFILE%\AppData\Local\*.*
%USERPROFILE%\AppData\Roaming\*.*
%systemroot%\system32\drivers\*.* /90
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\temp\*.* /S /MD5
%systemroot%\assembly\GAC\*.* /S /MD5
%systemroot%\assembly\GAC_32\*.* /S /MD5
%systemroot%\system32\config\systemprofile\AppData\Local\*.*
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
/md5start
services.exe
/md5stop
regedit /e c:\registrybackup.reg /c
%windir%\tasks\*.* /s

|- Copie estas informações que estão no Code,para o Bloco de Notas.

|- Salve-as em Meus Documentos ou desktop,com o nome scan. << Texto!

|- Clique na área "Exames Personalizados/Correções".

 

acvcVUrd.jpg

 

|- Clique em Ok para procurar um arquivo com exame personalizado.

|- Clique "Abrir". ( scan.txt )

 

acqlW68e.jpg

 

|- Após colar as informações na área branca,clique em acng1cS9.jpg

 

|- Concluindo,poste o relatório: OTL.txt << Link ao relatório!

 

|- Para grandes relatórios,acesse: < Cjoint_Logo.jpg >

 

|- Maiores informações: < |Link| >

 

Abraços!

 

OK Spyboot desistalado.

 

Segue link do log OTL.txt

http://cjoint.com/?BKebmu45ulx

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Manain

 

|- Execute o OTL.exe.

|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )

 

:OTL

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\Gravity\Ragnarok Online\npkcrypt.sys -- (npkcrypt)

DRV - [2010/02/11 20:01:37 | 000,054,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\52e4D.sys -- (52e4D)

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{A7E5303A-7575-4E7C-9F60-47D3511F0F5B}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=pt_BR&apn_ptnrs=U3&apn_dtid=OSJ000YYBR&apn_uid=08E34A27-DCAC-474A-9D08-24D3FD4C8C74&apn_sauid=A1B8060A-92D2-4A54-9E51-F37AAE75170B&

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

[41 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\Documents and Settings\Administrador\Meus documentos\*.tmp files -> C:\Documents and Settings\Administrador\Meus documentos\*.tmp -> ]

[2012/07/23 09:45:03 | 000,000,902 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:DFC5A2B2

 

:reg

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A7E5303A-7575-4E7C-9F60-47D3511F0F5B}]

 

:Files

c:\*.sqm

 

:Commands

[CREATERESTOREPOINT]

[purity]

[emptytemp]

[Reboot]

|- Clique no botão Consertar -> Aguarde a conclusão!

|- O computador vai reiniciar! -> Clique em "Executar".

 

OTL_RunFix.jpg

 

|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

 

Abs!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Manain    0

Manain
Postado

All processes killed

========== OTL ==========

Service npkcrypt stopped successfully!

Service npkcrypt deleted successfully!

File C:\Arquivos de programas\Gravity\Ragnarok Online\npkcrypt.sys not found.

Service 52e4D stopped successfully!

Service 52e4D deleted successfully!

C:\WINDOWS\system32\52e4D.sys moved successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A7E5303A-7575-4E7C-9F60-47D3511F0F5B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7E5303A-7575-4E7C-9F60-47D3511F0F5B}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.

File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found.

Starting removal of ActiveX control Microsoft XML Parser for Java

Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.

C:\WINDOWS\002872_.tmp deleted successfully.

C:\WINDOWS\DUMP374c.tmp deleted successfully.

C:\WINDOWS\DUMP3c9b.tmp deleted successfully.

C:\WINDOWS\DUMP41eb.tmp deleted successfully.

C:\WINDOWS\DUMP448a.tmp deleted successfully.

C:\WINDOWS\DUMP45e2.tmp deleted successfully.

C:\WINDOWS\DUMP4601.tmp deleted successfully.

C:\WINDOWS\DUMP4630.tmp deleted successfully.

C:\WINDOWS\DUMP467e.tmp deleted successfully.

C:\WINDOWS\DUMP4b70.tmp deleted successfully.

C:\WINDOWS\DUMP4b80.tmp deleted successfully.

C:\WINDOWS\DUMP4b81.tmp deleted successfully.

C:\WINDOWS\DUMP4c1c.tmp deleted successfully.

C:\WINDOWS\DUMP4cd7.tmp deleted successfully.

C:\WINDOWS\DUMP4dd1.tmp deleted successfully.

C:\WINDOWS\DUMP4df1.tmp deleted successfully.

C:\WINDOWS\DUMP5042.tmp deleted successfully.

C:\WINDOWS\DUMP515c.tmp deleted successfully.

C:\WINDOWS\DUMP517b.tmp deleted successfully.

C:\WINDOWS\DUMP5340.tmp deleted successfully.

C:\WINDOWS\DUMP53fc.tmp deleted successfully.

C:\WINDOWS\DUMP540b.tmp deleted successfully.

C:\WINDOWS\DUMP542a.tmp deleted successfully.

C:\WINDOWS\DUMP54e6.tmp deleted successfully.

C:\WINDOWS\DUMP5505.tmp deleted successfully.

C:\WINDOWS\DUMP563e.tmp deleted successfully.

C:\WINDOWS\DUMP568c.tmp deleted successfully.

C:\WINDOWS\DUMP568d.tmp deleted successfully.

C:\WINDOWS\DUMP56bb.tmp deleted successfully.

C:\WINDOWS\DUMP56bc.tmp deleted successfully.

C:\WINDOWS\DUMP56ca.tmp deleted successfully.

C:\WINDOWS\DUMP56ea.tmp deleted successfully.

C:\WINDOWS\DUMP5709.tmp deleted successfully.

C:\WINDOWS\DUMP5812.tmp deleted successfully.

C:\WINDOWS\DUMP61e6.tmp deleted successfully.

C:\WINDOWS\DUMP633e.tmp deleted successfully.

C:\WINDOWS\DUMP705d.tmp deleted successfully.

C:\WINDOWS\NV25443352.TMP\nvapps.nvb deleted successfully.

C:\WINDOWS\NV25443352.TMP folder deleted successfully.

C:\WINDOWS\SET3.tmp deleted successfully.

C:\WINDOWS\SET4.tmp deleted successfully.

C:\WINDOWS\SET8.tmp deleted successfully.

C:\WINDOWS\System32\CONFIG.TMP deleted successfully.

C:\WINDOWS\System32\SET1CA.tmp deleted successfully.

C:\WINDOWS\System32\SET1CE.tmp deleted successfully.

C:\WINDOWS\System32\SET1D6.tmp deleted successfully.

C:\Documents and Settings\Administrador\Meus documentos\~WRD0003.tmp deleted successfully.

C:\Documents and Settings\Administrador\Meus documentos\~WRL1398.tmp deleted successfully.

C:\WINDOWS\Tasks\Adobe Flash Player Updater.job moved successfully.

ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:DFC5A2B2 deleted successfully.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A7E5303A-7575-4E7C-9F60-47D3511F0F5B}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7E5303A-7575-4E7C-9F60-47D3511F0F5B}\ not found.

========== FILES ==========

c:\sqmdata00.sqm moved successfully.

c:\sqmdata01.sqm moved successfully.

c:\sqmdata02.sqm moved successfully.

c:\sqmdata03.sqm moved successfully.

c:\sqmdata04.sqm moved successfully.

c:\sqmdata05.sqm moved successfully.

c:\sqmdata06.sqm moved successfully.

c:\sqmdata07.sqm moved successfully.

c:\sqmdata08.sqm moved successfully.

c:\sqmdata09.sqm moved successfully.

c:\sqmdata10.sqm moved successfully.

c:\sqmdata11.sqm moved successfully.

c:\sqmdata12.sqm moved successfully.

c:\sqmdata13.sqm moved successfully.

c:\sqmdata14.sqm moved successfully.

c:\sqmdata15.sqm moved successfully.

c:\sqmdata16.sqm moved successfully.

c:\sqmdata17.sqm moved successfully.

c:\sqmdata18.sqm moved successfully.

c:\sqmdata19.sqm moved successfully.

c:\sqmnoopt00.sqm moved successfully.

c:\sqmnoopt01.sqm moved successfully.

c:\sqmnoopt02.sqm moved successfully.

c:\sqmnoopt03.sqm moved successfully.

c:\sqmnoopt04.sqm moved successfully.

c:\sqmnoopt05.sqm moved successfully.

c:\sqmnoopt06.sqm moved successfully.

c:\sqmnoopt07.sqm moved successfully.

c:\sqmnoopt08.sqm moved successfully.

c:\sqmnoopt09.sqm moved successfully.

c:\sqmnoopt10.sqm moved successfully.

c:\sqmnoopt11.sqm moved successfully.

c:\sqmnoopt12.sqm moved successfully.

c:\sqmnoopt13.sqm moved successfully.

c:\sqmnoopt14.sqm moved successfully.

c:\sqmnoopt15.sqm moved successfully.

c:\sqmnoopt16.sqm moved successfully.

c:\sqmnoopt17.sqm moved successfully.

c:\sqmnoopt18.sqm moved successfully.

c:\sqmnoopt19.sqm moved successfully.

========== COMMANDS ==========

Error creating restore point.

 

[EMPTYTEMP]

 

User: Administrador

->Temp folder emptied: 154129 bytes

->Temporary Internet Files folder emptied: 25675768 bytes

->Java cache emptied: 9338327 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 984 bytes

 

User: Administrador.USU-6DB957D561F

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Administrador.USU-6DB957D561F.000

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 82400 bytes

->Temporary Internet Files folder emptied: 49353 bytes

 

User: LocalService.AUTORIDADE NT

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService.AUTORIDADE NT

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService.AUTORIDADE NT.000

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 16384 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 34,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 11052012_072939

 

Files\Folders moved on Reboot...

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\VHMWXN65\478517-congelando-telas[2].htm moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\VHMWXN65\xd_arbiter[2].htm moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\GO6YP0CU\si[1].htm moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\B4RTIICM\ads[6].htm moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\B4RTIICM\like[1].htm moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\B4RTIICM\xd_arbiter[1].htm moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Manain

 

|- Caso esteja tudo Ok,apague seus Pontos de restauração.

|- Abra a ferramenta OTL.

 

:COMMANDS

[CLEARALLRESTOREPOINTS]

[reboot]

|- Rode este script.

|- Cole as informações que estão no Código,para o campo "Exames Personalizados Correções".

|- Clique em Consertar.

|- Ps: Haverá reboot! <- Aguarde!

|- Abra,novamente,a ferramenta OTL -> Clique em Limpeza. <- Confirme!

|- O computador irá reiniciar!

|- Seus logs estão limpos!

|- Tudo Ok?

 

Abs!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito