Annluciap 0 Denunciar post Postado Novembro 18, 2013 Pessoal, acredito que o meu micro esteja super infectado e antivirus não detectou. O fato de não poder instalar o 3G me leva a suspeita de trojans e cia. Agradeço muito se alguém poder me ajudar. Segue log do hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:58:55, on 16/11/2013 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v10.0 (10.00.9200.16720) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Comodo\COMODO Internet Security\cistray.exe C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Oi\Oi3G\GSMCliEjector.exe C:\Program Files\Comodo\COMODO Internet Security\cis.exe C:\Program Files\Mobile Partner\Mobile Partner.exe C:\Program Files\Comodo\Dragon\dragon.exe H:\aplicativos\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: (no name) - {742E70CF-7770-412d-86CB-230B322E807C} - (no file) O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Advanced System Protector] "C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe" autolaunch O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [GSMEjector] C:\Program Files\Oi\Oi3G\GSMCliEjector.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\ivansc\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Facebook Update] "C:\Users\ivansc\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA') O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O4 - Global Startup: Start GeekBuddy.lnk = C:\Program Files\Comodo\GeekBuddy\launcher.exe O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O15 - Trusted Zone: http://www.bancoreal.com.br O15 - Trusted Zone: http://www.bancosantander.com.br O15 - Trusted Zone: http://www.santander.com.br O15 - Trusted Zone: http://www.santanderempresarial.com.br O17 - HKLM\System\CCS\Services\Tcpip\..\{636DC042-231E-4F43-BF9C-E1FBCF839E9C}: NameServer = 156.154.70.22,156.154.71.22 O17 - HKLM\System\CCS\Services\Tcpip\..\{CA95268E-BF4F-4D72-B323-F99D16D8F026}: NameServer = 156.154.70.22,156.154.71.22 O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginAbn - C:\Program Files\GbPlugin\gbiehAbn.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions, Inc. - C:\Program Files\Common Files\COMODO\launcher_service.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: GeekBuddyRSP Server (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe O23 - Service: GSM Ejector Service (GSMEjector) - Unknown owner - C:\Windows\system32\GSMSrvEjector.exe O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\Windows\system32\Drivers\ldlcserv.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Função de Rastreio IBM (TrcBoot) - IBM Corporation - C:\Windows\system32\Drivers\trcboot.exe -- End of file - 10587 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 18, 2013 Bom Dia! AnnluciapDesinstale: C:\Program Files\Advanced System Protector <<-/-|- Baixe: < > ( ... par Xplode )|- Ao acessar,clique na imagem: < >|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".|- Salve-o no desktop!|- Clique direito em adwcleaner.exe,e escolha sua execução como |- Ps: Dê início à ferramenta,clicando em "Scan".|- Ao concluir,clique "Clean" >> Clique "Report".|- Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >-/-|- Baixe: < ZHPDiag2.exe > < > ( ... de Nicolas Coolman )|- Salve-o no disco local! ( C ou D )|- Execute o ícone do pergaminho. ( ZHPDiag )|- Clique: "CONFIGURE"|- Clique: "Options" >> "All" >> OK|- Clique: "CONFIGURE" >> "Full Analysis"|- Aguarde a conclusão!|- Caso ocorra travamentos e não possa obter o log,aborte a verificação completa e faça a customizada.|- Volte a janela principal da ferramenta.|- Clique "SEARCH" ou "Pesquisar" e aguarde a conclusão!|- Ou clique "Options" >> "None".|- Marque,apenas,a opção "Additional Scan (O88)".~ Unselected Option:O1,039,O40,O41,O42,O43,O44,O45,O46,O47,O48,O49,O50,O51,O52,O53,O54,O55,O56,O57,O58,O59,O60,O61,O62,O63,O64,O65,O66,O67,O68,O69,O80,O81,O82,O83,O84,O85,O86,O87,O89,O90,O91,O92####|- Desta forma,estas opções serão desabilitadas!|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )|- Ps: Se o log for extenso,envie-o à Pjjoint.malekal.|- Ou acesse: < >|- Maiores informações: < |Link| >A+ Compartilhar este post Link para o post Compartilhar em outros sites
Annluciap 0 Denunciar post Postado Novembro 19, 2013 Olá DigRam, só consegui instalar e passar o AdwCleaner, segue log abaixo. Já o ZHPDiag2 tentei passar mais travou muito e mesmo na opção customizada ele parou em 62% e ficou por aí, não continuou. Por isso não postei o log. Obrigada. # AdwCleaner v3.012 - Relatório criado 18/11/2013 às 19:40:05 # Atualizado 11/11/2013 por Xplode # Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits) # Usuário : CASA - CASA-PC # Executando de : C:\Users\CASA\Desktop\Ferramentas Imasters 18_11\adwcleaner.exe # Opção : Limpar ***** [ Serviços ] ***** ***** [ Arquivos / Pastas ] ***** Pasta Deletada : C:\ProgramData\boost_interprocess Pasta Deletada : C:\Users\ivansc\AppData\Roaming\Systweak Arquivo Deletada : C:\Windows\system32\roboot.exe Arquivo Deletada : C:\Users\CASA\AppData\Roaming\Mozilla\Firefox\Profiles\zlfh9hxz.default\searchplugins\bingp.xml ***** [ Atalhos ] ***** Atalho Desinfectada : C:\Users\CASA\Desktop\backup\Users\ivansc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Atalho Desinfectada : C:\Users\CASA\Desktop\backup\Users\ivansc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Atalho Desinfectada : C:\Users\CASA\Desktop\backup\Users\ivansc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Atalho Desinfectada : C:\Users\CASA\Desktop\backup\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk Atalho Desinfectada : C:\Users\CASA\Desktop\backup\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Atalho Desinfectada : C:\Users\CASA\Desktop\backup\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Atalho Desinfectada : C:\Users\CASA\Desktop\backup\Users\Administrador\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk Atalho Desinfectada : C:\Users\CASA\Desktop\backup\Users\Administrador\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Atalho Desinfectada : C:\Users\CASA\Desktop\backup\Users\Administrador\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk Atalho Desinfectada : C:\Users\CASA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Atalho Desinfectada : C:\Users\CASA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Atalho Desinfectada : C:\Users\CASA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ***** [ Registro ] ***** Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32 Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_samsung-new-pc-studio_RASAPI32 Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_samsung-new-pc-studio_RASMANCS Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command Chave Deletedo : HKCU\Software\APN PIP Chave Deletedo : HKCU\Software\PIP Chave Deletedo : HKCU\Software\Softonic Chave Deletedo : HKCU\Software\systweak Chave Deletedo : HKLM\Software\PIP Chave Deletedo : HKLM\Software\systweak ***** [ Navegadores ] ***** -\\ Internet Explorer v10.0.9200.16720 -\\ Mozilla Firefox v24.0 (pt-BR) [ Arquivo : C:\Users\CASA\AppData\Roaming\Mozilla\Firefox\Profiles\zlfh9hxz.default\prefs.js ] Linha deletada : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...] Linha deletada : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*"); Linha deletada : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}"); [ Arquivo : C:\Users\ivansc\AppData\Roaming\Mozilla\Firefox\Profiles\a2hwtg1t.default\prefs.js ] Linha deletada : user_pref("extensions.leechblock.blockRE3", "^(hxxps?|file):\\/+((www\\.)?minhaclaro\\.claro\\.com\\.br)"); Linha deletada : user_pref("extensions.leechblock.sites3", "minhaclaro.claro.com.br"); Linha deletada : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...] Linha deletada : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*"); [ Arquivo : C:\Users\Ana\AppData\Roaming\Mozilla\Firefox\Profiles\bcgraxk8.default\prefs.js ] -\\ Google Chrome v [ Arquivo : C:\Users\CASA\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ Arquivo : C:\Users\ivansc\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [6518 octets] - [18/11/2013 19:35:15] AdwCleaner[s0].txt - [5689 octets] - [18/11/2013 19:40:05] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5749 octets] ########## Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 19, 2013 Boa Tarde! Annluciap só consegui instalar e passar o AdwCleaner, segue log abaixo. Já o ZHPDiag2 tentei passar mais travou muito e mesmo na opção customizada ele parou em 62% e ficou por aí, não continuou. Por isso não postei o log. |- Ok! Ficará então como última ferramenta de diagnóstico e Fix por script.-/-|- Baixe: < RogueKiller > ( ... par tigzy ) ( 32 bits version )|- Ou: < > ( ... par tigzy ) ( 64 bits version )|- Salve-o no desktop! |- Feche aplicativos que estejam abertos!|- Execute RogueKiller.exe e aceite a Eula.|- Aguarde a finalização de seu Pre-scan.|- Dê início ao diagnóstico,clicando no botão "Verificar".|- Exemplo: Mode: Verificar -- Date: mm/dd/2013 00:52:24|- Poste o relatório: RKreport[1].txt-/-|- Baixe: < > ( ... by Farbar )|- Baixe: < Farbar Recovery Scan Tool > ( ... by Farbar )|- Ou aqui...< Farbar Recovery Scan Tool 64-Bits > ( ... by Farbar )|- Ou aqui,para sistemas 64bits!|- Salve-o no desktop! (Área de trabalho ...)|- Execute a ferramenta! Clique "Yes" >> "Scan".|- Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.|- Em "Optional Scan",deixe marcada a checkbox "Addition.txt".|- Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.|- Poste os relatórios! (FRST.txt + Addition.txt)|- Ps: Se os logs forem extensos,envie-os à Pjjoint.malekal.|- Ou acesse: < >|- Maiores informações: < |Link| >A+ Compartilhar este post Link para o post Compartilhar em outros sites
Annluciap 0 Denunciar post Postado Novembro 20, 2013 Olá Dig Ram, consegui instalar e passar o RogueKiller mas não gerou o log. A minha dúvida é se após o scan clico em deletar as entradas que apareceram, por exemplo, de registro e aí o log será gerado??? O que eu consegui foi o log abaixo: ¤¤¤ Verificaçao do MBR: ¤¤¤+++++ PhysicalDrive0: +++++--- User ---[MBR] 43477fe328803daab256d6267f225411[bSP] 0a5b12eacb6bad53da6be9f10bfb1393 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo33 c0 8e d0 bc 00 7c 8e c0 8e d8 be 00 7c bf 00 06 b9 00 02 fc f3 a4 50 68 1c 06 cb fb b9 04 00 bd be 07 80 7e 00 00 7c 0b 0f 85 0e 01 83 c5 10 e2 f1 cd 18 88 56 00 55 c6 46 11 05 c6 46 10 00 b4 41 bb aa 55 cd 13 5d 72 0f 81 fb 55 aa 75 09 f7 c1 01 00 74 03 fe 46 10 66 60 80 7e 10 00 74 26 66 68 00 00 00 00 66 ff 76 08 68 00 00 68 00 7c 68 01 00 68 10 00 b4 42 8a 56 00 8b f4 cd 13 9f 83 c4 10 9e eb 14 b8 01 02 bb 00 7c 8a 56 00 8a 76 01 8a 4e 02 8a 6e 03 cd 13 66 61 73 1c fe 4e 11 75 0c 80 7e 00 80 0f 84 8a 00 b2 80 eb 84 55 32 e4 8a 56 00 cd 13 5d eb 9e 81 3e fe 7d 55 aa 75 6e ff 76 00 e8 8d 00 75 17 fa b0 d1 e6 64 e8 83 00 b0 df e6 60 e8 7c 00 b0 ff e6 64 e8 75 00 fb b8 00 bb cd 1a 66 23 c0 75 3b 66 81 fb 54 43 50 41 75 32 81 f9 02 01 72 2c 66 68 07 bb 00 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 53 66 55 66 68 00 00 00 00 66 68 00 7c 00 00 66 61 68 00 00 07 cd 1a 5a 32 f6 ea 00 7c 00 00 cd 18 a0 b7 07 eb 08 a0 b6 07 eb 03 a0 b5 07 32 e4 05 00 07 8b f0 ac 3c 00 74 09 bb 07 00 b4 0e cd 10 eb f2 f4 eb fd 2b c9 e4 64 eb 00 24 02 e0 f8 24 02 c3 49 6e 76 61 6c 69 64 20 70 61 72 74 69 74 69 6f 6e 20 74 61 62 6c 65 00 45 72 72 6f 72 20 6c 6f 61 64 69 6e 67 20 6f 70 65 72 61 74 69 6e 67 20 73 79 73 74 65 6d 00 4d 69 73 73 69 6e 67 20 6f 70 65 72 61 74 69 6e 67 20 73 79 73 74 65 6d 00 00 00 63 7b 9a ad b4 93 cb 00 00 3.....|......|.........Ph...........~..|.............V.U.F...F...A..U..]r...U.u.....t..F.f`.~..t&fh....f.v.h..h.|h..h...B.V.................|.V..v..N..n...fas..N.u..~..........U2..V...]...>.}U.un.v....u.....d......`.|....d.u.......f#.u;f..TCPAu2....r,fh....fh....fh....fSfSfUfh....fh.|..fah.....Z2...|.................2.......<.t.............+..d..$...$..Invalid partition table.Error loading operating system.Missing operating system...c{.......Error reading LL1 MBR!Error reading LL2 MBR!+++++ PhysicalDrive1: +++++--- User ---[MBR] 9e9c5a3a629f31cf643dae0e81eacab9[bSP] b6e972bd81a597e74c7c7c07b40a8eeb : MBR Code unknownPartition table:0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1936028272 | Size: 904228 Mo1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1330184192 | Size: 263172 Mo2 - [XXXXXX] DISKMNG (0x53) [VISIBLE] Offset (sectors): 538989391 | Size: 682794 Mo3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1394627663 | Size: 10 Moeb 58 90 4d 53 57 49 4e 34 2e 31 00 02 08 a0 08 02 00 00 00 00 f8 00 00 20 00 10 00 80 1f 00 00 80 20 ef 00 b0 3b 00 00 00 00 00 00 02 00 00 00 01 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 29 24 7b 3b ae 4b 49 4e 47 53 54 4f 4e 20 20 20 46 41 54 33 32 20 20 20 fa 33 c9 8e d1 bc f8 7b 8e c1 bd 78 00 c5 76 00 1e 56 16 55 bf 22 05 89 7e 00 89 4e 02 b1 0b fc f3 a4 8e d9 bd 00 7c c6 45 fe 0f 8b 46 18 88 45 f9 38 4e 40 7d 25 8b c1 99 bb 00 07 e8 97 00 72 1a 83 eb 3a 66 a1 1c 7c 66 3b 07 8a 57 fc 75 06 80 ca 02 88 56 02 80 c3 10 73 ed bf 02 00 83 7e 16 00 75 45 8b 46 1c 8b 56 1e b9 03 00 49 40 75 01 42 bb 00 7e e8 5f 00 73 26 b0 f8 4f 74 1d 8b 46 32 33 d2 b9 03 00 3b c8 77 1e 8b 76 0e 3b ce 73 17 2b f1 03 46 1c 13 56 1e eb d1 73 0b eb 27 83 7e 2a 00 77 03 e9 fd 02 be 7e 7d ac 98 03 f0 ac 84 c0 74 17 3c ff 74 09 b4 0e bb 07 00 cd 10 eb ee be 81 7d eb e5 be 7f 7d eb e0 98 cd 16 5e 1f 66 8f 04 cd 19 41 56 66 6a 00 52 50 06 53 6a 01 6a 10 8b f4 60 80 7e 02 0e 75 04 b4 42 eb 1d 91 92 33 d2 f7 76 18 91 f7 76 18 42 87 ca f7 76 1a 8a f2 8a e8 c0 cc 02 0a cc b8 01 02 8a 56 40 cd 13 61 8d 64 10 5e 72 0a 40 75 01 42 03 5e 0b 49 75 b4 c3 03 18 01 27 0d 0a 49 6e 76 61 6c 69 64 20 73 79 73 74 65 6d 20 64 69 73 6b ff 0d 0a 44 69 73 6b 20 49 2f 4f 20 65 72 72 6f 72 ff 0d 0a 52 65 70 6c 61 63 65 20 74 68 65 20 64 69 73 6b 2c 20 61 .X.MSWIN4.1............. ........ ...;............................)${;.KINGSTON FAT32 .3.....{...x..v..V.U."..~..N..........|.E...F..E.8N@}%.........r...:f..|f;..W.u.....V....s.....~..uE.F..V....I@u.B..~._.s&..Ot..F23....;.w..v.;.s.+..F..V...s..'.~*.w.....~}.......t.<.t............}...}.....^.f....AVfj.RP.Sj.j...`.~..u..B....3..v...v.B...v..............V@..a.d.^r.@u.B.^.Iu.....'..Invalid system disk...Disk I/O error...Replace the disk, aError reading LL1 MBR!Error reading LL2 MBR! Quanto ao Farbar Recovery Scan Tool, também passei mas não foram gerados os logs. Apareceu a mensagem "O computador não pode localizar o arquivo tal, deseja salvar o arquivo", cliquei em Sim e não salvou o log no bloco de notas. Obrigada de novo. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 20, 2013 Boa Tarde! Annluciap|- Localize o log da ferramenta FRST,indo a sua pasta que foi estabelecida: C:\FRST\Logs <<|- Ao abrir a pasta Logs,vc encontrará 2 relatórios: Addition.txt e FRST_dia-mês-2013_xx-yy-zz.txt|- Caso os encontre,pode postá-los!Abs! Compartilhar este post Link para o post Compartilhar em outros sites
Annluciap 0 Denunciar post Postado Novembro 20, 2013 Ok!! Encontrei a pasta, mas ela está vazia. Obrigada. Abs. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 20, 2013 Boa Tarde! Annluciap |- Repita o scan com a ferramenta FRST e verifique se gera relatório(s)! A+ Compartilhar este post Link para o post Compartilhar em outros sites
Annluciap 0 Denunciar post Postado Novembro 21, 2013 Bom dia, DigRam!!! Seguem logs do FRST. Obrigada. Abraços. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2013 Ran by CASA (administrator) on CASA-PC on 20-11-2013 19:15:04 Running from H:\Aplicativos Seguranca\Ferramentas Imasters 19_11 Windows 7 Ultimate Service Pack 1 (X86) OS Language: Portuguese Brazilian Internet Explorer Version 10 Boot Mode: Normal ==================== Could not list processes =============== ==================== Registry (Whitelisted) ================== HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\Comodo\COMODO Internet Security\cistray.exe [1576152 2013-10-19] (COMODO) HKLM\...\Run: [tvncontrol] - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-10-11] (Comodo Security Solutions, Inc.) HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [GSMEjector] - C:\Program Files\Oi\Oi3G\GSMCliEjector.exe [441856 2010-10-01] (Lightcomm) Winlogon\Notify\ GbPluginAbn: C:\Program Files\GbPlugin\gbiehabn.dll (Banco Real) Winlogon\Notify\atmgrtok: C:\Program Files\IBM\Personal Communications\\atmgrtok.dll (IBM Corporation) Winlogon\Notify\pcsinst: C:\Windows\system32\pcsinst.dll (IBM) HKCU\...\Run: [AutoStartNPSAgent] - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.) HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.) HKCU\...\Run: [Google Update] - C:\Users\CASA\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-16] (Google Inc.) MountPoints2: G - G:\Autorun.exe MountPoints2: {2a401c3e-7e9c-11e1-907a-00248cd00264} - F:\AutoRun.exe MountPoints2: {2a401c44-7e9c-11e1-907a-00248cd00264} - F:\AutoRun.exe MountPoints2: {46a74cb5-4e31-11e3-bfbf-00248cd00264} - E:\AutoRun.exe MountPoints2: {bb58896e-4d54-11e3-8142-00248cd00264} - E:\AutoRun.exe MountPoints2: {bb588973-4d54-11e3-8142-00248cd00264} - E:\AutoRun.exe MountPoints2: {eb2072fb-84dc-11e2-8d05-00158307c667} - E:\AutoRun.exe Startup: C:\Users\CASA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk ShortcutTarget: PalTalk.lnk -> C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netvibes.com/ SearchScopes: HKLM - DefaultScope value is missing. BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll (Banco Real) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {742E70CF-7770-412d-86CB-230B322E807C} - No File Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehabn.dll [621808 2012-03-29] (Banco Real) Tcpip\..\Interfaces\{636DC042-231E-4F43-BF9C-E1FBCF839E9C}: [NameServer]156.154.70.22,156.154.71.22 Tcpip\..\Interfaces\{CA95268E-BF4F-4D72-B323-F99D16D8F026}: [NameServer]156.154.70.22,156.154.71.22 FireFox: ======== FF ProfilePath: C:\Users\CASA\AppData\Roaming\Mozilla\Firefox\Profiles\zlfh9hxz.default FF DefaultSearchEngine: Pesquisa Segura FF SearchEngineOrder.1: Pesquisa Segura FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Pesquisa Segura FF Homepage: hxxp://br.msn.com/?pc=UP30&ocid=univskyhp FF Keyword.URL: hxxp://br.search.yahoo.com/search?fr=mcafee&p= FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @mcafee.com/SAFFPlugin - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\CASA\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\CASA\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\CASA\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-br.xml FF Extension: Cooliris - C:\Users\CASA\AppData\Roaming\Mozilla\Firefox\Profiles\zlfh9hxz.default\Extensions\piclens@cooliris.com FF Extension: leechblock - C:\Users\CASA\AppData\Roaming\Mozilla\Firefox\Profiles\zlfh9hxz.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi FF Extension: Adblock Plus - C:\Users\CASA\AppData\Roaming\Mozilla\Firefox\Profiles\zlfh9hxz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: () - C:\Users\CASA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0 CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\CASA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0 CHR Extension: (Gmail) - C:\Users\CASA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM\...\Chrome\Extension: [bpeeepmahhfjiediknjejcmcfmjcjdck] - C:\Users\CASA\AppData\Local\Google\Chrome\User Data\Default\Extensions\serach.crx CHR HKLM\...\Chrome\Extension: [dkdkpmmkgdbglmfmmmmehbkmnkopingb] - C:\Users\CASA\AppData\Local\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70352 2013-10-11] (Comodo Security Solutions, Inc.) R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4832192 2013-10-19] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [131288 2013-09-24] (COMODO) R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2104968 2013-10-09] () R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) R2 GbpSv; C:\Program Files\GbPlugin\GbpSv.exe [204232 2012-03-29] ( ) R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-10-11] (Comodo Security Solutions, Inc.) S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] () S2 ldlcserv; C:\Windows\system32\Drivers\ldlcserv.exe [28672 2003-08-11] (IBM Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [103112 2013-10-02] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.) R2 TrcBoot; C:\Windows\system32\Drivers\trcboot.exe [28672 2003-08-11] (IBM Corporation) ==================== Drivers (Whitelisted) ==================== S3 Anydlc; C:\Windows\System32\drivers\anydlc.sys [38236 2003-08-11] (IBM Corporation) S3 Appn; C:\Windows\System32\drivers\appn.sys [1278912 2003-08-11] (IBM Corporation) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-27] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-27] () R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2013-05-07] (Windows ® Win 7 DDK provider) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2013-09-24] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [582936 2013-09-24] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [44752 2013-09-24] (COMODO) R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2013-06-23] (Eugene V. Muzychenko) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [47816 2012-03-29] (GAS Tecnologia) R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [15400 2013-10-07] () R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [85464 2013-09-24] (COMODO) R3 KLOGNT; C:\Windows\System32\drivers\klognt.sys [24588 2003-08-11] (IBM Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R2 NsTrcNT; C:\Windows\System32\drivers\nstrcnt.sys [12028 2003-08-11] (IBM Corporation) S3 pdlnacom; C:\Windows\System32\drivers\pdlnacom.sys [74992 2003-08-11] (IBM Corporation) S3 pdlnafac; C:\Windows\System32\drivers\pdlnafac.sys [36048 2003-08-11] (IBM Corporation) S3 pdlnatcm; C:\Windows\System32\drivers\pdlnatcm.sys [20480 2003-08-11] (IBM Corporation) S3 pdlnatdl; C:\Windows\System32\drivers\pdlnatdl.sys [18432 2003-08-11] (IBM Corporation) S3 pdlncbas; C:\Windows\System32\drivers\pdlncbas.sys [6784 2003-08-11] (IBM Corporation) S3 pdlncfwk; C:\Windows\System32\drivers\pdlncfwk.sys [160288 2003-08-11] (IBM Corporation) S2 pdlnctdl; C:\Windows\System32\drivers\pdlnctdl.sys [12288 2003-08-11] (IBM Corporation) S3 pdlndint; C:\Windows\System32\drivers\pdlndint.sys [12800 2003-08-11] (IBM Corporation) S2 pdlndldl; C:\Windows\System32\drivers\pdlndldl.sys [59392 2003-08-11] (IBM Corporation) S3 pdlndlpb; C:\Windows\System32\drivers\pdlndlpb.sys [70144 2003-08-11] (IBM Corporation) S3 pdlndoem; C:\Windows\System32\drivers\pdlndoem.sys [18944 2003-08-11] (IBM Corporation) S3 pdlndqll; C:\Windows\System32\drivers\pdlndqll.sys [53248 2003-08-11] (IBM Corporation) S3 pdlndsdl; C:\Windows\System32\drivers\pdlndsdl.sys [67072 2003-08-11] (IBM Corporation) S3 pdlndtdl; C:\Windows\System32\drivers\pdlndtdl.sys [51712 2003-08-11] (IBM Corporation) R3 pdlnebas; C:\Windows\System32\drivers\pdlnebas.sys [8608 2003-08-11] (IBM Corporation) S3 pdlnecfg; C:\Windows\System32\drivers\pdlnecfg.sys [50336 2003-08-11] (IBM Corporation) S3 pdlnemap; C:\Windows\System32\drivers\pdlnemap.sys [67184 2003-08-11] (IBM Corporation) R3 pdlnemsg; C:\Windows\System32\drivers\pdlnemsg.sys [12768 2003-08-11] (IBM Corporation) S3 pdlnepkt; C:\Windows\System32\drivers\pdlnepkt.sys [19984 2003-08-11] (IBM Corporation) S3 pdlnshay; C:\Windows\System32\drivers\pdlnshay.sys [59504 2003-08-11] (IBM Corporation) S3 pdlnslea; C:\Windows\System32\drivers\pdlnslea.sys [22384 2003-08-11] (IBM Corporation) S3 pdlnsv25; C:\Windows\System32\drivers\pdlnsv25.sys [54416 2003-08-11] (IBM Corporation) S3 pdlnsx25; C:\Windows\System32\drivers\pdlnsx25.sys [58432 2003-08-11] (IBM Corporation) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-20 09:21 - 2013-11-20 09:21 - 00000000 ____D C:\FRST 2013-11-19 20:45 - 2013-11-20 15:24 - 00000000 ____D C:\Users\CASA\Desktop\RK_Quarantine 2013-11-19 20:23 - 2013-11-20 17:30 - 00000000 ____D C:\Users\ivansc\Desktop\Ferramentas Imasters 19_11 2013-11-19 20:23 - 2013-11-19 15:09 - 01090881 _____ (Farbar) C:\Users\CASA\Desktop\FRST.exe 2013-11-19 20:23 - 2013-11-19 14:18 - 03679744 _____ C:\Users\CASA\Desktop\RogueKiller.exe 2013-11-19 20:15 - 2013-11-19 12:17 - 21896408 _____ (Microsoft Corporation) C:\Users\ivansc\Desktop\Windows-KB890830-V5.6.exe 2013-11-19 20:15 - 2013-11-19 12:16 - 89388304 _____ (Microsoft Corporation) C:\Users\ivansc\Desktop\msert.exe 2013-11-18 19:47 - 2013-11-19 00:16 - 00000000 ____D C:\Users\CASA\AppData\Roaming\ZHP 2013-11-18 19:47 - 2013-11-18 19:47 - 00001937 _____ C:\Users\CASA\Desktop\ZHPFix.lnk 2013-11-18 19:47 - 2013-11-18 19:47 - 00001810 _____ C:\Users\CASA\Desktop\ZHPDiag.lnk 2013-11-18 19:47 - 2013-11-18 19:47 - 00000000 ____D C:\Program Files\ZHPDiag 2013-11-18 19:35 - 2013-11-20 15:31 - 00000000 ____D C:\AdwCleaner 2013-11-18 19:30 - 2013-11-20 15:30 - 00000000 ____D C:\Users\CASA\Desktop\Ferramentas Imasters 18_11 2013-11-18 19:30 - 2013-11-18 11:48 - 01085542 _____ C:\Users\CASA\Desktop\adwcleaner.exe 2013-11-18 19:25 - 2013-11-18 19:28 - 00000000 ____D C:\Users\ivansc\Desktop\Ferramentas Imasters 18_11 2013-11-17 23:07 - 2013-11-17 23:07 - 00026114 _____ C:\Users\CASA\Documents\log_advanced system.xml 2013-11-17 12:00 - 2013-11-19 19:46 - 00000280 _____ C:\Windows\setupact.log 2013-11-15 18:57 - 2013-11-15 18:57 - 00001041 _____ C:\Users\Public\Desktop\Mobile Partner.lnk 2013-11-15 18:57 - 2007-08-24 19:44 - 00101504 ____R (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys 2013-11-15 18:57 - 2007-08-24 19:44 - 00023424 ____R (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys 2013-11-15 16:13 - 2013-11-18 21:44 - 00000000 ____D C:\Users\Todos os Usuários\LightComm 2013-11-15 16:13 - 2013-11-18 21:44 - 00000000 ____D C:\ProgramData\LightComm 2013-11-15 16:13 - 2013-11-15 16:13 - 00000000 ____D C:\Program Files\Oi 2013-11-15 15:50 - 2013-11-15 15:50 - 00000996 _____ C:\Users\CASA\Documents\cc_20131115_155034.reg 2013-11-15 15:36 - 2013-11-15 15:36 - 00010318 _____ C:\Users\ivansc\Downloads\hijackthis.log 2013-11-15 13:52 - 2013-11-15 13:52 - 00000576 _____ C:\Windows\PFRO.log 2013-11-15 13:52 - 2013-11-15 13:52 - 00000000 _____ C:\Windows\setuperr.log 2013-11-14 21:11 - 2013-11-14 21:12 - 00048066 _____ C:\Users\CASA\Documents\cc_20131114_211155.reg 2013-11-14 17:54 - 2013-11-14 17:54 - 00001848 _____ C:\Users\ivansc\Documents\cc_20131114_175447.reg 2013-11-11 23:26 - 2013-09-22 16:13 - 48426234 _____ C:\Users\ivansc\Downloads\ns-331.mp4 2013-11-06 16:32 - 2013-11-06 16:33 - 00000000 ____D C:\Users\ivansc\AppData\Roaming\Notepad++ 2013-11-04 17:26 - 2013-11-04 17:26 - 00000000 ____D C:\Users\CASA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2013-11-04 17:25 - 2013-11-04 17:32 - 00000000 ____D C:\Users\CASA\AppData\Roaming\Notepad++ 2013-11-04 17:25 - 2013-11-04 17:26 - 00000000 ____D C:\Program Files\Notepad++ 2013-11-04 17:24 - 2013-11-04 17:25 - 00000000 ____D C:\Program Files\instalador 2013-10-26 22:36 - 2013-10-26 22:36 - 00000069 _____ C:\Windows\NeroDigital.ini 2013-10-26 22:34 - 2013-10-26 22:34 - 00000000 ____D C:\Users\CASA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger 2013-10-26 22:34 - 2013-10-26 22:34 - 00000000 ____D C:\Program Files\Paltalk Messenger 2013-10-26 22:31 - 2013-10-26 22:33 - 18760704 _____ (AVM Software Inc.) C:\Users\CASA\Downloads\pal_install_pt_r1310.exe 2013-10-26 22:10 - 2013-10-26 22:09 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-10-26 22:10 - 2013-10-26 22:09 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-10-26 22:10 - 2013-10-26 22:09 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-10-26 22:10 - 2013-10-26 22:09 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-10-26 22:09 - 2013-10-26 22:09 - 00000000 ____D C:\Program Files\Java 2013-10-26 22:02 - 2013-10-26 22:05 - 29040552 _____ (Oracle Corporation) C:\Users\CASA\Downloads\jre-7u45-windows-i586.exe 2013-10-25 16:13 - 2013-10-25 16:13 - 00050245 _____ C:\Users\ivansc\Downloads\131007_processo_seletivo.odt ==================== One Month Modified Files and Folders ======= 2013-11-20 19:12 - 2012-04-04 20:35 - 00000000 ____D C:\Users\CASA\AppData\Local\Microsoft Games 2013-11-20 19:06 - 2012-04-11 23:40 - 00001082 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2973570591-2451900162-4223128579-1001UA.job 2013-11-20 19:05 - 2012-04-12 21:43 - 00000139 _____ C:\Users\CASA\AppData\default.pls 2013-11-20 19:02 - 2009-07-14 02:34 - 00009904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-20 19:02 - 2009-07-14 02:34 - 00009904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-20 18:32 - 2012-04-04 23:57 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-20 18:16 - 2012-06-16 16:54 - 00001074 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2973570591-2451900162-4223128579-1000UA.job 2013-11-20 18:11 - 2012-04-04 13:00 - 01816087 _____ C:\Windows\WindowsUpdate.log 2013-11-20 17:56 - 2013-08-25 09:51 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2973570591-2451900162-4223128579-1001UA.job 2013-11-20 17:30 - 2013-11-19 20:23 - 00000000 ____D C:\Users\ivansc\Desktop\Ferramentas Imasters 19_11 2013-11-20 15:31 - 2013-11-18 19:35 - 00000000 ____D C:\AdwCleaner 2013-11-20 15:30 - 2013-11-18 19:30 - 00000000 ____D C:\Users\CASA\Desktop\Ferramentas Imasters 18_11 2013-11-20 15:24 - 2013-11-19 20:45 - 00000000 ____D C:\Users\CASA\Desktop\RK_Quarantine 2013-11-20 14:16 - 2012-06-16 16:54 - 00001022 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2973570591-2451900162-4223128579-1000Core.job 2013-11-20 09:35 - 2012-05-24 16:11 - 00000000 ____D C:\Users\CASA\AppData\Roaming\Skype 2013-11-20 09:21 - 2013-11-20 09:21 - 00000000 ____D C:\FRST 2013-11-20 08:56 - 2013-08-25 09:51 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2973570591-2451900162-4223128579-1001Core.job 2013-11-20 00:06 - 2012-04-11 23:40 - 00001030 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2973570591-2451900162-4223128579-1001Core.job 2013-11-19 20:58 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\tracing 2013-11-19 20:44 - 2012-12-10 17:56 - 00150016 _____ C:\Users\ivansc\Desktop\Despesas 2013-2014.xls 2013-11-19 19:46 - 2013-11-17 12:00 - 00000280 _____ C:\Windows\setupact.log 2013-11-19 19:46 - 2012-10-31 21:44 - 00029928 _____ C:\wts.dbg 2013-11-19 19:46 - 2012-06-05 14:39 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2013-11-19 19:46 - 2009-07-14 02:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-19 15:09 - 2013-11-19 20:23 - 01090881 _____ (Farbar) C:\Users\CASA\Desktop\FRST.exe 2013-11-19 14:18 - 2013-11-19 20:23 - 03679744 _____ C:\Users\CASA\Desktop\RogueKiller.exe 2013-11-19 12:17 - 2013-11-19 20:15 - 21896408 _____ (Microsoft Corporation) C:\Users\ivansc\Desktop\Windows-KB890830-V5.6.exe 2013-11-19 12:16 - 2013-11-19 20:15 - 89388304 _____ (Microsoft Corporation) C:\Users\ivansc\Desktop\msert.exe 2013-11-19 00:16 - 2013-11-18 19:47 - 00000000 ____D C:\Users\CASA\AppData\Roaming\ZHP 2013-11-18 21:44 - 2013-11-15 16:13 - 00000000 ____D C:\Users\Todos os Usuários\LightComm 2013-11-18 21:44 - 2013-11-15 16:13 - 00000000 ____D C:\ProgramData\LightComm 2013-11-18 19:47 - 2013-11-18 19:47 - 00001937 _____ C:\Users\CASA\Desktop\ZHPFix.lnk 2013-11-18 19:47 - 2013-11-18 19:47 - 00001810 _____ C:\Users\CASA\Desktop\ZHPDiag.lnk 2013-11-18 19:47 - 2013-11-18 19:47 - 00000000 ____D C:\Program Files\ZHPDiag 2013-11-18 19:28 - 2013-11-18 19:25 - 00000000 ____D C:\Users\ivansc\Desktop\Ferramentas Imasters 18_11 2013-11-18 11:48 - 2013-11-18 19:30 - 01085542 _____ C:\Users\CASA\Desktop\adwcleaner.exe 2013-11-18 11:19 - 2012-05-31 16:46 - 00000000 ____D C:\Users\ivansc\.VirtualBox 2013-11-17 23:07 - 2013-11-17 23:07 - 00026114 _____ C:\Users\CASA\Documents\log_advanced system.xml 2013-11-16 17:00 - 2012-04-04 13:07 - 01619882 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-16 17:00 - 2009-07-29 16:46 - 00705250 _____ C:\Windows\system32\prfh0416.dat 2013-11-16 17:00 - 2009-07-29 16:46 - 00140784 _____ C:\Windows\system32\prfc0416.dat 2013-11-15 18:57 - 2013-11-15 18:57 - 00001041 _____ C:\Users\Public\Desktop\Mobile Partner.lnk 2013-11-15 18:57 - 2012-04-04 19:23 - 00000000 ____D C:\Program Files\Mobile Partner 2013-11-15 16:13 - 2013-11-15 16:13 - 00000000 ____D C:\Program Files\Oi 2013-11-15 15:50 - 2013-11-15 15:50 - 00000996 _____ C:\Users\CASA\Documents\cc_20131115_155034.reg 2013-11-15 15:43 - 2013-06-23 17:55 - 00000000 ____D C:\Program Files\SpacialAudio 2013-11-15 15:36 - 2013-11-15 15:36 - 00010318 _____ C:\Users\ivansc\Downloads\hijackthis.log 2013-11-15 13:52 - 2013-11-15 13:52 - 00000576 _____ C:\Windows\PFRO.log 2013-11-15 13:52 - 2013-11-15 13:52 - 00000000 _____ C:\Windows\setuperr.log 2013-11-14 21:12 - 2013-11-14 21:11 - 00048066 _____ C:\Users\CASA\Documents\cc_20131114_211155.reg 2013-11-14 19:07 - 2013-07-20 19:13 - 00000000 ____D C:\Windows\Minidump 2013-11-14 19:07 - 2012-04-04 17:56 - 00000000 ____D C:\Windows\Panther 2013-11-14 17:54 - 2013-11-14 17:54 - 00001848 _____ C:\Users\ivansc\Documents\cc_20131114_175447.reg 2013-11-14 00:15 - 2012-05-30 00:22 - 00000142 _____ C:\Users\ivansc\AppData\default.pls 2013-11-12 18:18 - 2012-06-23 23:09 - 00000000 ____D C:\Users\ivansc\AppData\Roaming\TS3Client 2013-11-12 00:45 - 2012-04-23 23:02 - 00000000 ____D C:\Users\ivansc\Desktop\Ana 2013-11-07 15:50 - 2012-04-06 03:18 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-11-07 00:24 - 2013-06-03 21:58 - 04472302 _____ C:\Windows\system32\Drivers\fvstore.dat 2013-11-06 16:33 - 2013-11-06 16:32 - 00000000 ____D C:\Users\ivansc\AppData\Roaming\Notepad++ 2013-11-04 22:28 - 2012-05-23 22:20 - 00000000 ____D C:\Users\ivansc\AppData\Roaming\Skype 2013-11-04 17:32 - 2013-11-04 17:25 - 00000000 ____D C:\Users\CASA\AppData\Roaming\Notepad++ 2013-11-04 17:26 - 2013-11-04 17:26 - 00000000 ____D C:\Users\CASA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2013-11-04 17:26 - 2013-11-04 17:25 - 00000000 ____D C:\Program Files\Notepad++ 2013-11-04 17:25 - 2013-11-04 17:24 - 00000000 ____D C:\Program Files\instalador 2013-10-26 22:36 - 2013-10-26 22:36 - 00000069 _____ C:\Windows\NeroDigital.ini 2013-10-26 22:34 - 2013-10-26 22:34 - 00000000 ____D C:\Users\CASA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger 2013-10-26 22:34 - 2013-10-26 22:34 - 00000000 ____D C:\Program Files\Paltalk Messenger 2013-10-26 22:34 - 2012-08-24 21:46 - 00001941 _____ C:\Users\CASA\Desktop\Paltalk Messenger.lnk 2013-10-26 22:34 - 2012-08-24 21:46 - 00001212 _____ C:\Users\CASA\Desktop\Upgrade to Paltalk Extreme.lnk 2013-10-26 22:33 - 2013-10-26 22:31 - 18760704 _____ (AVM Software Inc.) C:\Users\CASA\Downloads\pal_install_pt_r1310.exe 2013-10-26 22:10 - 2013-09-21 13:28 - 00000000 ____D C:\Users\Todos os Usuários\Oracle 2013-10-26 22:10 - 2013-09-21 13:28 - 00000000 ____D C:\ProgramData\Oracle 2013-10-26 22:09 - 2013-10-26 22:10 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-10-26 22:09 - 2013-10-26 22:10 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-10-26 22:09 - 2013-10-26 22:10 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-10-26 22:09 - 2013-10-26 22:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-10-26 22:09 - 2013-10-26 22:09 - 00000000 ____D C:\Program Files\Java 2013-10-26 22:05 - 2013-10-26 22:02 - 29040552 _____ (Oracle Corporation) C:\Users\CASA\Downloads\jre-7u45-windows-i586.exe 2013-10-25 16:13 - 2013-10-25 16:13 - 00050245 _____ C:\Users\ivansc\Downloads\131007_processo_seletivo.odt 2013-10-24 22:07 - 2012-04-04 20:57 - 00000000 ____D C:\Users\ivansc\AppData\Roaming\Mozilla Files to move or delete: ==================== C:\Users\ivansc\jagex_runescape_preferences.dat C:\Users\ivansc\jagex_runescape_preferences2.dat Some content of TEMP: ==================== C:\Users\CASA\AppData\Local\Temp\DataCard_Setup.exe C:\Users\CASA\AppData\Local\Temp\ntdll_dump.dll C:\Users\CASA\AppData\Local\Temp\Quarantine.exe C:\Users\CASA\AppData\Local\Temp\ResetDevice.exe C:\Users\ivansc\AppData\Local\Temp\DataCard_Setup.exe C:\Users\ivansc\AppData\Local\Temp\ResetDevice.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-20 01:45 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-11-2013 Ran by CASA at 2013-11-20 19:15:27 Running from H:\Aplicativos Seguranca\Ferramentas Imasters 19_11 Boot Mode: Normal ========================================================== ==================== Security Center ======================== ==================== Installed Programs ====================== 7-Zip 9.20 Adobe Flash Player 11 ActiveX (Version: 11.9.900.117) Adobe Flash Player 11 Plugin (Version: 11.9.900.117) Adobe Reader XI (11.0.05) (Version: 11.0.05) Adobe Shockwave Player 12.0 (Version: 12.0.3.133) avast! Free Antivirus (Version: 8.0.1489.0) CCleaner (Version: 3.28) Comodo Dragon (Version: 29.1.0.0) COMODO Internet Security (Version: 6.0.2566.2708) ConvertHelper 2.2 D3DX10 (Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Facebook Video Calling 1.2.0.287 (Version: 1.2.287) Firebird 2.5.0.26074 (Win32) (Version: 2.5.0.26074) GeekBuddy (Version: 4.9.73) Google Chrome (HKCU Version: 28.0.1500.72) Google Talk Plugin (Version: 4.8.2.15856) HiJackThis (Version: 1.0.0) IBM Personal Communications (Version: 5.7.0000) Java 7 Update 45 (Version: 7.0.450) Java Auto Updater (Version: 2.1.9.8) McAfee Security Scan Plus (Version: 3.0.318.3) McAfee SiteAdvisor (Version: 3.6.549) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000) Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000) Microsoft Office Live Meeting 2007 (Version: 8.0.6362.202) Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft SQL Server 2012 Native Client (Version: 11.0.2100.60) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Web Platform Installer 4.6 (Version: 4.0.40719.0) Mobile Partner (Version: 11.002.03.07.150) Mozilla Firefox 19.0 (x86 en-US) (Version: 19.0) Mozilla Firefox 19.0.2 (x86 en-US) (HKCU Version: 19.0.2) Mozilla Firefox 24.0 (x86 pt-BR) (Version: 24.0) Mozilla Maintenance Service (Version: 24.0) MSI to redistribute MS VS2005 CRT libraries (Version: 8.0.50727.42) MSVCRT (Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Nero 8 Essentials (Version: 8.3.582) neroxml (Version: 1.0.0) Notepad++ (Version: 5.9) Oracle VM VirtualBox 4.1.16 (Version: 4.1.16) Paltalk Messenger 11.1 (Version: 11.1.0) PHP Manager 1.2 for IIS 7 (Version: 1.2.0) RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0) RealPlayer (Version: 15.0.6) RealUpgrade 1.1 (Version: 1.1.0) Samsung New PC Studio (Version: 1.00.0000) SAMSUNG USB Driver for Mobile Phones (Version: 1.3.650.0) Skype Click to Call (Version: 6.3.11079) Skype™ 6.9 (Version: 6.9.106) swMSM (Version: 12.0.0.1) Unity Web Player (HKCU Version: ) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0) VCRedistSetup (Version: 1.0.0) Virtual Audio Cable 4.10 wc3270 3.3.9ga12 Windows Azure Command Line Tools (Version: 0.7.2) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3555.0308) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Messenger (Version: 15.4.3538.0513) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Media Player Firefox Plugin (Version: 1.0.0.8) ZHPDiag 2013 (Version: 2013) ==================== Restore Points ========================= Could not list Restore Points. Check WMI. ==================== Hosts content: ========================== 2009-07-14 00:04 - 2012-04-25 19:14 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {02D4AC27-F934-4EFE-8CAA-9598E9C21E66} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2973570591-2451900162-4223128579-1001 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {260A54D3-7E9C-40FB-8E04-F2A0E10289FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated) Task: {30C4A561-FF8D-46DD-B493-BF9B12DD7710} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2973570591-2451900162-4223128579-1001Core => C:\Users\ivansc\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {3408496F-5409-4233-A5D7-ABF1A2327C2B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2973570591-2451900162-4223128579-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {4137A7CF-80E3-4ADB-9FBF-82C87364CC55} - System32\Tasks\{4F7CE29F-0E2C-49F7-8A94-7B758AEE00C2} => H:\Witch_hunt_meet_and_fuck_games_downloader_00099138.exe [2012-12-10] () Task: {559D4C70-F6CA-48A7-8532-6290E4978A66} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {626C1A0D-6314-45FF-AC3B-6EB99A145C56} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2973570591-2451900162-4223128579-1001 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {6DFFA61B-B798-47D0-9EFA-34854F0B9ACD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {89DCED36-D1C1-4EAC-AE5D-5EC411AE9563} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2973570591-2451900162-4223128579-1000Core => C:\Users\CASA\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16] (Google Inc.) Task: {9085675B-E199-459C-A7BC-813798ABAB01} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2973570591-2451900162-4223128579-1001UA => C:\Users\ivansc\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {94C95DE8-1EFD-4894-A759-490192657351} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\Comodo\COMODO Internet Security\cfpconfg.exe [2013-09-24] (COMODO) Task: {9510A15C-EE2C-4586-8120-3E2BC58A2CFB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2973570591-2451900162-4223128579-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {A3F6E3D6-682D-4ABB-9D6D-1F4AFABA0F59} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2973570591-2451900162-4223128579-1001UA => C:\Users\ivansc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04] (Google Inc.) Task: {CBE0F150-DC41-4218-AB0E-75FD7CB10D39} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd) Task: {E3585E9C-0949-4676-A91F-E8503434B8A7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2973570591-2451900162-4223128579-1000UA => C:\Users\CASA\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16] (Google Inc.) Task: {E890587D-4AAE-4372-BE3F-1D5DABF730F1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2973570591-2451900162-4223128579-1001Core => C:\Users\ivansc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04] (Google Inc.) Task: {EF6F3E0E-0EDB-4E14-A71F-B27F6706BA7E} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\Comodo\COMODO Internet Security\cis.exe [2013-10-19] (COMODO) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2973570591-2451900162-4223128579-1001Core.job => C:\Users\ivansc\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2973570591-2451900162-4223128579-1001UA.job => C:\Users\ivansc\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2973570591-2451900162-4223128579-1000Core.job => C:\Users\CASA\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2973570591-2451900162-4223128579-1000UA.job => C:\Users\CASA\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2973570591-2451900162-4223128579-1001Core.job => C:\Users\ivansc\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2973570591-2451900162-4223128579-1001UA.job => C:\Users\ivansc\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Windows\System32:7A13D731_Abn.gbp AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Could not list Devices. Check WMI. ==================== Event log errors: ========================= Application errors: ================== Error: (11/20/2013 05:56:33 PM) (Source: RasClient) (User: ) Description: CoId={22528888-68CB-4175-8EF7-9FFA6861753B}: o usuário CASA-PC\CASA discou uma conexão de nome CLARO que falhou. O código do erro retornado na falha é 680. Error: (11/19/2013 00:22:31 AM) (Source: RasClient) (User: ) Description: CoId={D14D271F-AD85-4A2D-9C5D-4CD92BB42B7C}: o usuário CASA-PC\ivansc discou uma conexão de nome Oi 3G que falhou. O código do erro retornado na falha é 0. Error: (11/19/2013 00:22:31 AM) (Source: RasClient) (User: ) Description: CoId={D14D271F-AD85-4A2D-9C5D-4CD92BB42B7C}: o usuário CASA-PC\ivansc discou uma conexão de nome Oi 3G que falhou. O código do erro retornado na falha é 680. Error: (11/18/2013 10:59:46 PM) (Source: Application Hang) (User: ) Description: O programa ZHPDiag.exe versão 2013.11.17.37 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 1310 Hora de Início: 01cee4c278d68f16 Hora de Término: 0 Caminho do Aplicativo: C:\Program Files\ZHPDiag\ZHPDiag.exe Id do Relatório: e011f9b0-50b5-11e3-8485-00248cd00264 Error: (11/18/2013 09:43:24 PM) (Source: Application Hang) (User: ) Description: O programa ZHPDiag.exe versão 2013.11.17.37 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: e9c Hora de Início: 01cee4b6ca7d10d2 Hora de Término: 0 Caminho do Aplicativo: C:\Program Files\ZHPDiag\ZHPDiag.exe Id do Relatório: 355faafb-50ab-11e3-8485-00248cd00264 Error: (11/18/2013 09:24:17 PM) (Source: RasClient) (User: ) Description: CoId={4516B699-52F9-4C2A-9076-9B5FE60DD141}: o usuário CASA-PC\CASA discou uma conexão de nome CLARO que falhou. O código do erro retornado na falha é 680. Error: (11/18/2013 08:02:01 PM) (Source: Application Hang) (User: ) Description: O programa ZHPDiag.exe versão 2013.11.17.37 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: dd8 Hora de Início: 01cee4a9101357e9 Hora de Término: 0 Caminho do Aplicativo: C:\Program Files\ZHPDiag\ZHPDiag.exe Id do Relatório: 0b290a6a-509d-11e3-8485-00248cd00264 Error: (11/18/2013 07:54:37 PM) (Source: Application Hang) (User: ) Description: O programa ZHPDiag.exe versão 2013.11.17.37 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: d4c Hora de Início: 01cee4a8235e97e2 Hora de Término: 10 Caminho do Aplicativo: C:\Program Files\ZHPDiag\ZHPDiag.exe Id do Relatório: 01c2ed46-509c-11e3-8485-00248cd00264 Error: (11/18/2013 07:51:01 PM) (Source: Application Hang) (User: ) Description: O programa ZHPDiag.exe versão 2013.11.17.37 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 16d0 Hora de Início: 01cee4a7fa7a6e21 Hora de Término: 0 Caminho do Aplicativo: C:\Program Files\ZHPDiag\ZHPDiag.exe Id do Relatório: 81e05e0c-509b-11e3-8485-00248cd00264 Error: (11/17/2013 10:50:39 PM) (Source: RasClient) (User: ) Description: CoId={7A41A215-BA2A-4C0D-ACD0-6C8C9A8488CD}: o usuário CASA-PC\ivansc discou uma conexão de nome CLARO que falhou. O código do erro retornado na falha é 680. System errors: ============= Error: (11/19/2013 07:47:02 PM) (Source: Service Control Manager) (User: ) Description: O serviço IBM Enterprise Extender (HPR/IP) depende do serviço PDLC OEM Interface, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (11/19/2013 07:47:02 PM) (Source: Service Control Manager) (User: ) Description: O serviço PDLC OEM Interface depende do serviço PDLC Buffer Manager, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (11/19/2013 07:47:02 PM) (Source: Service Control Manager) (User: ) Description: O serviço Twinax CUT Adapter depende do serviço Twinax Adapter Common, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (11/19/2013 07:47:02 PM) (Source: Service Control Manager) (User: ) Description: O serviço Twinax Adapter Common depende do serviço PDLC Buffer Manager, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (11/19/2013 07:47:00 PM) (Source: Service Control Manager) (User: ) Description: O serviço PDLC Buffer Manager depende do serviço Appn, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (11/19/2013 07:46:56 PM) (Source: Service Control Manager) (User: ) Description: O serviço Appn depende do serviço Anydlc, mas não foi possível iniciá-lo devido ao seguinte erro: %%1075 Error: (11/19/2013 07:46:56 PM) (Source: Service Control Manager) (User: ) Description: O serviço Anydlc depende do seguinte serviço: AppnBase. Esse serviço pode não ter sido instalado. Error: (11/18/2013 07:42:40 PM) (Source: Service Control Manager) (User: ) Description: O serviço IBM Enterprise Extender (HPR/IP) depende do serviço PDLC OEM Interface, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (11/18/2013 07:42:40 PM) (Source: Service Control Manager) (User: ) Description: O serviço PDLC OEM Interface depende do serviço PDLC Buffer Manager, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (11/18/2013 07:42:40 PM) (Source: Service Control Manager) (User: ) Description: O serviço Twinax CUT Adapter depende do serviço Twinax Adapter Common, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Microsoft Office Sessions: ========================= Error: (11/20/2013 05:56:33 PM) (Source: RasClient)(User: ) Description: {22528888-68CB-4175-8EF7-9FFA6861753B}CASA-PC\CASACLARO680 Error: (11/19/2013 00:22:31 AM) (Source: RasClient)(User: ) Description: {D14D271F-AD85-4A2D-9C5D-4CD92BB42B7C}CASA-PC\ivanscOi 3G0 Error: (11/19/2013 00:22:31 AM) (Source: RasClient)(User: ) Description: {D14D271F-AD85-4A2D-9C5D-4CD92BB42B7C}CASA-PC\ivanscOi 3G680 Error: (11/18/2013 10:59:46 PM) (Source: Application Hang)(User: ) Description: ZHPDiag.exe2013.11.17.37131001cee4c278d68f160C:\Program Files\ZHPDiag\ZHPDiag.exee011f9b0-50b5-11e3-8485-00248cd00264 Error: (11/18/2013 09:43:24 PM) (Source: Application Hang)(User: ) Description: ZHPDiag.exe2013.11.17.37e9c01cee4b6ca7d10d20C:\Program Files\ZHPDiag\ZHPDiag.exe355faafb-50ab-11e3-8485-00248cd00264 Error: (11/18/2013 09:24:17 PM) (Source: RasClient)(User: ) Description: {4516B699-52F9-4C2A-9076-9B5FE60DD141}CASA-PC\CASACLARO680 Error: (11/18/2013 08:02:01 PM) (Source: Application Hang)(User: ) Description: ZHPDiag.exe2013.11.17.37dd801cee4a9101357e90C:\Program Files\ZHPDiag\ZHPDiag.exe0b290a6a-509d-11e3-8485-00248cd00264 Error: (11/18/2013 07:54:37 PM) (Source: Application Hang)(User: ) Description: ZHPDiag.exe2013.11.17.37d4c01cee4a8235e97e210C:\Program Files\ZHPDiag\ZHPDiag.exe01c2ed46-509c-11e3-8485-00248cd00264 Error: (11/18/2013 07:51:01 PM) (Source: Application Hang)(User: ) Description: ZHPDiag.exe2013.11.17.3716d001cee4a7fa7a6e210C:\Program Files\ZHPDiag\ZHPDiag.exe81e05e0c-509b-11e3-8485-00248cd00264 Error: (11/17/2013 10:50:39 PM) (Source: RasClient)(User: ) Description: {7A41A215-BA2A-4C0D-ACD0-6C8C9A8488CD}CASA-PC\ivanscCLARO680 ==================== Memory info =========================== Percentage of memory in use: 39% Total physical RAM: 3574.18 MB Available physical RAM: 2149.52 MB Total Pagefile: 3860.47 MB Available Pagefile: 2460.7 MB Total Virtual: 2047.88 MB Available Virtual: 1908.06 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:367.61 GB) NTFS Drive e: (Mobile Partner) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS Drive h: () (Removable) (Total:7.46 GB) (Free:3.76 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: CB93B4AD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 7 GB) (Disk ID: 2C6B7369) No partition Table on disk 2. ==================== End Of Log ============================ Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 21, 2013 Boa Tarde! Annluciap|- Baixe: < > ( ... by Swearware ) |- Salve-o no desktop! ( Área de trabalho! )|- Ps: Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! )|- Feche algum programa/arquivo que esteja aberto.|- Feche,também,seu navegador! ( IE,Firefox,Opera ou Google Chrome )|- Ps: Esteja conectado(a) à Internet. <- Importante!|- É preciso estar logado no sistema com privilégios de administrador.|- Execute ComboFix.exe,com um duplo clique.|- Ps: Instale o "Console de Recuperação",caso seja solicitado! <- Somente XP!|- Ps: Ficará,portanto,à seu critério optar por sua instalação.|- Surgindo alguma mensagem de erro,execute ComboFix.exe em Modo de Segurança com rede.|- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador.|- Abrir-se-á a janela Auto Scan.|- Aguarde a finalização de todas as Etapas.|- Durante o scan,evite utilizar o mouse ou teclado!|- Concluindo,poste: C:\ComboFix.txt "Tentativa de operaçao ilegal em uma chave do Registro marcada para exclusão." |- Ao ocorrer este erro,basta reiniciar o computador!|- "ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão de analistas de segurança."Abs! Compartilhar este post Link para o post Compartilhar em outros sites
Annluciap 0 Denunciar post Postado Novembro 22, 2013 Bom dia, DigRam! Não consegui passar o ComboFix adequadamente já que estou sem internet. Não consigo usar 3G da Oi ou da Claro na minha máquina. Tem outra maneira de escanear sem rede? Obrigada. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 22, 2013 Boa Tarde! Annluciap |- Infelizmente,o ComboFix pede conexão a Internet...mas,vc já verificou se os drives nessa instalação do Oi 3G estão habilitados. |- Pelo log de Eventos e códigos de erro,dá que não estão instalados. < > |- Este vídeo,pode lhe dar algumas noções! Abs! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Dezembro 21, 2013 Tópico Arquivado Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
