Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Edvan

[Resolvido] &nbspLog para analise

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 07:54:45, on 18/12/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17099)

Boot mode: Normal

 

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\csrss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\windows\system32\svchost.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\svchost.exe

C:\windows\system32\svchost.exe

C:\windows\system32\spoolsv.exe

C:\windows\system32\svchost.exe

C:\windows\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\windows\Explorer.EXE

C:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE

C:\windows\System32\alg.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\windows\system32\ctfmon.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\ARQUIV~1\ARQUIV~1\SpeedBit\SBUpdate\SBUpdate.exe

C:\windows\notepad.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O1 - Hosts: 200.252.20.12 www5.infoseg.gov.br # gbplugin

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll (file missing)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIV~1\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O2 - BHO: G-Buster Browser Defense Sicredi - {C41A1C0E-EA6C-11D4-B1B8-444553540011} - C:\ARQUIV~1\GbPlugin\gbiehscd.dll

O2 - BHO: G-Buster Browser Defense ISG - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\ARQUIV~1\GbPlugin\gbiehisg.dll

O2 - BHO: LinkVerifierBHO - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Arquivos de programas\DAP\LinkVerifier.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [AnySend Updater] C:\Arquivos de programas\AnySend\AnySendUpdater.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: &Verify with DAP - C:\Arquivos de programas\DAP\dapverify.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: http://www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: http://www.bancoreal.com.br

O15 - Trusted Zone: http://www.bancosantander.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: http://www.bb.com.br

O15 - Trusted Zone: http://www.itau.com.br

O15 - Trusted Zone: wwws.realsecureweb.com.br

O15 - Trusted Zone: www.santander.com.br

O15 - Trusted Zone: http://www.santander.com.br

O15 - Trusted Zone: www.santanderempresarial.com.br

O15 - Trusted Zone: http://www.santanderempresarial.com.br

O15 - Trusted Zone: www.santandernet.com.br

O15 - Trusted Zone: wwws.santandernet.com.br

O15 - Trusted Zone: wwws2.santandernet.com.br

O15 - Trusted Zone: www.santandernetibe.com.br

O15 - Trusted Zone: www.secureweb.com.br

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - AppInit_DLLs: c:\docume~1\alluse~1\dadosd~1\browse~1\25986~1.67\{c16c1~1\browse~1.dll

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\ARQUIV~1\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: GbPluginIsg - C:\ARQUIV~1\GbPlugin\gbiehIsg.dll

O20 - Winlogon Notify: GbPluginScd - C:\ARQUIV~1\GbPlugin\gbiehScd.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe

O24 - Desktop Component 0: (no name) - http://t1.gstatic.com/images?q=tbn:ANd9GcTowRwj4hNj8WH8DGMEiwx0p8DZmY3A4KvJEwPQBB76GF5lJFnzeR--vofO

 

--

End of file - 8166 bytes

 

 

 

---------------xx----------------------

 

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

 

Versão da Base de Dados: v2012.12.17.09

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.13

f001869 :: FUN0105 [administrador]

 

17/12/2012 17:56:33

mbam-log-2012-12-17 (17-56-33).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 415585

Tempo decorrido: 1 hora(s), 14 minuto(s), 13 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 2

HKCU\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\Software\sistemanet (Malware.Trace) -> Enviado para a Quarentena e deletado com sucesso.

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 1

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Ruim: (1) Bom: (0) -> Enviado para a Quarentena e reparado com sucesso.

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 5

C:\Documents and Settings\f001869\Configurações locais\temp\ICReinstall_windows-media-player-11-final-baixaki-32-bits.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.

C:\Documents and Settings\f001869\Configurações locais\temp\arquivo_f.exe (Adware.Bundler) -> Enviado para a Quarentena e deletado com sucesso.

C:\Documents and Settings\f001869\Configurações locais\temp\10831687.Uninstall\Uninstall.exe (Adware.Agent) -> Enviado para a Quarentena e deletado com sucesso.

C:\Documents and Settings\f001869\Configurações locais\temp\2178609.Uninstall\Uninstall.exe (Adware.Agent) -> Enviado para a Quarentena e deletado com sucesso.

C:\Documents and Settings\f001869\Meus documentos\Downloads\cd.exe (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.

 

(fim)

 

 

----------------------------xxx---------------------------------

 

# AdwCleaner v2.006 - Logfile created 12/17/2012 at 17:42:47

# Updated 30/10/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : f001869 - FUN0105

# Boot Mode : Normal

# Running from : C:\Documents and Settings\f001869\Desktop\AdwCleaner\AdwCleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

File Deleted : C:\Arquivos de programas\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\user.js

Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon

Folder Deleted : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Media Finder

Folder Deleted : C:\Documents and Settings\f001869\Dados de aplicativos\Babylon

Folder Deleted : C:\Documents and Settings\f001869\Dados de aplicativos\Funmoods

Folder Deleted : C:\Documents and Settings\f001869\Dados de aplicativos\Media Finder

Folder Deleted : C:\Documents and Settings\f001869\Dados de aplicativos\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\AppDataLow\Software

Key Deleted : HKCU\Software\BabylonToolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Deleted : HKCU\Software\MediaFinder

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\PriceGong

Key Deleted : HKCU\Software\searchqutoolbar

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\BrowserMngr

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL

Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho

Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}

Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\gencrawler_gc.GenCrawler

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}

Key Deleted : HKLM\SOFTWARE\Classes\MF

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard

Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2233703

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v7.0.5730.13

 

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=110823&tt=3712_6&babsrc=HP_ss&mntrId=18f54a890000000000000022684e4d8a --> hxxp://www.google.com

 

*************************

 

AdwCleaner[s1].txt - [8569 octets] - [17/12/2012 17:42:47]

 

########## EOF - C:\AdwCleaner[s1].txt - [8629 octets] ##########

 

 

---------------------xx-------------------------

 

 

é aconselhado rodar o combofix??

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá! Edvan

 

|- O que ocorre?

 

-/-

 

|- Sim! Execute o ComboFix e relate algum incidente.

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Maquina lenta, alguns arquivos sumiram do nada e notei arquivos, Dll suspeitos na raiz do "c".

 

ComboFix 12-12-17.02 - f001869 18/12/2012 17:39:23.2.2 - x86

Executando de: C:\Documents and Settings\f001869\Desktop\ComboFix.exe

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADO !!

 

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 679 bytes in 2 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

C:\Documents and Settings\f001869\WINDOWS

C:\install.exe

C:\windows\system32\URTTemp

C:\windows\system32\URTTemp\fusion.dll

C:\windows\system32\URTTemp\mscoree.dll

C:\windows\system32\URTTemp\mscoree.dll.local

C:\windows\system32\URTTemp\mscorsn.dll

C:\windows\system32\URTTemp\mscorwks.dll

C:\windows\system32\URTTemp\msvcr71.dll

C:\windows\system32\URTTemp\regtlib.exe

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2012-11-18 to 2012-12-18 ))))))))))))))))))))))))))))

 

 

2012-12-18 20:42:00 . 2012-12-18 20:42:00 0 ----a-w- C:\windows\system32\drivers\ntndis.sys

2012-12-18 11:16:12 . 2012-10-30 22:51:56 21256 ----a-w- C:\windows\system32\drivers\aswFsBlk.sys

2012-12-18 11:16:11 . 2012-10-30 22:51:58 361032 ----a-w- C:\windows\system32\drivers\aswSP.sys

2012-12-18 11:15:56 . 2012-10-30 22:51:58 35928 ----a-w- C:\windows\system32\drivers\aswRdr.sys

2012-12-18 11:15:55 . 2012-10-30 22:51:58 54232 ----a-w- C:\windows\system32\drivers\aswTdi.sys

2012-12-18 11:15:53 . 2012-10-30 22:51:58 738504 ----a-w- C:\windows\system32\drivers\aswSnx.sys

2012-12-18 11:15:52 . 2012-10-30 22:51:57 97608 ----a-w- C:\windows\system32\drivers\aswmon2.sys

2012-12-18 11:15:52 . 2012-10-30 22:51:57 89752 ----a-w- C:\windows\system32\drivers\aswmon.sys

2012-12-18 11:15:51 . 2012-10-30 22:51:56 25256 ----a-w- C:\windows\system32\drivers\aavmker4.sys

2012-12-18 11:15:40 . 2012-10-30 22:51:07 41224 ----a-w- C:\windows\avastSS.scr

2012-12-18 11:15:40 . 2012-10-30 22:50:59 227648 ----a-w- C:\windows\system32\aswBoot.exe

2012-12-18 11:15:26 . 2012-12-18 11:15:26 -------- d-----w- C:\Arquivos de programas\AVAST Software

2012-12-17 20:47:43 . 2012-12-17 20:47:43 -------- d-----w- C:\Documents and Settings\f001869\Dados de aplicativos\Malwarebytes

2012-12-17 20:40:16 . 2012-12-17 20:40:16 -------- d-----w- C:\LinhaDefensiva

2012-12-13 18:33:44 . 2012-12-11 16:13:28 64048 ----a-r- C:\windows\system32\drivers\360SpOEM.sys

2012-12-13 18:33:35 . 2012-12-14 11:11:25 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\PSafe

2012-12-11 19:15:06 . 2012-12-11 19:15:06 -------- d-----w- C:\Documents and Settings\f001869\Configurações locais\Dados de aplicativos\Google

2012-12-11 17:14:21 . 2012-12-11 18:27:17 16363960 ----a-w- C:\windows\system32\FlashPlayerInstaller.exe

2012-12-11 14:24:13 . 2012-12-11 18:27:20 697272 ----a-w- C:\windows\system32\FlashPlayerApp.exe

2012-12-04 14:36:38 . 2012-12-04 14:36:38 -------- d-----w- C:\Documents and Settings\f001869\Configurações locais\Dados de aplicativos\SpeedBIT

2012-12-04 14:36:38 . 2012-12-04 14:36:38 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\SpeedBit

2012-12-04 14:36:29 . 2012-12-04 14:36:29 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\SpeedBit

2012-12-04 14:36:26 . 2012-12-04 14:36:08 90824 ----a-w- C:\windows\system32\EasyHook32.dll

2012-12-04 14:36:26 . 2012-12-04 14:36:08 109256 ----a-w- C:\windows\system32\EasyHook64.dll

2012-12-04 14:36:25 . 2012-12-04 14:36:41 -------- d-----w- C:\Arquivos de programas\DAP

2012-12-04 14:36:06 . 2012-12-04 14:36:06 172032 ----a-w- C:\windows\system32\AniGIF.ocx

.

 

 

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2012-12-18 20:36:30 . 2012-07-17 11:29:56 12568 ----a-w- C:\windows\system32\drivers\PROCEXP113.SYS

2012-12-18 10:54:02 . 2012-07-16 18:49:25 388608 ----a-w- C:\HiJackThis.exe

2012-12-11 18:27:20 . 2011-06-27 20:15:41 73656 ----a-w- C:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-05 17:36:14 . 2009-10-19 13:51:09 47856 ----a-w- C:\windows\system32\drivers\gbpkm.sys

2012-09-29 22:54:26 . 2012-07-16 17:49:56 22856 ----a-w- C:\windows\system32\drivers\mbam.sys

2011-07-28 17:57:08 . 2011-07-28 17:57:08 1809920 ----a-w- C:\Arquivos de programas\SpringPublisher.exe

2012-10-29 13:58:53 . 2012-10-29 13:58:45 261600 ----a-w- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll

 

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

 

 

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}]

2012-12-04 14:36:06 431784 ----a-w- C:\Arquivos de programas\DAP\LinkVerifier.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50:38 121528 ----a-w- C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2012-07-03 12:04:54 252848]

"avast"="C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" [2012-10-30 22:50:59 4297136]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "C:\ARQUIV~1\GbPlugin\gbiehuni.dll" [2012-02-01 13:41:58 601592]

"{E37CB5F0-51F5-4395-A808-5FA49E399015}"= "C:\ARQUIV~1\GbPlugin\gbiehisg.dll" [2011-10-21 18:34:56 694960]

"{E37CB5F0-51F5-4395-A808-5FA49E399011}"= "C:\ARQUIV~1\GbPlugin\gbiehscd.dll" [2012-08-24 13:07:26 603224]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2012-11-05 17:30:20 1608176 ------w- C:\ARQUIV~1\GbPlugin\gbiehabn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2012-11-22 19:05:56 1585768 ----a-w- C:\ARQUIV~1\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2012-10-04 18:05:54 650088 ------w- C:\ARQUIV~1\GbPlugin\gbiehcef.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginIsg]

2011-10-21 18:34:56 694960 ------w- C:\ARQUIV~1\GbPlugin\gbiehisg.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginScd]

2012-08-24 13:07:26 603224 ------w- C:\ARQUIV~1\GbPlugin\gbiehscd.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2012-02-01 13:41:58 601592 ------w- C:\ARQUIV~1\GbPlugin\gbiehuni.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Internet Explorer.lnk]

path=C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Internet Explorer.lnk

backup=C:\windows\pss\Internet Explorer.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Post-it® Digital Notes.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Post-it® Digital Notes.lnk

backup=C:\WINDOWS\pss\Post-it® Digital Notes.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\init]

01 [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-27 20:51:26 919008 ----a-w- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-13 22:21:26 110592 ----a-w- C:\WINDOWS\system32\bthprops.cpl

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-13 22:20:56 15360 ----a-w- C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

2012-12-04 14:36:06 3811544 ----a-w- C:\Arquivos de programas\DAP\DAP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2008-12-18 06:28:14 178712 ----a-r- C:\WINDOWS\system32\hkcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]

2007-05-04 16:05:36 36864 ----a-w- C:\Arquivos de programas\HP\HP UT\bin\hppusg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-12-18 06:28:32 150040 ----a-r- C:\WINDOWS\system32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-12-18 06:28:26 150040 ----a-r- C:\WINDOWS\system32\igfxpers.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-03-02 08:01:18 17530368 -c--a-w- C:\WINDOWS\RTHDCPL.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-10-19 13:48:08 149280 ----a-w- C:\Arquivos de programas\Java\jre6\bin\jusched.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=

"C:\\Arquivos de programas\\Auslogics\\Auslogics Disk Defrag\\DiskDefrag.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

 

R3 Ambfilt;Ambfilt;C:\windows\system32\drivers\Ambfilt.sys [x]

R3 btnetBUs;Bluetooth PAN Bus Service;C:\windows\system32\Drivers\btnetBus.sys [x]

R3 IvtBtBUs;IVT Bluetooth Bus Service;C:\windows\system32\Drivers\IvtBtBus.sys [x]

R3 Ndisrd;GAS Tecnologia Service;C:\windows\system32\DRIVERS\gbpndisrd.sys [x]

S0 BtHidBus;Bluetooth HID Bus Service;C:\windows\System32\Drivers\BtHidBus.sys [x]

S0 GbpKm;Gbp KernelMode;C:\windows\system32\drivers\gbpkm.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [x]

S3 NdisrdMP;NdisrdMP;C:\windows\system32\DRIVERS\gbpndisrd.sys [x]

 

 

Conteúdo da pasta 'Tarefas Agendadas'

 

2012-12-18 C:\windows\Tasks\Adobe Flash Player Updater.job

- C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-11 14:24:13 . 2012-12-11 18:27:20]

 

2012-12-18 C:\windows\Tasks\avast! Emergency Update.job

- C:\Arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [2012-12-18 11:20:21 . 2012-10-30 22:50:59]

 

2012-12-18 C:\windows\Tasks\SBWUpdateTask_Logon_18f54a89-0022684E4D8A.job

- C:\ARQUIV~1\ARQUIV~1\SpeedBit\SBUpdate\SBUpdate.exe [2012-12-04 14:36:29 . 2012-12-04 14:36:08]

 

2012-12-18 C:\windows\Tasks\SBWUpdateTask_Time_18f54a89-0022684E4D8A.job

- C:\ARQUIV~1\ARQUIV~1\SpeedBit\SBUpdate\SBUpdate.exe [2012-12-04 14:36:29 . 2012-12-04 14:36:08]

 

2012-12-18 C:\windows\Tasks\User_Feed_Synchronization-{0C7BE09E-5960-4C06-8686-765A8F491B06}.job

- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 21:36:40 . 2007-08-13 21:36:40]

 

2012-12-18 C:\windows\Tasks\User_Feed_Synchronization-{16250015-7DF9-4DD2-A276-22084A105D91}.job

- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 21:36:40 . 2007-08-13 21:36:40]

 

 

------- Scan Suplementar -------

 

uStart Page = hxxp://www.google.com.br/

mStart Page = hxxp://www.google.com.br/

IE: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

IE: &Verify with DAP - C:\Arquivos de programas\DAP\dapverify.htm

IE: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bancoreal.com.br\www

Trusted Zone: bancosantander.com.br\www

Trusted Zone: bb.com.br\www

Trusted Zone: itau.com.br\bankline

Trusted Zone: itau.com.br\guardiao

Trusted Zone: itau.com.br\www

Trusted Zone: realsecureweb.com.br\www

Trusted Zone: realsecureweb.com.br\www2

Trusted Zone: realsecureweb.com.br\wwws

Trusted Zone: santander.com.br\www

Trusted Zone: santanderempresarial.com.br\www

Trusted Zone: santandernet.com.br\www

Trusted Zone: santandernet.com.br\wwws

Trusted Zone: santandernet.com.br\wwws2

Trusted Zone: santandernetibe.com.br\www

Trusted Zone: secureweb.com.br\www

TCP: DhcpNameServer = 10.4.65.16

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Arquivos de programas\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Arquivos de programas\DAP\dapie.dll

FF - ProfilePath - C:\Documents and Settings\f001869\Dados de aplicativos\Mozilla\Firefox\Profiles\elmohjy7.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.speedbit.com/search.aspx?s=CC4a105&q=

FF - prefs.js: browser.search.selectedEngine - Speedbit Search

FF - prefs.js: browser.startup.homepage - hxxp://search.speedbit.com/?s=CC4a105

FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/search.aspx?s=CC4a105&q=

FF - ExtSQL: 2012-10-23 14:13; {87F8774F-B485-47E2-A755-A40A8A5E8874}; C:\Documents and Settings\f001869\Dados de aplicativos\Mozilla\Firefox\Profiles\elmohjy7.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}

FF - ExtSQL: 2012-12-04 11:36; {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}; C:\Arquivos de programas\DAP\DAPFireFox

FF - ExtSQL: 2012-12-04 11:36; daplinkchecker@speedbit.com; C:\Arquivos de programas\DAP\daplinkchecker

FF - ExtSQL: 2012-12-18 08:22; wrc@avast.com; C:\Arquivos de programas\AVAST Software\Avast\WebRep\FF

user_pref('extensions.dealply.partner', 'iron');

user_pref('extensions.dealply.channel', 'iron3');

user_pref('extensions.dealply.installId', 'v23900275641024203017042012082117282521');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '1');

FF - user.js: extensions.claro.id - 18f54a890000000000000022684e4d8a

FF - user.js: extensions.claro.instlDay - 15582

FF - user.js: extensions.claro.vrsn - 1.6.4.1

FF - user.js: extensions.claro.vrsni - 1.6.4.1

FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.19:43:09

FF - user.js: extensions.claro.prtnrId - claro

FF - user.js: extensions.claro.prdct - claro

FF - user.js: extensions.claro.aflt - babsst

FF - user.js: extensions.claro_i.smplGrp - none

FF - user.js: extensions.claro.tlbrId - iclaro

FF - user.js: extensions.claro.instlRef - sst

FF - user.js: extensions.claro.dfltLng - en

FF - user.js: extensions.claro.excTlbr - false

FF - user.js: extensions.claro.admin - false

user_pref('extensions.dealply.partner', 'vn');

user_pref('extensions.dealply.channel', 'pcdealply');

user_pref('extensions.dealply.installId', 'v24300298056394650005402012121116144223');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '3');

FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=pcmega1&ir=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0EyE0Dzz0AyE0AzzzytN0D0Tzu0CtAyEyCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=431002285

FF - user.js: extensions.funmoods.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Funmoods

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=pcmega1&ir=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0EyE0Dzz0AyE0AzzzytN0D0Tzu0CtAyEyCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=431002285

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=pcmega1&ir=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0EyE0Dzz0AyE0AzzzytN0D0Tzu0CtAyEyCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=431002285&q=

FF - user.js: extensions.funmoods.id - 0022684E4D8A4A89

FF - user.js: extensions.funmoods.instlDay - 15685

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2216:14:41

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - pcmega1

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - pcmega1

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=18f54a890000000000000022684e4d8a&q=

FF - user.js: extensions.BabylonToolbar.id - 18f54a890000000000000022684e4d8a

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15687

FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.4.9

FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.4.9

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.4.915:33:06

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar_i.excTlbr - false

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110824&tt=5012_8

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar.autoRvrt - false

FF - user.js: extensions.BabylonToolbar.rvrt - false

 

- - - - ORFÃOS REMOVIDOS - - - -

 

HKLM-Run-AnySend Updater - C:\Arquivos de programas\AnySend\AnySendUpdater.exe

MSConfigStartUp-Media Finder - C:\Arquivos de programas\Media Finder\Media Finder.exe

AddRemove-Google Chrome - C:\Documents and Settings\f001869\Configurações locais\Dados de aplicativos\Google\Chrome\Application\20.0.1132.57\Installer\setup.exe

AddRemove-{9FDEF7FC-0D03-4CAE-9DC3-1F436A93BDA4} - C:\Documents and Settings\f001869\Configurações locais\Dados de aplicativos\{A91C477B-655B-4FEA-8B8E-CC6820970F3A}\setup.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-18 17:44:49

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@C:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="C:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EA9A8FA-F5D2-49E1-99E8-C26EE07FCEEB}\Elevation]

@DACL=(02 0000)

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EA9A8FA-F5D2-49E1-99E8-C26EE07FCEEB}\LocalServer32]

@DACL=(02 0000)

@="C:\\ARQUIV~1\\ARQUIV~1\\MICROS~1\\OFFICE12\\OFFICE~1\\SETUP.EXE"

 

[HKEY_LOCAL_MACHINE\software\Classes\contact_oe_auto_file\shell]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\03076BB64DB02933C93976B1AC698DE0\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"114"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\0EB7ECFEE015239449574FC49DD01EA6\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"21693"=";Microsoft .NET Framework 1.1 Security Update (KB2572067)"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\13CA5F6F338977E3CAE8E819C0BA93EA\SourceList\Media]

@DACL=(02 0000)

"102"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\17AFD8C1970420F48BBB741BC2A165F5\SourceList\Media]

@DACL=(02 0000)

"100"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\17BB7F68F8EF60333A529FE30E46718B\SourceList\Media]

@DACL=(02 0000)

"111"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\1FA98C108219B99448EDF4C3B1EC100C\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"106"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\1FDE42FC632E233438BCC407A1B9BC0F\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"107"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\2451D69CF585D214C8A52004DB1A469B\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"106"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\24DF66A32D05A9E3185BCE3E5E3C90A7\SourceList\Media]

@DACL=(02 0000)

"111"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\256917180E811B74A9218FB20F574DBD\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"105"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\28C9EA2BB7CD1463FB8C7872C5F46370\SourceList\Media]

@DACL=(02 0000)

"101"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\295DC294DD789E13083868560A521636\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"111"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\2F2AEE7ADCFB45A45A57B7187A686E85\SourceList\Media]

@DACL=(02 0000)

"100"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\37297481046CEAF47BC8DC52A6399760\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"104"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\39A42FFE0FC238638B828E356BCFABA0\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"115"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\39D9350CFCD18153BBE9C69E85245243\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"114"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\3D90EFE177C6D6E478F667BC032D50C6\SourceList\Media]

@DACL=(02 0000)

"101"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\4152E9034D92C5043B1B417D32B1AF61\SourceList\Media]

@DACL=(02 0000)

"102"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\41A670B5874F6653EBA789C5C326F94A\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"111"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\425A33BDE5485584E9095A16B9DC5D72\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"103"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\43F3D5FAA348FB140A3FF2BB0AB09A9B\SourceList\Media]

@DACL=(02 0000)

"104"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\44D51B2A7D3B696448850A89C682FA0D\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"102"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\484CA1D2615EC8048852CA1B3C65CAA7\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"101"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\4C9878626E35BDD4F833D8F0E900B0AE\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"100"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\55399781A9D2FFB32AEFF88353F1ADAB\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"114"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\5E903427217EC6249BD46B4B52112CF9\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"104"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\5EDEE27DAF3D979329DEF894846ED2F0\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"114"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\645BC568E92815C458A6C140B262F43E\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"108"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\6BE374011DC2CCB3D99A1D1081FE29FF\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"113"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\6D0233A2508C08244B326B56DB3ED3F8\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"21685"=";Microsoft .NET Framework 1.1 Security Update (KB979906)"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\6ECFE6F2FD019F94E946A93E77B55288\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"21689"=";Microsoft .NET Framework 1.1 Security Update (KB2416447)"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\82B28DCEEB84C6245BB5E60C22162658\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"108"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\881B67FDBD11CD343A98012492599A97\SourceList\Media]

@DACL=(02 0000)

"107"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\8D81D36F6C56F404CB6CCB6111055157\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"101"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\91C30D4F0ACD90B4387EEBB3608C4DCD\SourceList\Media]

@DACL=(02 0000)

"109"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\91EFD319CE23990498CA72CF94A3A7E2\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft Office Enterprise 2007"

"117"="OFFICE12;1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\91F4988A8C952D83A857630CCC5EA6B5\SourceList\Media]

@DACL=(02 0000)

"102"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\9E0DE89293FE9BB33898F24ED18CCF08\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"109"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\A2A49AADD8A2B3D4D98B65BFCEDE80D2\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"21624"=";Microsoft .NET Framework 1.1 Security Update (KB953297)"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\B4C419EC05CA8E13D92A51BD928D65F8\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"113"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\B4DC2171CF6DE183589FF2E42C91F993\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"116"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\B8F6D1795C8E4A94E93D980C010B8D2D\SourceList\Media]

@DACL=(02 0000)

"103"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\BBBC54B31AC5BF448958CA8CF16725E1\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"107"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\BE7C28545F39D804F992A5B51E7E8654\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"103"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\C3CFBEEB1B8483A43A5C18AB91FDF504\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"109"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\CD9B5C7DC4E6EED4A9B71438ADD41C2C\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"100"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\DE6BA3F2C1597EC4A89C5864DFFCF1A5\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"102"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\E0337B0F8B42AE34C86D1D4124A8C1CE\SourceList\Media]

@DACL=(02 0000)

"108"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\E54DA494170E9184E8511E40F1FB0F37\SourceList\Media]

@DACL=(02 0000)

"110"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\E6C461BDA4E80374796CED4868BE63F7\SourceList\Media]

@DACL=(02 0000)

"106"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\E9030CAD6F70DA545BFBB5D0FE17FFEE\SourceList\Media]

@DACL=(02 0000)

"105"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\F3F86E863D2A6B148B1252798C5CCBBB\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"105"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\F9DC276355B3ECF3D85A5DC7A31B1005\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"114"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\FA6C3120265590D488C4A2CDCFC8F253\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"21704"=";Microsoft .NET Framework 1.1 Security Update (KB2656353)"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\00002109030000000000000000F01FEC\Patches]

@DACL=(02 0000)

"6D6C63B08D5FFAE4FB4934672A03DAB5"=":9000300000000012.0.4518.1014;:#9000300000000012.0.4518.1014"

"D582444CF4E54A8419DD74AAAA869ED2"=":9000300000000012.0.4518.1014;:#9000300000000012.0.4518.1014"

"9B247DCF55A7CB447A677F592FF1DECD"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"84125F966FB9CDC4FB6701D3AE3FDD80"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"ACD702F79933BC049A86E695191B24A1"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"895910D395B7A74408EA18B507B348FF"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"77772117C2B879F4FAA7C68FAC8C22D4"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"9A05092308FE9F046B334705F8451CFF"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"A187BCC8B6FCBCF46B8D956CD45F6CBD"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"3B0D90113AFE3554AADEC4E3A91D038E"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"CECC24119ACAB484AB093C5AAC91885C"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"5D34E4A5F858DB94AB27F8031E970306"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"B0F794C516029CC46AC1B6548B7653D4"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"AF47B5A729A79CF428A1D25D4D7EE384"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"205BF635F5774944ABEC0CC29CB0A7B5"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"733967DCCA8CBD647ACD46E305802936"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"EAEEC4B088AAC094CB2BAA3C2491184A"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"162039D5B5AA1D8439F124C5D9674709"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"DBC1F3FBC50B4464EA34E60ECF2C724A"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"38512CDB1065B2B4883F97916FEDF81B"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"95AC4D1007070244B9CCE0AFC7D567EB"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"D7FBC1A34074CB043BC1AA6781483A4E"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"2A21C346A9FA21748BEBB36705FA0EA0"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"7A46902C18155E54E928275F4D00EDFB"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"5FD3787BC1E9EE5488592DC9A60E2120"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"948F5D0A5D9DDE84990D7CD4B7AFA690"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"0F2378A5F02CB9A42A9A66EFA785C653"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"1D301765DC6967B4399B62181A78EDFF"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"BF4D0FE032BB5154AAAE2104CAD25A52"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"72A61AEA79B0076418F89AD860CEA0F6"=":9000300000000012.0.6425.1000;:#9000300000000012.0.6425.1000"

"72D202844D6A46241A48156A8EDAC704"=":9000300000000012.0.4518.1014;:#9000300000000012.0.4518.1014"

"Patches"=multi:"6D6C63B08D5FFAE4FB4934672A03DAB5\0095AC4D1007070244B9CCE0AFC7D567EB\00EAEEC4B088AAC094CB2BAA3C2491184A\00BF4D0FE032BB5154AAAE2104CAD25A52\003B0D90113AFE3554AADEC4E3A91D038E\00CECC24119ACAB484AB093C5AAC91885C\009A05092308FE9F046B334705F8451CFF\00D7FBC1A34074CB043BC1AA6781483A4E\00895910D395B7A74408EA18B507B348FF\00205BF635F5774944ABEC0CC29CB0A7B5\001D301765DC6967B4399B62181A78EDFF\005D34E4A5F858DB94AB27F8031E970306\000F2378A5F02CB9A42A9A66EFA785C653\00B0F794C516029CC46AC1B6548B7653D4\00162039D5B5AA1D8439F124C5D9674709\002A21C346A9FA21748BEBB36705FA0EA0\0084125F966FB9CDC4FB6701D3AE3FDD80\0077772117C2B879F4FAA7C68FAC8C22D4\00AF47B5A729A79CF428A1D25D4D7EE384\00ACD702F79933BC049A86E695191B24A1\00A187BCC8B6FCBCF46B8D956CD45F6CBD\00948F5D0A5D9DDE84990D7CD4B7AFA690\0072A61AEA79B0076418F89AD860CEA0F6\005FD3787BC1E9EE5488592DC9A60E2120\0038512CDB1065B2B4883F97916FEDF81B\00DBC1F3FBC50B4464EA34E60ECF2C724A\007A46902C18155E54E928275F4D00EDFB\00D582444CF4E54A8419DD74AAAA869ED2\00733967DCCA8CBD647ACD46E305802936\009B247DCF55A7CB447A677F592FF1DECD\0072D202844D6A46241A48156A8EDAC704\00\00"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\00002109030000000000000000F01FEC\SourceList]

@DACL=(02 0000)

"PackageName"="EnterpriseWW.msi"

"LastUsedSource"=expand:"n;1;C:\\MSOCache\\All Users\\{90120000-0030-0000-0000-0000000FF1CE}-C\\"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\000021599B0090400000000000F01FEC\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft Application Error Reporting"

"1"="OFFICE12;1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\00002159FA0061400000000000F01FEC\Patches]

@DACL=(02 0000)

"4328B5719D5860B4F81118A6D7D61E61"=":9500AF0416000012.0.4518.1019;:#9500AF0416000012.0.4518.1019"

"895910D395B7A74408EA18B507B348FF"=":9500AF0416000012.0.6425.1000;:#9500AF0416000012.0.6425.1000"

"EAEEC4B088AAC094CB2BAA3C2491184A"=":9500AF0416000012.0.6425.1000;:#9500AF0416000012.0.6425.1000"

"DBC1F3FBC50B4464EA34E60ECF2C724A"=":9500AF0416000012.0.6425.1000;:#9500AF0416000012.0.6425.1000"

"95AC4D1007070244B9CCE0AFC7D567EB"=":9500AF0416000012.0.6425.1000;:#9500AF0416000012.0.6425.1000"

"2A21C346A9FA21748BEBB36705FA0EA0"=":9500AF0416000012.0.6425.1000;:#9500AF0416000012.0.6425.1000"

"948F5D0A5D9DDE84990D7CD4B7AFA690"=":9500AF0416000012.0.6425.1000;:#9500AF0416000012.0.6425.1000"

"BF4D0FE032BB5154AAAE2104CAD25A52"=":9500AF0416000012.0.6425.1000;:#9500AF0416000012.0.6425.1000"

"306448DBD245F124E9CC86EE999FD556"=":9500AF0416000012.0.6425.1000;:#9500AF0416000012.0.6425.1000"

"Patches"=multi:"4328B5719D5860B4F81118A6D7D61E61\0095AC4D1007070244B9CCE0AFC7D567EB\00EAEEC4B088AAC094CB2BAA3C2491184A\00BF4D0FE032BB5154AAAE2104CAD25A52\00895910D395B7A74408EA18B507B348FF\002A21C346A9FA21748BEBB36705FA0EA0\00948F5D0A5D9DDE84990D7CD4B7AFA690\00DBC1F3FBC50B4464EA34E60ECF2C724A\00306448DBD245F124E9CC86EE999FD556\00\00"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\00002159FA0061400000000000F01FEC\SourceList]

@DACL=(02 0000)

"PackageName"="ppviewer.msi"

"LastUsedSource"=expand:"n;1;C:\\Arquivos de programas\\MSECache\\PPTViewer\\"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\080E7FFA4791FB54390101EDA1F1E50D\SourceList\Media]

@DACL=(02 0000)

"1"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\0D756077321A70C3E844C138CE981581\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\0DC1503A46F231838AD88BCDDC8E8F7C\SourceList\Media]

@DACL=(02 0000)

"1"=";1"

"100"=";"

"101"=";"

"102"=";"

"103"=";"

"104"=";"

"105"=";"

"106"=";"

"107"=";"

"108"=";"

"109"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\26DDC2EC4210AC63483DF9D4FCC5B59D\SourceList\Media]

@DACL=(02 0000)

"1"=";1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\313E2097F0FF3944CA1B8A41B787CD0D\SourceList]

@DACL=(02 0000)

"PackageName"="HPSSupply.msi"

"LastUsedSource"=expand:"n;1;C:\\hp_P1000_P1500_Full_Solution\\DTSS\\"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120661FF\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"="DISK1;1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\6E58EC68CABDDFF39B774E7BF9389C90\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\A35E09D5C7DB23F8B92877330D0FCBE8\SourceList\Media]

@DACL=(02 0000)

"1"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"2"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"3"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"4"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"5"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"6"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"7"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"8"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"9"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"10"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"11"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\C3B02CB566F11584AAC07B1BA5F7D368\SourceList\Media]

@DACL=(02 0000)

"1"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\Patches]

@DACL=(02 0000)

"CD9B5C7DC4E6EED4A9B71438ADD41C2C"=":oldTocurrent;:#oldTocurrent"

"8D81D36F6C56F404CB6CCB6111055157"=":oldTocurrent;:#oldTocurrent"

"44D51B2A7D3B696448850A89C682FA0D"=":oldTocurrent;:#oldTocurrent"

"425A33BDE5485584E9095A16B9DC5D72"=":oldTocurrent;:#oldTocurrent"

"37297481046CEAF47BC8DC52A6399760"=":oldTocurrent;:#oldTocurrent"

"F3F86E863D2A6B148B1252798C5CCBBB"=":oldTocurrent;:#oldTocurrent"

"1FA98C108219B99448EDF4C3B1EC100C"=":oldTocurrent;:#oldTocurrent"

"BBBC54B31AC5BF448958CA8CF16725E1"=":oldTocurrent;:#oldTocurrent"

"645BC568E92815C458A6C140B262F43E"=":oldTocurrent;:#oldTocurrent"

"Patches"=multi:"CD9B5C7DC4E6EED4A9B71438ADD41C2C\008D81D36F6C56F404CB6CCB6111055157\0044D51B2A7D3B696448850A89C682FA0D\00425A33BDE5485584E9095A16B9DC5D72\0037297481046CEAF47BC8DC52A6399760\00F3F86E863D2A6B148B1252798C5CCBBB\001FA98C108219B99448EDF4C3B1EC100C\00BBBC54B31AC5BF448958CA8CF16725E1\00645BC568E92815C458A6C140B262F43E\00\00"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"1"=";1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\DC3BF90CC0D3D2F398A9A6D1762F70F3\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";"

"100"=";"

"101"=";"

"102"=";"

"103"=";"

"104"=";"

"105"=";"

"106"=";"

"107"=";"

"108"=";"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\DD3E9A158B73BB74E876B5673BFECB84\SourceList]

@DACL=(02 0000)

"PackageName"="wllogin.msi"

"LastUsedSource"=expand:"n;1;C:\\Arquivos de programas\\Arquivos comuns\\Windows Live\\.cache\\8c88ce841ca4d01\\"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\DDE7F2BCF1D91C3409CFF425AE1E271A\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";Microsoft .NET Framework 1.1 [Disk 1]"

"2"=";Microsoft .NET Framework 1.1 [Disk 1]"

"3"=";Microsoft .NET Framework 1.1 [Disk 1]"

"4"=";Microsoft .NET Framework 1.1 [Disk 1]"

"5"=";Microsoft .NET Framework 1.1 [Disk 1]"

"6"=";Microsoft .NET Framework 1.1 [Disk 1]"

"7"=";Microsoft .NET Framework 1.1 [Disk 1]"

"8"=";Microsoft .NET Framework 1.1 [Disk 1]"

"9"=";Microsoft .NET Framework 1.1 [Disk 1]"

"10"=";Microsoft .NET Framework 1.1 [Disk 1]"

"11"=";Microsoft .NET Framework 1.1 [Disk 1]"

"12"=";Microsoft .NET Framework 1.1 [Disk 1]"

"13"=";Microsoft .NET Framework 1.1 [Disk 1]"

"14"=";Microsoft .NET Framework 1.1 [Disk 1]"

"15"=";Microsoft .NET Framework 1.1 [Disk 1]"

"16"=";Microsoft .NET Framework 1.1 [Disk 1]"

"17"=";Microsoft .NET Framework 1.1 [Disk 1]"

"18"=";Microsoft .NET Framework 1.1 [Disk 1]"

"19"=";Microsoft .NET Framework 1.1 [Disk 1]"

"20"=";Microsoft .NET Framework 1.1 [Disk 1]"

"21"="URTSTDD1;Microsoft .NET Framework 1.1 [Disk 1]"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\software\Macromedia\FlashPlayerActiveX\Components]

@DACL=(02 0000)

"Main"="1"

 

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(1004)

C:\ARQUIV~1\GBPLUGIN\gbieh.dll

C:\ARQUIV~1\GbPlugin\gbiehscd.dll

C:\ARQUIV~1\GbPlugin\gbiehcef.dll

C:\ARQUIV~1\GbPlugin\gbiehabn.dll

C:\ARQUIV~1\GbPlugin\gbiehuni.dll

C:\ARQUIV~1\GbPlugin\gbiehisg.dll

C:\windows\system32\MPRUI.dll

 

Tempo para conclusão: 2012-12-18 17:45:56

ComboFix-quarantined-files.txt 2012-12-18 20:45:54

ComboFix2.txt 2012-07-17 11:35:27

 

Pré-execução: 19 pasta(s) 286.826.930.176 bytes disponíveis

Pós execução: 20 pasta(s) 288.123.437.056 bytes disponíveis

 

- - End Of File - - 51210C31B7B89575A7023D775F045AFD

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Edvan

 

|- Baixe: < ZHPDiag_Silent.jpg > ( ... par Nicolas Coolman )

 

|- Salve-o no desktop!

|- Desabilite seu antivírus!

|- Caso utilize o Avast,estabeleça esta configuração à SandBox.

|- Para Windows Vista ou 7,clique direito e execute o arquivo como Executar_Administrador.jpg

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

 

ZHPDiag_4cones.jpg

 

|- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix

 

abi6rX9e.jpg

 

|- Poste e/ou cole aqui,o link que será gerado,logo após o relatório.

 

|- Ou acesse: Cjoint_Logo.jpg

 

|- Ou acesse: abmdaZsE.jpg

 

|- Maiores informações: < |Link| >

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Edvan

 

|- Caso possua,desinstale: C:\Arquivos de programas\Spybot - Search & Destroy <<

 

-/-

 

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

 

ZHPFix_silent_zps532d2db6.jpg

 

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas".

 

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://search.speedbit.com
O2 - BHO: (no name) - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} Orphean Key
O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} Orphean Key  
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} Orphean Key     
O2 - BHO: (no name) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} Orphean Key     
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Orphean Key     
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Orphean Key     
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} Orphean Key     
O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} Orphean Key         
O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} Orphean Key     
O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} Orphean Key     
O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540011} Orphean Key     
O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540015} Orphean Key     
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} Orphean Key     
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} Orphean Key     
O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (...) --  (.not file.)     
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\avast! Emergency Update.job
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\SBWUpdateTask_Logon_18f54a89-0022684E4D8A.job
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\SBWUpdateTask_Time_18f54a89-0022684E4D8A.job
O43 - CFD: 04/01/2012 - 09:23:29 - [1,114] ----D C:\Arquivos de programas\Spybot - Search & Destroy    
O44 - LFC:[MD5.3C0D63FBA3CA416471F90C9BDF7BF8E2] - 18/12/2012 - 07:54:45 ---A- . (...) -- C:\hijackthis.log   [8167]

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: Modified    => Infection BT (Hijacker.Intl)
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: Modified   
[HKLM\Software\360Safe]    => Infection Diverse (Lozavita.Troj)

proxyfix
emptytemp
emptyflash
firewallraz
sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

ZHPDiag_PasteClipboard.jpg

 

|- Clique no menu,"Paste ClipBoard".

 

acerMAbC.jpg

 

|- Clique "GO" -> Oui.

 

ZHPFix_GO.jpg

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Rapport de ZHPFix 1.3.05 par Nicolas Coolman, Update du 09/10/2012

Fichier d'export Registre :

Run by f001869 at 19/12/2012 10:24:37

Windows XP Professional Service Pack 3 (Build 2600)

Web site : http://nicolascoolman.skyrock.com/

 

 

 

========== Registry Key ==========

DELETED Key: CLSID BHO: {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}

DELETED Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540003}

DELETED Key: CLSID BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}

DELETED Key: CLSID BHO: {2E3C3651-B19C-4DD9-A979-901EC3E930AF}

DELETED Key: CLSID BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

DELETED Key: CLSID BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

DELETED Key: CLSID BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6}

DELETED Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540000}

DELETED Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540007}

DELETED Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540008}

DELETED [HKLM\SOFTWARE\Classes\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540008}]

DELETED [HKCR\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540008}]

DELETED Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540011}

DELETED Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540015}

DELETED Key: CLSID BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9}

DELETED Key: CLSID BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

DELETED Key: HKLM\Software\360Safe

 

========== Registry Value ==========

DELETED Toolbar: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe

DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe

DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe

DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe

No Value in Firewall Exception Register Key (FirewallRaz)

 

========== Registry Data Items ==========

REMOVED R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs

REMOVED Explorer Association Data Application: http://www.fileextensionpro.com/redir.aspx?LangID=%04x&Ext=%s

REMOVED Explorer Association Data Intl: http://www.fileextensionpro.com/redir.aspx?LangID=%04x&Ext=%s

REMOVED Explorer Association Data XMLLookup: http://www.fileextensionpro.com/redir.aspx?LangID=%04x&Ext=%s

 

========== Repertory ==========

DELETED Folder: C:\Arquivos de programas\Spybot - Search & Destroy

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== File ==========

DELETED File: c:\windows\tasks\adobe flash player updater.job

DELETED File: c:\windows\tasks\avast! emergency update.job

DELETED File: c:\windows\tasks\sbwupdatetask_logon_18f54a89-0022684e4d8a.job

DELETED File: c:\windows\tasks\sbwupdatetask_time_18f54a89-0022684e4d8a.job

DELETED File: c:\hijackthis.log

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== Restoration ==========

Restore System Point created succefully

 

 

========== Summary ==========

17 : Registry Key

12 : Registry Value

4 : Registry Data Items

3 : Repertory

7 : File

1 : Restoration

 

 

End of clean in 01mn 09s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 19/12/2012 10:24:43 [3210]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Edvan

 

|- Desabilite seu antivírus!

|- Vá em Iniciar -> Executar -> Digite ou cole: combofix.exe /uninstall -> Clique OK.

|- Clique em Executar -> Aguarde!

|- Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" -> Clique OK.

|- Caso encontre,apague: C:\ComboFix <- A pasta! + C:\ComboFix.txt <- Relatório!

|- Ou,vá em Iniciar -> Executar -> Digite ou cole ( Paste ):

 

|- CFuninstall.gif

 

"%userprofile%\desktop\combofix" /uninstall

 

|- Clique OK.

|- Aguarde a desinstalação,e clique OK na mensagem.

|- Ps: Outra opção,seria renomear o Combofix.exe para uninstall.exe e executá-lo.

|- Ps: Muitos confundem com nova execução,mas a ferramenta fará a auto-desinstalação.

 

-/-

 

|- Baixe: < Pre_Scan > ( ... par g3n-h@ckm@n & Saachaa )

 

abdEsti0.jpg

 

|- Ou aqui: < Pre-Scan > Mirror!

 

|- Ou aqui: < Pre_Scan.pif > Caso ocorra impedimentos por malwares!

 

|- Estando na página,clique na seta verde ou Mirror 1.

 

|- Salve-o no desktop! < images_2.jpg ( winlogon ) >

 

|- Desabilite seu antivírus,antispyware,sandbox e/ou firewall.

|- Feche programas que estejam abertos e execute a ferramenta!

 

|- Duplo-clique em Pre_scan.exe. < Pre_scan_Logo.jpg >

 

|- Ps: Durante o scan,sua área de trabalho irá desaparecer e janelas pretas irão surgir na tela. Tudo isso é normal e faz parte do funcionamento da ferramenta.

 

Pre_Scan_Kill.jpg

 

|- Encontrando infecções,pode ocorrer reinicialização e aparecer essa tela,logo àcima.

|- Ps: Caso apareça e não mostre nenhuma solicitação,clique em "Kill".

|- Neste caso,haverá novo scan e,ao final,será disponibilizado o relatório.

|- Poderá haver reboot(s) e prosseguimento do scan. << Aguarde!

|- Poste ao concluir,o relatório! ( Pre_Scan.txt ) << Link ao relatório!

 

|- Para enviar,acesse!: Cjoint_Logo.jpg

 

|- Ou...1fichier.com

 

|- Ou...myfile.tk

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde amigo.

 

Ao tentar rodar o Pre_Scan > gerou o erro abaixo:

erroan.jpg

 

Ao executar o scan a área de trabalho e ícones desapareceram e gerou esse erro.

 

Daí precionei Alt+Ctrl, entrei no Gerenciador de tarefas do windows e ativei o explorer.exe para aparecer novamente a área de trabalho.

exploreri.jpg

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Edvan

 

|- Utilize Pre_Scan.pif que,ao operar,não dará stop ao desktop.

 

abyHHS5Y.jpg

 

|- Ao surgir essa tela,dê a opção diagnóstico ao clicar "DiaG".

|- Ao concluir,poste o link ao relatório. ( CJoint.com ou MyFile.tk )

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Edvan

 

|- Utilize Pre_Scan.pif que,ao operar,não dará stop ao desktop.

 

abyHHS5Y.jpg

 

|- Ao surgir essa tela,dê a opção diagnóstico ao clicar "DiaG".

|- Ao concluir,poste o link ao relatório. ( CJoint.com ou MyFile.tk )

 

A+

 

Estranho amigo, pois ao clicar "DiaG" gera o erro.

virusrq.jpg

 

No "C" encontrei esse log aqui.

 

 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Diag | 2.1219 | g3n-h@ckm@n & Saachaa ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

 

~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤

 

~ Update on 19/12/2012 | 18.30 by g3n-h@ckm@n

~ Evolution : http://gen-hackman.forum-pro.fr/t64-historique-de-l-outil

~ Pre_Script Infos : http://gen-hackman.forum-pro.fr/t89-les-switchs

~ Pre_scan Feedbacks : http://gen-hackman.forum-pro.fr/t93-feedback-pre_scan#505

 

~ [f001869 (Administrator)] - [FUN0105]

~ SID = S-1-5-21-2586132527-314635491-3328972525-21052

 

~ System : Microsoft Windows XP (32 bits) Service Pack 3

~ ProcessorNameString : Pentium® Dual-Core CPU E5300 @ 2.60GHz

~ Identifier : x86 Family 6 Model 23 Stepping 10

17:10:04

 

¤¤¤¤¤¤¤¤¤¤ | MD5 Control

 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Diag | 2.1219 | g3n-h@ckm@n & Saachaa ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

 

~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤

 

~ Update on 19/12/2012 | 18.30 by g3n-h@ckm@n

~ Evolution : http://gen-hackman.forum-pro.fr/t64-historique-de-l-outil

~ Pre_Script Infos : http://gen-hackman.forum-pro.fr/t89-les-switchs

~ Pre_scan Feedbacks : http://gen-hackman.forum-pro.fr/t93-feedback-pre_scan#505

 

~ [f001869 (Administrator)] - [FUN0105]

~ SID = S-1-5-21-2586132527-314635491-3328972525-21052

 

~ System : Microsoft Windows XP (32 bits) Service Pack 3

~ ProcessorNameString : Pentium® Dual-Core CPU E5300 @ 2.60GHz

~ Identifier : x86 Family 6 Model 23 Stepping 10

17:14:17

 

¤¤¤¤¤¤¤¤¤¤ | MD5 Control

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Edvan

 

|- Vamos tentar com a OTL. Delete Pre_Scan.exe ou winlogon.exe ou Pre_Scan.pif.

 

-/-

 

|- Baixe: < otlDesktopIcon.png > ( ... by OldTimer Tools )

 

|- Salve-o no desktop!

|- Duplo clique em OTL.exe >> Executar ou Executar_Administrador.jpg

 

|- Ps: Tendo dificuldades ao executar OTL.exe,delete o arquivo e baixe-o daqui ou aqui.

 

acbYKMx0.jpg

 

|- Configure a ferramenta,segundo a screenshot!

|- Em "Exame Extra do Registro",assinale "Nenhum".

 

*crack* /s 
*keygen* /s 
*serial* /s 
*AutoKMS* /s
*loader* /s
%SYSTEMDRIVE%\*.*
%APPDATA%\Local\*.
%APPDATA%\*.exe /s
%APPDATA%\*.
%systemdrive%\drivers\*.exe
%USERPROFILE%\AppData\Local\*.*
%USERPROFILE%\AppData\Roaming\*.*
%systemroot%\system32\drivers\*.* /90
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\temp\*.* /S /MD5
%systemroot%\assembly\GAC\*.* /S /MD5
%systemroot%\assembly\GAC_32\*.* /S /MD5
%systemroot%\system32\config\systemprofile\AppData\Local\*.*
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
/md5start
services.exe
/md5stop
regedit /e c:\registrybackup.reg /c
%windir%\tasks\*.* /s

|- Copie estas informações que estão no Code,para o Bloco de Notas.

|- Salve-as em Meus Documentos ou desktop,com o nome scan. << Texto!

|- Clique na área "Exames Personalizados/Correções".

 

acvcVUrd.jpg

 

|- Clique em Ok para procurar um arquivo com exame personalizado.

|- Clique "Abrir". ( scan.txt )

 

acqlW68e.jpg

 

|- Após colar as informações na área branca,clique em acng1cS9.jpg

 

|- Concluindo,poste o relatório: OTL.txt << Link ao relatório!

 

abmdaZsE.jpg

 

|- Para enviar,acesse: < MyFile.tk >

 

|- Ou acesse: < Cjoint_Logo.jpg >

 

|- Maiores informações: < |Link| >

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Link http://cjoint.com/12dc/BLumScMzmXc.htm

 

Estamos com um problema aqui no IE 8.0, não consigo ativar os cookites, usamos um sistema aqui que precisa dos cookites, já desinstalei e instalei o IE e nada.

 

Ate para bater o ponto que é online nao conseguimos, já pelo FF consigo normalmente, rodei o Fix it da MS e nada.

 

O que pode ser amigo?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Link http://cjoint.com/12dc/BLumScMzmXc.htm

 

Estamos com um problema aqui no IE 8.0, não consigo ativar os cookites, usamos um sistema aqui que precisa dos cookites, já desinstalei e instalei o IE e nada.

 

Ate para bater o ponto que é online nao conseguimos, já pelo FF consigo normalmente, rodei o Fix it da MS e nada.

 

O que pode ser amigo?

Bom Dia! Edvan

 

|- Já tentou inserir ou configurar,esse link,com endereço preferencial ao IE?

 

-/-

 

|- Baixe: < FixPolicies > ( ... by Bill Castner )

|- Salve-o no desktop!

|- Execute o arquivo FixPolicies.exe,com um duplo-clique.

|- Clique em Install.

|- Abra a pasta FixPolicies,que foi criada.

|- Duplo-clique em Fix_policies.cmd.

|- Surgirá,por breve momento,uma caixa preta.

 

-/-

 

|- Execute o OTL.exe.

|- Copie estas informações que estão no Code,para o campo clipboard da ferramenta. ( "Exames Personalizados/Correções" )

 

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\f001869\CONFIG~1\Temp\catchme.sys -- (catchme)
IE - HKLM\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://search.speedbit.com/search.aspx?s=CC4a105&q={searchTerms}
IE - HKU\S-1-5-21-2586132527-314635491-3328972525-21052\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://search.speedbit.com/search.aspx?s=CC4a105&q={searchTerms}
FF - user.js - File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\f001869\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\f001869\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
O3 - HKU\S-1-5-21-2586132527-314635491-3328972525-21052\..\Toolbar\ShellBrowser: (no name) - {61628E2A-4FF9-4454-992D-D92A8CD27399} - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2012/12/19 14:07:58 | 000,000,000 | ---D | C] -- C:\Pre_Scan
[2012/12/19 08:29:16 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ZHPDiag
[2012/12/18 17:37:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/12/13 15:33:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\PSafe
[2012/12/11 16:14:43 | 000,031,465 | ---- | M] () -- C:\Documents and Settings\f001869\Configurações locais\Dados de aplicativos\funmoods.crx
[2012/12/18 17:46:27 | 000,000,489 | ---- | C] () -- C:\Documents and Settings\f001869\Meus documentos\Atalho para ComboFix.exe.lnk
[2011/01/21 10:17:38 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\f001869\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/19 17:14:17 | 000,001,442 | ---- | M] () -- C:\Pre_Diag.txt

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = ""

:Commands 
[CLEARALLRESTOREPOINTS]
[purity] 
[resethosts]
[emptytemp] 
[Reboot]

|- Clique no botão Consertar -> Aguarde a conclusão!

|- O computador vai reiniciar! -> Clique em "Executar".

 

OTL_RunFix.jpg

 

|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites
Bom Dia! Edvan

 

|- Já tentou inserir ou configurar,esse link,com endereço preferencial ao IE?

 

Feito tudo amigo.

 

O que o FixPolicies faz? pois nao gerou nada de log!.

 

 

All processes killed

========== OTL ==========

Service WDICA stopped successfully!

Service WDICA deleted successfully!

Service PDRFRAME stopped successfully!

Service PDRFRAME deleted successfully!

Service PDRELI stopped successfully!

Service PDRELI deleted successfully!

Service PDFRAME stopped successfully!

Service PDFRAME deleted successfully!

Service PDCOMP stopped successfully!

Service PDCOMP deleted successfully!

Service PCIDump stopped successfully!

Service PCIDump deleted successfully!

Service lbrtfdc stopped successfully!

Service lbrtfdc deleted successfully!

Service i2omgmt stopped successfully!

Service i2omgmt deleted successfully!

Service Changer stopped successfully!

Service Changer deleted successfully!

Service catchme stopped successfully!

Service catchme deleted successfully!

File C:\DOCUME~1\f001869\CONFIG~1\Temp\catchme.sys not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ not found.

Registry key HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21052\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ not found.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21052\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{61628E2A-4FF9-4454-992D-D92A8CD27399} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}\ not found.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

C:\Pre_Scan\Save\Scan\Users\00000002 folder moved successfully.

C:\Pre_Scan\Save\Scan\Users\00000001 folder moved successfully.

C:\Pre_Scan\Save\Scan\Users folder moved successfully.

C:\Pre_Scan\Save\Scan folder moved successfully.

C:\Pre_Scan\Save folder moved successfully.

C:\Pre_Scan\Replace folder moved successfully.

C:\Pre_Scan\Quarantine folder moved successfully.

C:\Pre_Scan\Process folder moved successfully.

C:\Pre_Scan\MBR folder moved successfully.

C:\Pre_Scan\Infected folder moved successfully.

C:\Pre_Scan\dll folder moved successfully.

C:\Pre_Scan folder moved successfully.

C:\Arquivos de programas\ZHPDiag\Quarantine folder moved successfully.

C:\Arquivos de programas\ZHPDiag\Liste Spéciale folder moved successfully.

C:\Arquivos de programas\ZHPDiag folder moved successfully.

C:\ComboFix folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\PSafe\logs folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\PSafe folder moved successfully.

C:\Documents and Settings\f001869\Configurações locais\Dados de aplicativos\funmoods.crx moved successfully.

C:\Documents and Settings\f001869\Meus documentos\Atalho para ComboFix.exe.lnk moved successfully.

C:\Documents and Settings\f001869\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.

C:\Pre_Diag.txt moved successfully.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}\ not found.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope" | "" /E : value set successfully!

========== COMMANDS ==========

System Restore Service not available.

File move failed. C:\windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Error: Unble to create default HOSTS file!

 

[EMPTYTEMP]

 

User: Administrador

->Temp folder emptied: 508778 bytes

->Temporary Internet Files folder emptied: 112094 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 33981709 bytes

->Flash cache emptied: 492 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: e0021

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: f001869

->Temp folder emptied: 90708 bytes

->Temporary Internet Files folder emptied: 32822404 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 90656977 bytes

->Flash cache emptied: 5885 bytes

 

User: f002024

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: f002873

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: f003140

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 65748 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 16384 bytes

RecycleBin emptied: 4326337 bytes

 

Total Files Cleaned = 155,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 12202012_140255

 

Files\Folders moved on Reboot...

C:\windows\System32\drivers\etc\Hosts moved successfully.

C:\Documents and Settings\f001869\Configurações locais\Temporary Internet Files\SuggestedSites.dat moved successfully.

File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Edvan

 

O que o FixPolicies faz? pois nao gerou nada de log!.

|- Essa ferramenta não gera relatório e corrige políticas incorretas,que costumam ser impostas por malwares ou adwares,ao registro.

 

Estamos com um problema aqui no IE 8.0, não consigo ativar os cookites, usamos um sistema aqui que precisa dos cookites, já desinstalei e instalei o IE e nada.

|- Aqui,você está referindo-se à cookies?

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites
Aqui,você está referindo-se à cookies?

 

Isso mesmo amigo, usamos um sistema aqui na empresa, quando vamos gerar um relatório para poder imprimir, a tela com o relatório vem com alguns erros, daí quando clicamos em imprimir nao mostra as impressoras para poder imprimir.

 

P>S:, vou lá na maquina agora para dar um print screen, para você ter uma ideia do que se trata, isso só acontece na maquina dessa menina, o programador disse para mim que nosso sistema usa cookies e nao estava conseguindo ativar o mesmo no IE da maquina dela, daí fui lá e desinstalei e instalei denovo e nada, passei o fix it mais nada resolveu, muito estranho isso.

 

Veja na imagem onde circulei em vermelho:

 

Quando clico em imprimir não sai nada como se estivesse travado tudo.

 

Acho que vou agendar com a menina para formatar essa maquina em Janeiro/2013, esse pc deve está todo bugado. hehehe.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Edvan

 

< html_associationfix >

 

|- Utilize este Fix,ao descompactá-lo.

 

< Microsoft Fix it 50198 >

 

|- Utilize este FixIt.

|- Se não resolver,pode formatar!

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok.. mais eu executo primeiro o html_associationfix > depois o Microsoft Fix it 50198 >??

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok.. mais eu executo primeiro o html_associationfix > depois o Microsoft Fix it 50198 >??

Olá! Edvan

 

|- Execute,primeiramente,o html_associationfix.

 

-/-

 

|- Baixe: < Re-Enable > TangoSoft.jpg ( ... by TangoSoft )

 

Re-Enable_Installer.jpg

 

|- Clique em "Download Now" e salve "Installer, Setup.exe" no desktop!

|- Instale-o com um duplo-clique!

 

Re-Enable_NetFramework.jpg

 

|- Ps: A sua funcionalidade,requer primeiro a instalação do .Net Framework 3.5.

 

ablE7NHH.jpg

 

|- Desejando a versão portable,essa instalação pode ser dispensada.

|- Para Windows Vista ou 7: Clique direto em "Setup.exe e escolha sua execução como "Administrador".

 

Re-Enable20.jpg

 

|- Desmarque todos os botões,clicando em 'Check/Uncheck All'

|- Marque: As funções que estejam 'bugadas'

|- Clique em "Re-Enable" -> Aguarde!

|- À seguir,ao concluir,reinicie o computador!

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.