[Resolvido] &nbspLog para analise

[Edvan 30]

Amigos, estou com uma maquina aqui que está horrível para navegar, trava muito nos sites, as vezes abre pop-up do nada, estou pensando que está com virus.

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 08:50:13, on 05/02/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\3M\PDNotes\PDNotes.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin

C:\WINDOWS\system32\msfeedssync.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jucheck.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.funpec.br/ponto_online/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AddLyrics - {4145006D-47F8-42F2-8186-2225AAFECDD3} - C:\Arquivos de programas\AddLyrics\AddLyrics.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O3 - Toolbar: Post-it® Digital Notes - {735abc4c-9266-4008-9ef6-bc60be8de31f} - mscoree.dll (file missing)

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: BrOffice.org 3.2.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe

O4 - Global Startup: Post-it® Digital Notes.lnk = C:\Arquivos de programas\3M\PDNotes\PDNotes.exe

O4 - Global Startup: Post-it® Digital Notes.lnk = ?

O8 - Extra context menu item: Create a Post-it® Note - C:\Arquivos de programas\3M\PDNotes\\PSNBookMark.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

--

End of file - 7702 bytes

--------------------xx-----------------------------------

# AdwCleaner v2.006 - Logfile created 02/05/2013 at 08:21:59

# Updated 30/10/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : f002733 - FUN0023

# Boot Mode : Normal

# Running from : C:\Documents and Settings\f002733.FUNPEC.BR\Desktop\AdwCleaner\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Arquivos de programas\Mozilla Firefox\.autoreg

File Deleted : C:\Arquivos de programas\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\Arquivos de programas\Mozilla Firefox\searchplugins\fcmdSrch.xml

Folder Deleted : C:\Arquivos de programas\Conduit

Folder Deleted : C:\Arquivos de programas\DealPly

Folder Deleted : C:\Arquivos de programas\facemoods.com

Folder Deleted : C:\Arquivos de programas\FileConverter_1.1

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\DealPly

Key Deleted : HKCU\Software\facemoods.com

Key Deleted : HKCU\Software\FileConverter_1.1

Key Deleted : HKCU\Software\Funmoods

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4E8F6CB8-79E6-4DEF-8F44-6FFD56E07774}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E8F6CB8-79E6-4DEF-8F44-6FFD56E07774}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}

Key Deleted : HKCU\Software\PriceGong

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E8F6CB8-79E6-4DEF-8F44-6FFD56E07774}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C604C02-E91D-4173-8857-97D30BBACBFA}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}

Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\facemoods.dskBnd

Key Deleted : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr

Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl

Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1

Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3241941

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DealPly

Key Deleted : HKLM\Software\facemoods.com

Key Deleted : HKLM\Software\FileConverter_1.1

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AD32B77-CD31-4670-A860-97FD57275DF1}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AD43ECB-859E-4CD8-B94E-5FA5F29DB774}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FileConverter_1.1 Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E8F6CB8-79E6-4DEF-8F44-6FFD56E07774}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C604C02-E91D-4173-8857-97D30BBACBFA}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileConverter_1.1 Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4E8F6CB8-79E6-4DEF-8F44-6FFD56E07774}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4E8F6CB8-79E6-4DEF-8F44-6FFD56E07774}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [facemoods]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[s1].txt - [9369 octets] - [05/02/2013 08:21:59]

########## EOF - C:\AdwCleaner[s1].txt - [9429 octets] ##########

[DigRam 144]

Bom Dia! Edvan

|- Desinstale: C:\Arquivos de programas\AddLyrics

-/-

|- Baixe: < http://www.infospyware.com/antispyware/at-destroyer/'>AT-Destroyer >
|- Salve-o no desktop!
|- Desabilite seu antivírus ou antispyware,para que a ferramenta não seja detectada como malware.
|- Execute AT-Destroyer.exe como administrador,caso utilize Windows Vista ou 7.

http://imgbox.com/abk7atSf'>

|- Escolha a opção "Buscar" e aguarde a finalização do scan.
|- Poste o relatório! ( C:\AT-Destroyer.txt )

-/-

|- Baixe: | ftp://zebulon.fr/ZHPDiag2.exe'>ZHPDiag2 | *ºº* < > *ºº* ( ... de Nicolas Coolman )

|- Salve-o no desktop!



|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.



|- Confirme todos os passos,ao instalar ZHPDiag.
|- Conclua a instalação,clicando em "Termine".



|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:

|- <1> MBRCheck
|- <2> ZHPDiag2
|- <3> ZHPFix



|- Clique no ícone do pergaminho. ( ZHPScript )



|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )
|- Habilite todas as opções de diagnóstico,clicando em "Options".



|- Clique em All.
|- Desmarque,à seguir,as caixinhas de n° O45,O61,O62,O65,O82.

|-

|- Clique em "Calendar" e escolha 30 dias!



|- Clique no botão UAC,para desabilitar essa proteção.



|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )
|- Ao concluir,clique em "Save Report".
|- Salve-o em um local conveniente! ( ZHPDiag.txt )
|- Ps: Não poste,diretamente,esse arquivo texto.

|- Envie-o à http://forum.imasters.com.br/topic/452207-pjjointmalekal-hospedagem-inteligente/'>Pjjoint.malekal,clicando na seta azul! < >

|- Ou acesse: http://cjoint.com/'>

|- Ou acesse: http://imgbox.com/abmdaZsE'>

|- Maiores informações: < |http://forum.imasters.com.br/topic/452911-myfiletk-cjoint/'>Link| >

Abraços!

[Edvan 30]

1º log do Malwarebytes.

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Versão da Base de Dados: v2013.02.05.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
f002733 :: FUN0023 [administrador]

05/02/2013 08:59:45
mbam-log-2013-02-05 (08-59-45).txt

Tipo de Verificação: Verificação Completa (C:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 283785
Tempo decorrido: 2 hora(s), 21 minuto(s), 24 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 2
HKCU\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 4
C:\Documents and Settings\f002733.FUNPEC.BR\Meus documentos\Downloads\PDFCreatorSetup.exe (Adware.Agent) -> Enviado para a Quarentena e deletado com sucesso.
C:\Documents and Settings\f002733.FUNPEC.BR\Meus documentos\Downloads\SoftonicDownloader_para_adobe-reader.exe (PUP.OfferBundler.ST) -> Enviado para a Quarentena e deletado com sucesso.
C:\Documents and Settings\f002733.FUNPEC.BR\Meus documentos\Downloads\FLVPlayerSetup.exe (Adware.Agent) -> Enviado para a Quarentena e deletado com sucesso.
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Funmoods\UpdateProc\UpdateTask.exe (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

 

2º AT-Destroyer By Infospyware

 

######################## AT-Destroyer By Infospyware.
Hora/Día/Mes/Año: 11:46:19 \\\ 05/02/2013
AT-Destroyer 2.1 By Infospyware ---> www.infospyware.com
Última actualización: 30/11/2012
Opción escogida: 1 :Buscar
Versión Internet Explorer:8.0.6001.18702
Mozilla Firefox:1.9.2.4448
Privilegios: f002733 - Administrador
Modo Actual: Modo Normal.
Nombre del pc: FUN0023
Información del sistema operativo:X86-WIN_XP-Service Pack 3
nombre del usuario:f002733
Lenguaje del sistema: Portugués

 

>>>>>> Servicios <<<<<<

 

>>>>>> Carpetas <<<<<<

C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\PriceGong\Data (W32/PND.PriceGong)
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\PriceGong\Data\mru.xml (W32/PND.PriceGong)
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\PriceGong (W32/PND.PriceGong)
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\facemoods.com ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Funmoods (W32/PND.Funmoods Toolbar)

>>>>>> Archivos <<<<<<

 

>>>>>> Registro <<<<<<

 

>>>>>> Heurística <<<<<<

Encontrado: C:\Arquivos de programas\DiagnosticoBB.exe (Heur malware.win32.generic)
Encontrado: C:\Arquivos de programas\Firefox Setup 3.6.15.exe (Heur malware.win32.generic)

>>>>>> Internet Explorer <<<<<<

Start Page==http://go.microsoft.com/fwlink/?LinkId=69157
Local Page==C:\WINDOWS\system32\blank.htm
Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
Default_search_url==http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL==http://go.microsoft.com/fwlink/?LinkId=69157

''HKCU\Software\Microsoft\Internet Explorer\Main''
Start Page==http://funpec.br/ponto_online/
Local Page==C:\WINDOWS\system32\blank.htm
Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
Default_search_url==
Default_Page_URL==

HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-101208\Software\Microsoft\Internet Explorer\Main''
Start Page==http://funpec.br/ponto_online/
Local Page==C:\WINDOWS\system32\blank.htm
Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
Default_search_url==
Default_Page_URL==

>>>>>> Firefox <<<<<<

user_pref("browser.startup.homepage", "http://www.funpec.br/ponto_online/");
user_pref("browser.startup.homepage_override.mstone", "rv:1.9.2.28");
user_pref("pref.browser.homepage.disable_button.current_page", false);

>>>>>> Plugins Firefox <<<<<<

HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.1
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader

>>>>>> Google Chrome <<<<<<

"homepage": "http://www.google.com",
"homepage_is_newtabpage": false,
"homepage": "http://www.google.com",
"homepage_is_newtabpage": false,

>>>>>> Extensiones Google Chrome <<<<<<

C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\5
C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

======== Listado ===========

C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\1B2Y1E1P1C1Q1F2W1G1I1F1T1Q1BtF1R1F1HtF1S1C [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\3M [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Adobe [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\ArcSoft [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\BabylonToolbar [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\BrOffice.org [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\DealPly [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\desktop.ini [HSA] 1 KB ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\ElevatedDiagnostics [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\facemoods.com [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Funmoods [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\GetRightToGo [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Google [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Identities [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Macromedia [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Malwarebytes [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Microsoft 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Mozilla [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Nero [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Oracle [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\PhotoFiltre Studio X [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\PriceGong [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Sun [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Thunderbird [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\WinRAR [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\xrecode2 [0] 0 ( )
C:\Arquivos de programas\7-Zip [0] 0 ( )
C:\Arquivos de programas\AA Antimalware [0] 0 ( )
C:\Arquivos de programas\AddLyrics [0] 0 ( )
C:\Arquivos de programas\Adobe [0] 0 ( )
C:\Arquivos de programas\Alwil Software [0] 0 ( )
C:\Arquivos de programas\Arquivos comuns [0] 0 ( )
C:\Arquivos de programas\AvRack [0] 0 ( )
C:\Arquivos de programas\BrOffice.org 3 [0] 0 ( )
C:\Arquivos de programas\Canon [0] 0 ( )
C:\Arquivos de programas\CCleaner [0] 0 ( )
C:\Arquivos de programas\ComPlus Applications [0] 0 ( )
C:\Arquivos de programas\DiagnosticoBB.exe [A] 2.221 KB( 0)
C:\Arquivos de programas\Diagnóstico BB.log [A] 3 KB( 0)
C:\Arquivos de programas\DIFX [0] 0 ( )
C:\Arquivos de programas\Firefox Setup 3.6.15.exe [A] 280 KB( 0)
C:\Arquivos de programas\FreeTime [0] 0 ( )
C:\Arquivos de programas\GbPlugin [0] 0 ( )
C:\Arquivos de programas\Google [0] 0 ( )
C:\Arquivos de programas\HP [0] 0 ( )
C:\Arquivos de programas\InstallShield Installation Information [H] 0( 0)
C:\Arquivos de programas\Internet Explorer [0] 0 ( )
C:\Arquivos de programas\Java [0] 0 ( )
C:\Arquivos de programas\Malwarebytes' Anti-Malware [0] 0 ( )
C:\Arquivos de programas\microsoft frontpage [0] 0 ( )
C:\Arquivos de programas\Microsoft Office [0] 0 ( )
C:\Arquivos de programas\Microsoft Visual Studio [0] 0 ( )
C:\Arquivos de programas\Microsoft Works [0] 0 ( )
C:\Arquivos de programas\Movie Maker [0] 0 ( )
C:\Arquivos de programas\Mozilla Firefox [0] 0 ( )
C:\Arquivos de programas\MSN Gaming Zone [0] 0 ( )
C:\Arquivos de programas\Nero [0] 0 ( )
C:\Arquivos de programas\NetMeeting [0] 0 ( )
C:\Arquivos de programas\Oracle [0] 0 ( )
C:\Arquivos de programas\Outlook Express [0] 0 ( )
C:\Arquivos de programas\PDFCreator [0] 0 ( )
C:\Arquivos de programas\Photo! [0] 0 ( )
C:\Arquivos de programas\PhotoFiltre Studio X [0] 0 ( )
C:\Arquivos de programas\Realtek AC97 [0] 0 ( )
C:\Arquivos de programas\Realtek Sound Manager [0] 0 ( )
C:\Arquivos de programas\S3 [0] 0 ( )
C:\Arquivos de programas\Serviços on-line [0] 0 ( )
C:\Arquivos de programas\Uninstall Information [H] 0( 0)
C:\Arquivos de programas\v9Soft [0] 0 ( )
C:\Arquivos de programas\VIA [0] 0 ( )
C:\Arquivos de programas\Windows Defender [0] 0 ( )
C:\Arquivos de programas\Windows Media Connect 2 [0] 0 ( )
C:\Arquivos de programas\Windows Media Player [0] 0 ( )
C:\Arquivos de programas\Windows NT [0] 0 ( )
C:\Arquivos de programas\WindowsUpdate [H] 0( 0)
C:\Arquivos de programas\WinRAR [0] 0 ( )
C:\Arquivos de programas\WinXMedia [0] 0 ( )
C:\Arquivos de programas\wllogin_32.msi [A] 4.546 KB( 0)
C:\Arquivos de programas\xerox [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini [HSA] 1 KB 0
C:\Documents and Settings\All Users\Dados de aplicativos\gas [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\Google [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\hpzinstall.log [A] 2 KB 0
C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft 0 0
C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\Nero [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\Pianosoft [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\Sun [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\TEMP [A] 0 0
C:\Documents and Settings\All Users\Dados de aplicativos\Windows Genuine Advantage [0] 0 ( )
======================EOF=======================

 

3º ZHPDiag.txt.

 

Link: http://cjoint.com/13fe/CBfp1ubGGRN.htm

[DigRam 144]

Boa Tarde! Edvan



|- Execute,novamente,a ferramenta AT-Destroyer e escolha a opção "Buscar y Destruir".
|- Poste o relatório! ( C:\AT-Destroyer.txt )

-/-

|- Feche programas/pastas que estejam abertas.
|- Feche,também,o navegador!
|- Para Windows Vista,desabilite a UAC.



|- Dê um duplo clique em ZHPFix.
|- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas".

O44 - LFC:[MD5.33EFF91FA513BADD92FFDB0EA8217E5A] - 05/02/2013 - 08:50:13 ---A- . (...) -- C:\hijackthis.log   [7703]
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\PDFConverterSetup.exe" [Enabled] .(...) -- C:\Arquivos de programas\PDFConverterSetup.exe (.not file.)

C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Conduit    => Toolbar.Conduit

[HKLM\Software\Adware Away]    => Infection Rogue (Rogue.AdwareAway)
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

proxyfix
emptytemp
emptyflash
firewallraz
sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
|- Minimize o Bloco de Notas.



|- Clique no menu,"Paste ClipBoard".
|- Clique em "GO" -> Oui.



|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

A+

 

[Edvan 30]

Obrigado pela ajuda amigo, sempre dando aquela força! :joia:

 

 

 

 

 

######################## AT-Destroyer [2.1] By Infospyware.
Hora/Día/Mes/Año: 14:01:58 \\\ 05/02/2013
AT-Destroyer 2.1 By Infospyware ---> www.infospyware.com
Última actualización: 30/11/2012
Opción escogida: 2 :Buscar y Destruir
Versión Internet Explorer:8.0.6001.18702
Mozilla Firefox:1.9.2.4448
Privilegios: f002733 - Administrador
Modo Actual: Modo Normal.
Nombre del pc: FUN0023
Información del sistema operativo:X86-WIN_XP-Service Pack 3
nombre del usuario:f002733
Lenguaje del sistema: Portugués

 

>>>>>>> Servicios <<<<<<<

 

>>>>>> Carpetas <<<<<<

C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\PriceGong\Data (W32/PND.PriceGong)
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\PriceGong\Data\mru.xml (W32/PND.PriceGong)
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\PriceGong (W32/PND.PriceGong)
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\facemoods.com 33
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Funmoods (W32/PND.Funmoods Toolbar)

>>>>>> Archivos <<<<<<

 

>>>>>> Registro <<<<<<

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

>>>>>> Heurística <<<<<<

C:\Arquivos de programas\DiagnosticoBB.exe (Heur malware.win32.generic)
C:\Arquivos de programas\Firefox Setup 3.6.15.exe (Heur malware.win32.generic)

>>>>>> Internet Explorer <<<<<<

Start Page==www.google.com
Local Page==C:\WINDOWS\system32\blank.htm
Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
Default_search_url==http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL==http://go.microsoft.com/fwlink/?LinkId=69157

''HKCU\Software\Microsoft\Internet Explorer\Main''
Start Page==www.google.com
Local Page==C:\WINDOWS\system32\blank.htm
Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
Default_search_url==
Default_Page_URL==

HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-101208\Software\Microsoft\Internet Explorer\Main''
Start Page==www.google.com
Local Page==C:\WINDOWS\system32\blank.htm
Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
Default_search_url==
Default_Page_URL==

>>>>>> Firefox <<<<<<

user_pref("browser.startup.homepage", "http://www.funpec.br/ponto_online/");
user_pref("browser.startup.homepage_override.mstone", "rv:1.9.2.28");
user_pref("pref.browser.homepage.disable_button.current_page", false);

>>>>>> Plugins Firefox <<<<<<

HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.1
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader

>>>>>> Google Chrome <<<<<<

"homepage": "http://www.google.com/",
"homepage_changed": true,
"homepage_is_newtabpage": false,

>>>>>> Extensiones Google Chrome <<<<<<

C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\5
C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
C:\Documents and Settings\f002733.FUNPEC.BR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

======== Listado ===========

C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\1B2Y1E1P1C1Q1F2W1G1I1F1T1Q1BtF1R1F1HtF1S1C [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\3M [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Adobe [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\ArcSoft [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\BabylonToolbar [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\BrOffice.org [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\DealPly [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\desktop.ini [HSA] 1 KB ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\ElevatedDiagnostics [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\GetRightToGo [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Google [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Identities [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Macromedia [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Malwarebytes [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Microsoft 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Mozilla [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Nero [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Oracle [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\PhotoFiltre Studio X [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Sun [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Thunderbird [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\WinRAR [0] 0 ( )
C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\xrecode2 [0] 0 ( )
C:\Arquivos de programas\7-Zip [0] 0 ( )
C:\Arquivos de programas\AA Antimalware [0] 0 ( )
C:\Arquivos de programas\AddLyrics [0] 0 ( )
C:\Arquivos de programas\Adobe [0] 0 ( )
C:\Arquivos de programas\Alwil Software [0] 0 ( )
C:\Arquivos de programas\Arquivos comuns [0] 0 ( )
C:\Arquivos de programas\AvRack [0] 0 ( )
C:\Arquivos de programas\BrOffice.org 3 [0] 0 ( )
C:\Arquivos de programas\Canon [0] 0 ( )
C:\Arquivos de programas\CCleaner [0] 0 ( )
C:\Arquivos de programas\ComPlus Applications [0] 0 ( )
C:\Arquivos de programas\Diagnóstico BB.log [A] 3 KB( 0)
C:\Arquivos de programas\DIFX [0] 0 ( )
C:\Arquivos de programas\FreeTime [0] 0 ( )
C:\Arquivos de programas\GbPlugin [0] 0 ( )
C:\Arquivos de programas\Google [0] 0 ( )
C:\Arquivos de programas\HP [0] 0 ( )
C:\Arquivos de programas\InstallShield Installation Information [H] 0( 0)
C:\Arquivos de programas\Internet Explorer [0] 0 ( )
C:\Arquivos de programas\Java [0] 0 ( )
C:\Arquivos de programas\Malwarebytes' Anti-Malware [0] 0 ( )
C:\Arquivos de programas\microsoft frontpage [0] 0 ( )
C:\Arquivos de programas\Microsoft Office [0] 0 ( )
C:\Arquivos de programas\Microsoft Visual Studio [0] 0 ( )
C:\Arquivos de programas\Microsoft Works [0] 0 ( )
C:\Arquivos de programas\Movie Maker [0] 0 ( )
C:\Arquivos de programas\Mozilla Firefox [0] 0 ( )
C:\Arquivos de programas\MSN Gaming Zone [0] 0 ( )
C:\Arquivos de programas\Nero [0] 0 ( )
C:\Arquivos de programas\NetMeeting [0] 0 ( )
C:\Arquivos de programas\Oracle [0] 0 ( )
C:\Arquivos de programas\Outlook Express [0] 0 ( )
C:\Arquivos de programas\PDFCreator [0] 0 ( )
C:\Arquivos de programas\Photo! [0] 0 ( )
C:\Arquivos de programas\PhotoFiltre Studio X [0] 0 ( )
C:\Arquivos de programas\Realtek AC97 [0] 0 ( )
C:\Arquivos de programas\Realtek Sound Manager [0] 0 ( )
C:\Arquivos de programas\S3 [0] 0 ( )
C:\Arquivos de programas\Serviços on-line [0] 0 ( )
C:\Arquivos de programas\Uninstall Information [H] 0( 0)
C:\Arquivos de programas\v9Soft [0] 0 ( )
C:\Arquivos de programas\VIA [0] 0 ( )
C:\Arquivos de programas\Windows Defender [0] 0 ( )
C:\Arquivos de programas\Windows Media Connect 2 [0] 0 ( )
C:\Arquivos de programas\Windows Media Player [0] 0 ( )
C:\Arquivos de programas\Windows NT [0] 0 ( )
C:\Arquivos de programas\WindowsUpdate [H] 0( 0)
C:\Arquivos de programas\WinRAR [0] 0 ( )
C:\Arquivos de programas\WinXMedia [0] 0 ( )
C:\Arquivos de programas\wllogin_32.msi [A] 4.546 KB( 0)
C:\Arquivos de programas\xerox [0] 0 ( )
C:\Arquivos de programas\ZHPDiag [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini [HSA] 1 KB 0
C:\Documents and Settings\All Users\Dados de aplicativos\gas [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\Google [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\hpzinstall.log [A] 2 KB 0
C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft 0 0
C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\Nero [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\Pianosoft [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\Sun [0] 0 ( )
C:\Documents and Settings\All Users\Dados de aplicativos\TEMP [A] 0 0
C:\Documents and Settings\All Users\Dados de aplicativos\Windows Genuine Advantage [0] 0 ( )

==================== EOF ==================

 

 

 

----------------------------------------xx----------------------------------------

 

Rapport de ZHPFix 1.3.13 par Nicolas Coolman, Update du 26/01/2013
Fichier d'export Registre :
Run by f002733 at 05/02/2013 14:18:30
Windows XP Professional Service Pack 3 (Build 2600)

 

========== Registry Key ==========
DELETED Key: HKLM\Software\Adware Away

========== Registry Value ==========
DELETED AAKE KeyValue: C:\Arquivos de programas\PDFConverterSetup.exe
DELETED [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe
DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe
DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe
DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe
DELETED FirewallRaz (DP) : C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe
DELETED FirewallRaz (DP) : C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe
DELETED FirewallRaz (DP) : C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe
No Value in Firewall Exception Register Key (FirewallRaz)

========== Repertory ==========
DELETED Folder: c:\documents and settings\f002733.funpec.br\configurações locais\dados de aplicativos\conduit
DELETED Window Temporary:
DELETED Flash Cookies:

========== File ==========
DELETED c:\hijackthis.log
NOT FOUND File: c:\arquivos de programas\pdfconvertersetup.exe
DELETED Window Temporary:
DELETED Flash Cookies:

========== Restoration ==========
Restore System Point created succefully

========== Summary ==========
1 : Registry Key
19 : Registry Value
3 : Repertory
4 : File
1 : Restoration

End of clean in 02mn 19s

========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 05/02/2013 14:18:30 [2110]

[DigRam 144]

Boa Tarde! Edvan

 

|- Baixe: < http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe'> > ( ... par tigzy )

|- Salve-o no desktop!
|- Feche aplicativos que estejam abertos!
|- Execute RogueKiller.exe e aceite a Eula.

http://imgbox.com/achBCZtJ'>

|- Ps: Para Windows Vista ou 7,execute RogueKiller.exe como administrador.
|- Aguarde a finalização de seu Pre-scan.



|- Dê início ao diagnóstico,clicando no botão "Verificar".
|- Exemplo: Mode: Verificar -- Date: mm/dd/2013 00:52:24
|- Poste o relatório: RKreport[1].txt

A+

[Edvan 30]

RogueKiller V8.4.4 [Feb 5 2013] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Site : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Iniciado em : Modo Normal
Usuario : f002733 [Privilegios de Admnistrador]
Modo : Verificar -- Data : 02/05/2013 17:07:58
| ARK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Carregado] ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SV4002H +++++
--- User ---
[MBR] 8a67571b555d98013aadd1db2273e8fa
[bSP] e77f27b3bd0ae014e542d5dec684938e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38193 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Concluido : << RKreport[1]_S_02052013_02d1707.txt >>
RKreport[1]_S_02052013_02d1707.txt

[DigRam 144]

Boa Noite! Edvan

|- Tudo Ok,onde o único Fix com RogueKiller,pode ser efetuado indo em Atalhos,em sua guia correspondente.

-/-

|- Baixe: |http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/9-delfix'>DelFix| ( ... de Xplode )



|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.



|- Com a checkbox marcada! ( Remove disinfection tools )
|- Clique "Run".
|- Seus logs estão limpos!
|- Bom trabalho!

Abs!

[Edvan 30]

- Tudo Ok,onde o único Fix com RogueKiller,pode ser efetuado indo em Atalhos,em sua guia correspondente

 

 

DigRam, quando rodei o RogueKiller me precipitei e cliquei em delete, algum problema ? :upset:

 

P.S<> Se nao me falha a memoria apareceu a mensagem arquivo ou ficheiro substituído!

[DigRam 144]

DigRam, quando rodei o RogueKiller me precipitei e cliquei em delete, algum problema ? :upset:

 

P.S<> Se nao me falha a memoria apareceu a mensagem arquivo ou ficheiro substituído!

Olá! Edvan

 

|- Sem problemas,onde a entrada ao registro poderia ser substituída. O amigo Sam Spade,costuma preservá-la e a maoria dos analistas optam pelo replace.

|- Pode executar o DelFix. :bye:

 

A+

[Edvan 30]

Amanha postarei, pq a maquina esta na empresa.

Valeu amigão!

[DigRam 144]

Amanha postarei, pq a maquina esta na empresa.

Valeu amigão!

 

Ok! Edvan

 

######

C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\BabylonToolbar

 

C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\PriceGong

 

C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\facemoods.com

 

C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\Funmoods

######

 

|- Verifique,manualmente,se as pastas em destaque,permanecem.

|- Constatando esses diretórios,pode deletá-los!

 

A+

[Edvan 30]

Só achei esse aqui:

 

C:\Documents and Settings\f002733.FUNPEC.BR\Dados de aplicativos\BabylonToolbar

 

Pode fechar o tópico, valeu pela ajuda. :lock:

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.