Fórum SecSecurity

Implementando Limpeza e Seguranca em seu computador!

Palavras chave

Últimos assuntos

» ResetBrowser ( ... de Nicolas Coolman )
Ter Maio 31, 2016 5:58 am por joram

» herdProtectScan ( ... by herdprotect.com )
Seg Mar 07, 2016 10:58 pm por joram

» Emsisoft Emergency Kit ( ... by Emsisoft.com )
Dom Fev 28, 2016 5:40 am por joram

» Dr.WEB Link Checker ( ... by Doctor Web.Ltd )
Qui Fev 11, 2016 9:51 am por joram

» Computador com erros no navegador
Sab Ago 29, 2015 8:04 pm por joram

» Justiça determina que PSafe retire alertas desleais
Qua Ago 19, 2015 6:58 am por joram

» Google vai fazer buscas offline internas no desktop do seu PC
Ter Ago 18, 2015 8:19 am por joram

» Baidu lança buscador no Brasil!
Seg Ago 17, 2015 12:25 pm por joram

» Kaspersky é acusada de inventar vírus!
Sex Ago 14, 2015 3:32 pm por joram

Dezembro 2016

SegTerQuaQuiSexSabDom
   1234
567891011
12131415161718
19202122232425
262728293031 

Calendário Calendário

Parceiros

Fórum grátis

Os membros mais marcados


    PC infectado, IE travando e propagandas aparecendo do nada

    Compartilhe

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    PC infectado, IE travando e propagandas aparecendo do nada

    Mensagem por Edvan em Qua Jul 10, 2013 10:19 am

    PC infectado, IE travando e propagandas aparecendo do nada nos navegadores.

    # AdwCleaner v2.304 - Relatório criado em 10/07/2013 às 10:45:05
    # Atualizado em 03/07/2013 por Xplode
    # Sistema Operacional : Microsoft Windows XP Service Pack 2 (32 bits)
    # Usuário : f001699 - FUN0069
    # Modo de Boot : Normal
    # Executado de : C:\Documents and Settings\f001699\Meus documentos\Downloads\adwcleaner.exe
    # Opção [Remover]


    ***** [Serviços] *****

    Encerrado & Removido : desksvc

    ***** [Arquivos/Pastas] *****

    Arquivo Désinfected : C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    Arquivo Désinfected : C:\Documents and Settings\f001699\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    Arquivo Désinfected : C:\Documents and Settings\f001699\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o navegador Internet Explorer.lnk
    Arquivo Désinfected : C:\Documents and Settings\f001699\Menu Iniciar\Programas\Internet Explorer.lnk
    Arquivo Removido : C:\Documents and Settings\All Users\Desktop\MySearchDial.url
    Arquivo Removido : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
    Pasta Removido : C:\Arquivos de programas\Ask.com
    Pasta Removido : C:\Arquivos de programas\DealPly
    Pasta Removido : C:\Arquivos de programas\Mysearchdial
    Pasta Removido : C:\Arquivos de programas\WebCake
    Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Ask
    Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer
    Pasta Removido : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Desk 365
    Pasta Removido : C:\Documents and Settings\f001699\Configurações locais\Dados de aplicativos\APN
    Pasta Removido : C:\Documents and Settings\f001699\Configurações locais\Dados de aplicativos\AskToolbar
    Pasta Removido : C:\Documents and Settings\f001699\Dados de aplicativos\DealPly
    Pasta Removido : C:\Documents and Settings\f001699\Dados de aplicativos\Desk 365
    Pasta Removido : C:\Documents and Settings\f001699\Dados de aplicativos\eIntaller
    Pasta Removido : C:\Documents and Settings\f001699\Dados de aplicativos\Mysearchdial
    Pasta Removido : C:\Documents and Settings\f001699\Menu Iniciar\Programas\DealPly
    Pasta Removido : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Removido Durante o reboot : C:\Arquivos de programas\Desk 365
    Removido Durante o reboot : C:\Documents and Settings\All Users\Dados de aplicativos\eSafe
    Removido Durante o reboot : C:\Documents and Settings\f001699\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh

    ***** [Registro] *****

    Chave Removida : HKCU\Software\APN
    Chave Removida : HKCU\Software\Ask.com
    Chave Removida : HKCU\Software\AskToolbar
    Chave Removida : HKCU\Software\DealPly
    Chave Removida : HKCU\Software\InstallCore
    Chave Removida : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
    Chave Removida : HKCU\Software\mysearchdial
    Chave Removida : HKLM\Software\APN
    Chave Removida : HKLM\Software\AskToolbar
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{82E74373-58AB-47EB-B0F0-A1D82BB8EB5C}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
    Chave Removida : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Chave Removida : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Chave Removida : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc
    Chave Removida : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc.1
    Chave Removida : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Chave Removida : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Chave Removida : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Chave Removida : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
    Chave Removida : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
    Chave Removida : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
    Chave Removida : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
    Chave Removida : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
    Chave Removida : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
    Chave Removida : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}
    Chave Removida : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api
    Chave Removida : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api.1
    Chave Removida : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers
    Chave Removida : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers.1
    Chave Removida : HKLM\Software\DealPly
    Chave Removida : HKLM\Software\Desksvc
    Chave Removida : HKLM\Software\eSafeSecControl
    Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
    Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
    Chave Removida : HKLM\Software\InstallCore
    Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Desk 365
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
    Chave Removida : HKLM\Software\mysearchdial
    Chave Removida : HKLM\Software\portaldositesSoftware
    Chave Removida : HKLM\Software\Tarma Installer
    Chave Removida : HKLM\Software\V9
    Dados Removida : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = "C:\Arquivos de programas\Internet Explorer\iexplore.exe" [Você precisa estar registrado e conectado para ver este link.]
    Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Valor Removida : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
    Valor Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Desk 365]
    Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
    Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

    ***** [Navegadores] *****

    -\\ Internet Explorer v6.0.2900.2180

    Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = [Você precisa estar registrado e conectado para ver este link.] --> [Você precisa estar registrado e conectado para ver este link.]
    Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = [Você precisa estar registrado e conectado para ver este link.] --> [Você precisa estar registrado e conectado para ver este link.]
    Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = [Você precisa estar registrado e conectado para ver este link.] --> [Você precisa estar registrado e conectado para ver este link.]
    Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = [Você precisa estar registrado e conectado para ver este link.] --> [Você precisa estar registrado e conectado para ver este link.]
    Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = [Você precisa estar registrado e conectado para ver este link.] --> [Você precisa estar registrado e conectado para ver este link.]
    Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = [Você precisa estar registrado e conectado para ver este link.] --> [Você precisa estar registrado e conectado para ver este link.]
    Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = [Você precisa estar registrado e conectado para ver este link.] --> [Você precisa estar registrado e conectado para ver este link.]

    -\\ Mozilla Firefox v21.0 (en-US)

    Arquivo : C:\Documents and Settings\f001699\Dados de aplicativos\Mozilla\Firefox\Profiles\ug98df3l.default\prefs.js

    C:\Documents and Settings\f001699\Dados de aplicativos\Mozilla\Firefox\Profiles\ug98df3l.default\user.js ... Removido !

    Removida : user_pref("browser.search.selectedEngine", "Ask.com");
    Removida : user_pref("browser.search.order.1", "Ask.com");
    Removida : user_pref("browser.search.defaultengine", "Ask.com");
    Removida : user_pref("browser.search.defaultenginename", "Ask.com");
    Removida : user_pref("extensions.asktb.ff-original-keyword-url", "");

    -\\ Google Chrome v27.0.1453.116

    Arquivo : C:\Documents and Settings\f001699\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences

    Removida [l.23] : icon_url = "hxxp://start.mysearchdial.com/favicon.ico",
    Removida [l.26] : keyword = "mysearchdial.com",
    Removida [l.30] : search_url = "hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd62&cd=2Xzu[...]
    Removida [l.2367] : homepage = "hxxp://start.mysearchdial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtC0EzytD0F0AtDyE[...]
    Removida [l.3299] : urls_to_restore_on_startup = [ "hxxp://start.mysearchdial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1[...]

    *************************

    AdwCleaner[S1].txt - [17574 octets] - [10/07/2013 10:45:05]

    ########## EOF - C:\AdwCleaner[S1].txt - [17635 octets] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 5.0.3 (07.09.2013:2)
    OS: Microsoft Windows XP x86
    Ran by f001699 on 10/07/2013 at 10:53:12,73
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services

    Successfully stopped: [Service] dealplylive 
    Successfully deleted: [Service] dealplylive 
    Successfully stopped: [Service] dealplylivem 
    Successfully deleted: [Service] dealplylivem 



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\dealplylive.exe
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{80fabb17-63af-4655-9f07-b6509ee37af2}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{f48fc5b2-094a-44c7-b48c-289738c9582d}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{0d89de71-3d99-4288-84dc-f18f1047a7d8}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{1e0c9b2a-6447-452c-b012-2314a0c29412}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{34a8ceb6-89bb-49f1-b5e4-0d0d6c21f3b1}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3a4dbd3a-98cc-41ce-ad21-352d42b6f754}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{4f8a50f6-69de-4be3-a33a-a1079b9ac0db}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{501cb57a-d4e2-4855-96ad-edb0a9083395}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{6ff2c4dd-77a4-4bb5-ba4c-b42defbf9137}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{7f1796b2-bec6-427b-b734-f9c75ed94a80}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{80fabb17-63af-4655-9f07-b6509ee37af2}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{83aba270-8390-4ca6-ae48-fc089f55629e}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{8b218a5f-1a3d-4347-94ef-a79575eb8094}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{8c338ddb-19fc-4c1f-b74d-6931ee55f7a1}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{9bdb5e09-4bba-4422-8c2b-529b281c32b8}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{ae48ed75-5a56-4c5f-bbce-6f1ac3875f66}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{bb975e58-e769-4e5a-ba12-b765bc559ff3}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{c536f080-57b7-46d6-8894-c647553f2889}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{ca5d945f-e738-4d0b-a0b5-25ac51c64659}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{f48fc5b2-094a-44c7-b48c-289738c9582d}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{f511afdb-726e-4458-90e7-1ecb97406544}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{f7698761-4aba-45c2-a5bb-d2163922c725}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{ffcc53e6-2655-47fc-a89b-54e8d7f305d1}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplylive.oneclickctrl.9
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplylive.oneclickprocesslaunchermachine
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplylive.oneclickprocesslaunchermachine.1.0
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplylive.update3webcontrol.3
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.cocreateasync
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.cocreateasync.1.0
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.coreclass
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.coreclass.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.coremachineclass
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.coremachineclass.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.credentialdialogmachine
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.credentialdialogmachine.1.0
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclassmachine
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclassmachine.1.0
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclassmachinefallback
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclassmachinefallback.1.0
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclasssvc
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclasssvc.1.0
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.processlauncher
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.processlauncher.1.0
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3comclassservice
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3comclassservice.1.0
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3webmachine
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3webmachine.1.0
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3webmachinefallback
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3webmachinefallback.1.0
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3websvc
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3websvc.1.0
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{0afd55c8-adf8-4a33-a6e1-dedb7a36aeb4}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mime\database\content type\application/x-vnd.dpliveupdate.oneclickctrl.9
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mime\database\content type\application/x-vnd.dpliveupdate.update3webcontrol.3
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealplylive
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealplylive
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\esafeseccontrol
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\internet explorer\low rights\elevationpolicy\{7f1796b2-bec6-427b-b734-f9c75ed94a80}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\internet explorer\low rights\elevationpolicy\{8c338ddb-19fc-4c1f-b74d-6931ee55f7a1}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows nt\currentversion\image file execution options\dealplylive.exe



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Arquivos de programas\dealplylive"





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 10/07/2013 at 10:56:00,79
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: PC infectado, IE travando e propagandas aparecendo do nada

    Mensagem por Edvan em Qua Jul 10, 2013 10:20 am

    Continuação:

    ComboFix 13-07-09.01 - f001699 10/07/2013  11:07:35.1.2 - x86
    Microsoft Windows XP Professional  5.1.2600.2.1252.55.1046.18.1015.576 [GMT -3:00]
    Executando de: c:\documents and settings\f001699\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    (((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\IsUn0416.exe
    c:\windows\system\chron32.dll
    c:\windows\system\libeay32.dll
    c:\windows\system\ssleay32.dll
    .
    .
    ((((((((((((((((   Arquivos/Ficheiros criados de 2013-06-10 to 2013-07-10  ))))))))))))))))))))))))))))
    .
    .
    2013-06-13 12:23 . 2013-06-13 12:23 -------- d-----w- C:\Firefox
    2013-06-11 22:26 . 2013-06-11 22:28 -------- d-----w- C:\sigap
    2013-06-11 20:51 . 2013-06-11 20:51 -------- d-----r- C:\MSOCache
    2013-06-11 20:37 . 2013-06-11 18:02 -------- d-----w- C:\Backup Andrey
    2013-06-11 14:50 . 2013-06-11 14:50 -------- d-----w- C:\Intel
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas. 
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-05-09 08:58 121968 ----a-w- c:\arquivos de programas\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072]
    "SysTrayApp"="c:\arquivos de programas\IDT\WDM\sttray.exe" [2007-12-14 413696]
    "avast"="c:\arquivos de programas\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
    "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
    "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2013-03-12 253816]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
    .
    c:\documents and settings\f001699\Menu Iniciar\Programas\Inicializar\
    Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Arquivos de programas\\TeamViewer\\Version8\\TeamViewer.exe"=
    "c:\\Arquivos de programas\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
    .
    R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [11/06/2013 18:00 49376]
    R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [11/06/2013 18:00 175176]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/06/2013 17:39 770344]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/06/2013 17:39 369584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/06/2013 17:39 29816]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [11/06/2013 18:00 66336]
    R2 TeamViewer8;TeamViewer 8;c:\arquivos de programas\TeamViewer\Version8\TeamViewer_Service.exe [12/06/2013 11:31 4150112]
    S2 WsysSvc;Wsys Service;c:\documents and settings\All Users\Dados de aplicativos\eSafe\eGdpSvc.exe [13/06/2013 09:34 386112]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-06-21 11:23 1165776 ----a-w- c:\arquivos de programas\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2013-07-10 c:\windows\Tasks\avast! Emergency Update.job
    - c:\arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [2013-06-11 08:58]
    .
    2013-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2013-06-11 13:18]
    .
    2013-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2013-06-11 13:18]
    .
    .
    ------- Scan Suplementar -------
    .
    uStart Page = [Você precisa estar registrado e conectado para ver este link.]
    mStart Page = [Você precisa estar registrado e conectado para ver este link.]
    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 10.4.65.16
    FF - ProfilePath - c:\documents and settings\f001699\Dados de aplicativos\Mozilla\Firefox\Profiles\ug98df3l.default\
    FF - ExtSQL: 2013-06-13 09:33; [Você precisa estar registrado e conectado para ver este link.]; c:\arquivos de programas\LyricsOn\FF
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Você precisa estar registrado e conectado para ver este link.]
    Rootkit scan 2013-07-10 11:10
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    Procurando processos ocultos ... 
    .
    Procurando entradas auto inicializáveis ocultas ... 
    .
    Procurando ficheiros/arquivos ocultos ... 
    .
    Varredura completada com sucesso
    arquivos/ficheiros ocultos: 0
    .
    **************************************************************************
    .
    Tempo para conclusão: 2013-07-10  11:12:34
    ComboFix-quarantined-files.txt  2013-07-10 14:12
    .
    Pré-execução: 8 pasta(s) 141.453.258.752 bytes disponíveis
    Pós execução: 10 pasta(s) 141.645.987.840 bytes disponíveis
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 4F8C3D38F6D9F1AA0664025B9B486E15
    239FC8B1C26D5286165A956F5A98D8D7

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: PC infectado, IE travando e propagandas aparecendo do nada

    Mensagem por joram em Qua Jul 10, 2013 10:23 am

    Bom Dia! Edvan

    |- Baixe: < [Você precisa estar registrado e conectado para ver este link.] > ( ... by Smeenk )

    |- Ou aqui! < [Você precisa estar registrado e conectado para ver este link.] >

    |- Salve-o no desktop!
    |- Desabilite seu antivírus!
    |- Para Windows 7,execute zoek.exe como administrador.

    startupall; 
    autoclean; 
    filesrcm; 
    emptyalltemp;
     

    |- Copie e cole estas informações,em vermelho,no campo da ferramenta.
    |- Clique "Run Script". <- Aguarde!

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Aceite e/ou confirme o reboot!

    zoek.hta failed by unknown error.
    Restart computer, and try again.
    |- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
    |- Poste o relatório,que estará em C:\zoek-results.txt << 

    A+

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: PC infectado, IE travando e propagandas aparecendo do nada

    Mensagem por Edvan em Qua Jul 10, 2013 10:35 am

    Log para analise  [Você precisa estar registrado e conectado para ver este link.]

     Já já posto o zoek-results.txt


    Última edição por Edvan em Qua Jul 10, 2013 10:45 am, editado 1 vez(es)

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: PC infectado, IE travando e propagandas aparecendo do nada

    Mensagem por Edvan em Qua Jul 10, 2013 10:44 am

    Zoek.exe Version 4.0.0.3 Updated 05-July-2013
    Tool run by f001699 on 10/07/2013 at 11:39:25,03.
    Microsoft Windows XP Professional 5.1.2600 Service Pack 2 x86
    Running in: Normal Mode Internet Access Detected

    ==== System Restore Info ======================

    Failed to create System Restore Point

    ==== Deleting CLSID Registry Keys ======================


    ==== Deleting CLSID Registry Values ======================


    ==== Deleting Services ======================

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc deleted successfully
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsysSvc deleted successfully
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WsysSvc deleted successfully
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WsysSvc deleted successfully

    ==== FireFox Fix ======================

    ProfilePath: C:\Documents and Settings\f001699\Dados de aplicativos\Mozilla\Firefox\Profiles\ug98df3l.default

    user.js not found
    ---- Lines Lyric removed from prefs.js ----


    ---- Lines Lyric modified from prefs.js ----

    user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Arquivos de programas\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1371127025859,\"rdfTime\":1368303951000}}},{\"name\":\"winreg-app-user\",\"addons\":{\"lyricson@lyricson.net\":{\"descriptor\":\"C:\\\\Arquivos de programas\\\\LyricsOn\\\\FF\",\"mtime\":1371126825968,\"rdfTime\":1370205254000}}}]");

    ---- FireFox user.js and prefs.js backups ---- 

    prefs_072013_1141_.backup

    ==== Deleting Files \ Folders ======================

    "C:\Documents and Settings\f001699\Dados de aplicativos\desktop.ini" deleted
    "C:\WINDOWS\SET25.tmp" deleted
    "C:\WINDOWS\SET3.tmp" deleted
    "C:\WINDOWS\SET4.tmp" deleted
    "C:\WINDOWS\SET8.tmp" deleted
    "C:\Documents and Settings\f001699\SendTo\Desk 365.lnk" deleted
    "C:\Arquivos de programas\LyricsOn" deleted

    ==== Files Recently Created / Modified ======================

    ====== C:\WINDOWS ====
    2013-07-10 14:04:13 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe
    2013-07-10 14:04:13 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe
    2013-07-10 14:04:13 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe
    2013-07-10 14:04:13 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe
    2013-07-10 14:04:13 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe
    2013-06-11 20:37:59 E9C8673674ECF840EE59ED805DBE9966 41664 ----a-w- C:\WINDOWS\avastSS.scr
    2013-06-11 14:53:22 75A63C3D9142774726489ABA3346AC34 413696 ----a-w- C:\WINDOWS\sttray.exe
    2013-06-11 12:44:45 39A08FD1A430FAF0378672B9200B9F6C 32630 ----a-w- C:\WINDOWS\SchedLgU.Txt
    2013-06-11 12:44:44 EF67AED35B93B4B0D8C11411EC084877 8192 ----a-w- C:\WINDOWS\REGLOCS.OLD
    2013-06-11 12:43:47 6A2CB42966136854F4464516FBB4AE72 2048 --s-a-w- C:\WINDOWS\bootstat.dat
    2013-06-11 12:41:48 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\WINDOWS\control.ini
    2013-06-11 12:41:44 DC17DD0189B0C36D863B4DD0A036C10F 316640 ----a-w- C:\WINDOWS\WMSysPr9.prx
    2013-06-11 12:40:33 5A5CFF37F1BD0F86B9BDAAD7A9445882 749 ---ha-r- C:\WINDOWS\WindowsShell.Manifest
    2013-06-11 12:39:56 81051BCC2CF1BEDF378224B0A93E2877 2 ----a-w- C:\WINDOWS\desktop.ini
    2013-06-11 12:39:56 2F3CDC1D898FD25B2547F5BFEB01FD0D 48680 --sh--w- C:\WINDOWS\winnt256.bmp
    2013-06-11 12:39:56 2F3CDC1D898FD25B2547F5BFEB01FD0D 48680 --sh--w- C:\WINDOWS\winnt.bmp
    2013-06-11 12:38:44 6C2F0BA210C2B53EF07653ABAC6C2490 37 ----a-w- C:\WINDOWS\vbaddin.ini
    2013-06-11 12:38:44 487403459F0B2F1A3ADEEF02496BD80E 36 ----a-w- C:\WINDOWS\vb.ini
    2013-06-11 12:38:15 5290EA6951F4724259F423B12C8E1393 9522 ----a-w- C:\WINDOWS\Tapete.bmp
    2013-06-11 12:38:14 EB3BFC14E41FBAA41B4FD4489AA82D39 65832 ----a-w- C:\WINDOWS\Deserto.bmp
    2013-06-11 12:38:14 DAC71A10A6A71CB6E3F427AE3283734B 1272 ----a-w- C:\WINDOWS\Renda azul 16.bmp
    2013-06-11 12:38:14 927A66BD587E31CB12D3AB25381658DC 17362 ----a-w- C:\WINDOWS\Rododentro.bmp
    2013-06-11 12:38:14 73D70ED3EC3BBFD8FD35DF431C38F374 17062 ----a-w- C:\WINDOWS\Cafezinho.bmp
    2013-06-11 12:38:14 5B4AC407E566076BB726BA91E067D313 26680 ----a-w- C:\WINDOWS\Leques.bmp
    2013-06-11 12:38:14 3A8B85AB7B415BF3F8AFE285DFE0CE29 16730 ----a-w- C:\WINDOWS\Seda.bmp
    2013-06-11 12:38:14 39F43DBCE366B2561DF073B4C0839299 65978 ----a-w- C:\WINDOWS\Bolhas de sabão.bmp
    2013-06-11 12:38:14 280920B6773C74C3649A934257112BE1 65954 ----a-w- C:\WINDOWS\Bruma.bmp
    2013-06-11 12:38:14 203EF178BF8B0A8EC34E27E4DEDB6349 17336 ----a-w- C:\WINDOWS\Pescaria.bmp
    2013-06-11 12:38:14 1AC5E83598D4F2143B59A2D893C3279A 26582 ----a-w- C:\WINDOWS\Areia.bmp
    2013-06-11 09:30:01 30D5D869FDE6F35EC601F1F746F3061D 4382 ----a-w- C:\WINDOWS\imsins.BAK
    2013-06-11 09:29:57 2B9C717D21A1331BA3731886E3EE87BB 4205 ----a-w- C:\WINDOWS\ODBCINST.INI
    2013-06-11 09:29:42 2517B5DA22104857C8266DF762D60139 15360 ----a-w- C:\WINDOWS\TASKMAN.EXE
    2013-06-11 09:29:41 B53B0F7AA341430FE73A9BD26A6441B5 70144 ----a-w- C:\WINDOWS\NOTEPAD.EXE
    ====== C:\DOCUME~1\f001699\CONFIG~1\Temp ====
    ====== C:\WINDOWS\system32 =====
    2013-07-10 14:37:59 1D9B3568CFDB55316985A053D6D96030 94632 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge.dll
    ====== C:\WINDOWS\system32\drivers =====
    2013-06-28 11:03:54 22EA82FFE8CA4965C1994F24C35DC202 175 ----a-w- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
    2013-06-26 17:35:50 FAF091AA45A6A6CF3CF94FE065950956 175 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
    2013-06-26 17:35:48 3FFBEE694566CADB0A64D8A1ACD7DBCE 175 ----a-w- C:\WINDOWS\System32\drivers\aswSP.sys.sum
    2013-06-11 21:00:45 8CFAA2B965773A653F48F1207A9CB9C4 175176 ----a-w- C:\WINDOWS\System32\drivers\aswVmm.sys
    2013-06-11 21:00:44 B680134BA1813B78B47FDD1DFF223CA5 49376 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys
    2013-06-11 21:00:42 1F7094D4268D46F718C51286DC189791 66336 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys
    2013-06-11 20:39:53 4AF5F360BA1E8794D32B366E45A64A0A 29816 ----a-w- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    2013-06-11 20:39:52 937300BC7C4CDF7576BCCE44E19BBB9D 369584 ----a-w- C:\WINDOWS\System32\drivers\aswSP.sys
    2013-06-11 20:39:49 7B43265F92257A21CBFD88E7A651044C 49760 ----a-w- C:\WINDOWS\System32\drivers\aswRdr.sys
    2013-06-11 20:39:48 1F71F170D90E42EFDE9633D81D5E12DC 56080 ----a-w- C:\WINDOWS\System32\drivers\aswTdi.sys
    2013-06-11 20:39:47 CCD565A8A72AF7D45F9A242013870926 770344 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys
    2013-06-11 14:53:41 8E186B8F23295D1E42C573B82B80D548 6400 ----a-w- C:\WINDOWS\System32\drivers\splitter.sys
    2013-06-11 14:53:40 2797F33EBF50466020C430EE4F037933 82944 ----a-w- C:\WINDOWS\System32\drivers\wdmaud.sys
    2013-06-11 14:53:39 A6F881284AC1150E37D9AE47FF601267 52864 ----a-w- C:\WINDOWS\System32\drivers\DMusic.sys
    2013-06-11 14:53:35 94ABC808FC4B6D7D2BBF42B85E25BB4D 54272 ----a-w- C:\WINDOWS\System32\drivers\swmidi.sys
    2013-06-11 14:53:34 841F385C6CFAF66B58FBD898722BB4F0 142464 ----a-w- C:\WINDOWS\System32\drivers\aec.sys
    2013-06-11 14:53:33 D93CAD07C5683DB066B0B2D2D3790EAD 171776 ----a-w- C:\WINDOWS\System32\drivers\kmixer.sys
    2013-06-11 14:53:33 1ED4DBBAE9F5D558DBBA4CC450E3EB2E 2944 ----a-w- C:\WINDOWS\System32\drivers\drmkaud.sys
    2013-06-11 14:53:32 650AD082D46BAC0E64C9C0E0928492FD 60800 ----a-w- C:\WINDOWS\System32\drivers\sysaudio.sys
    2013-06-11 14:53:31 AE431A8DD3C1D0D0610CDBAC16057AD0 7552 ----a-w- C:\WINDOWS\System32\drivers\MSKSSRV.sys
    2013-06-11 14:53:31 1988A33FF19242576C3D0EF9CE785DA7 4992 ----a-w- C:\WINDOWS\System32\drivers\MSPQM.sys
    2013-06-11 14:53:29 13E75FEF9DFEB08EEDED9D0246E1F448 5376 ----a-w- C:\WINDOWS\System32\drivers\MSPCLOCK.sys
    2013-06-11 14:53:20 FF86422268DE771D571E123EB7092C6A 60288 ----a-w- C:\WINDOWS\System32\drivers\drmk.sys
    2013-06-11 14:52:57 B2331AA1955C0D66EFCB7DDBCD32A2BC 1270872 ----a-w- C:\WINDOWS\System32\drivers\sthda.sys
    2013-06-11 14:50:49 C1C2D6940D6EC2F247B0F3C11E0A18E0 5700096 ----a-r- C:\WINDOWS\System32\drivers\igxpmp32.sys
    2013-06-11 14:48:36 1E11171C0B9989E1BDAA59E96B2E81C4 85120 ----a-w- C:\WINDOWS\System32\drivers\Rtnicxp.sys
    2013-06-11 12:39:32 157754F0DF355A9E0A6F54721914F9C6 124800 ----a-w- C:\WINDOWS\System32\drivers\fltMgr.sys
    2013-06-11 12:39:31 CFA635CF7E75E4EB98FBC164E3583111 73472 ----a-w- C:\WINDOWS\System32\drivers\sr.sys
    2013-06-11 12:38:04 ED0580AF02502D00AD8C4C066B156BE9 21896 ----a-w- C:\WINDOWS\System32\drivers\tdtcp.sys
    2013-06-11 12:38:04 D4F5643D7714EF499AE9527FDCD50894 139400 ----a-w- C:\WINDOWS\System32\drivers\rdpwd.sys
    2013-06-11 12:38:04 38D437CF2D98965F239B0ABCD66DCB0F 12040 ----a-w- C:\WINDOWS\System32\drivers\tdpipe.sys
    2013-06-11 12:37:51 A540A99C281D933F3D69D55E48727F47 40840 ----a-w- C:\WINDOWS\System32\drivers\termdd.sys
    2013-06-11 12:37:51 A2CAE2C60BC37E0751EF9DDA7CEAF4AD 196864 ----a-w- C:\WINDOWS\System32\drivers\rdpdr.sys
    2013-06-11 09:33:05 D9F724AA26C010A217C97606B160ED68 3072 ----a-w- C:\WINDOWS\System32\drivers\audstub.sys
    2013-06-11 09:31:41 DDD1A19CD2EDA2D6AE5AB61BAAEB4278 57984 ----a-w- C:\WINDOWS\System32\drivers\redbook.sys
    2013-06-11 09:31:19 D507C1400284176573224903819FFDA3 20992 ----a-w- C:\WINDOWS\System32\drivers\RTL8139.sys
    2013-06-11 09:29:42 50708DAA1B1CBB7D6AC1CF8F56A24410 11264 ----a-w- C:\WINDOWS\System32\drivers\irenum.sys
    ====== C:\WINDOWS\Tasks ======
    2013-06-11 20:39:43 BD31A9EC12A0241F9B504D467E47424C 380 ---ha-w- C:\WINDOWS\Tasks\avast! Emergency Update.job
    2013-06-11 13:18:06 78EE86E07C05B1ED9B545A4D0AA7E02A 1070 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2013-06-11 13:18:06 2CCC9C38D98159D04EB3F5AA1DC934D0 1074 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    ====== C:\WINDOWS\Temp ======
    ======= C:\Arquivos de programas =====
    2013-07-10 14:32:42 -------- d-----w- C:\Arquivos de programas\ZHPDiag
    2013-06-14 18:06:09 -------- d-----w- C:\Arquivos de programas\Programas RFB
    2013-06-13 12:37:12 -------- d-----w- C:\Arquivos de programas\Mozilla Maintenance Service
    2013-06-12 14:31:04 -------- d-----w- C:\Arquivos de programas\TeamViewer
    2013-06-11 21:50:01 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Adobe
    2013-06-11 21:50:01 -------- d-----w- C:\Arquivos de programas\Adobe
    2013-06-11 21:02:33 -------- d-----w- C:\Arquivos de programas\Microsoft Works
    2013-06-11 21:01:40 -------- d-----w- C:\Arquivos de programas\Microsoft Visual Studio
    2013-06-11 21:01:39 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\DESIGNER
    2013-06-11 20:52:27 -------- d-----w- C:\Arquivos de programas\Microsoft Office
    2013-06-11 14:56:28 -------- d-----w- C:\Arquivos de programas\Intel
    2013-06-11 14:52:51 -------- d-----w- C:\Arquivos de programas\IDT
    2013-06-11 14:52:49 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\InstallShield
    2013-06-11 14:48:35 -------- d-----w- C:\Arquivos de programas\Realtek
    2013-06-11 14:48:34 -------- d--h--w- C:\Arquivos de programas\InstallShield Installation Information
    2013-06-11 14:47:56 -------- d-----w- C:\Arquivos de programas\WinRAR
    2013-06-11 13:18:04 -------- d-----w- C:\Arquivos de programas\Google
    2013-06-11 12:48:00 -------- d--h--w- C:\Arquivos de programas\Uninstall Information
    2013-06-11 12:42:12 -------- d-----w- C:\Arquivos de programas\xerox
    2013-06-11 12:42:12 -------- d-----w- C:\Arquivos de programas\microsoft frontpage
    2013-06-11 12:40:29 -------- d--h--w- C:\Arquivos de programas\WindowsUpdate
    2013-06-11 12:40:25 -------- d-----w- C:\Arquivos de programas\Serviços on-line
    2013-06-11 12:39:50 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Serviços
    2013-06-11 12:39:47 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\MSSoap
    2013-06-11 12:39:37 -------- d-----w- C:\Arquivos de programas\Movie Maker
    2013-06-11 12:39:28 -------- d-----w- C:\Arquivos de programas\NetMeeting
    2013-06-11 12:39:26 -------- d-----w- C:\Arquivos de programas\Outlook Express
    2013-06-11 12:39:21 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\System
    2013-06-11 12:39:20 -------- d-----w- C:\Arquivos de programas\Internet Explorer
    2013-06-11 12:38:46 -------- d-----w- C:\Arquivos de programas\ComPlus Applications
    2013-06-11 12:38:33 -------- d-----w- C:\Arquivos de programas\Windows Media Player
    2013-06-11 12:38:28 -------- d-----w- C:\Arquivos de programas\Messenger
    2013-06-11 12:38:25 -------- d-----w- C:\Arquivos de programas\MSN Gaming Zone
    2013-06-11 12:38:05 -------- d-----w- C:\Arquivos de programas\Windows NT
    2013-06-11 09:29:57 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\ODBC
    2013-06-11 09:29:55 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\SpeechEngines
    2013-06-11 09:29:54 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared
    2013-06-11 09:29:54 -------- d-----w- C:\Arquivos de programas\Arquivos comuns
    ======= C: =====
    2013-07-10 14:34:48 80A6657B42825AC6810859005066BC2C 512 ----a-w- C:\PhysicalDisk0_MBR.bin
    2013-07-10 14:06:56 FA579938B0733B87066546AFE951082C 211 ----a-w- C:\Boot.bak
    2013-07-10 14:06:53 C51A881398F29071239741AE16D07C1C 261856 --sha-r- C:\cmldr
    2013-07-10 13:45:05 8327B787C1A3A874E0FD8FF89413170D 17705 ----a-w- C:\AdwCleaner[S1].txt
    2013-06-11 12:41:48 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\MSDOS.SYS
    2013-06-11 12:41:48 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\IO.SYS
    2013-06-11 12:41:48 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\CONFIG.SYS
    2013-06-11 12:41:48 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\AUTOEXEC.BAT
    2013-06-11 09:28:09 A54A7FA6E109CFE9232DB7609AF4DB4C 327 --sha-r- C:\boot.ini
    ====== C:\Documents and Settings\f001699\Dados de aplicativos ======
    2013-07-10 14:03:53 -------- d-----r- C:\Documents and Settings\f001699\Menu Iniciar\Programas\Ferramentas administrativas
    2013-07-05 19:22:09 -------- d-----w- C:\Documents and Settings\f001699\Dados de aplicativos\eUpdate
    2013-06-14 18:06:10 -------- d-----w- C:\Documents and Settings\f001699\Menu Iniciar\Programas\Programas RFB\Sicalc Auto Atendimento
    2013-06-14 18:06:10 -------- d-----w- C:\Documents and Settings\f001699\Menu Iniciar\Programas\Programas RFB
    2013-06-13 12:37:37 -------- d-----w- C:\Documents and Settings\f001699\Dados de aplicativos\Mozilla
    2013-06-13 12:37:15 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Mozilla
    2013-06-13 12:34:51 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\eSafe
    2013-06-13 12:34:04 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\DealPlyLive
    2013-06-13 12:14:25 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Sun
    2013-06-13 12:12:45 -------- d-----w- C:\Documents and Settings\f001699\Dados de aplicativos\Sun
    2013-06-13 12:04:21 -------- d-----w- C:\Documents and Settings\f001699\Dados de aplicativos\Adobe
    2013-06-12 14:32:28 -------- d-----w- C:\Documents and Settings\f001699\Dados de aplicativos\TeamViewer
    2013-06-12 14:31:11 -------- d-----w- C:\Documents and Settings\All Users\Menu Iniciar\Programas\TeamViewer 8
    2013-06-11 21:04:41 -------- d-----w- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Ferramentas do Microsoft Office
    2013-06-11 21:04:40 -------- d-----w- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office
    2013-06-11 20:52:18 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help
    2013-06-11 20:42:36 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe
    2013-06-11 20:39:54 -------- d-----w- C:\Documents and Settings\All Users\Menu Iniciar\Programas\avast! Free Antivirus
    2013-06-11 14:50:31 -------- d-----w- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Realtek\REALTEK GbE & FE Ethernet PCI-E NIC Driver
    2013-06-11 14:48:57 -------- d-----w- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Realtek\REALTEK GbE & FE Ethernet PCI NIC Driver
    2013-06-11 14:48:57 -------- d-----w- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Realtek
    2013-06-11 14:48:30 -------- d-----w- C:\Documents and Settings\f001699\Dados de aplicativos\InstallShield
    2013-06-11 14:47:58 -------- d-----w- C:\Documents and Settings\f001699\Menu Iniciar\Programas\WinRAR
    2013-06-11 14:47:58 -------- d-----w- C:\Documents and Settings\f001699\Dados de aplicativos\WinRAR
    2013-06-11 14:47:58 -------- d-----w- C:\Documents and Settings\All Users\Menu Iniciar\Programas\WinRAR
    2013-06-11 13:21:38 -------- d-----w- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome
    2013-06-11 12:48:01 -------- d-----w- C:\Documents and Settings\f001699\Dados de aplicativos\Identities
    2013-06-11 12:47:53 -------- d-s---w- C:\Documents and Settings\f001699\Dados de aplicativos\Microsoft
    2013-06-11 12:47:53 -------- d-----r- C:\Documents and Settings\f001699\Menu Iniciar\Programas\Inicializar
    2013-06-11 12:47:53 -------- d-----r- C:\Documents and Settings\f001699\Menu Iniciar\Programas\Acessórios\Entretenimento
    2013-06-11 12:47:53 -------- d-----r- C:\Documents and Settings\f001699\Menu Iniciar\Programas\Acessórios\Acessibilidade
    2013-06-11 12:47:53 -------- d-----r- C:\Documents and Settings\f001699\Menu Iniciar\Programas\Acessórios
    2013-06-11 12:47:53 -------- d-----r- C:\Documents and Settings\f001699\Menu Iniciar\Programas
    2013-06-11 12:44:44 -------- d-s---w- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft
    2013-06-11 12:44:41 -------- d-s---w- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft
    2013-06-11 12:41:54 -------- d-----r- C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Acessibilidade
    2013-06-11 12:41:47 -------- d-----r- C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Entretenimento
    2013-06-11 12:40:25 -------- d-----r- C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios
    2013-06-11 12:39:03 -------- d-----r- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Jogos
    2013-06-11 12:39:03 -------- d-----r- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema
    2013-06-11 12:39:03 -------- d-----r- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Entretenimento
    2013-06-11 12:39:03 -------- d-----r- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Acessibilidade
    2013-06-11 12:38:40 -------- d-----r- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas
    2013-06-11 12:36:10 -------- d-----r- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Comunicações
    2013-06-11 12:36:10 -------- d-----r- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios
    2013-06-11 09:29:34 88CF0FF92A4A9FA7BD9B7513B2E9E22B 62 --sha-w- C:\Documents and Settings\Default User\Dados de aplicativos\desktop.ini
    2013-06-11 09:29:34 88CF0FF92A4A9FA7BD9B7513B2E9E22B 62 --sha-w- C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini
    2013-06-11 09:29:34 -------- d-----r- C:\Documents and Settings\Default User\Menu Iniciar\Programas\Inicializar
    2013-06-11 09:29:34 -------- d-----r- C:\Documents and Settings\Default User\Menu Iniciar\Programas
    2013-06-11 09:29:34 -------- d-----r- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar
    2013-06-11 09:29:34 -------- d-----r- C:\Documents and Settings\All Users\Menu Iniciar\Programas
    2013-06-11 09:29:19 -------- d-s---w- C:\Documents and Settings\Default User\Dados de aplicativos\Microsoft
    2013-06-11 09:29:18 -------- d-s---w- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft
    ====== C:\Documents and Settings\f001699 ======
    2013-07-10 14:31:30 C289336FA008E9262C7D688A57D2DE3B 5703717 ----a-w- C:\Documents and Settings\f001699\Desktop\ZHPDiag2.exe
    2013-07-10 14:28:52 -------- d-s---w- C:\Documents and Settings\NetworkService\Cookies
    2013-06-11 12:57:48 -------- d-s---w- C:\Documents and Settings\f001699\UserData
    2013-06-11 12:47:54 CF42706B85EBB4A873A927ACEA0C9E12 210 --sh--w- C:\Documents and Settings\f001699\ntuser.ini
    2013-06-11 12:47:53 -------- d-s---w- C:\Documents and Settings\f001699\Cookies
    2013-06-11 12:47:53 -------- d--h--w- C:\Documents and Settings\f001699\Modelos
    2013-06-11 12:47:53 -------- d--h--w- C:\Documents and Settings\f001699\Configurações locais
    2013-06-11 12:47:53 -------- d--h--w- C:\Documents and Settings\f001699\Ambiente de rede
    2013-06-11 12:47:53 -------- d--h--w- C:\Documents and Settings\f001699\Ambiente de impressão
    2013-06-11 12:47:53 -------- d--h--r- C:\Documents and Settings\f001699\SendTo
    2013-06-11 12:47:53 -------- d--h--r- C:\Documents and Settings\f001699\Recent
    2013-06-11 12:47:53 -------- d--h--r- C:\Documents and Settings\f001699\Dados de aplicativos
    2013-06-11 12:47:53 -------- d-----w- C:\Documents and Settings\f001699\Desktop
    2013-06-11 12:47:53 -------- d-----r- C:\Documents and Settings\f001699\Meus documentos
    2013-06-11 12:47:53 -------- d-----r- C:\Documents and Settings\f001699\Menu Iniciar
    2013-06-11 12:47:53 -------- d-----r- C:\Documents and Settings\f001699\Favoritos
    2013-06-11 12:44:45 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Documents and Settings\LocalService\ntuser.ini
    2013-06-11 12:44:44 -------- d-s---w- C:\Documents and Settings\LocalService\Cookies
    2013-06-11 12:44:44 -------- d--h--w- C:\Documents and Settings\LocalService\Configurações locais
    2013-06-11 12:44:44 -------- d-----w- C:\Documents and Settings\LocalService\Dados de aplicativos
    2013-06-11 12:44:42 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Documents and Settings\NetworkService\ntuser.ini
    2013-06-11 12:44:41 -------- d--h--w- C:\Documents and Settings\NetworkService\Configurações locais
    2013-06-11 12:44:41 -------- d-----w- C:\Documents and Settings\NetworkService\Dados de aplicativos
    2013-06-11 12:40:46 -------- d-sh--w- C:\Documents and Settings\All Users\DRM
    2013-06-11 09:29:34 -------- d--h--w- C:\Documents and Settings\Default User\Recent
    2013-06-11 09:29:34 -------- d--h--w- C:\Documents and Settings\Default User\Modelos
    2013-06-11 09:29:34 -------- d--h--w- C:\Documents and Settings\Default User\Ambiente de rede
    2013-06-11 09:29:34 -------- d--h--w- C:\Documents and Settings\Default User\Ambiente de impressão
    2013-06-11 09:29:34 -------- d--h--w- C:\Documents and Settings\All Users\Modelos
    2013-06-11 09:29:34 -------- d--h--r- C:\Documents and Settings\Default User\SendTo
    2013-06-11 09:29:34 -------- d--h--r- C:\Documents and Settings\Default User\Configurações locais
    2013-06-11 09:29:34 -------- d-----w- C:\Documents and Settings\Default User\Meus documentos
    2013-06-11 09:29:34 -------- d-----w- C:\Documents and Settings\Default User\Favoritos
    2013-06-11 09:29:34 -------- d-----w- C:\Documents and Settings\Default User\Desktop
    2013-06-11 09:29:34 -------- d-----w- C:\Documents and Settings\All Users\Favoritos
    2013-06-11 09:29:34 -------- d-----w- C:\Documents and Settings\All Users\Desktop
    2013-06-11 09:29:34 -------- d-----r- C:\Documents and Settings\Default User\Menu Iniciar
    2013-06-11 09:29:34 -------- d-----r- C:\Documents and Settings\All Users\Menu Iniciar
    2013-06-11 09:29:34 -------- d-----r- C:\Documents and Settings\All Users\Documentos
    2013-06-11 09:29:19 -------- d--h--r- C:\Documents and Settings\Default User\Dados de aplicativos
    2013-06-11 09:29:18 -------- d--h--r- C:\Documents and Settings\All Users\Dados de aplicativos

    ====== C: exe-files ==
    2013-07-10 14:32:47 F3A37421DBD1AAA36558C97572C91C5A 147456 ----a-w- C:\Arquivos de programas\ZHPDiag\catchme.exe
    2013-07-10 14:32:47 CB2D120A4B72422A8141192831B1F500 80384 ----a-w- C:\Arquivos de programas\ZHPDiag\mbrcheck.exe
    2013-07-10 14:32:47 5DAF7081A4BB112FA3F1915819330A3E 61440 ----a-w- C:\Arquivos de programas\ZHPDiag\pv.exe
    2013-07-10 14:32:47 5BBF2A0351E336646022D09009560CEF 143360 ----a-w- C:\Arquivos de programas\ZHPDiag\FileInfos.exe
    2013-07-10 14:32:46 A3F7B76494E5F3D32B05824241E82AD0 2726912 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPFix\ZHPFix.exe
    2013-07-10 14:32:46 9DAA7218961710008D7385B01BD3F386 89088 ----a-w- C:\Arquivos de programas\ZHPDiag\mbr.exe
    2013-07-10 14:32:46 6B8AF3A2A3D9059008B55C444461CA00 61952 ----a-w- C:\Arquivos de programas\ZHPDiag\Lads.exe
    2013-07-10 14:32:46 53CDBB093B0AEE9FD6CF1CBD25A95077 290304 ----a-w- C:\Arquivos de programas\ZHPDiag\subinacl.exe
    2013-07-10 14:32:46 451AE03D3C92777F09840CA56F08AB62 454056 ----a-w- C:\Arquivos de programas\ZHPDiag\setacl32.exe
    2013-07-10 14:32:46 3E350EB5DF15C06DEC400A39DD1C6F29 559528 ----a-w- C:\Arquivos de programas\ZHPDiag\setacl64.exe
    2013-07-10 14:32:46 2312A38B8B003330DB919FA818C48449 231048 ----a-w- C:\Arquivos de programas\ZHPDiag\sigcheck.exe
    2013-07-10 14:32:45 E121530C2838C67C06A6AE0AEDC13B72 7693824 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe
    2013-07-10 14:32:44 1321DC81E317EE48C4D004775FB29AC9 1916928 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPFix\ZHPhep.exe
    2013-07-10 14:32:42 8AE13B97BFCAD6C7D3B8C8A1C298EFB4 694736 ----a-w- C:\Arquivos de programas\ZHPDiag\unins000.exe
    2013-07-10 14:32:42 1321DC81E317EE48C4D004775FB29AC9 1916928 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPhep.exe
    2013-07-10 14:31:30 C289336FA008E9262C7D688A57D2DE3B 5703717 ----a-w- C:\Documents and Settings\f001699\Desktop\ZHPDiag2.exe
    2013-07-10 14:06:53 CADB272437303A84D348374689706F3D 608768 ----a-w- C:\cmdcons\autofmt.exe
    2013-07-10 14:06:53 B216D577D9F66E90C211A5BC5D3AEE75 616960 ----a-w- C:\cmdcons\autochk.exe
    2013-07-10 14:04:13 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe
    2013-07-10 14:04:13 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe
    2013-07-10 14:04:13 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe
    2013-07-10 14:04:13 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe
    2013-07-10 14:04:13 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe
    2013-07-10 13:52:58 F77796B412A0A0B436B210367FCE2AB3 552529 ----a-w- C:\Documents and Settings\f001699\Meus documentos\Downloads\JRT.exe
    2013-07-10 13:44:53 1078C8BD8C62CF4DEE6FE1058C3D56A7 650027 ----a-w- C:\Documents and Settings\f001699\Meus documentos\Downloads\adwcleaner.exe
    2013-07-09 16:24:20 C3190BA6ED6220369EEEED081A14DDFC 59784 ----atw- C:\Arquivos de programas\Google\Update\1.3.21.149\GoogleUpdateOnDemand.exe
    2013-07-09 16:24:20 5F42FBCE3A8D9ED552E9852A23CA382F 800024 ----a-w- C:\Arquivos de programas\Google\Update\1.3.21.149\GoogleUpdateSetup.exe
    2013-07-09 16:24:20 1017788353D8349BF6086B9CDDC8CB7B 59784 ----atw- C:\Arquivos de programas\Google\Update\1.3.21.149\GoogleUpdateBroker.exe
    2013-07-09 16:24:18 CA35155F6B4C4DB2513AAAA868BAFF47 324488 ----atw- C:\Arquivos de programas\Google\Update\1.3.21.149\GoogleCrashHandler64.exe
    2013-07-09 16:24:18 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Arquivos de programas\Google\Update\1.3.21.149\GoogleUpdate.exe
    2013-07-09 16:24:18 09C87F376507122A5FE1CBE06E015512 239496 ----atw- C:\Arquivos de programas\Google\Update\1.3.21.149\GoogleCrashHandler.exe
    2013-07-09 16:23:41 5F42FBCE3A8D9ED552E9852A23CA382F 800024 ----a-w- C:\Arquivos de programas\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.149\GoogleUpdateSetup.exe
    2013-07-05 06:07:12 930329E9BEC2E57F7D3ADF48364D1F5C 721464 ----a-w- C:\Documents and Settings\f001699\Dados de aplicativos\eUpdate\6681F97A8AE4404aBE5B6133B67A6528\eXQ.exe
    2013-07-05 06:07:12 640D75DC77F6D0CFE654F7EA5BFE1421 386112 ----a-w- C:\Documents and Settings\f001699\Dados de aplicativos\eUpdate\6681F97A8AE4404aBE5B6133B67A6528\eSafe\eGdpSvc.exe
    === C: other files ==
    2013-07-10 14:05:12 8A91154C3EAC70DD8B6125430A87175D 7457 ----a-w- C:\Qoobox\BackEnv\SetPath.bat

    ==== Startup Registry Enabled ======================

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

    [HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21022\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast"="C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe /nogui"
    "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto"
    "SunJavaUpdateSched"="C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

    ==== Startup Registry Disabled ======================

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="AdobeARM"
    "hkey"="HKLM"
    "command"="\"C:\\Arquivos de programas\\Arquivos comuns\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Reader_sl"
    "hkey"="HKLM"
    "command"="\"C:\\Arquivos de programas\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="hkcmd"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\hkcmd.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="igfxtray"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\igfxtray.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="igfxpers"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\igfxpers.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="jusched"
    "hkey"="HKLM"
    "command"="\"C:\\Arquivos de programas\\Arquivos comuns\\Java\\Java Update\\jusched.exe\""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SysTrayApp]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="sttray"
    "hkey"="HKLM"
    "command"="%ProgramFiles%\\IDT\\WDM\\sttray.exe"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^f001699^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]
    "path"="C:\\Documents and Settings\\f001699\\Menu Iniciar\\Programas\\Inicializar\\Recorte de tela e Iniciador do OneNote 2007.lnk"
    "backup"="C:\\WINDOWS\\pss\\Recorte de tela e Iniciador do OneNote 2007.lnkStartup"
    "command"="C:\\ARQUIV~1\\MICROS~2\\Office12\\ONENOTEM.EXE /tsr"
    "item"="Recorte de tela e Iniciador do OneNote 2007"


    ==== Task Scheduler Jobs ======================

    C:\WINDOWS\tasks\avast\Undetermined Task.exe []
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [11/06/2013 10:18]
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [11/06/2013 10:18]

    ==== Firefox Extensions ======================

    ==== Firefox Plugins ======================


    ==== Chrome Look ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
    pflphaooapbgpeakohlggbpidpppgdff - C:\DOCUME~1\f001699\CONFIG~1\DADOSD~1\mysearchdial_speedial_v9.0.2.crx[13/06/2013 09:36]

    HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
    pflphaooapbgpeakohlggbpidpppgdff - C:\DOCUME~1\f001699\CONFIG~1\DADOSD~1\mysearchdial_speedial_v9.0.2.crx[13/06/2013 09:36]

    ==== Set IE to Default ======================

    Old Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.com"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.com"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
    "Tabs"="http://www.google.com"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
    No DefaultScope Set For HKCU

    New Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.com"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
    "(Default)"="http://search.msn.com/results.asp?q=%s"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
    "Tabs"="res://ieframe.dll/tabswelcome.htm"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
    "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512  Url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
    {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

    ==== Empty IE Cache ======================

    C:\Documents and Settings\Default User\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\f001699\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\LocalService\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully

    ==== Empty FireFox Cache ======================

    No FireFox Cache found

    ==== Empty Chrome Cache ======================

    No Chrome User Data found

    ==== Empty All Flash Cache ======================

    Flash Cache Emptied Successfully

    ==== Empty All Java Cache ======================

    No Java Cache Found

    ==== After Reboot ======================

    ==== Empty Temp Folders ======================

    C:\WINDOWS\Temp successfully emptied
    C:\DOCUME~1\f001699\CONFIG~1\Temp successfully emptied

    ==== Empty Recycle Bin ======================

    C:\RECYCLER successfully emptied

    ==== EOF on 10/07/2013 at 11:44:48,26 ======================

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: PC infectado, IE travando e propagandas aparecendo do nada

    Mensagem por joram em Qua Jul 10, 2013 10:51 am

    Bom Dia! Edvan

    ---\\ Windows Product Information
    ~ Langage: Anglais
    Windows XP Professional Service Pack 2 (Build 2600)
    |- Caso queira instalar o SP3,para este XP,observe a linguagem! ( Anglais )

    -/-

    |- Feche programas/pastas que estejam abertas.
    |- Feche,também,o navegador!
    |- Para Windows Vista,desabilite a [Você precisa estar registrado e conectado para ver este link.].

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
    |- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".
    #####

    O43 - CFD: 01/07/2013 - 07:54:53 - [0] ----D C:\Arquivos de programas\LyricsOn 
    O43 - CFD: 13/06/2013 - 09:34:04 - [0] ----D C:\Documents and Settings\f001699\Configurações locais\Dados de aplicativos\DealPlyLive 
    O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (...) --  C:\Arquivos de programas\Google\Chrome\Application\chrome.exe" [Você precisa estar registrado e conectado para ver este link.]

    C:\Documents and Settings\f001699\Configurações locais\Dados de aplicativos\DealPlyLive 
    C:\Arquivos de programas\LyricsOn 

    [HKCU\Software\LyricsBot] 

    proxyfix
    emptytemp
    emptyclsid
    emptyflash
    firewallraz
    sysrestore

    #####
    |- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
    |- Minimize o Bloco de Notas.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Clique no menu,"Paste ClipBoard".
    |- Evite a opção "Colar" ( Ctrl+V ),no campo amarelo claro,que não habilita o botão "Go".

    [Você precisa estar registrado e conectado para ver este link.]

    |- Clique "GO" -> Oui.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
    |- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

    Abs!

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: PC infectado, IE travando e propagandas aparecendo do nada

    Mensagem por Edvan em Qua Jul 10, 2013 11:00 am

    Quando vir a tarde instalo o SP3.

    Rapport de ZHPFix 2013.6.12.3 par Nicolas Coolman, Update du 12/06/2013
    Fichier d'export Registre : 
    Run by f001699 at 10/07/2013 12:01:10
    High Elevated Privileges : OK
    Windows XP Professional Service Pack 2 (Build 2600)

    Recycle Files Deleted

    ========== Registry Key ==========
    DELETED Key: HKCU\Software\LyricsBot

    ========== Registry Value ==========
    ProxyFix : Proxy killed successfully
    DELETED ProxyServer Value
    DELETED ProxyEnable Value
    DELETED EnableHttp1_1 Value
    DELETED ProxyHttp1.1 Value
    DELETED ProxyOverride Value
    DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe
    DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe
    No Value in Firewall Exception Register Key (FirewallRaz)

    ========== Registry Data Items ==========
    REMOVED StartMenuInternet:  C:\Arquivos de programas\Google\Chrome\Application\chrome.exe" [Você precisa estar registrado e conectado para ver este link.]

    ========== Repertory ==========
    No Empty CLSID Directories
    DELETED Flash Cookies

    ========== File ==========
    NOT FOUND Folder/File: c:\documents and settings\f001699\configurações locais\dados de aplicativos\dealplylive
    NOT FOUND Folder/File: c:\arquivos de programas\lyricson
    DELETED Window Temporary
    DELETED Flash Cookies

    ========== Restoration ==========
    Restore System Point created succefully


    ========== Summary ==========
    1 : Registry Key
    9 : Registry Value
    1 : Registry Data Items
    2 : Repertory
    4 : File
    1 : Restoration


    End of clean in 00mn 04s

    ========== Report File ==========
    C:\ZHP\ZHPFix[R1].txt - 10/07/2013 12:01:10 [1506]

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: PC infectado, IE travando e propagandas aparecendo do nada

    Mensagem por joram em Qua Jul 10, 2013 11:08 am

    Olá! Edvan

    |- Baixe: |[Você precisa estar registrado e conectado para ver este link.]| ( ... de Xplode )

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Estando na página,clique na seta verde para o download
    |- Salve-a em um local conveniente! ( desktop! )
    |- Feche aplicativos que estejam abertos.

    [Você precisa estar registrado e conectado para ver este link.]

    |- Execute-a!
    |- Com as duas checkbox marcadas! 
    |- Clique "Run".
    |- Tudo Ok?

    A+

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: PC infectado, IE travando e propagandas aparecendo do nada

    Mensagem por Edvan em Qua Jul 10, 2013 1:00 pm

    Tudo ok meu amigo.

    # DelFix v10.3 - Logfile created 10/07/2013 at 14:01:33
    # Updated 08/06/2013 by Xplode
    # Username : f001699 - FUN0069
    # Operating System : Microsoft Windows XP Service Pack 2 (32 bits)

    ~ Removing disinfection tools ...

    Deleted : C:\Qoobox
    Deleted : C:\ZHP
    Deleted : C:\Arquivos de programas\ZHPDiag
    Deleted : C:\AdwCleaner[S1].txt
    Deleted : C:\ComboFix.txt
    Deleted : C:\PhysicalDisk0_MBR.bin
    Deleted : C:\zoek-results.log
    Deleted : C:\Documents and Settings\f001699\Meus documentos\Downloads\adwcleaner.exe
    Deleted : C:\Documents and Settings\f001699\Meus documentos\Downloads\JRT.exe
    Deleted : C:\WINDOWS\grep.exe
    Deleted : C:\WINDOWS\PEV.exe
    Deleted : C:\WINDOWS\NIRCMD.exe
    Deleted : C:\WINDOWS\MBR.exe
    Deleted : C:\WINDOWS\SED.exe
    Deleted : C:\WINDOWS\SWREG.exe
    Deleted : C:\WINDOWS\SWSC.exe
    Deleted : C:\WINDOWS\SWXCACLS.exe
    Deleted : C:\WINDOWS\Zip.exe
    Deleted : HKLM\SOFTWARE\AdwCleaner
    Deleted : HKLM\SOFTWARE\Swearware
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

    ~ Cleaning system restore ...

    Deleted : RP #1 [Ponto de verificação do sistema | 06/11/2013 12:48:12]
    Deleted : RP #2 [Instalado REALTEK GbE & FE Ethernet PCI NIC Driver | 06/11/2013 14:48:34]
    Deleted : RP #3 [Instalado REALTEK GbE & FE Ethernet PCI-E NIC Driver | 06/11/2013 14:50:15]
    Deleted : RP #4 [Instalado SoundMAX | 06/11/2013 14:51:37]
    Deleted : RP #5 [Instalado SoundMAX | 06/11/2013 14:51:48]
    Deleted : RP #6 [Installed Windows XP KB888111WXPSP2. | 06/11/2013 14:53:15]
    Deleted : RP #7 [Instalado IDT Audio | 06/11/2013 14:54:08]
    Deleted : RP #8 [Configuração do(a) avast! Free Antivirus | 06/11/2013 20:37:23]
    Deleted : RP #9 [Installed Microsoft Office Enterprise 2007 | 06/11/2013 20:51:39]
    Deleted : RP #10 [Driver de impressão Send To Microsoft OneNote Driver instalado | 06/11/2013 21:03:41]
    Deleted : RP #11 [Driver de impressão Microsoft Office Document Image W instalado | 06/11/2013 21:04:22]
    Deleted : RP #12 [Installed Adobe Reader 9.5.0 - Português. | 06/11/2013 21:49:58]
    Deleted : RP #13 [Ponto de verificação do sistema | 06/13/2013 11:21:21]
    Deleted : RP #14 [Instalado Java 7 Update 21 | 06/13/2013 12:13:47]
    Deleted : RP #15 [Removido Java 7 Update 21 | 06/13/2013 12:28:17]
    Deleted : RP #16 [Instalado Java 7 Update 21 | 06/13/2013 12:29:04]
    Deleted : RP #17 [Removido Java 7 Update 21 | 06/13/2013 12:41:49]
    Deleted : RP #18 [Instalado Java 7 Update 21 | 06/13/2013 12:42:28]
    Deleted : RP #19 [Ponto de verificação do sistema | 06/14/2013 15:16:24]
    Deleted : RP #20 [Ponto de verificação do sistema | 06/17/2013 15:17:33]
    Deleted : RP #21 [Ponto de verificação do sistema | 06/18/2013 16:06:23]
    Deleted : RP #22 [Ponto de verificação do sistema | 06/19/2013 18:56:28]
    Deleted : RP #23 [Ponto de verificação do sistema | 06/21/2013 15:25:45]
    Deleted : RP #24 [Ponto de verificação do sistema | 06/25/2013 13:26:47]
    Deleted : RP #25 [Ponto de verificação do sistema | 06/26/2013 14:36:56]
    Deleted : RP #26 [Ponto de verificação do sistema | 06/27/2013 15:17:01]
    Deleted : RP #27 [Ponto de verificação do sistema | 06/28/2013 16:06:34]
    Deleted : RP #28 [Ponto de verificação do sistema | 06/01/2013 13:22:02]
    Deleted : RP #29 [Ponto de verificação do sistema | 07/02/2013 15:16:56]
    Deleted : RP #30 [Ponto de verificação do sistema | 07/03/2013 15:29:26]
    Deleted : RP #31 [Ponto de verificação do sistema | 07/05/2013 20:10:58]
    Deleted : RP #32 [Ponto de verificação do sistema | 07/08/2013 15:15:36]
    Deleted : RP #33 [Ponto de verificação do sistema | 07/09/2013 15:16:49]
    Deleted : RP #34 [Removido Java 7 Update 21 | 07/10/2013 14:37:05]
    Deleted : RP #35 [Instalado Java 7 Update 25 | 07/10/2013 14:37:38]
    Deleted : RP #36 [P | 07/10/2013 15:01:10]

    New restore point created !

    ########## - EOF - ##########

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: PC infectado, IE travando e propagandas aparecendo do nada

    Mensagem por Edvan em Qua Jul 10, 2013 1:01 pm

    # DelFix v10.3 - Logfile created 10/07/2013 at 14:02:43
    # Updated 08/06/2013 by Xplode
    # Username : f001699 - FUN0069
    # Operating System : Microsoft Windows XP Service Pack 2 (32 bits)

    ~ Removing disinfection tools ...

    Deleted : C:\Documents and Settings\f001699\Desktop\ComboFix.exe
    Deleted : C:\Documents and Settings\f001699\Desktop\MBRCheck.lnk
    Deleted : C:\Documents and Settings\f001699\Desktop\ZHPDiag.lnk
    Deleted : C:\Documents and Settings\f001699\Desktop\ZHPDiag.txt
    Deleted : C:\Documents and Settings\f001699\Desktop\ZHPDiag2.exe
    Deleted : C:\Documents and Settings\f001699\Desktop\ZHPFix.lnk
    Deleted : C:\Documents and Settings\f001699\Desktop\ZHPFixReport.txt
    Deleted : C:\Documents and Settings\f001699\Desktop\zoek.exe

    ########## - EOF - ##########

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: PC infectado, IE travando e propagandas aparecendo do nada

    Mensagem por joram em Qua Jul 10, 2013 1:06 pm

    CASO RESOLVIDO!

    Necessitando novo auxílio para este computador,basta abrir "Novo Tópico" e relatar o problema.

    Conteúdo patrocinado

    Re: PC infectado, IE travando e propagandas aparecendo do nada

    Mensagem por Conteúdo patrocinado Hoje à(s) 12:55 pm


      Data/hora atual: Sex Dez 02, 2016 12:55 pm