Fórum SecSecurity

Implementando Limpeza e Seguranca em seu computador!

Palavras chave

Últimos assuntos

» ResetBrowser ( ... de Nicolas Coolman )
Ter Maio 31, 2016 5:58 am por joram

» herdProtectScan ( ... by herdprotect.com )
Seg Mar 07, 2016 10:58 pm por joram

» Emsisoft Emergency Kit ( ... by Emsisoft.com )
Dom Fev 28, 2016 5:40 am por joram

» Dr.WEB Link Checker ( ... by Doctor Web.Ltd )
Qui Fev 11, 2016 9:51 am por joram

» Computador com erros no navegador
Sab Ago 29, 2015 8:04 pm por joram

» Justiça determina que PSafe retire alertas desleais
Qua Ago 19, 2015 6:58 am por joram

» Google vai fazer buscas offline internas no desktop do seu PC
Ter Ago 18, 2015 8:19 am por joram

» Baidu lança buscador no Brasil!
Seg Ago 17, 2015 12:25 pm por joram

» Kaspersky é acusada de inventar vírus!
Sex Ago 14, 2015 3:32 pm por joram

Dezembro 2016

SegTerQuaQuiSexSabDom
   1234
567891011
12131415161718
19202122232425
262728293031 

Calendário Calendário

Parceiros

Fórum grátis

Os membros mais marcados


    Notebook com virus, alguns logs para analise.

    Compartilhe

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Notebook com virus, alguns logs para analise.

    Mensagem por Edvan em Seg Abr 22, 2013 10:33 am

    Amigo, não consigo fazer nada nesse notebook em modo normal, fiz alguns procedimentos em modo de segurança.

    # AdwCleaner v2.112 - Relatório criado em 22/04/2013 às 08:52:55
    # Atualizado em 10/02/2013 por Xplode
    # Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
    # Usuário : Administrador - WESCLEI
    # Modo de Boot : Modo Seguro
    # Executado de : C:\Documents and Settings\Administrador\Desktop\AdwCleaner\adwcleaner0.exe
    # Opção [Remover]


    ***** [Serviços] *****

    Encerrado & Removido : SProtection

    ***** [Arquivos/Pastas] *****

    Arquivo Removido : C:\Arquivos de programas\Mozilla Firefox\defaults\pref\all-iminent.js
    Arquivo Removido : C:\Arquivos de programas\Mozilla Firefox\searchplugins\babylon.xml
    Arquivo Removido : C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
    Arquivo Removido : C:\user.js
    Pasta Removido : C:\Arquivos de programas\Arquivos comuns\Umbrella
    Pasta Removido : C:\Arquivos de programas\BabylonToolbar
    Pasta Removido : C:\Arquivos de programas\Claro
    Pasta Removido : C:\Arquivos de programas\DealPly
    Pasta Removido : C:\Arquivos de programas\Iminent
    Pasta Removido : C:\Arquivos de programas\SearchYa!
    Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Ask
    Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
    Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Iminent
    Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia
    Pasta Removido : C:\Documents and Settings\All Users\Menu Iniciar\Programas\DealPly
    Pasta Removido : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Iminent
    Pasta Removido : C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\APN
    Pasta Removido : C:\Documents and Settings\Wesclei\Dados de aplicativos\Babylon
    Pasta Removido : C:\Documents and Settings\Wesclei\Dados de aplicativos\BabylonToolbar
    Pasta Removido : C:\Documents and Settings\Wesclei\Dados de aplicativos\DealPly
    Pasta Removido : C:\Documents and Settings\Wesclei\Dados de aplicativos\Iminent
    Pasta Removido : C:\Documents and Settings\Wesclei\Dados de aplicativos\Ironsource

    ***** [Registro] *****

    Chave Removida : HKLM\Software\Babylon
    Chave Removida : HKLM\Software\BabylonToolbar
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\b
    Chave Removida : HKLM\SOFTWARE\Classes\Babylon.dskBnd
    Chave Removida : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
    Chave Removida : HKLM\SOFTWARE\Classes\bbylnApp.appCore
    Chave Removida : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{25927741-5E5B-4D27-8D8B-9188FE64373F}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{54B24FA9-87E8-47FC-8589-F9D382D8B299}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{5B45AC88-523C-431E-86D7-F339B2EE262E}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{6801410E-CC88-42D6-A93B-909E95645407}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{8B0C188C-F6F3-484D-8225-E40262DDE633}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
    Chave Removida : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Chave Removida : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Chave Removida : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
    Chave Removida : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
    Chave Removida : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
    Chave Removida : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc
    Chave Removida : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc.1
    Chave Removida : HKLM\SOFTWARE\Classes\I
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
    Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
    Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
    Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
    Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
    Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
    Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
    Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
    Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2E9A2DCB-F5DB-40D0-8E62-3B47DD476A77}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{59B23951-2232-4AFB-81D4-64A8A16D457A}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{81E522F1-9E90-47DD-A2CE-39B0C00274A0}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8E096DFB-6AB7-45C7-BF64-B313C7096529}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{996A9940-2F2C-4486-A479-439C4A15F278}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9B7D44BA-376C-456F-B289-5034270322FD}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9BD8FF26-2C71-4D35-9FE2-AD8D25AECC36}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{BCE6E914-AEF0-4FEE-8FC8-06F9B42BF890}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{BD8D5FFA-4F92-48AD-BFBE-7896916656F5}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C92E6D80-EC54-45CC-AC4B-A7CF42F11B52}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D1CB564E-F38A-4F2A-8257-60E3F8BE9F34}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F293BBC0-DA7E-4CF1-9EEA-CE90CFE0DF86}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FEFBC559-C3C7-4287-B05B-49D489B80749}
    Chave Removida : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore
    Chave Removida : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore.1
    Chave Removida : HKLM\SOFTWARE\Classes\ironsource.searchyadskBnd
    Chave Removida : HKLM\SOFTWARE\Classes\ironsource.searchyadskBnd.1
    Chave Removida : HKLM\SOFTWARE\Classes\ironsource.searchyaHlpr
    Chave Removida : HKLM\SOFTWARE\Classes\ironsource.searchyaHlpr.1
    Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{69332529-EEC8-4D0D-9FD3-202C4AE8E589}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
    Chave Removida : HKLM\Software\DealPly
    Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Chave Removida : HKLM\Software\Iminent
    Chave Removida : HKLM\Software\Ironsource
    Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IminentMessenger
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\searchya
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25927741-5E5B-4D27-8D8B-9188FE64373F}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{118D6CE9-5F18-42F9-958A-14676A629FDE}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\searchya
    Chave Removida : HKLM\Software\PIP
    Chave Removida : HKLM\Software\Umbrella
    Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{33AA308B-B565-4376-AC66-59EE9B6AD13E}]
    Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
    Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
    Valor Removida : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
    Valor Removida : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Arquivos de programas\Iminent\Iminent.exe]
    Valor Removida : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Arquivos de programas\Iminent\Iminent.Messengers.exe]

    ***** [Navegadores] *****

    -\\ Internet Explorer v7.0.5730.13

    Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = [Você precisa estar registrado e conectado para ver este link.] --> [Você precisa estar registrado e conectado para ver este link.]
    Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = [Você precisa estar registrado e conectado para ver este link.] --> [Você precisa estar registrado e conectado para ver este link.]

    *************************

    AdwCleaner[S1].txt - [38050 octets] - [22/04/2013 08:52:55]

    ########## EOF - C:\AdwCleaner[S1].txt - [38111 octets] ##########



    ComboFix 13-04-22.01 - Administrador 04/22/aaaa 8:59.1.1 - x86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1981.1741 [GMT -3:00]
    Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
    AV: Avira Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADO !!
    .
    .
    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\5iq5XRj3.exe
    c:\documents and settings\All Users\Dados de aplicativos\28D5698DF5DFE3EE000028D540BDE922
    c:\documents and settings\All Users\Dados de aplicativos\28D5698DF5DFE3EE000028D540BDE922\28D5698DF5DFE3EE000028D540BDE922
    c:\documents and settings\All Users\Dados de aplicativos\28D5698DF5DFE3EE000028D540BDE922\28D5698DF5DFE3EE000028D540BDE922.exe
    c:\documents and settings\All Users\Dados de aplicativos\28D5698DF5DFE3EE000028D540BDE922\28D5698DF5DFE3EE000028D540BDE922.ico
    c:\windows\system\CRPE32.DLL
    c:\windows\system\CRXLAT32.DLL
    c:\windows\system\MFC40.DLL
    c:\windows\system\MSJT3032.DLL
    c:\windows\system\MSVCRT20.DLL
    c:\windows\system\MSVCRT40.DLL
    c:\windows\system\P2SODBC.DLL
    c:\windows\system\U2DDISK.DLL
    c:\windows\system\U2FDIF.DLL
    c:\windows\system\U2FREC.DLL
    c:\windows\system\U2FSEPV.DLL
    c:\windows\system\U2FTEXT.DLL
    c:\windows\system\VB40032.DLL
    c:\windows\system\VBAR2232.DLL
    c:\windows\system\VEN2232.OLB
    c:\windows\system32\Cache
    c:\windows\system32\SETB9.tmp
    c:\windows\system32\SETBD.tmp
    c:\windows\system32\SETC5.tmp
    .
    .
    (((((((((((((((( Arquivos/Ficheiros criados de 2013-03-22 to 2013-04-22 ))))))))))))))))))))))))))))
    .
    .
    2013-04-22 11:37 . 2013-04-22 11:37 -------- d-----w- c:\documents and settings\Administrador
    2013-04-20 04:10 . 2013-04-20 04:10 -------- d-----w- c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\Google
    2013-03-25 20:39 . 2013-03-25 20:39 4546560 ----a-w- c:\windows\system32\GPhotos.scr
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-27 22:47 . 2013-02-27 22:47 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-27 22:47 . 2012-06-25 14:04 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-26 23:08 . 2012-06-26 23:08 97208 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll
    .
    .
    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HotKeyDriver.lnk]
    path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HotKeyDriver.lnk
    backup=c:\windows\pss\HotKeyDriver.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^McAfee Security Scan Plus.lnk]
    path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\McAfee Security Scan Plus.lnk
    backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Utility Tray.lnk]
    path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Utility Tray.lnk
    backup=c:\windows\pss\Utility Tray.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2008-06-19 08:20 57344 ------r- c:\windows\Alcmtr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
    2012-08-11 02:41 348664 ----a-w- c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonHK]
    2007-12-07 22:07 77824 ----a-w- c:\windows\BisonCam\BisonHK.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-03-12 00:34 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2008-07-23 08:51 16804864 ------r- c:\windows\RTHDCPL.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
    2007-10-03 07:58 53248 ----a-r- c:\windows\system32\SiSPower.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    2007-01-19 03:34 634880 ----a-r- c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-07-25 08:23 149280 ----a-w- c:\arquivos de programas\Java\jre6\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2012-06-22 23:18 296056 ----a-w- c:\arquivos de programas\Real\RealPlayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3587:TCP"= 3587:TCP:Agrupamento Ponto a Ponto do Windows
    "3540:UDP"= 3540:UDP:Protocolo PNRP (Peer Name Resolution Protocol)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    S0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [9/3/aaaa 23:05 54912]
    S1 360FileOem;360FileOem;c:\windows\system32\drivers\360FileOem.sys [9/3/aaaa 23:05 146304]
    S1 360SpOEM;360SpOEM;c:\windows\system32\drivers\360SpOEM.sys [9/3/aaaa 23:16 64048]
    S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [7/3/aaaa 13:37 36000]
    S2 AntiVirSchedulerService;Avira Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [7/3/aaaa 13:37 86224]
    S2 Iprip;RIP de escuta;c:\windows\System32\svchost.exe -k netsvcs [8/4/aaaa 0:45 14336]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
    S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys --> c:\windows\system32\DRIVERS\ew_jucdcacm.sys [?]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
    S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [6/1/aaaa 11:05 77968]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\arquivos de programas\McAfee Security Scan\3.0.207\McCHSvc.exe [6/17/aaaa 14:33 237008]
    S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [1/16/aaaa 15:38 17408]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [6/1/aaaa 11:15 288000]
    S3 smsbda;SMS Digital Video;c:\windows\system32\drivers\smsbda.sys [10/31/aaaa 17:02 51872]
    S3 ZTEusbdvbh;ZTE HS-USB DVBH-RF Service;c:\windows\system32\drivers\ZTEusbdvbh.sys [10/31/aaaa 17:02 105216]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-04-10 16:05 1642448 ----a-w- c:\arquivos de programas\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2013-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-27 22:48]
    .
    2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-05-27 01:21]
    .
    2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-05-27 01:21]
    .
    2013-04-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-1532298954-682003330-1003.job
    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-04-30 21:21]
    .
    2013-04-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-1532298954-682003330-1003.job
    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-04-30 21:21]
    .
    .
    ------- Scan Suplementar -------
    .
    mStart Page = [Você precisa estar registrado e conectado para ver este link.]
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath -
    .
    - - - - ORFÃOS REMOVIDOS - - - -
    .
    MSConfigStartUp-Actual Booster - c:\arquivos de programas\Loonies\Actual Booster\ActlBstr.exe
    MSConfigStartUp-LogMeIn Hamachi Ui - c:\arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Você precisa estar registrado e conectado para ver este link.]
    Rootkit scan 2013-04-22 09:06
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Procurando processos ocultos ...
    .
    Procurando entradas auto inicializáveis ocultas ...
    .
    Procurando ficheiros/arquivos ocultos ...
    .
    Varredura completada com sucesso
    arquivos/ficheiros ocultos: 0
    .
    **************************************************************************
    .
    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Tempo para conclusão: 2013-04-22 09:08:15
    ComboFix-quarantined-files.txt 2013-04-22 12:08
    .
    Pré-execução: 11 pasta(s) 139.144.507.392 bytes disponíveis
    Pós execução: 14 pasta(s) 139.286.994.944 bytes disponíveis
    .
    - - End Of File - - 6FE1A4CAA1209A145B5A42CA3D96734F



    Malwarebytes Anti-Malware 1.75.0.1300
    [Você precisa estar registrado e conectado para ver este link.]

    Versão da Base de Dados: v2013.04.04.07

    Windows XP Service Pack 3 x86 NTFS (Modo Seguro)
    Internet Explorer 7.0.5730.13
    Administrador :: WESCLEI [administrador]

    4/22/aaaa 09:29:57
    mbam-log-2013-04-22 (09-29-57).txt

    Tipo de Verificação: Verificação Completa (C:\|)
    Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
    Opções de verificação desativadas: P2P
    Objetos escaneados: 290780
    Tempo decorrido: 59 minuto(s), 36 segundo(s)

    Processos de Memória Detectados: 0
    (Não foram detectados ítens maliciosos)

    Módulos de Memória Detectados: 0
    (Não foram detectados ítens maliciosos)

    Chaves de Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)

    Valores de Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)

    Itens de Dados no Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)

    Pastas Detectadas: 0
    (Não foram detectados ítens maliciosos)

    Arquivos Detectados: 14
    C:\Documents and Settings\All Users\2NeW19IW.exe (VirTool.DelfInject) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Documents and Settings\All Users\6Y2QKLDu.exe (Trojan.Buzus) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Documents and Settings\All Users\G7z932V2.exe (Trojan.Buzus) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Documents and Settings\All Users\rGWY2VD0.exe (Trojan.Buzus) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Documents and Settings\Wesclei\Configurações locais\Temp\UPDATE.cpl (Trojan.BanLoad) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\13\7cb4738d-1fd1aa94 (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\32\786248e0-4172e03f (Malware.Packer) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\42\4081e4aa-1a5e8785 (VirTool.DelfInject) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\44\2b1b1cec-1ec0e0c6 (Trojan.Downloader) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\5iq5XRj3.exe.vir (Trojan.Downloader) -> Enviado para a Quarentena e deletado com sucesso.
    C:\System Volume Information\_restore{A03A362D-05CF-48CC-9656-6E980D24DBC7}\RP393\A0085093.exe (Malware.Packer) -> Enviado para a Quarentena e deletado com sucesso.
    C:\System Volume Information\_restore{A03A362D-05CF-48CC-9656-6E980D24DBC7}\RP394\A0085248.exe (Trojan.Downloader) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Documents and Settings\All Users\Desktop\MP3 Downloader.lnk (Rogue.Link) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Arquivos de programas\Mozilla Firefox\0.542882828648037.exe (Exploit.Dropper) -> Enviado para a Quarentena e deletado com sucesso.

    (fim)

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Notebook com virus, alguns logs para analise.

    Mensagem por Edvan em Seg Abr 22, 2013 11:03 am

    Log do Avira.


    Avira Free Antivirus
    Report file date: segunda-feira, 22 de mmmm de aaaa 11:14

    Scanning for 4403550 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available.

    Licensee : Avira Free Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Microsoft Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : WESCLEI

    Version information:
    BUILD.DAT : 12.1.9.1236 40872 Bytes 10/11/aaaa 15:58:00
    AVSCAN.EXE : 12.3.0.48 468256 Bytes 11/15/aaaa 20:28:33
    AVSCAN.DLL : 12.3.0.15 54736 Bytes 7/6/aaaa 00:56:15
    LUKE.DLL : 12.3.0.15 68304 Bytes 7/6/aaaa 00:56:16
    AVSCPLR.DLL : 12.3.0.14 97032 Bytes 7/3/aaaa 16:45:45
    AVREG.DLL : 12.3.0.17 232200 Bytes 7/3/aaaa 16:45:39
    VBASE000.VDF : 7.11.70.0 66736640 Bytes 4/4/aaaa 12:53:56
    VBASE001.VDF : 7.11.70.1 2048 Bytes 4/4/aaaa 12:53:57
    VBASE002.VDF : 7.11.70.2 2048 Bytes 4/4/aaaa 12:53:58
    VBASE003.VDF : 7.11.70.3 2048 Bytes 4/4/aaaa 12:53:58
    VBASE004.VDF : 7.11.70.4 2048 Bytes 4/4/aaaa 12:53:59
    VBASE005.VDF : 7.11.70.5 2048 Bytes 4/4/aaaa 12:54:00
    VBASE006.VDF : 7.11.70.6 2048 Bytes 4/4/aaaa 12:54:00
    VBASE007.VDF : 7.11.70.7 2048 Bytes 4/4/aaaa 12:54:04
    VBASE008.VDF : 7.11.70.8 2048 Bytes 4/4/aaaa 12:54:05
    VBASE009.VDF : 7.11.70.9 2048 Bytes 4/4/aaaa 12:54:06
    VBASE010.VDF : 7.11.70.10 2048 Bytes 4/4/aaaa 12:54:07
    VBASE011.VDF : 7.11.70.11 2048 Bytes 4/4/aaaa 12:54:07
    VBASE012.VDF : 7.11.70.12 2048 Bytes 4/4/aaaa 12:54:08
    VBASE013.VDF : 7.11.70.13 2048 Bytes 4/4/aaaa 12:54:09
    VBASE014.VDF : 7.11.70.103 136192 Bytes 4/5/aaaa 12:54:12
    VBASE015.VDF : 7.11.70.183 183808 Bytes 4/6/aaaa 12:25:34
    VBASE016.VDF : 7.11.71.9 145920 Bytes 4/8/aaaa 22:04:15
    VBASE017.VDF : 7.11.71.115 169472 Bytes 4/10/aaaa 22:04:15
    VBASE018.VDF : 7.11.71.197 172544 Bytes 4/11/aaaa 22:00:27
    VBASE019.VDF : 7.11.71.198 2048 Bytes 4/11/aaaa 22:00:29
    VBASE020.VDF : 7.11.71.199 2048 Bytes 4/11/aaaa 22:00:30
    VBASE021.VDF : 7.11.71.200 2048 Bytes 4/11/aaaa 22:00:33
    VBASE022.VDF : 7.11.71.201 2048 Bytes 4/11/aaaa 22:00:35
    VBASE023.VDF : 7.11.71.202 2048 Bytes 4/11/aaaa 22:00:37
    VBASE024.VDF : 7.11.71.203 2048 Bytes 4/11/aaaa 22:00:38
    VBASE025.VDF : 7.11.71.204 2048 Bytes 4/11/aaaa 22:00:39
    VBASE026.VDF : 7.11.71.205 2048 Bytes 4/11/aaaa 22:00:39
    VBASE027.VDF : 7.11.71.206 2048 Bytes 4/11/aaaa 22:00:43
    VBASE028.VDF : 7.11.71.207 2048 Bytes 4/11/aaaa 22:00:45
    VBASE029.VDF : 7.11.71.208 2048 Bytes 4/11/aaaa 22:00:49
    VBASE030.VDF : 7.11.71.209 2048 Bytes 4/11/aaaa 22:00:49
    VBASE031.VDF : 7.11.71.252 81408 Bytes 4/11/aaaa 22:00:53
    Engine version : 8.2.12.26
    AEVDF.DLL : 8.1.2.10 102772 Bytes 7/11/aaaa 00:56:30
    AESCRIPT.DLL : 8.1.4.106 483709 Bytes 4/11/aaaa 22:02:28
    AESCN.DLL : 8.1.10.4 131446 Bytes 3/27/aaaa 01:58:51
    AESBX.DLL : 8.2.5.12 606578 Bytes 7/3/aaaa 16:45:06
    AERDL.DLL : 8.2.0.88 643444 Bytes 1/20/aaaa 16:00:41
    AEPACK.DLL : 8.3.2.6 827767 Bytes 4/6/aaaa 12:55:48
    AEOFFICE.DLL : 8.1.2.56 205180 Bytes 3/12/aaaa 15:44:01
    AEHEUR.DLL : 8.1.4.286 5845369 Bytes 4/11/aaaa 22:02:17
    AEHELP.DLL : 8.1.25.2 258423 Bytes 10/11/aaaa 19:53:40
    AEGEN.DLL : 8.1.7.2 442741 Bytes 3/27/aaaa 01:58:21
    AEEXP.DLL : 8.4.0.18 192886 Bytes 4/11/aaaa 22:02:35
    AEEMU.DLL : 8.1.3.2 393587 Bytes 7/11/aaaa 00:56:27
    AECORE.DLL : 8.1.31.2 201080 Bytes 2/24/aaaa 15:39:41
    AEBB.DLL : 8.1.1.4 53619 Bytes 11/6/aaaa 01:28:50
    AVWINLL.DLL : 12.3.0.15 27344 Bytes 7/6/aaaa 00:56:14
    AVPREF.DLL : 12.3.0.32 50720 Bytes 11/15/aaaa 20:28:32
    AVREP.DLL : 12.3.0.15 179208 Bytes 7/3/aaaa 16:45:42
    AVARKT.DLL : 12.3.0.33 209696 Bytes 11/15/aaaa 20:28:30
    AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 7/6/aaaa 00:56:15
    SQLITE3.DLL : 3.7.0.1 398288 Bytes 7/6/aaaa 00:56:17
    AVSMTP.DLL : 12.3.0.32 63480 Bytes 8/11/aaaa 02:41:57
    NETNT.DLL : 12.3.0.15 17104 Bytes 7/6/aaaa 00:56:16
    RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 8/11/aaaa 02:34:36
    RCTEXT.DLL : 12.3.0.32 97056 Bytes 11/15/aaaa 20:28:15

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: c:\arquivos de programas\avira\antivir desktop\sysscan.avp
    Logging.............................: default
    Primary action......................: Interactive
    Secondary action....................: Ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: extended

    Start of the scan: segunda-feira, 22 de mmmm de aaaa 11:14

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting search for hidden objects.

    The scan of running processes will be started
    Scan process 'rsmsink.exe' - '28' Module(s) have been scanned
    Scan process 'msdtc.exe' - '40' Module(s) have been scanned
    Scan process 'dllhost.exe' - '60' Module(s) have been scanned
    Scan process 'dllhost.exe' - '45' Module(s) have been scanned
    Scan process 'vssvc.exe' - '48' Module(s) have been scanned
    Scan process 'svchost.exe' - '76' Module(s) have been scanned
    Scan process 'avscan.exe' - '73' Module(s) have been scanned
    Scan process 'svchost.exe' - '34' Module(s) have been scanned
    Scan process 'OctoshapeClient.exe' - '40' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
    Scan process 'avgnt.exe' - '79' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '18' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '40' Module(s) have been scanned
    Scan process 'alg.exe' - '33' Module(s) have been scanned
    Scan process 'wmiapsrv.exe' - '45' Module(s) have been scanned
    Scan process 'avshadow.exe' - '26' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '98' Module(s) have been scanned
    Scan process 'svchost.exe' - '38' Module(s) have been scanned
    Scan process 'snmp.exe' - '46' Module(s) have been scanned
    Scan process 'tcpsvcs.exe' - '34' Module(s) have been scanned
    Scan process 'SeaPort.exe' - '45' Module(s) have been scanned
    Scan process 'jqs.exe' - '96' Module(s) have been scanned
    Scan process 'inetinfo.exe' - '83' Module(s) have been scanned
    Scan process 'GoogleUpdate.exe' - '43' Module(s) have been scanned
    Scan process 'svchost.exe' - '39' Module(s) have been scanned
    Scan process 'avguard.exe' - '60' Module(s) have been scanned
    Scan process 'sched.exe' - '39' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '63' Module(s) have been scanned
    Scan process 'svchost.exe' - '45' Module(s) have been scanned
    Scan process 'svchost.exe' - '32' Module(s) have been scanned
    Scan process 'svchost.exe' - '30' Module(s) have been scanned
    Scan process 'svchost.exe' - '168' Module(s) have been scanned
    Scan process 'svchost.exe' - '39' Module(s) have been scanned
    Scan process 'svchost.exe' - '52' Module(s) have been scanned
    Scan process 'lsass.exe' - '58' Module(s) have been scanned
    Scan process 'services.exe' - '36' Module(s) have been scanned
    Scan process 'winlogon.exe' - '74' Module(s) have been scanned
    Scan process 'csrss.exe' - '14' Module(s) have been scanned
    Scan process 'smss.exe' - '2' Module(s) have been scanned

    Starting to scan executable files (registry).
    The registry was scanned ( '1562' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\Documents and Settings\All Users\Documentos\microsoft\MARIAMEDEIROS.eml
    [0] Archive type: MIME
    --> object
    [DETECTION] Contains recognition pattern of the EXP/Iframe.B exploit
    --> pp.exe
    [DETECTION] Contains recognition pattern of the WORM/RunOnce.B2 worm
    C:\Documents and Settings\All Users\Documentos\Minhas músicas\My Playlists\MARIAMEDEIROS.eml
    [0] Archive type: MIME
    --> object
    [DETECTION] Contains recognition pattern of the EXP/Iframe.B exploit
    --> pp.exe
    [DETECTION] Contains recognition pattern of the WORM/RunOnce.B2 worm
    C:\Documents and Settings\All Users\Documentos\Minhas músicas\Sync Playlists\MARIAMEDEIROS.eml
    [0] Archive type: MIME
    --> object
    [DETECTION] Contains recognition pattern of the EXP/Iframe.B exploit
    --> pp.exe
    [DETECTION] Contains recognition pattern of the WORM/RunOnce.B2 worm
    C:\Documents and Settings\All Users\Documentos\Minhas músicas\Sync Playlists\38B96C\MARIAMEDEIROS.eml
    [0] Archive type: MIME
    --> object
    [DETECTION] Contains recognition pattern of the EXP/Iframe.B exploit
    --> pp.exe
    [DETECTION] Contains recognition pattern of the WORM/RunOnce.B2 worm
    C:\Documents and Settings\Wesclei\Configurações locais\Temp\{4A830C85-E314-4D1B-90AB-E6F368F3FBB9}-chrome_installer.exe
    [WARNING] The file could not be read!
    C:\Documents and Settings\Wesclei\Configurações locais\Temp\{9B9C219C-B306-4215-9D9C-A2DEEE984025}-25.0.1364.152_25.0.1364.97_chrome_updater.exe
    [WARNING] The file could not be read!
    C:\Documents and Settings\Wesclei\Configurações locais\Temporary Internet Files\Content.IE5\969EKSO1\wbk45.tmp
    [DETECTION] Contains recognition pattern of the EXP/Iframe.B exploit
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\0\6685d300-13b8c2c8
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452 exploit
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\0\6fc8e380-7db8de90
    [0] Archive type: ZIP
    --> ana/velet/hakcagiry$StreamConnector.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-1723.A.164 exploit
    --> ana/velet/hakcagiry.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-1723.A.158 exploit
    --> baba/atakyapan.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-1723.A.176 exploit
    --> baba/mortlamer.class
    [DETECTION] Contains recognition pattern of the EXP/JAVA.Ivinest.Gen exploit
    --> baba/mortlamericagiran.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-1723.A.161 exploit
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\1\2b89a7c1-40e8d4d4
    [0] Archive type: ZIP
    --> ph.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.HV Java virus
    --> c_ed.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.B Java virus
    --> c_gP.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.I exploit
    --> c_js.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.C Java virus
    --> e_ini.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.I Java virus
    --> P_c.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DA Java virus
    --> dM.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DR Java virus
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\15\5295cc8f-52665e9f
    [0] Archive type: ZIP
    --> d.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.M Java virus
    --> e.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IJ Java virus
    --> f.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.149 exploit
    --> b.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Trea.ES.1 Java virus
    --> g.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.EO Java virus
    --> c.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.571 exploit
    --> a.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IK Java virus
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\15\5c30400f-6cb87ca6
    [0] Archive type: ZIP
    --> c_ed.class
    [DETECTION] Contains recognition pattern of the JAVA/Inject.AN Java virus
    --> c_gP.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.I exploit
    --> c_js.class
    [DETECTION] Contains recognition pattern of the EXP/2008-4910.B exploit
    --> e_ini.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.E Java virus
    --> P_c.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.B exploit
    --> dM.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DT Java virus
    --> xpp.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2011-3544 exploit
    --> CEncrypt.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.HT Java virus
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\16\789d3bd0-7e691a94
    [0] Archive type: ZIP
    --> pia.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.FV Java virus
    --> c_ed.class
    [DETECTION] Contains recognition pattern of the JAVA/Inject.AK Java virus
    --> c_gP.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.I exploit
    --> c_js.class
    [DETECTION] Contains recognition pattern of the EXP/2008-4910.B exploit
    --> e_ini.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.FX Java virus
    --> P_c.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.B exploit
    --> dM.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DT Java virus
    --> a_ss.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.FZ Java virus
    --> CEncrypt.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.FY Java virus
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\17\15000411-72025384
    [0] Archive type: ZIP
    --> pia.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.12 exploit
    --> c_ed.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.CL exploit
    --> c_gP.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.I exploit
    --> c_js.class
    [DETECTION] Contains recognition pattern of the EXP/2008-4910.B exploit
    --> e_ini.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.FX Java virus
    --> P_c.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.B exploit
    --> dM.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DT Java virus
    --> a_ss.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.FZ Java virus
    --> CEncrypt.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.13 exploit
    --> oDD.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.28 exploit
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\17\6f497b11-58083098
    [0] Archive type: ZIP
    --> ph.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.HV Java virus
    --> c_ed.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.B Java virus
    --> c_gP.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.I exploit
    --> c_js.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.C Java virus
    --> e_ini.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.I Java virus
    --> P_c.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DA Java virus
    --> dM.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DR Java virus
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\19\40353553-7755ebd5
    [0] Archive type: ZIP
    --> Rinoceronte.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2011-3544 exploit
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\26\7445fa9a-29c26f27
    [0] Archive type: ZIP
    --> d.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.M Java virus
    --> e.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IJ Java virus
    --> f.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.149 exploit
    --> b.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Trea.ES.1 Java virus
    --> g.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.EO Java virus
    --> c.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.571 exploit
    --> a.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IK Java virus
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\4\4d9d4d84-7c743408
    [0] Archive type: ZIP
    --> ph.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.HV Java virus
    --> c_ed.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.B Java virus
    --> c_gP.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.I exploit
    --> c_js.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.C Java virus
    --> e_ini.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.I Java virus
    --> P_c.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DA Java virus
    --> dM.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DR Java virus
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\42\46a0df2a-273d1180
    [0] Archive type: ZIP
    --> FAQ/CheckList.class
    [DETECTION] Is the TR/Agent.410 Trojan
    --> FAQ/constant.class
    [DETECTION] Is the TR/Agent.708.1 Trojan
    --> FAQ/Template.class
    [DETECTION] Contains recognition pattern of the JAVA/Exdoer.CK Java virus
    --> tools/Commander.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840 exploit
    --> tools/Env.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.N exploit
    --> tools/Syntax.class
    [DETECTION] Contains recognition pattern of the JAVA/Exdoer.CQ Java virus
    --> tools/XmlStandard.class
    [DETECTION] Contains recognition pattern of the JAVA/Exdoer.CO Java virus
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\47\32fad7ef-5690171f
    [0] Archive type: ZIP
    --> ph.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.HV Java virus
    --> c_ed.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.B Java virus
    --> c_gP.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.I exploit
    --> c_js.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.C Java virus
    --> e_ini.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.I Java virus
    --> P_c.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DA Java virus
    --> dM.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DR Java virus
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\47\3e81456f-3433525b
    [0] Archive type: ZIP
    --> leclass
    [1] Archive type: ZIP
    --> aprin.sys
    [DETECTION] Is the TR/Rootkit.Gen2 Trojan
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\48\10db77f0-20a7de34
    [0] Archive type: ZIP
    --> ph.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.HV Java virus
    --> c_ed.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.B Java virus
    --> c_gP.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.I exploit
    --> c_js.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.C Java virus
    --> e_ini.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.I Java virus
    --> P_c.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DA Java virus
    --> dM.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DR Java virus
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\57\2e3ab339-4bc5062e
    [0] Archive type: ZIP
    --> d.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.M Java virus
    --> e.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IJ Java virus
    --> f.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.149 exploit
    --> b.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Trea.ES.1 Java virus
    --> g.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.EO Java virus
    --> c.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.571 exploit
    --> a.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IK Java virus
    --> i.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IL Java virus
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\6\78804e06-604e1bc3
    [0] Archive type: ZIP
    --> plus
    [1] Archive type: ZIP
    --> plusdriver.sys
    [DETECTION] Is the TR/Rootkit.Gen2 Trojan
    --> plusdriver64.sys
    [DETECTION] Is the TR/Rootkit.Gen2 Trojan
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\63\1690aa7f-7cbbfec7
    [0] Archive type: ZIP
    --> d.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.M Java virus
    --> e.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IJ Java virus
    --> f.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.149 exploit
    --> b.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Trea.ES.1 Java virus
    --> g.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.EO Java virus
    --> c.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.571 exploit
    --> a.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IK Java virus
    C:\System Volume Information\_restore{A03A362D-05CF-48CC-9656-6E980D24DBC7}\RP394\A0085336.exe
    [DETECTION] Is the TR/Graftor.36458.1 Trojan
    C:\System Volume Information\_restore{A03A362D-05CF-48CC-9656-6E980D24DBC7}\RP394\A0085337.exe
    [DETECTION] Is the TR/Agent.27247225 Trojan
    C:\System Volume Information\_restore{A03A362D-05CF-48CC-9656-6E980D24DBC7}\RP394\A0085338.exe
    [DETECTION] Is the TR/Agent.27247225 Trojan
    C:\System Volume Information\_restore{A03A362D-05CF-48CC-9656-6E980D24DBC7}\RP394\A0085339.exe
    [DETECTION] Is the TR/Agent.27247225 Trojan
    C:\WINDOWS\SoftwareDistribution\Download\19145a936940ad16676ac3452559ca72\BIT24B.tmp
    [0] Archive type: CAB SFX (self extracting)
    --> _sfx_0000._p
    [WARNING] The file could not be written!
    C:\WINDOWS\SoftwareDistribution\Download\d0b4e99442b58ecc16a84ff4bd78e3ed\BIT1A.tmp
    [0] Archive type: CAB SFX (self extracting)
    --> _sfx_0001._p
    [WARNING] The file could not be written!
    C:\WINDOWS\SoftwareDistribution\Download\f2fdf3094eb026ed64b501a3eb87754c\BIT246.tmp
    [0] Archive type: CAB SFX (self extracting)
    --> _sfx_0000._p
    [WARNING] The file could not be written!

    Beginning disinfection:
    C:\System Volume Information\_restore{A03A362D-05CF-48CC-9656-6E980D24DBC7}\RP394\A0085339.exe
    [DETECTION] Is the TR/Agent.27247225 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '5267f494.qua'.
    C:\System Volume Information\_restore{A03A362D-05CF-48CC-9656-6E980D24DBC7}\RP394\A0085338.exe
    [DETECTION] Is the TR/Agent.27247225 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '4af0db24.qua'.
    C:\System Volume Information\_restore{A03A362D-05CF-48CC-9656-6E980D24DBC7}\RP394\A0085337.exe
    [DETECTION] Is the TR/Agent.27247225 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '18af81a0.qua'.
    C:\System Volume Information\_restore{A03A362D-05CF-48CC-9656-6E980D24DBC7}\RP394\A0085336.exe
    [DETECTION] Is the TR/Graftor.36458.1 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '7e98ce5d.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\63\1690aa7f-7cbbfec7
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IK Java virus
    [NOTE] The file was moved to the quarantine directory under the name '3b17e382.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\6\78804e06-604e1bc3
    [DETECTION] Is the TR/Rootkit.Gen2 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '440fd1e5.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\57\2e3ab339-4bc5062e
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IL Java virus
    [NOTE] The file was moved to the quarantine directory under the name '08b2fd99.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\48\10db77f0-20a7de34
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DR Java virus
    [NOTE] The file was moved to the quarantine directory under the name '74dbbdf6.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\47\3e81456f-3433525b
    [DETECTION] Is the TR/Rootkit.Gen2 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '59f59284.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\47\32fad7ef-5690171f
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DR Java virus
    [NOTE] The file was moved to the quarantine directory under the name '40eba923.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\42\46a0df2a-273d1180
    [DETECTION] Contains recognition pattern of the JAVA/Exdoer.CO Java virus
    [NOTE] The file was moved to the quarantine directory under the name '2cba8518.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\4\4d9d4d84-7c743408
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DR Java virus
    [NOTE] The file was moved to the quarantine directory under the name '5d7bbcbb.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\26\7445fa9a-29c26f27
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IK Java virus
    [NOTE] The file was moved to the quarantine directory under the name '53668c4c.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\19\40353553-7755ebd5
    [DETECTION] Contains recognition pattern of the EXP/CVE-2011-3544 exploit
    [NOTE] The file was moved to the quarantine directory under the name '164ef502.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\17\6f497b11-58083098
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DR Java virus
    [NOTE] The file was moved to the quarantine directory under the name '1f44f193.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\17\15000411-72025384
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.28 exploit
    [NOTE] The file was moved to the quarantine directory under the name '4709e8cd.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\16\789d3bd0-7e691a94
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.FY Java virus
    [NOTE] The file was moved to the quarantine directory under the name '6bf69104.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\15\5c30400f-6cb87ca6
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.HT Java virus
    [NOTE] The file was moved to the quarantine directory under the name '550ef1e9.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\15\5295cc8f-52665e9f
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IK Java virus
    [NOTE] The file was moved to the quarantine directory under the name '3606daab.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\1\2b89a7c1-40e8d4d4
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DR Java virus
    [NOTE] The file was moved to the quarantine directory under the name '10cd9a86.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\0\6fc8e380-7db8de90
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-1723.A.161 exploit
    [NOTE] The file was moved to the quarantine directory under the name '222ce127.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\0\6685d300-13b8c2c8
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452 exploit
    [NOTE] The file was moved to the quarantine directory under the name '281cca69.qua'.
    C:\Documents and Settings\Wesclei\Configurações locais\Temporary Internet Files\Content.IE5\969EKSO1\wbk45.tmp
    [DETECTION] Contains recognition pattern of the EXP/Iframe.B exploit
    [NOTE] The file was moved to the quarantine directory under the name '1702ae18.qua'.
    C:\Documents and Settings\All Users\Documentos\Minhas músicas\Sync Playlists\38B96C\MARIAMEDEIROS.eml
    [DETECTION] Contains recognition pattern of the W32/Runouce.B2 Windows virus
    [NOTE] The file was moved to the quarantine directory under the name '6909a210.qua'.
    C:\Documents and Settings\All Users\Documentos\Minhas músicas\Sync Playlists\MARIAMEDEIROS.eml
    [DETECTION] Contains recognition pattern of the W32/Runouce.B2 Windows virus
    [NOTE] The file was moved to the quarantine directory under the name '3c71a6db.qua'.
    C:\Documents and Settings\All Users\Documentos\Minhas músicas\My Playlists\MARIAMEDEIROS.eml
    [DETECTION] Contains recognition pattern of the W32/Runouce.B2 Windows virus
    [NOTE] The file was moved to the quarantine directory under the name '31e7d7f3.qua'.
    C:\Documents and Settings\All Users\Documentos\microsoft\MARIAMEDEIROS.eml
    [DETECTION] Contains recognition pattern of the W32/Runouce.B2 Windows virus
    [NOTE] The file was moved to the quarantine directory under the name '2dbac3fa.qua'.


    End of the scan: segunda-feira, 22 de mmmm de aaaa 11:59
    Used time: 43:51 Minute(s)

    The scan has been done completely.

    5866 Scanned directories
    274404 Files were scanned
    125 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 Files were deleted
    0 Viruses and unwanted programs were repaired
    27 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    274279 Files not concerned
    2177 Archives were scanned
    5 Warnings
    27 Notes
    380199 Objects were scanned with rootkit scan
    0 Hidden objects were found


    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Notebook com virus, alguns logs para analise.

    Mensagem por Edvan em Seg Abr 22, 2013 1:20 pm


    Log do ZHPDiag [Você precisa estar registrado e conectado para ver este link.]

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.8.8 (04.21.2013:2)
    OS: Microsoft Windows XP x86
    Ran by Wesclei on 22/04/2013 at 14:16:56,70
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2000478354-1532298954-682003330-1003\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealply
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\dealply
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Successfully deleted: [File] C:\Documents and Settings\Wesclei\Dados de aplicativos\mozilla\firefox\profiles\1ysqpk5w.default\user.js
    Successfully deleted: [File] C:\Documents and Settings\Wesclei\Dados de aplicativos\mozilla\firefox\profiles\1ysqpk5w.default\searchplugins\askcom.xml
    Successfully deleted: [File] C:\Documents and Settings\Wesclei\Dados de aplicativos\mozilla\firefox\profiles\1ysqpk5w.default\searchplugins\search.xml
    Successfully deleted: [Folder] C:\Documents and Settings\Wesclei\Dados de aplicativos\mozilla\firefox\profiles\1ysqpk5w.default\extensions\ffxtlbr@babylon.com
    Successfully deleted: [Folder] C:\Documents and Settings\Wesclei\Dados de aplicativos\mozilla\firefox\profiles\1ysqpk5w.default\extensions\ffxtlbr@searchya.com
    Successfully deleted the following from C:\Documents and Settings\Wesclei\Dados de aplicativos\mozilla\firefox\profiles\1ysqpk5w.default\prefs.js

    user_pref("backup.old.browser.search.selectedEngine", "Ask.com");
    user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
    user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=113480&tt=010712_2&babsrc=NT_ss&mntrId=28cfe3ee00000000000000224359083d");
    user_pref("browser.search.defaultengine", "Ask.com");
    user_pref("browser.search.defaulturl", "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=");
    user_pref("browser.search.order.1", "Ask.com");
    user_pref("extensions.BabylonToolbar.admin", false);
    user_pref("extensions.BabylonToolbar.aflt", "babsst");
    user_pref("extensions.BabylonToolbar.babExt", "");
    user_pref("extensions.BabylonToolbar.babTrack", "affID=113480&tt=010712_2");
    user_pref("extensions.BabylonToolbar.bbDpng", 21);
    user_pref("extensions.BabylonToolbar.dfltSrch", false);
    user_pref("extensions.BabylonToolbar.hmpg", false);
    user_pref("extensions.BabylonToolbar.id", "28cfe3ee00000000000000224359083d");
    user_pref("extensions.BabylonToolbar.instlDay", "15532");
    user_pref("extensions.BabylonToolbar.instlRef", "sst");
    user_pref("extensions.BabylonToolbar.lastDP", 21);
    user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1711:01:53");
    user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "12.0");
    user_pref("extensions.BabylonToolbar.newTab", true);
    user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
    user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
    user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
    user_pref("extensions.BabylonToolbar.propectorlck", 105075978);
    user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
    user_pref("extensions.BabylonToolbar.ptch_0717", true);
    user_pref("extensions.BabylonToolbar.smplGrp", "czb");
    user_pref("extensions.BabylonToolbar.srcExt", "ss");
    user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
    user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
    user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1711:01:53");
    user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
    user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
    user_pref("extensions.BabylonToolbar_i.babExt", "");
    user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480&tt=010712_2");
    user_pref("extensions.BabylonToolbar_i.hardId", "28cfe3ee00000000000000224359083d");
    user_pref("extensions.BabylonToolbar_i.id", "28cfe3ee00000000000000224359083d");
    user_pref("extensions.BabylonToolbar_i.instlDay", "15532");
    user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
    user_pref("extensions.BabylonToolbar_i.newTab", true);
    user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=113480&tt=010712_2&babsrc=NT_ss&mntrId=28cfe3ee00000000000000224359083d");
    user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
    user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
    user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
    user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
    user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:01:53");
    user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
    user_pref("extensions.searchya.aflt", "foxtab");
    user_pref("extensions.searchya.autoRvrt", false);
    user_pref("extensions.searchya.cntry", "BR");
    user_pref("extensions.searchya.dfltLng", "");
    user_pref("extensions.searchya.dfltSrch", true);
    user_pref("extensions.searchya.dnsErr", true);
    user_pref("extensions.searchya.envrmnt", "production");
    user_pref("extensions.searchya.excTlbr", false);
    user_pref("extensions.searchya.hdrMd5", "9BA9068D17BED675C3F453FEA6B1C223");
    user_pref("extensions.searchya.hmpg", true);
    user_pref("extensions.searchya.hmpgUrl", "hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDzytD0FyDyByCyB0Dzy0B0EtA0E0EtN0D0Tzu0StByEyCtN1L2XzutBtFtCtF
    user_pref("extensions.searchya.id", "0090F5767D9BE3EE");
    user_pref("extensions.searchya.instlDay", "15586");
    user_pref("extensions.searchya.instlRef", "tc-100");
    user_pref("extensions.searchya.isdcmntcmplt", true);
    user_pref("extensions.searchya.lastVrsnTs", "1.5.25.023:1:18");
    user_pref("extensions.searchya.mntrFFxVrsn", "12.0");
    user_pref("extensions.searchya.mntrvrsn", "1.3.0");
    user_pref("extensions.searchya.newTab", true);
    user_pref("extensions.searchya.newTabUrl", "hxxp://www.searchya.com/?s=2&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDzytD0FyDyByCyB0Dzy0B0EtA0E0EtN0D0Tzu0StByEyCtN1L2XzutBtFtC
    user_pref("extensions.searchya.pnu_base", "{\"newVrsn\":\"35\",\"lastVrsn\":\"35\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0
    user_pref("extensions.searchya.prdct", "searchya");
    user_pref("extensions.searchya.prtnrId", "searchya");
    user_pref("extensions.searchya.sg", "none");
    user_pref("extensions.searchya.smplGrp", "none");
    user_pref("extensions.searchya.srchPrvdr", "Search");
    user_pref("extensions.searchya.tlbrId", "base");
    user_pref("extensions.searchya.tlbrSrchUrl", "hxxp://www.searchya.com/?s=3&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDzytD0FyDyByCyB0Dzy0B0EtA0E0EtN0D0Tzu0StByEyCtN1L2XzutBtF
    user_pref("extensions.searchya.vrsn", "1.5.25.0");
    user_pref("extensions.searchya.vrsnTs", "1.5.25.023:1:18");
    user_pref("extensions.searchya.vrsni", "1.5.25.0");
    user_pref("extensions.searchya_i.newTab", true);
    user_pref("extensions.searchya_i.smplGrp", "none");
    user_pref("extensions.searchya_i.vrsnTs", "1.5.25.023:1:18");
    user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0");
    user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent100", "1363660629212");
    user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent101", "1365866975619");
    user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent102", "1366431880672");
    user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent109", "1363879750879");
    user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent111", "1363879750890");
    user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent122", "1363879750899");
    user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1365864756001");
    user_pref("iminent.webbooster.scripts.sslminibar.ShowThankyouPixel", "0");
    user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent100", "1363797098026");
    user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent101", "1365866960432");
    user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1366429872067");
    user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent105", "1362324646653");
    user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent109", "1364054074389");
    user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent111", "1364054074395");
    user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent112", "1364054109627");
    user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent122", "1364054074399");
    user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=113480&tt=010712_2&babsrc=KW_ss&mntrId=28cfe3ee00000000000000224359083d&q=");



    ~~~ Chrome

    Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\cjpglkicenollcignonpgiafdgfeehoj
    Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\gaiilaahiahdejapggenmdmafpmbipje





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 22/04/2013 at 14:19:12,15
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Notebook com virus, alguns logs para analise.

    Mensagem por joram em Seg Abr 22, 2013 9:00 pm

    Boa Noite! Edvan

    |- Baixe: < [Você precisa estar registrado e conectado para ver este link.] >
    |- Salve-o no desktop!
    |- Desabilite seu antivírus ou antispyware,para que a ferramenta não seja detectada como malware.
    |- Execute AT-Destroyer.exe como administrador,caso utilize Windows Vista ou 7.

    [Você precisa estar registrado e conectado para ver este link.]

    |- Escolha a opção "Buscar" e aguarde a finalização do scan.
    |- Poste o relatório! ( C:\AT-Destroyer.txt )

    -/-

    |- Feche programas/pastas que estejam abertas.
    |- Feche,também,o navegador!
    |- Para Windows Vista,desabilite a [Você precisa estar registrado e conectado para ver este link.].

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
    |- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

    O4 - HKCU\..\Run: [ares] C:\Arquivos de programas\Ares\Ares.exe (.not file.)
    O4 - HKUS\S-1-5-21-2000478354-1532298954-682003330-1003\..\Run: [ares] C:\Arquivos de programas\Ares\Ares.exe (.not file.)
    O42 - Logiciel: Update_DealPly - (...) [HKCU] -- DealPly
    O44 - LFC:[MD5.BB8E23B9C112A79F759681703D021C81] - 11/04/2013 - 23:51:47 ---A- . (...) -- C:\WINDOWS\wmsetup.log [49593]
    O51 - MPSK:{d197fb7d-bf64-11df-b5d1-00224359083d}\AutoRun\command. (...) -- E:\Windows\Install.exe (.not file.)
    O51 - MPSK:{e872f3c4-a96d-11df-b5b8-00224359083d}\AutoRun\command. (...) -- C:\WINDOWS\system32\svchosts.exe (.not file.)
    O51 - MPSK:{f3dcd824-8e4d-11de-b4c0-00224359083d}\AutoRun\command. (...) -- F:\RECYCLER32\dmgr.exe (.not file.)
    O51 - MPSK:{330e1370-ba64-11de-b52b-0090f5767d9b}\AutoRun\command. (...) -- E:\XnrPLT.exe (.not file.)
    O51 - MPSK:{3f52a962-68ba-11de-b475-00224359083d}\AutoRun\command - Orphean Key
    O51 - MPSK:{3fc3080e-7aaa-11de-b491-00224359083d}\AutoRun\command - Orphean Key
    O51 - MPSK:{4a74d131-249d-11e0-b626-0090f5767d9b}\AutoRun\command. (...) -- E:\thbpr.exe (.not file.)
    O51 - MPSK:{60d7a538-8f66-11de-b4c3-0090f5767d9b}\AutoRun\command. (...) -- E:\RECYCLERS32\autorun.exe (.not file.)
    O51 - MPSK:{8ac0cc34-5ecd-11e0-b6ab-00224359083d}\AutoRun\command. (...) -- E:\xcksh.exe (.not file.)
    O51 - MPSK:{918e40eb-883e-11de-b4b3-00224359083d}\AutoRun\command - Orphean Key
    O51 - MPSK:{acebe882-9703-11de-b4e1-00224359083d}\AutoRun\command. (...) -- F:\ayvzxy.exe (.not file.)
    O51 - MPSK:{b6623e24-bc8f-11e1-b8cf-00224359083d}\AutoRun\command. (...) -- E:\RunClubSanDisk.exe (.not file.)
    O51 - MPSK:{e5d94517-678f-11e1-b893-00224359083d}\AutoRun\command. (...) -- E:\RunClubSanDisk.exe (.not file.)
    O51 - MPSK:{e5d94518-678f-11e1-b893-00224359083d}\AutoRun\command. (...) -- E:\application\Nokia_Internet_Modem.exe (.not file.)
    O90 - PUC: "9EC6D81181F59F2459A84176A626F9ED" . (.Iminent.) -- C:\WINDOWS\Installer\{118D6CE9-5F18-42F9-958A-14676A629FDE}\imbooster.ico

    [HKCU\Software\InstallCore]
    [HKCU\Software\searchya.com]
    [HKLM\Software\360Safe]
    [HKLM\Software\Trymedia Systems]
    [HKCU\Software\APN PIP]
    [HKCU\Software\PIP]
    [HKLM\Software\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}]
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [HKCU\Software\APN PIP]
    [HKCU\Software\PIP]
    [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440}
    [HKLM\Software\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}]
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}]
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Iminent]
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
    [HKCU\Software\InstallCore]
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F}]
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E}]
    [HKLM\Software\Classes\Installer\Features\9EC6D81181F59F2459A84176A626F9ED]
    [HKLM\Software\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED]

    proxyfix
    emptytemp
    emptyclsid
    emptyflash
    firewallraz
    sysrestore
    |- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
    |- Minimize o Bloco de Notas.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Clique no menu,"Paste ClipBoard".
    |- Evite a opção "Colar" ( Ctrl+V ),no campo amarelo claro,que não habilita o botão "Go".

    [Você precisa estar registrado e conectado para ver este link.]

    |- Clique "GO" -> Oui.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
    |- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

    Abs!

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Notebook com virus, alguns logs para analise.

    Mensagem por Edvan em Ter Abr 23, 2013 7:12 am

    ta aqui amigo.

    ######################## AT-Destroyer By Infospyware.
    Hora/Día/Mes/Año: 08:08:21 \\\ 23/04/2013
    AT-Destroyer 2.1 By Infospyware ---> [Você precisa estar registrado e conectado para ver este link.]
    Última actualización: 30/11/2012
    Opción escogida: 1 :Buscar
    Versión Internet Explorer:7.0.5730.13
    Mozilla Firefox:12.0.0.4493
    Google Chrome:26.0.1410.64
    Privilegios: Wesclei - Administrador
    Modo Actual: Modo Normal.
    Nombre del pc: WESCLEI
    Información del sistema operativo:X86-WIN_XP-Service Pack 3
    nombre del usuario:Wesclei
    Lenguaje del sistema: Portugués



    >>>>>> Servicios <<<<<<



    >>>>>> Carpetas <<<<<<



    >>>>>> Archivos <<<<<<



    >>>>>> Registro <<<<<<



    >>>>>> Heurística <<<<<<



    >>>>>> Internet Explorer <<<<<<

    Start Page==http://www.google.com
    Local Page==%SystemRoot%\system32\blank.htm
    Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
    Default_search_url==http://go.microsoft.com/fwlink/?LinkId=54896
    Default_Page_URL==http://go.microsoft.com/fwlink/?LinkId=69157


    ''HKCU\Software\Microsoft\Internet Explorer\Main''
    Start Page==http://www.google.com
    Local Page==C:\WINDOWS\system32\blank.htm
    Search Page==http://www.google.com
    Default_search_url==
    Default_Page_URL==


    HKEY_USERS\S-1-5-21-2000478354-1532298954-682003330-1003\Software\Microsoft\Internet Explorer\Main''
    Start Page==http://www.google.com
    Local Page==C:\WINDOWS\system32\blank.htm
    Search Page==http://www.google.com
    Default_search_url==
    Default_Page_URL==


    >>>>>> Firefox <<<<<<

    user_pref("browser.startup.homepage", "https://www.google.com.br/");
    user_pref("browser.startup.homepage_override.buildID", "20120420145725");
    user_pref("browser.startup.homepage_override.mstone", "rv:12.0");


    >>>>>> Plugins Firefox <<<<<<

    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@zylom.com/ZylomGamesPlayer

    >>>>>> Google Chrome <<<<<<

    "homepage_url": "http://www.iminent.com/",
    "homepage": "http://www.searchya.com/?s=0&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDzytD0FyDyByCyB0Dzy0B0EtA0E0EtN0D0Tzu0StByEyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=168719975",
    "homepage_changed": true,
    "homepage_is_newtabpage": true,


    >>>>>> Extensiones Google Chrome <<<<<<

    C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\4
    C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
    C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
    C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
    C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

    ======== Listado ===========

    C:\Documents and Settings\Wesclei\Dados de aplicativos\AdobeUM [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Alawar [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Autodesk [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Avira [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Corel [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\desktop.ini [HSA] 1 KB ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\EleFun Games [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\ex3b.jpg [A] 501 KB ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\FileZilla [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Gamelab [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Help [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\HP [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\HPAppData [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\id [A] 1 KB ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Identities [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\InstallShield [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Macromedia [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Microsoft [S] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Mozilla [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\NCH Software [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Nero [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Octoshape [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Real [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\RealNetworks [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\SView5 [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\U3 [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\WESCLEI [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Windows Live Writer [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\WinRAR [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\xmaq [A] 1 KB ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Zylom [0] 0 ( )
    C:\Arquivos de programas\Alwil Software [0] 0 ( )
    C:\Arquivos de programas\Arquivos comuns [0] 0 ( )
    C:\Arquivos de programas\AVAST Software [0] 0 ( )
    C:\Arquivos de programas\AVG [0] 0 ( )
    C:\Arquivos de programas\Avira [0] 0 ( )
    C:\Arquivos de programas\Bing Bar Installer [0] 0 ( )
    C:\Arquivos de programas\CCleaner [0] 0 ( )
    C:\Arquivos de programas\Claro 3G [0] 0 ( )
    C:\Arquivos de programas\CNPJ2003 [0] 0 ( )
    C:\Arquivos de programas\ComPlus Applications [0] 0 ( )
    C:\Arquivos de programas\Corel [0] 0 ( )
    C:\Arquivos de programas\DsNET Corp [0] 0 ( )
    C:\Arquivos de programas\Google [0] 0 ( )
    C:\Arquivos de programas\HotKey_Driver [0] 0 ( )
    C:\Arquivos de programas\HP [0] 0 ( )
    C:\Arquivos de programas\InstallAffixationInfo [0] 0 ( )
    C:\Arquivos de programas\InstallShield Installation Information [H] 0( 0)
    C:\Arquivos de programas\Internet Explorer [0] 0 ( )
    C:\Arquivos de programas\Java [0] 0 ( )
    C:\Arquivos de programas\Loonies [0] 0 ( )
    C:\Arquivos de programas\Malwarebytes' Anti-Malware [0] 0 ( )
    C:\Arquivos de programas\Marcos Velasco Security [0] 0 ( )
    C:\Arquivos de programas\Messenger [0] 0 ( )
    C:\Arquivos de programas\Microsoft [0] 0 ( )
    C:\Arquivos de programas\microsoft frontpage [0] 0 ( )
    C:\Arquivos de programas\Microsoft Office [0] 0 ( )
    C:\Arquivos de programas\Microsoft Office Outlook Connector [0] 0 ( )
    C:\Arquivos de programas\Microsoft Silverlight [0] 0 ( )
    C:\Arquivos de programas\Microsoft SQL Server Compact Edition [0] 0 ( )
    C:\Arquivos de programas\Microsoft Sync Framework [0] 0 ( )
    C:\Arquivos de programas\Microsoft Visual Studio [0] 0 ( )
    C:\Arquivos de programas\Microsoft Works [0] 0 ( )
    C:\Arquivos de programas\Microsoft.NET [0] 0 ( )
    C:\Arquivos de programas\Motorola [0] 0 ( )
    C:\Arquivos de programas\Movie Maker [0] 0 ( )
    C:\Arquivos de programas\Mozilla Firefox [0] 0 ( )
    C:\Arquivos de programas\Mozilla Maintenance Service [0] 0 ( )
    C:\Arquivos de programas\MSECache [0] 0 ( )
    C:\Arquivos de programas\MSN Gaming Zone [0] 0 ( )
    C:\Arquivos de programas\MSXML 4.0 [0] 0 ( )
    C:\Arquivos de programas\MyPlayCity.com [0] 0 ( )
    C:\Arquivos de programas\NCH Software [0] 0 ( )
    C:\Arquivos de programas\Nero [0] 0 ( )
    C:\Arquivos de programas\NetMeeting [0] 0 ( )
    C:\Arquivos de programas\Outlook Express [0] 0 ( )
    C:\Arquivos de programas\Photo! [0] 0 ( )
    C:\Arquivos de programas\Positivo [0] 0 ( )
    C:\Arquivos de programas\Programas RFB [0] 0 ( )
    C:\Arquivos de programas\Real [0] 0 ( )
    C:\Arquivos de programas\Realtek [0] 0 ( )
    C:\Arquivos de programas\REALTEK RTL8187B Wireless LAN Driver [0] 0 ( )
    C:\Arquivos de programas\REAP [0] 0 ( )
    C:\Arquivos de programas\Serviços on-line [0] 0 ( )
    C:\Arquivos de programas\SiS VGA Utilities V3.83 [0] 0 ( )
    C:\Arquivos de programas\sisagp [0] 0 ( )
    C:\Arquivos de programas\Sistema Simplificado de Caixa [0] 0 ( )
    C:\Arquivos de programas\TeamViewer [0] 0 ( )
    C:\Arquivos de programas\Uninstall Information [H] 0( 0)
    C:\Arquivos de programas\Windows Live [0] 0 ( )
    C:\Arquivos de programas\Windows Live SkyDrive [0] 0 ( )
    C:\Arquivos de programas\Windows Media Connect 2 [0] 0 ( )
    C:\Arquivos de programas\Windows Media Player [0] 0 ( )
    C:\Arquivos de programas\Windows NT [0] 0 ( )
    C:\Arquivos de programas\WindowsUpdate [H] 0( 0)
    C:\Arquivos de programas\WinRAR [0] 0 ( )
    C:\Arquivos de programas\xerox [0] 0 ( )
    C:\Arquivos de programas\XP Codec Pack [0] 0 ( )
    C:\Arquivos de programas\ZHPDiag [0] 0 ( )
    C:\Arquivos de programas\Zylom Games [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Autodesk [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\AVAST Software [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Avira [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\BigFishGamesCache [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\DatacardService [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini [HSA] 1 KB 0
    C:\Documents and Settings\All Users\Dados de aplicativos\Fashion Solitaire 1.2 [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\gas [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Hewlett-Packard [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\HP [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\HP Product Assistant [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\HPSSUPPLY [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\hpzinstall.log [AC] 6 KB 0
    C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\McAfee [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft [S] 0 0
    C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Mozilla [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\NCH Software [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Nero [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\PSafe [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Real [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\WEBREG [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Windows Genuine Advantage [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Zylom [0] 0 ( )
    ======================EOF=======================



    Rapport de ZHPFix 2013.3.9.1 par Nicolas Coolman, Update du 9/03/2013
    Fichier d'export Registre :
    Run by Wesclei at 23/04/2013 8:10:29
    High Elevated Privileges : OK
    Windows XP Professional Service Pack 3 (Build 2600)

    Recycle Files Deleted

    ========== Registry Key ==========
    DELETED Partial Update_DealPly
    DELETED CLSID MPSK: {d197fb7d-bf64-11df-b5d1-00224359083d}
    DELETED CLSID MPSK: {e872f3c4-a96d-11df-b5b8-00224359083d}
    DELETED CLSID MPSK: {f3dcd824-8e4d-11de-b4c0-00224359083d}
    DELETED CLSID MPSK: {330e1370-ba64-11de-b52b-0090f5767d9b}
    DELETED CLSID MPSK: {3f52a962-68ba-11de-b475-00224359083d}
    DELETED CLSID MPSK: {3fc3080e-7aaa-11de-b491-00224359083d}
    DELETED CLSID MPSK: {4a74d131-249d-11e0-b626-0090f5767d9b}
    DELETED CLSID MPSK: {60d7a538-8f66-11de-b4c3-0090f5767d9b}
    DELETED CLSID MPSK: {8ac0cc34-5ecd-11e0-b6ab-00224359083d}
    DELETED CLSID MPSK: {918e40eb-883e-11de-b4b3-00224359083d}
    DELETED CLSID MPSK: {acebe882-9703-11de-b4e1-00224359083d}
    DELETED CLSID MPSK: {b6623e24-bc8f-11e1-b8cf-00224359083d}
    DELETED CLSID MPSK: {e5d94517-678f-11e1-b893-00224359083d}
    DELETED CLSID MPSK: {e5d94518-678f-11e1-b893-00224359083d}
    DELETED Key: \Software\Classes\Installer\Products\\9EC6D81181F59F2459A84176A626F9ED
    DELETED Key: \Software\Classes\Installer\Features\9EC6D81181F59F2459A84176A626F9ED
    DELETED Key: HKCU\Software\InstallCore
    DELETED Key: HKCU\Software\searchya.com
    DELETED Key: HKLM\Software\360Safe
    DELETED Key: HKLM\Software\Trymedia Systems
    DELETED Key: HKCU\Software\APN PIP
    NOT FOUND Key: HKCU\Software\PIP
    DELETED Key: HKLM\Software\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
    DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    DELETED Key: HKLM\Software\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
    DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
    NOT FOUND Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Iminent
    DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
    DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F}
    DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
    NOT FOUND Key: HKLM\Software\Classes\Installer\Features\9EC6D81181F59F2459A84176A626F9ED
    NOT FOUND Key: HKLM\Software\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED
    DELETED Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED

    ========== Registry Value ==========
    NOT FOUND RunValue: ares
    DELETED [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440}
    ProxyFix : Proxy killed successfully
    DELETED ProxyServer Value
    DELETED ProxyEnable Value
    DELETED EnableHttp1_1 Value
    DELETED ProxyHttp1.1 Value
    DELETED ProxyOverride Value
    DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe
    DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe
    DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe
    DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe
    No Value in Firewall Exception Register Key (FirewallRaz)

    ========== Repertory ==========
    No Empty CLSID Directories
    DELETED Flash Cookies

    ========== File ==========
    NOT FOUND File: c:\arquivos de programas\ares\ares.exe
    NOT FOUND File: c:\windows\wmsetup.log
    DELETED Window Temporary
    DELETED Flash Cookies

    ========== Restoration ==========
    Restore System Point created succefully


    ========== Summary ==========
    35 : Registry Key
    13 : Registry Value
    2 : Repertory
    4 : File
    1 : Restoration


    End of clean in 00mn 16s

    ========== Report File ==========
    C:\ZHP\ZHPFix[R1].txt - 23/04/2013 8:10:30 [3969]

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Notebook com virus, alguns logs para analise.

    Mensagem por Edvan em Ter Abr 23, 2013 1:16 pm

    Malwarebytes Anti-Malware 1.75.0.1300
    [Você precisa estar registrado e conectado para ver este link.]

    Database version: v2013.04.23.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 7.0.5730.13
    Wesclei :: WESCLEI [administrator]

    23/04/2013 08:17:14
    mbam-log-2013-04-23 (08-17-14).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 278000
    Time elapsed: 37 minute(s), 23 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Dados de aplicativos\28D5698DF5DFE3EE000028D540BDE922\28D5698DF5DFE3EE000028D540BDE922.exe.vir (Trojan.Agent.zr0) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A03A362D-05CF-48CC-9656-6E980D24DBC7}\RP394\A0085249.exe (Trojan.Agent.zr0) -> Quarantined and deleted successfully.

    (end)

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Notebook com virus, alguns logs para analise.

    Mensagem por joram em Qua Abr 24, 2013 8:52 am

    Bom Dia! Edvan

    [Você precisa estar registrado e conectado para ver este link.]

    |- Execute,novamente,a ferramenta AT-Destroyer e escolha a opção "Buscar y Destruir".
    |- Poste o relatório! ( C:\AT-Destroyer.txt )

    -/-

    |- Baixe: < [Você precisa estar registrado e conectado para ver este link.] > ( ... par g3n-h@ckm@n & Saachaa )

    [Você precisa estar registrado e conectado para ver este link.]

    |- Ou aqui: < [Você precisa estar registrado e conectado para ver este link.] > Mirror!

    |- Ou aqui: < [Você precisa estar registrado e conectado para ver este link.] > Caso ocorra impedimentos por malwares!

    |- Estando na página,clique na seta verde ou Mirror 1.

    |- Salve-o no desktop! < [Você precisa estar registrado e conectado para ver esta imagem.] ( winlogon ) >

    |- Desabilite seu antivírus,antispyware,sandbox e/ou firewall.
    |- Feche programas que estejam abertos e execute a ferramenta!

    |- Duplo-clique em Pre_scan.exe. < [Você precisa estar registrado e conectado para ver esta imagem.] >

    |- Ps: Durante o scan,sua área de trabalho irá desaparecer e janelas pretas irão surgir na tela. Tudo isso é normal e faz parte do funcionamento da ferramenta.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Encontrando infecções,pode ocorrer reinicialização e aparecer essa tela,logo àcima.
    |- Ps: Caso apareça e não mostre nenhuma solicitação,clique em "Kill".
    |- Neste caso,haverá novo scan e,ao final,será disponibilizado o relatório.
    |- Poderá haver reboot(s) e prosseguimento do scan. << Aguarde!
    |- Poste ao concluir,o relatório! ( Pre_Scan.txt ) << Link ao relatório!

    |- Para enviar,acesse!: [Você precisa estar registrado e conectado para ver este link.]

    |- Ou...[Você precisa estar registrado e conectado para ver este link.]

    |- Ou...[Você precisa estar registrado e conectado para ver este link.]

    A+

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Notebook com virus, alguns logs para analise.

    Mensagem por Edvan em Qua Abr 24, 2013 12:13 pm

    Log Pre_Scan.txt [Você precisa estar registrado e conectado para ver este link.]

    ######################## AT-Destroyer [2.1] By Infospyware.
    Hora/Día/Mes/Año: 11:02:18 \\\ 24/04/2013
    AT-Destroyer 2.1 By Infospyware ---> [Você precisa estar registrado e conectado para ver este link.]
    Última actualización: 30/11/2012
    Opción escogida: 2 :Buscar y Destruir
    Versión Internet Explorer:7.0.5730.13
    Mozilla Firefox:12.0.0.4493
    Google Chrome:26.0.1410.64
    Privilegios: Wesclei - Administrador
    Modo Actual: Modo Normal.
    Nombre del pc: WESCLEI
    Información del sistema operativo:X86-WIN_XP-Service Pack 3
    nombre del usuario:Wesclei
    Lenguaje del sistema: Portugués



    >>>>>>> Servicios <<<<<<<



    >>>>>> Carpetas <<<<<<



    >>>>>> Archivos <<<<<<



    >>>>>> Registro <<<<<<



    >>>>>> Heurística <<<<<<



    >>>>>> Internet Explorer <<<<<<

    Start Page==[Você precisa estar registrado e conectado para ver este link.]
    Local Page==%SystemRoot%\system32\blank.htm
    Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
    Default_search_url==http://go.microsoft.com/fwlink/?LinkId=54896
    Default_Page_URL==http://go.microsoft.com/fwlink/?LinkId=69157


    ''HKCU\Software\Microsoft\Internet Explorer\Main''
    Start Page==[Você precisa estar registrado e conectado para ver este link.]
    Local Page==C:\WINDOWS\system32\blank.htm
    Search Page==http://www.google.com
    Default_search_url==
    Default_Page_URL==


    HKEY_USERS\S-1-5-21-2000478354-1532298954-682003330-1003\Software\Microsoft\Internet Explorer\Main''
    Start Page==[Você precisa estar registrado e conectado para ver este link.]
    Local Page==C:\WINDOWS\system32\blank.htm
    Search Page==http://www.google.com
    Default_search_url==
    Default_Page_URL==


    >>>>>> Firefox <<<<<<

    user_pref("browser.startup.homepage", "https://www.google.com.br/");
    user_pref("browser.startup.homepage_override.buildID", "20120420145725");
    user_pref("browser.startup.homepage_override.mstone", "rv:12.0");


    >>>>>> Plugins Firefox <<<<<<

    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@zylom.com/ZylomGamesPlayer

    >>>>>> Google Chrome <<<<<<

    "homepage": "http://www.google.com/",
    "homepage_changed": true,
    "homepage_is_newtabpage": false,


    >>>>>> Extensiones Google Chrome <<<<<<

    C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\4
    C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
    C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
    C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
    C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

    ======== Listado ===========

    C:\Documents and Settings\Wesclei\Dados de aplicativos\AdobeUM [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Alawar [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Auslogics [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Autodesk [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Avira [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Corel [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\desktop.ini [HSA] 1 KB ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\EleFun Games [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\ex3b.jpg [A] 501 KB ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\FileZilla [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Gamelab [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Help [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\HP [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\HPAppData [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\id [A] 1 KB ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Identities [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\InstallShield [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Macromedia [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Malwarebytes [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Microsoft [S] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Mozilla [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\NCH Software [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Nero [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Octoshape [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Real [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\RealNetworks [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\SView5 [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\U3 [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\WESCLEI [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Windows Live Writer [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\WinRAR [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\xmaq [A] 1 KB ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Zylom [0] 0 ( )
    C:\Arquivos de programas\Alwil Software [0] 0 ( )
    C:\Arquivos de programas\Arquivos comuns [0] 0 ( )
    C:\Arquivos de programas\Auslogics [0] 0 ( )
    C:\Arquivos de programas\AVAST Software [0] 0 ( )
    C:\Arquivos de programas\AVG [0] 0 ( )
    C:\Arquivos de programas\Avira [0] 0 ( )
    C:\Arquivos de programas\Bing Bar Installer [0] 0 ( )
    C:\Arquivos de programas\CCleaner [0] 0 ( )
    C:\Arquivos de programas\Claro 3G [0] 0 ( )
    C:\Arquivos de programas\CNPJ2003 [0] 0 ( )
    C:\Arquivos de programas\ComPlus Applications [0] 0 ( )
    C:\Arquivos de programas\Corel [0] 0 ( )
    C:\Arquivos de programas\DsNET Corp [0] 0 ( )
    C:\Arquivos de programas\Google [0] 0 ( )
    C:\Arquivos de programas\HotKey_Driver [0] 0 ( )
    C:\Arquivos de programas\HP [0] 0 ( )
    C:\Arquivos de programas\InstallAffixationInfo [0] 0 ( )
    C:\Arquivos de programas\InstallShield Installation Information [H] 0( 0)
    C:\Arquivos de programas\Internet Explorer [0] 0 ( )
    C:\Arquivos de programas\Java [0] 0 ( )
    C:\Arquivos de programas\Loonies [0] 0 ( )
    C:\Arquivos de programas\Malwarebytes' Anti-Malware [0] 0 ( )
    C:\Arquivos de programas\Marcos Velasco Security [0] 0 ( )
    C:\Arquivos de programas\Messenger [0] 0 ( )
    C:\Arquivos de programas\Microsoft [0] 0 ( )
    C:\Arquivos de programas\microsoft frontpage [0] 0 ( )
    C:\Arquivos de programas\Microsoft Office [0] 0 ( )
    C:\Arquivos de programas\Microsoft Office Outlook Connector [0] 0 ( )
    C:\Arquivos de programas\Microsoft Silverlight [0] 0 ( )
    C:\Arquivos de programas\Microsoft SQL Server Compact Edition [0] 0 ( )
    C:\Arquivos de programas\Microsoft Sync Framework [0] 0 ( )
    C:\Arquivos de programas\Microsoft Visual Studio [0] 0 ( )
    C:\Arquivos de programas\Microsoft Works [0] 0 ( )
    C:\Arquivos de programas\Microsoft.NET [0] 0 ( )
    C:\Arquivos de programas\Motorola [0] 0 ( )
    C:\Arquivos de programas\Movie Maker [0] 0 ( )
    C:\Arquivos de programas\Mozilla Firefox [0] 0 ( )
    C:\Arquivos de programas\Mozilla Maintenance Service [0] 0 ( )
    C:\Arquivos de programas\MSECache [0] 0 ( )
    C:\Arquivos de programas\MSN Gaming Zone [0] 0 ( )
    C:\Arquivos de programas\MSXML 4.0 [0] 0 ( )
    C:\Arquivos de programas\MyPlayCity.com [0] 0 ( )
    C:\Arquivos de programas\NCH Software [0] 0 ( )
    C:\Arquivos de programas\Nero [0] 0 ( )
    C:\Arquivos de programas\NetMeeting [0] 0 ( )
    C:\Arquivos de programas\Outlook Express [0] 0 ( )
    C:\Arquivos de programas\Photo! [0] 0 ( )
    C:\Arquivos de programas\Positivo [0] 0 ( )
    C:\Arquivos de programas\Programas RFB [0] 0 ( )
    C:\Arquivos de programas\Real [0] 0 ( )
    C:\Arquivos de programas\Realtek [0] 0 ( )
    C:\Arquivos de programas\REALTEK RTL8187B Wireless LAN Driver [0] 0 ( )
    C:\Arquivos de programas\REAP [0] 0 ( )
    C:\Arquivos de programas\Serviços on-line [0] 0 ( )
    C:\Arquivos de programas\SiS VGA Utilities V3.83 [0] 0 ( )
    C:\Arquivos de programas\sisagp [0] 0 ( )
    C:\Arquivos de programas\Sistema Simplificado de Caixa [0] 0 ( )
    C:\Arquivos de programas\TeamViewer [0] 0 ( )
    C:\Arquivos de programas\Uninstall Information [H] 0( 0)
    C:\Arquivos de programas\Windows Live [0] 0 ( )
    C:\Arquivos de programas\Windows Live SkyDrive [0] 0 ( )
    C:\Arquivos de programas\Windows Media Connect 2 [0] 0 ( )
    C:\Arquivos de programas\Windows Media Player [0] 0 ( )
    C:\Arquivos de programas\Windows NT [0] 0 ( )
    C:\Arquivos de programas\WindowsUpdate [H] 0( 0)
    C:\Arquivos de programas\WinRAR [0] 0 ( )
    C:\Arquivos de programas\xerox [0] 0 ( )
    C:\Arquivos de programas\XP Codec Pack [0] 0 ( )
    C:\Arquivos de programas\ZHPDiag [0] 0 ( )
    C:\Arquivos de programas\Zylom Games [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Autodesk [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\AVAST Software [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Avira [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\BigFishGamesCache [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\DatacardService [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini [HSA] 1 KB 0
    C:\Documents and Settings\All Users\Dados de aplicativos\Fashion Solitaire 1.2 [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\gas [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Hewlett-Packard [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\HP [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\HP Product Assistant [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\HPSSUPPLY [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\hpzinstall.log [AC] 6 KB 0
    C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\McAfee [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft [S] 0 0
    C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Mozilla [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\NCH Software [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Nero [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\PSafe [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Real [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\WEBREG [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Windows Genuine Advantage [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Zylom [0] 0 ( )

    ==================== EOF ==================

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Notebook com virus, alguns logs para analise.

    Mensagem por joram em Qui Abr 25, 2013 6:33 am

    Bom Dia! Edvan

    [Você precisa estar registrado e conectado para ver este link.]

    |- Abra,novamente,a ferramenta AT-Destroyer e clique "Desinstalar".

    -/-

    |- Baixe: |[Você precisa estar registrado e conectado para ver este link.]| ( ... de Xplode )

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Estando na página,clique na seta verde para o download.
    |- Salve-a em um local conveniente! ( desktop! )
    |- Feche aplicativos que estejam abertos.

    [Você precisa estar registrado e conectado para ver este link.]

    |- Execute-a!
    |- Com as duas checkbox marcadas!
    |- Clique "Run".
    |- Tudo Ok?

    Abs!

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Notebook com virus, alguns logs para analise.

    Mensagem por Edvan em Qui Abr 25, 2013 8:20 am

    pronto amigo, tudo ok.. Very Happy

    # DelFix v10.2 - Logfile created 25/04/2013 at 09:18:43
    # Updated 02/04/2013 by Xplode
    # Username : Wesclei - WESCLEI

    ~ Removing disinfection tools ...

    Deleted : C:\Qoobox
    Deleted : C:\JRT
    Deleted : C:\pre_scan
    Deleted : C:\ZHP
    Deleted : C:\Arquivos de programas\ZHPDiag
    Deleted : C:\AdwCleaner[S1].txt
    Deleted : C:\ComboFix.txt
    Deleted : C:\PhysicalDisk0_MBR.bin
    Deleted : C:\Pre_Scan_24_04_2013_11_52_09.txt
    Deleted : C:\Documents and Settings\Wesclei\Desktop\Pre_Scan.exe
    Deleted : C:\Documents and Settings\Wesclei\Desktop\ZHPDiag2.exe
    Deleted : C:\Documents and Settings\Wesclei\Desktop\ZHPFixReport.txt
    Deleted : C:\Documents and Settings\All Users\Desktop\MBRCheck.lnk
    Deleted : C:\Documents and Settings\All Users\Desktop\ZHPDiag.lnk
    Deleted : C:\Documents and Settings\All Users\Desktop\ZHPFix.lnk
    Deleted : C:\WINDOWS\grep.exe
    Deleted : C:\WINDOWS\PEV.exe
    Deleted : C:\WINDOWS\NIRCMD.exe
    Deleted : C:\WINDOWS\MBR.exe
    Deleted : C:\WINDOWS\SED.exe
    Deleted : C:\WINDOWS\SWREG.exe
    Deleted : C:\WINDOWS\SWSC.exe
    Deleted : C:\WINDOWS\SWXCACLS.exe
    Deleted : C:\WINDOWS\Zip.exe
    Deleted : HKCU\Software\g3n-h@ckm@n
    Deleted : HKLM\SOFTWARE\AdwCleaner
    Deleted : HKLM\SOFTWARE\g3n-h@ckm@n
    Deleted : HKLM\SOFTWARE\Swearware
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

    ~ Cleaning system restore ...

    Deleted : RP #356 [Ponto de verificação do sistema | 01/26/2013 16:59:57]
    Deleted : RP #357 [Ponto de verificação do sistema | 01/27/2013 17:35:19]
    Deleted : RP #358 [Ponto de verificação do sistema | 02/10/2013 03:33:50]
    Deleted : RP #359 [Ponto de verificação do sistema | 02/12/2013 21:06:17]
    Deleted : RP #360 [Ponto de verificação do sistema | 02/14/2013 22:31:02]
    Deleted : RP #361 [Ponto de verificação do sistema | 02/17/2013 18:08:22]
    Deleted : RP #362 [Ponto de verificação do sistema | 02/19/2013 03:28:08]
    Deleted : RP #363 [Ponto de verificação do sistema | 02/21/2013 13:51:31]
    Deleted : RP #364 [Ponto de verificação do sistema | 02/22/2013 22:59:11]
    Deleted : RP #365 [Installed Windows XP -- Software Updates KB952011. | 02/27/2013 22:58:59]
    Deleted : RP #366 [Ponto de verificação do sistema | 03/03/2013 18:26:06]
    Deleted : RP #367 [Ponto de verificação do sistema | 03/05/2013 03:31:20]
    Deleted : RP #368 [Ponto de verificação do sistema | 03/06/2013 16:27:20]
    Deleted : RP #369 [Ponto de verificação do sistema | 03/07/2013 17:12:30]
    Deleted : RP #370 [Ponto de verificação do sistema | 03/09/2013 02:44:26]
    Deleted : RP #371 [Ponto de verificação do sistema | 03/11/2013 21:54:02]
    Deleted : RP #372 [Ponto de verificação do sistema | 03/12/2013 22:33:35]
    Deleted : RP #373 [Ponto de verificação do sistema | 03/14/2013 16:37:29]
    Deleted : RP #374 [Ponto de verificação do sistema | 03/15/2013 23:36:04]
    Deleted : RP #375 [Ponto de verificação do sistema | 03/17/2013 13:46:03]
    Deleted : RP #376 [Ponto de verificação do sistema | 03/18/2013 16:37:05]
    Deleted : RP #377 [Ponto de verificação do sistema | 03/20/2013 02:12:08]
    Deleted : RP #378 [Ponto de verificação do sistema | 03/21/2013 16:41:46]
    Deleted : RP #379 [Ponto de verificação do sistema | 03/22/2013 16:43:21]
    Deleted : RP #380 [Ponto de verificação do sistema | 03/23/2013 16:53:11]
    Deleted : RP #381 [Ponto de verificação do sistema | 03/27/2013 01:57:44]
    Deleted : RP #382 [Ponto de verificação do sistema | 03/28/2013 16:17:12]
    Deleted : RP #383 [Ponto de verificação do sistema | 03/30/2013 03:12:12]
    Deleted : RP #384 [Ponto de verificação do sistema | 03/31/2013 12:30:52]
    Deleted : RP #385 [Ponto de verificação do sistema | 04/02/2013 22:33:44]
    Deleted : RP #386 [Ponto de verificação do sistema | 04/06/2013 13:01:15]
    Deleted : RP #387 [Ponto de verificação do sistema | 04/07/2013 19:06:12]
    Deleted : RP #388 [Ponto de verificação do sistema | 04/09/2013 22:59:08]
    Deleted : RP #389 [Ponto de verificação do sistema | 04/10/2013 23:02:07]
    Deleted : RP #390 [Ponto de verificação do sistema | 04/12/2013 03:38:04]
    Deleted : RP #391 [Ponto de verificação do sistema | 04/13/2013 18:35:13]
    Deleted : RP #392 [Ponto de verificação do sistema | 04/16/2013 00:06:37]
    Deleted : RP #393 [Ponto de verificação do sistema | 04/20/2013 15:49:54]
    Deleted : RP #394 [Ponto de verificação do sistema | 04/21/2013 16:00:14]
    Deleted : RP #395 [Ponto de verificação do sistema | 04/22/2013 20:29:56]
    Deleted : RP #396 [P | 04/23/2013 11:10:29]
    Deleted : RP #397 [Ponto de verificação do sistema | 04/24/2013 11:47:10]

    New restore point created !

    ########## - EOF - ##########

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Notebook com virus, alguns logs para analise.

    Mensagem por joram em Qui Abr 25, 2013 9:07 pm

    CASO RESOLVIDO!

    Necessitando novo auxílio para este computador,basta abrir "Novo Tópico" e relatar o problema.

    Conteúdo patrocinado

    Re: Notebook com virus, alguns logs para analise.

    Mensagem por Conteúdo patrocinado Hoje à(s) 8:38 am


      Data/hora atual: Sab Dez 03, 2016 8:38 am