Fórum SecSecurity

Implementando Limpeza e Seguranca em seu computador!

Palavras chave

Últimos assuntos

» 9-Lab Malware Removal Tool ( ... by 9-lab.com )
Sab Dez 31, 2016 4:24 am por joram

» SFCFix ( ... de niemiro )
Sab Dez 24, 2016 9:29 am por joram

» ResetBrowser ( ... de Nicolas Coolman )
Ter Maio 31, 2016 5:58 am por joram

» herdProtectScan ( ... by herdprotect.com )
Seg Mar 07, 2016 10:58 pm por joram

» Emsisoft Emergency Kit ( ... by Emsisoft.com )
Dom Fev 28, 2016 5:40 am por joram

» Dr.WEB Link Checker ( ... by Doctor Web.Ltd )
Qui Fev 11, 2016 9:51 am por joram

» Computador com erros no navegador
Sab Ago 29, 2015 8:04 pm por joram

» Justiça determina que PSafe retire alertas desleais
Qua Ago 19, 2015 6:58 am por joram

» Google vai fazer buscas offline internas no desktop do seu PC
Ter Ago 18, 2015 8:19 am por joram

Janeiro 2017

SegTerQuaQuiSexSabDom
      1
2345678
9101112131415
16171819202122
23242526272829
3031     

Calendário Calendário

Parceiros

Fórum grátis

Os membros mais marcados


    Notebook com virus, alguns logs para analise.

    Compartilhe

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Notebook com virus, alguns logs para analise.

    Mensagem por Edvan em Seg Abr 22, 2013 10:33 am

    Amigo, não consigo fazer nada nesse notebook em modo normal, fiz alguns procedimentos em modo de segurança.

    # AdwCleaner v2.112 - Relatório criado em 22/04/2013 às 08:52:55
    # Atualizado em 10/02/2013 por Xplode
    # Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
    # Usuário : Administrador - WESCLEI
    # Modo de Boot : Modo Seguro
    # Executado de : C:\Documents and Settings\Administrador\Desktop\AdwCleaner\adwcleaner0.exe
    # Opção [Remover]


    ***** [Serviços] *****

    Encerrado & Removido : SProtection

    ***** [Arquivos/Pastas] *****

    Arquivo Removido : C:\Arquivos de programas\Mozilla Firefox\defaults\pref\all-iminent.js
    Arquivo Removido : C:\Arquivos de programas\Mozilla Firefox\searchplugins\babylon.xml
    Arquivo Removido : C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
    Arquivo Removido : C:\user.js
    Pasta Removido : C:\Arquivos de programas\Arquivos comuns\Umbrella
    Pasta Removido : C:\Arquivos de programas\BabylonToolbar
    Pasta Removido : C:\Arquivos de programas\Claro
    Pasta Removido : C:\Arquivos de programas\DealPly
    Pasta Removido : C:\Arquivos de programas\Iminent
    Pasta Removido : C:\Arquivos de programas\SearchYa!
    Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Ask
    Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
    Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Iminent
    Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia
    Pasta Removido : C:\Documents and Settings\All Users\Menu Iniciar\Programas\DealPly
    Pasta Removido : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Iminent
    Pasta Removido : C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\APN
    Pasta Removido : C:\Documents and Settings\Wesclei\Dados de aplicativos\Babylon
    Pasta Removido : C:\Documents and Settings\Wesclei\Dados de aplicativos\BabylonToolbar
    Pasta Removido : C:\Documents and Settings\Wesclei\Dados de aplicativos\DealPly
    Pasta Removido : C:\Documents and Settings\Wesclei\Dados de aplicativos\Iminent
    Pasta Removido : C:\Documents and Settings\Wesclei\Dados de aplicativos\Ironsource

    ***** [Registro] *****

    Chave Removida : HKLM\Software\Babylon
    Chave Removida : HKLM\Software\BabylonToolbar
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\b
    Chave Removida : HKLM\SOFTWARE\Classes\Babylon.dskBnd
    Chave Removida : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
    Chave Removida : HKLM\SOFTWARE\Classes\bbylnApp.appCore
    Chave Removida : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{25927741-5E5B-4D27-8D8B-9188FE64373F}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{54B24FA9-87E8-47FC-8589-F9D382D8B299}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{5B45AC88-523C-431E-86D7-F339B2EE262E}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{6801410E-CC88-42D6-A93B-909E95645407}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{8B0C188C-F6F3-484D-8225-E40262DDE633}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
    Chave Removida : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Chave Removida : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Chave Removida : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
    Chave Removida : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
    Chave Removida : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
    Chave Removida : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc
    Chave Removida : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc.1
    Chave Removida : HKLM\SOFTWARE\Classes\I
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
    Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
    Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
    Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
    Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
    Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
    Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
    Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
    Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
    Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2E9A2DCB-F5DB-40D0-8E62-3B47DD476A77}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{59B23951-2232-4AFB-81D4-64A8A16D457A}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{81E522F1-9E90-47DD-A2CE-39B0C00274A0}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8E096DFB-6AB7-45C7-BF64-B313C7096529}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{996A9940-2F2C-4486-A479-439C4A15F278}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9B7D44BA-376C-456F-B289-5034270322FD}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9BD8FF26-2C71-4D35-9FE2-AD8D25AECC36}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{BCE6E914-AEF0-4FEE-8FC8-06F9B42BF890}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{BD8D5FFA-4F92-48AD-BFBE-7896916656F5}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C92E6D80-EC54-45CC-AC4B-A7CF42F11B52}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D1CB564E-F38A-4F2A-8257-60E3F8BE9F34}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F293BBC0-DA7E-4CF1-9EEA-CE90CFE0DF86}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FEFBC559-C3C7-4287-B05B-49D489B80749}
    Chave Removida : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore
    Chave Removida : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore.1
    Chave Removida : HKLM\SOFTWARE\Classes\ironsource.searchyadskBnd
    Chave Removida : HKLM\SOFTWARE\Classes\ironsource.searchyadskBnd.1
    Chave Removida : HKLM\SOFTWARE\Classes\ironsource.searchyaHlpr
    Chave Removida : HKLM\SOFTWARE\Classes\ironsource.searchyaHlpr.1
    Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{69332529-EEC8-4D0D-9FD3-202C4AE8E589}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
    Chave Removida : HKLM\Software\DealPly
    Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Chave Removida : HKLM\Software\Iminent
    Chave Removida : HKLM\Software\Ironsource
    Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IminentMessenger
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\searchya
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25927741-5E5B-4D27-8D8B-9188FE64373F}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{118D6CE9-5F18-42F9-958A-14676A629FDE}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\searchya
    Chave Removida : HKLM\Software\PIP
    Chave Removida : HKLM\Software\Umbrella
    Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{33AA308B-B565-4376-AC66-59EE9B6AD13E}]
    Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
    Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
    Valor Removida : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
    Valor Removida : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Arquivos de programas\Iminent\Iminent.exe]
    Valor Removida : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Arquivos de programas\Iminent\Iminent.Messengers.exe]

    ***** [Navegadores] *****

    -\\ Internet Explorer v7.0.5730.13

    Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = [Você precisa estar registrado e conectado para ver este link.] --> [Você precisa estar registrado e conectado para ver este link.]
    Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = [Você precisa estar registrado e conectado para ver este link.] --> [Você precisa estar registrado e conectado para ver este link.]

    *************************

    AdwCleaner[S1].txt - [38050 octets] - [22/04/2013 08:52:55]

    ########## EOF - C:\AdwCleaner[S1].txt - [38111 octets] ##########



    ComboFix 13-04-22.01 - Administrador 04/22/aaaa 8:59.1.1 - x86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1981.1741 [GMT -3:00]
    Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
    AV: Avira Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADO !!
    .
    .
    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\5iq5XRj3.exe
    c:\documents and settings\All Users\Dados de aplicativos\28D5698DF5DFE3EE000028D540BDE922
    c:\documents and settings\All Users\Dados de aplicativos\28D5698DF5DFE3EE000028D540BDE922\28D5698DF5DFE3EE000028D540BDE922
    c:\documents and settings\All Users\Dados de aplicativos\28D5698DF5DFE3EE000028D540BDE922\28D5698DF5DFE3EE000028D540BDE922.exe
    c:\documents and settings\All Users\Dados de aplicativos\28D5698DF5DFE3EE000028D540BDE922\28D5698DF5DFE3EE000028D540BDE922.ico
    c:\windows\system\CRPE32.DLL
    c:\windows\system\CRXLAT32.DLL
    c:\windows\system\MFC40.DLL
    c:\windows\system\MSJT3032.DLL
    c:\windows\system\MSVCRT20.DLL
    c:\windows\system\MSVCRT40.DLL
    c:\windows\system\P2SODBC.DLL
    c:\windows\system\U2DDISK.DLL
    c:\windows\system\U2FDIF.DLL
    c:\windows\system\U2FREC.DLL
    c:\windows\system\U2FSEPV.DLL
    c:\windows\system\U2FTEXT.DLL
    c:\windows\system\VB40032.DLL
    c:\windows\system\VBAR2232.DLL
    c:\windows\system\VEN2232.OLB
    c:\windows\system32\Cache
    c:\windows\system32\SETB9.tmp
    c:\windows\system32\SETBD.tmp
    c:\windows\system32\SETC5.tmp
    .
    .
    (((((((((((((((( Arquivos/Ficheiros criados de 2013-03-22 to 2013-04-22 ))))))))))))))))))))))))))))
    .
    .
    2013-04-22 11:37 . 2013-04-22 11:37 -------- d-----w- c:\documents and settings\Administrador
    2013-04-20 04:10 . 2013-04-20 04:10 -------- d-----w- c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\Google
    2013-03-25 20:39 . 2013-03-25 20:39 4546560 ----a-w- c:\windows\system32\GPhotos.scr
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-27 22:47 . 2013-02-27 22:47 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-27 22:47 . 2012-06-25 14:04 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-26 23:08 . 2012-06-26 23:08 97208 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll
    .
    .
    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HotKeyDriver.lnk]
    path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HotKeyDriver.lnk
    backup=c:\windows\pss\HotKeyDriver.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^McAfee Security Scan Plus.lnk]
    path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\McAfee Security Scan Plus.lnk
    backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Utility Tray.lnk]
    path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Utility Tray.lnk
    backup=c:\windows\pss\Utility Tray.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2008-06-19 08:20 57344 ------r- c:\windows\Alcmtr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
    2012-08-11 02:41 348664 ----a-w- c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonHK]
    2007-12-07 22:07 77824 ----a-w- c:\windows\BisonCam\BisonHK.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-03-12 00:34 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2008-07-23 08:51 16804864 ------r- c:\windows\RTHDCPL.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
    2007-10-03 07:58 53248 ----a-r- c:\windows\system32\SiSPower.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    2007-01-19 03:34 634880 ----a-r- c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-07-25 08:23 149280 ----a-w- c:\arquivos de programas\Java\jre6\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2012-06-22 23:18 296056 ----a-w- c:\arquivos de programas\Real\RealPlayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3587:TCP"= 3587:TCP:Agrupamento Ponto a Ponto do Windows
    "3540:UDP"= 3540:UDP:Protocolo PNRP (Peer Name Resolution Protocol)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    S0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [9/3/aaaa 23:05 54912]
    S1 360FileOem;360FileOem;c:\windows\system32\drivers\360FileOem.sys [9/3/aaaa 23:05 146304]
    S1 360SpOEM;360SpOEM;c:\windows\system32\drivers\360SpOEM.sys [9/3/aaaa 23:16 64048]
    S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [7/3/aaaa 13:37 36000]
    S2 AntiVirSchedulerService;Avira Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [7/3/aaaa 13:37 86224]
    S2 Iprip;RIP de escuta;c:\windows\System32\svchost.exe -k netsvcs [8/4/aaaa 0:45 14336]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
    S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys --> c:\windows\system32\DRIVERS\ew_jucdcacm.sys [?]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
    S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [6/1/aaaa 11:05 77968]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\arquivos de programas\McAfee Security Scan\3.0.207\McCHSvc.exe [6/17/aaaa 14:33 237008]
    S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [1/16/aaaa 15:38 17408]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [6/1/aaaa 11:15 288000]
    S3 smsbda;SMS Digital Video;c:\windows\system32\drivers\smsbda.sys [10/31/aaaa 17:02 51872]
    S3 ZTEusbdvbh;ZTE HS-USB DVBH-RF Service;c:\windows\system32\drivers\ZTEusbdvbh.sys [10/31/aaaa 17:02 105216]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-04-10 16:05 1642448 ----a-w- c:\arquivos de programas\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2013-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-27 22:48]
    .
    2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-05-27 01:21]
    .
    2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-05-27 01:21]
    .
    2013-04-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-1532298954-682003330-1003.job
    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-04-30 21:21]
    .
    2013-04-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-1532298954-682003330-1003.job
    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-04-30 21:21]
    .
    .
    ------- Scan Suplementar -------
    .
    mStart Page = [Você precisa estar registrado e conectado para ver este link.]
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath -
    .
    - - - - ORFÃOS REMOVIDOS - - - -
    .
    MSConfigStartUp-Actual Booster - c:\arquivos de programas\Loonies\Actual Booster\ActlBstr.exe
    MSConfigStartUp-LogMeIn Hamachi Ui - c:\arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Você precisa estar registrado e conectado para ver este link.]
    Rootkit scan 2013-04-22 09:06
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Procurando processos ocultos ...
    .
    Procurando entradas auto inicializáveis ocultas ...
    .
    Procurando ficheiros/arquivos ocultos ...
    .
    Varredura completada com sucesso
    arquivos/ficheiros ocultos: 0
    .
    **************************************************************************
    .
    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Tempo para conclusão: 2013-04-22 09:08:15
    ComboFix-quarantined-files.txt 2013-04-22 12:08
    .
    Pré-execução: 11 pasta(s) 139.144.507.392 bytes disponíveis
    Pós execução: 14 pasta(s) 139.286.994.944 bytes disponíveis
    .
    - - End Of File - - 6FE1A4CAA1209A145B5A42CA3D96734F



    Malwarebytes Anti-Malware 1.75.0.1300
    [Você precisa estar registrado e conectado para ver este link.]

    Versão da Base de Dados: v2013.04.04.07

    Windows XP Service Pack 3 x86 NTFS (Modo Seguro)
    Internet Explorer 7.0.5730.13
    Administrador :: WESCLEI [administrador]

    4/22/aaaa 09:29:57
    mbam-log-2013-04-22 (09-29-57).txt

    Tipo de Verificação: Verificação Completa (C:\|)
    Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
    Opções de verificação desativadas: P2P
    Objetos escaneados: 290780
    Tempo decorrido: 59 minuto(s), 36 segundo(s)

    Processos de Memória Detectados: 0
    (Não foram detectados ítens maliciosos)

    Módulos de Memória Detectados: 0
    (Não foram detectados ítens maliciosos)

    Chaves de Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)

    Valores de Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)

    Itens de Dados no Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)

    Pastas Detectadas: 0
    (Não foram detectados ítens maliciosos)

    Arquivos Detectados: 14
    C:\Documents and Settings\All Users\2NeW19IW.exe (VirTool.DelfInject) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Documents and Settings\All Users\6Y2QKLDu.exe (Trojan.Buzus) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Documents and Settings\All Users\G7z932V2.exe (Trojan.Buzus) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Documents and Settings\All Users\rGWY2VD0.exe (Trojan.Buzus) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Documents and Settings\Wesclei\Configurações locais\Temp\UPDATE.cpl (Trojan.BanLoad) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\13\7cb4738d-1fd1aa94 (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\32\786248e0-4172e03f (Malware.Packer) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\42\4081e4aa-1a5e8785 (VirTool.DelfInject) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\44\2b1b1cec-1ec0e0c6 (Trojan.Downloader) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\5iq5XRj3.exe.vir (Trojan.Downloader) -> Enviado para a Quarentena e deletado com sucesso.
    C:\System Volume Information\_restore{A03A362D-05CF-48CC-9656-6E980D24DBC7}\RP393\A0085093.exe (Malware.Packer) -> Enviado para a Quarentena e deletado com sucesso.
    C:\System Volume Information\_restore{A03A362D-05CF-48CC-9656-6E980D24DBC7}\RP394\A0085248.exe (Trojan.Downloader) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Documents and Settings\All Users\Desktop\MP3 Downloader.lnk (Rogue.Link) -> Enviado para a Quarentena e deletado com sucesso.
    C:\Arquivos de programas\Mozilla Firefox\0.542882828648037.exe (Exploit.Dropper) -> Enviado para a Quarentena e deletado com sucesso.

    (fim)

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Notebook com virus, alguns logs para analise.

    Mensagem por Edvan em Seg Abr 22, 2013 11:03 am

    Log do Avira.


    Avira Free Antivirus
    Report file date: segunda-feira, 22 de mmmm de aaaa 11:14

    Scanning for 4403550 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available.

    Licensee : Avira Free Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Microsoft Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : WESCLEI

    Version information:
    BUILD.DAT : 12.1.9.1236 40872 Bytes 10/11/aaaa 15:58:00
    AVSCAN.EXE : 12.3.0.48 468256 Bytes 11/15/aaaa 20:28:33
    AVSCAN.DLL : 12.3.0.15 54736 Bytes 7/6/aaaa 00:56:15
    LUKE.DLL : 12.3.0.15 68304 Bytes 7/6/aaaa 00:56:16
    AVSCPLR.DLL : 12.3.0.14 97032 Bytes 7/3/aaaa 16:45:45
    AVREG.DLL : 12.3.0.17 232200 Bytes 7/3/aaaa 16:45:39
    VBASE000.VDF : 7.11.70.0 66736640 Bytes 4/4/aaaa 12:53:56
    VBASE001.VDF : 7.11.70.1 2048 Bytes 4/4/aaaa 12:53:57
    VBASE002.VDF : 7.11.70.2 2048 Bytes 4/4/aaaa 12:53:58
    VBASE003.VDF : 7.11.70.3 2048 Bytes 4/4/aaaa 12:53:58
    VBASE004.VDF : 7.11.70.4 2048 Bytes 4/4/aaaa 12:53:59
    VBASE005.VDF : 7.11.70.5 2048 Bytes 4/4/aaaa 12:54:00
    VBASE006.VDF : 7.11.70.6 2048 Bytes 4/4/aaaa 12:54:00
    VBASE007.VDF : 7.11.70.7 2048 Bytes 4/4/aaaa 12:54:04
    VBASE008.VDF : 7.11.70.8 2048 Bytes 4/4/aaaa 12:54:05
    VBASE009.VDF : 7.11.70.9 2048 Bytes 4/4/aaaa 12:54:06
    VBASE010.VDF : 7.11.70.10 2048 Bytes 4/4/aaaa 12:54:07
    VBASE011.VDF : 7.11.70.11 2048 Bytes 4/4/aaaa 12:54:07
    VBASE012.VDF : 7.11.70.12 2048 Bytes 4/4/aaaa 12:54:08
    VBASE013.VDF : 7.11.70.13 2048 Bytes 4/4/aaaa 12:54:09
    VBASE014.VDF : 7.11.70.103 136192 Bytes 4/5/aaaa 12:54:12
    VBASE015.VDF : 7.11.70.183 183808 Bytes 4/6/aaaa 12:25:34
    VBASE016.VDF : 7.11.71.9 145920 Bytes 4/8/aaaa 22:04:15
    VBASE017.VDF : 7.11.71.115 169472 Bytes 4/10/aaaa 22:04:15
    VBASE018.VDF : 7.11.71.197 172544 Bytes 4/11/aaaa 22:00:27
    VBASE019.VDF : 7.11.71.198 2048 Bytes 4/11/aaaa 22:00:29
    VBASE020.VDF : 7.11.71.199 2048 Bytes 4/11/aaaa 22:00:30
    VBASE021.VDF : 7.11.71.200 2048 Bytes 4/11/aaaa 22:00:33
    VBASE022.VDF : 7.11.71.201 2048 Bytes 4/11/aaaa 22:00:35
    VBASE023.VDF : 7.11.71.202 2048 Bytes 4/11/aaaa 22:00:37
    VBASE024.VDF : 7.11.71.203 2048 Bytes 4/11/aaaa 22:00:38
    VBASE025.VDF : 7.11.71.204 2048 Bytes 4/11/aaaa 22:00:39
    VBASE026.VDF : 7.11.71.205 2048 Bytes 4/11/aaaa 22:00:39
    VBASE027.VDF : 7.11.71.206 2048 Bytes 4/11/aaaa 22:00:43
    VBASE028.VDF : 7.11.71.207 2048 Bytes 4/11/aaaa 22:00:45
    VBASE029.VDF : 7.11.71.208 2048 Bytes 4/11/aaaa 22:00:49
    VBASE030.VDF : 7.11.71.209 2048 Bytes 4/11/aaaa 22:00:49
    VBASE031.VDF : 7.11.71.252 81408 Bytes 4/11/aaaa 22:00:53
    Engine version : 8.2.12.26
    AEVDF.DLL : 8.1.2.10 102772 Bytes 7/11/aaaa 00:56:30
    AESCRIPT.DLL : 8.1.4.106 483709 Bytes 4/11/aaaa 22:02:28
    AESCN.DLL : 8.1.10.4 131446 Bytes 3/27/aaaa 01:58:51
    AESBX.DLL : 8.2.5.12 606578 Bytes 7/3/aaaa 16:45:06
    AERDL.DLL : 8.2.0.88 643444 Bytes 1/20/aaaa 16:00:41
    AEPACK.DLL : 8.3.2.6 827767 Bytes 4/6/aaaa 12:55:48
    AEOFFICE.DLL : 8.1.2.56 205180 Bytes 3/12/aaaa 15:44:01
    AEHEUR.DLL : 8.1.4.286 5845369 Bytes 4/11/aaaa 22:02:17
    AEHELP.DLL : 8.1.25.2 258423 Bytes 10/11/aaaa 19:53:40
    AEGEN.DLL : 8.1.7.2 442741 Bytes 3/27/aaaa 01:58:21
    AEEXP.DLL : 8.4.0.18 192886 Bytes 4/11/aaaa 22:02:35
    AEEMU.DLL : 8.1.3.2 393587 Bytes 7/11/aaaa 00:56:27
    AECORE.DLL : 8.1.31.2 201080 Bytes 2/24/aaaa 15:39:41
    AEBB.DLL : 8.1.1.4 53619 Bytes 11/6/aaaa 01:28:50
    AVWINLL.DLL : 12.3.0.15 27344 Bytes 7/6/aaaa 00:56:14
    AVPREF.DLL : 12.3.0.32 50720 Bytes 11/15/aaaa 20:28:32
    AVREP.DLL : 12.3.0.15 179208 Bytes 7/3/aaaa 16:45:42
    AVARKT.DLL : 12.3.0.33 209696 Bytes 11/15/aaaa 20:28:30
    AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 7/6/aaaa 00:56:15
    SQLITE3.DLL : 3.7.0.1 398288 Bytes 7/6/aaaa 00:56:17
    AVSMTP.DLL : 12.3.0.32 63480 Bytes 8/11/aaaa 02:41:57
    NETNT.DLL : 12.3.0.15 17104 Bytes 7/6/aaaa 00:56:16
    RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 8/11/aaaa 02:34:36
    RCTEXT.DLL : 12.3.0.32 97056 Bytes 11/15/aaaa 20:28:15

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: c:\arquivos de programas\avira\antivir desktop\sysscan.avp
    Logging.............................: default
    Primary action......................: Interactive
    Secondary action....................: Ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: extended

    Start of the scan: segunda-feira, 22 de mmmm de aaaa 11:14

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting search for hidden objects.

    The scan of running processes will be started
    Scan process 'rsmsink.exe' - '28' Module(s) have been scanned
    Scan process 'msdtc.exe' - '40' Module(s) have been scanned
    Scan process 'dllhost.exe' - '60' Module(s) have been scanned
    Scan process 'dllhost.exe' - '45' Module(s) have been scanned
    Scan process 'vssvc.exe' - '48' Module(s) have been scanned
    Scan process 'svchost.exe' - '76' Module(s) have been scanned
    Scan process 'avscan.exe' - '73' Module(s) have been scanned
    Scan process 'svchost.exe' - '34' Module(s) have been scanned
    Scan process 'OctoshapeClient.exe' - '40' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
    Scan process 'avgnt.exe' - '79' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '18' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '40' Module(s) have been scanned
    Scan process 'alg.exe' - '33' Module(s) have been scanned
    Scan process 'wmiapsrv.exe' - '45' Module(s) have been scanned
    Scan process 'avshadow.exe' - '26' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '98' Module(s) have been scanned
    Scan process 'svchost.exe' - '38' Module(s) have been scanned
    Scan process 'snmp.exe' - '46' Module(s) have been scanned
    Scan process 'tcpsvcs.exe' - '34' Module(s) have been scanned
    Scan process 'SeaPort.exe' - '45' Module(s) have been scanned
    Scan process 'jqs.exe' - '96' Module(s) have been scanned
    Scan process 'inetinfo.exe' - '83' Module(s) have been scanned
    Scan process 'GoogleUpdate.exe' - '43' Module(s) have been scanned
    Scan process 'svchost.exe' - '39' Module(s) have been scanned
    Scan process 'avguard.exe' - '60' Module(s) have been scanned
    Scan process 'sched.exe' - '39' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '63' Module(s) have been scanned
    Scan process 'svchost.exe' - '45' Module(s) have been scanned
    Scan process 'svchost.exe' - '32' Module(s) have been scanned
    Scan process 'svchost.exe' - '30' Module(s) have been scanned
    Scan process 'svchost.exe' - '168' Module(s) have been scanned
    Scan process 'svchost.exe' - '39' Module(s) have been scanned
    Scan process 'svchost.exe' - '52' Module(s) have been scanned
    Scan process 'lsass.exe' - '58' Module(s) have been scanned
    Scan process 'services.exe' - '36' Module(s) have been scanned
    Scan process 'winlogon.exe' - '74' Module(s) have been scanned
    Scan process 'csrss.exe' - '14' Module(s) have been scanned
    Scan process 'smss.exe' - '2' Module(s) have been scanned

    Starting to scan executable files (registry).
    The registry was scanned ( '1562' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\Documents and Settings\All Users\Documentos\microsoft\MARIAMEDEIROS.eml
    [0] Archive type: MIME
    --> object
    [DETECTION] Contains recognition pattern of the EXP/Iframe.B exploit
    --> pp.exe
    [DETECTION] Contains recognition pattern of the WORM/RunOnce.B2 worm
    C:\Documents and Settings\All Users\Documentos\Minhas músicas\My Playlists\MARIAMEDEIROS.eml
    [0] Archive type: MIME
    --> object
    [DETECTION] Contains recognition pattern of the EXP/Iframe.B exploit
    --> pp.exe
    [DETECTION] Contains recognition pattern of the WORM/RunOnce.B2 worm
    C:\Documents and Settings\All Users\Documentos\Minhas músicas\Sync Playlists\MARIAMEDEIROS.eml
    [0] Archive type: MIME
    --> object
    [DETECTION] Contains recognition pattern of the EXP/Iframe.B exploit
    --> pp.exe
    [DETECTION] Contains recognition pattern of the WORM/RunOnce.B2 worm
    C:\Documents and Settings\All Users\Documentos\Minhas músicas\Sync Playlists\38B96C\MARIAMEDEIROS.eml
    [0] Archive type: MIME
    --> object
    [DETECTION] Contains recognition pattern of the EXP/Iframe.B exploit
    --> pp.exe
    [DETECTION] Contains recognition pattern of the WORM/RunOnce.B2 worm
    C:\Documents and Settings\Wesclei\Configurações locais\Temp\{4A830C85-E314-4D1B-90AB-E6F368F3FBB9}-chrome_installer.exe
    [WARNING] The file could not be read!
    C:\Documents and Settings\Wesclei\Configurações locais\Temp\{9B9C219C-B306-4215-9D9C-A2DEEE984025}-25.0.1364.152_25.0.1364.97_chrome_updater.exe
    [WARNING] The file could not be read!
    C:\Documents and Settings\Wesclei\Configurações locais\Temporary Internet Files\Content.IE5\969EKSO1\wbk45.tmp
    [DETECTION] Contains recognition pattern of the EXP/Iframe.B exploit
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\0\6685d300-13b8c2c8
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452 exploit
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\0\6fc8e380-7db8de90
    [0] Archive type: ZIP
    --> ana/velet/hakcagiry$StreamConnector.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-1723.A.164 exploit
    --> ana/velet/hakcagiry.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-1723.A.158 exploit
    --> baba/atakyapan.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-1723.A.176 exploit
    --> baba/mortlamer.class
    [DETECTION] Contains recognition pattern of the EXP/JAVA.Ivinest.Gen exploit
    --> baba/mortlamericagiran.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-1723.A.161 exploit
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\1\2b89a7c1-40e8d4d4
    [0] Archive type: ZIP
    --> ph.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.HV Java virus
    --> c_ed.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.B Java virus
    --> c_gP.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.I exploit
    --> c_js.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.C Java virus
    --> e_ini.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.I Java virus
    --> P_c.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DA Java virus
    --> dM.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DR Java virus
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\15\5295cc8f-52665e9f
    [0] Archive type: ZIP
    --> d.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.M Java virus
    --> e.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IJ Java virus
    --> f.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.149 exploit
    --> b.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Trea.ES.1 Java virus
    --> g.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.EO Java virus
    --> c.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.571 exploit
    --> a.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IK Java virus
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\15\5c30400f-6cb87ca6
    [0] Archive type: ZIP
    --> c_ed.class
    [DETECTION] Contains recognition pattern of the JAVA/Inject.AN Java virus
    --> c_gP.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.I exploit
    --> c_js.class
    [DETECTION] Contains recognition pattern of the EXP/2008-4910.B exploit
    --> e_ini.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.E Java virus
    --> P_c.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.B exploit
    --> dM.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DT Java virus
    --> xpp.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2011-3544 exploit
    --> CEncrypt.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.HT Java virus
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\16\789d3bd0-7e691a94
    [0] Archive type: ZIP
    --> pia.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.FV Java virus
    --> c_ed.class
    [DETECTION] Contains recognition pattern of the JAVA/Inject.AK Java virus
    --> c_gP.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.I exploit
    --> c_js.class
    [DETECTION] Contains recognition pattern of the EXP/2008-4910.B exploit
    --> e_ini.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.FX Java virus
    --> P_c.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.B exploit
    --> dM.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DT Java virus
    --> a_ss.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.FZ Java virus
    --> CEncrypt.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.FY Java virus
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\17\15000411-72025384
    [0] Archive type: ZIP
    --> pia.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.12 exploit
    --> c_ed.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.CL exploit
    --> c_gP.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.I exploit
    --> c_js.class
    [DETECTION] Contains recognition pattern of the EXP/2008-4910.B exploit
    --> e_ini.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.FX Java virus
    --> P_c.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.B exploit
    --> dM.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DT Java virus
    --> a_ss.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.FZ Java virus
    --> CEncrypt.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.13 exploit
    --> oDD.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.28 exploit
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\17\6f497b11-58083098
    [0] Archive type: ZIP
    --> ph.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.HV Java virus
    --> c_ed.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.B Java virus
    --> c_gP.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.I exploit
    --> c_js.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.C Java virus
    --> e_ini.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.I Java virus
    --> P_c.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DA Java virus
    --> dM.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DR Java virus
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\19\40353553-7755ebd5
    [0] Archive type: ZIP
    --> Rinoceronte.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2011-3544 exploit
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\26\7445fa9a-29c26f27
    [0] Archive type: ZIP
    --> d.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.M Java virus
    --> e.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IJ Java virus
    --> f.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.149 exploit
    --> b.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Trea.ES.1 Java virus
    --> g.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.EO Java virus
    --> c.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.571 exploit
    --> a.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IK Java virus
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\4\4d9d4d84-7c743408
    [0] Archive type: ZIP
    --> ph.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.HV Java virus
    --> c_ed.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.B Java virus
    --> c_gP.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.I exploit
    --> c_js.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.C Java virus
    --> e_ini.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.I Java virus
    --> P_c.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DA Java virus
    --> dM.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DR Java virus
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\42\46a0df2a-273d1180
    [0] Archive type: ZIP
    --> FAQ/CheckList.class
    [DETECTION] Is the TR/Agent.410 Trojan
    --> FAQ/constant.class
    [DETECTION] Is the TR/Agent.708.1 Trojan
    --> FAQ/Template.class
    [DETECTION] Contains recognition pattern of the JAVA/Exdoer.CK Java virus
    --> tools/Commander.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840 exploit
    --> tools/Env.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.N exploit
    --> tools/Syntax.class
    [DETECTION] Contains recognition pattern of the JAVA/Exdoer.CQ Java virus
    --> tools/XmlStandard.class
    [DETECTION] Contains recognition pattern of the JAVA/Exdoer.CO Java virus
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\47\32fad7ef-5690171f
    [0] Archive type: ZIP
    --> ph.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.HV Java virus
    --> c_ed.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.B Java virus
    --> c_gP.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.I exploit
    --> c_js.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.C Java virus
    --> e_ini.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.I Java virus
    --> P_c.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DA Java virus
    --> dM.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DR Java virus
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\47\3e81456f-3433525b
    [0] Archive type: ZIP
    --> leclass
    [1] Archive type: ZIP
    --> aprin.sys
    [DETECTION] Is the TR/Rootkit.Gen2 Trojan
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\48\10db77f0-20a7de34
    [0] Archive type: ZIP
    --> ph.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.HV Java virus
    --> c_ed.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.B Java virus
    --> c_gP.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.I exploit
    --> c_js.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.C Java virus
    --> e_ini.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.I Java virus
    --> P_c.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DA Java virus
    --> dM.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DR Java virus
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\57\2e3ab339-4bc5062e
    [0] Archive type: ZIP
    --> d.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.M Java virus
    --> e.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IJ Java virus
    --> f.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.149 exploit
    --> b.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Trea.ES.1 Java virus
    --> g.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.EO Java virus
    --> c.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.571 exploit
    --> a.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IK Java virus
    --> i.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IL Java virus
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\6\78804e06-604e1bc3
    [0] Archive type: ZIP
    --> plus
    [1] Archive type: ZIP
    --> plusdriver.sys
    [DETECTION] Is the TR/Rootkit.Gen2 Trojan
    --> plusdriver64.sys
    [DETECTION] Is the TR/Rootkit.Gen2 Trojan
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\63\1690aa7f-7cbbfec7
    [0] Archive type: ZIP
    --> d.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.M Java virus
    --> e.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IJ Java virus
    --> f.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.149 exploit
    --> b.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Trea.ES.1 Java virus
    --> g.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.EO Java virus
    --> c.class
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.571 exploit
    --> a.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IK Java virus
    C:\System Volume Information\_restore{A03A362D-05CF-48CC-9656-6E980D24DBC7}\RP394\A0085336.exe
    [DETECTION] Is the TR/Graftor.36458.1 Trojan
    C:\System Volume Information\_restore{A03A362D-05CF-48CC-9656-6E980D24DBC7}\RP394\A0085337.exe
    [DETECTION] Is the TR/Agent.27247225 Trojan
    C:\System Volume Information\_restore{A03A362D-05CF-48CC-9656-6E980D24DBC7}\RP394\A0085338.exe
    [DETECTION] Is the TR/Agent.27247225 Trojan
    C:\System Volume Information\_restore{A03A362D-05CF-48CC-9656-6E980D24DBC7}\RP394\A0085339.exe
    [DETECTION] Is the TR/Agent.27247225 Trojan
    C:\WINDOWS\SoftwareDistribution\Download\19145a936940ad16676ac3452559ca72\BIT24B.tmp
    [0] Archive type: CAB SFX (self extracting)
    --> _sfx_0000._p
    [WARNING] The file could not be written!
    C:\WINDOWS\SoftwareDistribution\Download\d0b4e99442b58ecc16a84ff4bd78e3ed\BIT1A.tmp
    [0] Archive type: CAB SFX (self extracting)
    --> _sfx_0001._p
    [WARNING] The file could not be written!
    C:\WINDOWS\SoftwareDistribution\Download\f2fdf3094eb026ed64b501a3eb87754c\BIT246.tmp
    [0] Archive type: CAB SFX (self extracting)
    --> _sfx_0000._p
    [WARNING] The file could not be written!

    Beginning disinfection:
    C:\System Volume Information\_restore{A03A362D-05CF-48CC-9656-6E980D24DBC7}\RP394\A0085339.exe
    [DETECTION] Is the TR/Agent.27247225 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '5267f494.qua'.
    C:\System Volume Information\_restore{A03A362D-05CF-48CC-9656-6E980D24DBC7}\RP394\A0085338.exe
    [DETECTION] Is the TR/Agent.27247225 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '4af0db24.qua'.
    C:\System Volume Information\_restore{A03A362D-05CF-48CC-9656-6E980D24DBC7}\RP394\A0085337.exe
    [DETECTION] Is the TR/Agent.27247225 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '18af81a0.qua'.
    C:\System Volume Information\_restore{A03A362D-05CF-48CC-9656-6E980D24DBC7}\RP394\A0085336.exe
    [DETECTION] Is the TR/Graftor.36458.1 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '7e98ce5d.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\63\1690aa7f-7cbbfec7
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IK Java virus
    [NOTE] The file was moved to the quarantine directory under the name '3b17e382.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\6\78804e06-604e1bc3
    [DETECTION] Is the TR/Rootkit.Gen2 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '440fd1e5.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\57\2e3ab339-4bc5062e
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IL Java virus
    [NOTE] The file was moved to the quarantine directory under the name '08b2fd99.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\48\10db77f0-20a7de34
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DR Java virus
    [NOTE] The file was moved to the quarantine directory under the name '74dbbdf6.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\47\3e81456f-3433525b
    [DETECTION] Is the TR/Rootkit.Gen2 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '59f59284.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\47\32fad7ef-5690171f
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DR Java virus
    [NOTE] The file was moved to the quarantine directory under the name '40eba923.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\42\46a0df2a-273d1180
    [DETECTION] Contains recognition pattern of the JAVA/Exdoer.CO Java virus
    [NOTE] The file was moved to the quarantine directory under the name '2cba8518.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\4\4d9d4d84-7c743408
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DR Java virus
    [NOTE] The file was moved to the quarantine directory under the name '5d7bbcbb.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\26\7445fa9a-29c26f27
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IK Java virus
    [NOTE] The file was moved to the quarantine directory under the name '53668c4c.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\19\40353553-7755ebd5
    [DETECTION] Contains recognition pattern of the EXP/CVE-2011-3544 exploit
    [NOTE] The file was moved to the quarantine directory under the name '164ef502.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\17\6f497b11-58083098
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DR Java virus
    [NOTE] The file was moved to the quarantine directory under the name '1f44f193.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\17\15000411-72025384
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.28 exploit
    [NOTE] The file was moved to the quarantine directory under the name '4709e8cd.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\16\789d3bd0-7e691a94
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.FY Java virus
    [NOTE] The file was moved to the quarantine directory under the name '6bf69104.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\15\5c30400f-6cb87ca6
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.HT Java virus
    [NOTE] The file was moved to the quarantine directory under the name '550ef1e9.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\15\5295cc8f-52665e9f
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IK Java virus
    [NOTE] The file was moved to the quarantine directory under the name '3606daab.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\1\2b89a7c1-40e8d4d4
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.DR Java virus
    [NOTE] The file was moved to the quarantine directory under the name '10cd9a86.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\0\6fc8e380-7db8de90
    [DETECTION] Contains recognition pattern of the EXP/CVE-2012-1723.A.161 exploit
    [NOTE] The file was moved to the quarantine directory under the name '222ce127.qua'.
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\0\6685d300-13b8c2c8
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452 exploit
    [NOTE] The file was moved to the quarantine directory under the name '281cca69.qua'.
    C:\Documents and Settings\Wesclei\Configurações locais\Temporary Internet Files\Content.IE5\969EKSO1\wbk45.tmp
    [DETECTION] Contains recognition pattern of the EXP/Iframe.B exploit
    [NOTE] The file was moved to the quarantine directory under the name '1702ae18.qua'.
    C:\Documents and Settings\All Users\Documentos\Minhas músicas\Sync Playlists\38B96C\MARIAMEDEIROS.eml
    [DETECTION] Contains recognition pattern of the W32/Runouce.B2 Windows virus
    [NOTE] The file was moved to the quarantine directory under the name '6909a210.qua'.
    C:\Documents and Settings\All Users\Documentos\Minhas músicas\Sync Playlists\MARIAMEDEIROS.eml
    [DETECTION] Contains recognition pattern of the W32/Runouce.B2 Windows virus
    [NOTE] The file was moved to the quarantine directory under the name '3c71a6db.qua'.
    C:\Documents and Settings\All Users\Documentos\Minhas músicas\My Playlists\MARIAMEDEIROS.eml
    [DETECTION] Contains recognition pattern of the W32/Runouce.B2 Windows virus
    [NOTE] The file was moved to the quarantine directory under the name '31e7d7f3.qua'.
    C:\Documents and Settings\All Users\Documentos\microsoft\MARIAMEDEIROS.eml
    [DETECTION] Contains recognition pattern of the W32/Runouce.B2 Windows virus
    [NOTE] The file was moved to the quarantine directory under the name '2dbac3fa.qua'.


    End of the scan: segunda-feira, 22 de mmmm de aaaa 11:59
    Used time: 43:51 Minute(s)

    The scan has been done completely.

    5866 Scanned directories
    274404 Files were scanned
    125 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 Files were deleted
    0 Viruses and unwanted programs were repaired
    27 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    274279 Files not concerned
    2177 Archives were scanned
    5 Warnings
    27 Notes
    380199 Objects were scanned with rootkit scan
    0 Hidden objects were found


    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Notebook com virus, alguns logs para analise.

    Mensagem por Edvan em Seg Abr 22, 2013 1:20 pm


    Log do ZHPDiag [Você precisa estar registrado e conectado para ver este link.]

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.8.8 (04.21.2013:2)
    OS: Microsoft Windows XP x86
    Ran by Wesclei on 22/04/2013 at 14:16:56,70
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2000478354-1532298954-682003330-1003\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealply
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\dealply
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Successfully deleted: [File] C:\Documents and Settings\Wesclei\Dados de aplicativos\mozilla\firefox\profiles\1ysqpk5w.default\user.js
    Successfully deleted: [File] C:\Documents and Settings\Wesclei\Dados de aplicativos\mozilla\firefox\profiles\1ysqpk5w.default\searchplugins\askcom.xml
    Successfully deleted: [File] C:\Documents and Settings\Wesclei\Dados de aplicativos\mozilla\firefox\profiles\1ysqpk5w.default\searchplugins\search.xml
    Successfully deleted: [Folder] C:\Documents and Settings\Wesclei\Dados de aplicativos\mozilla\firefox\profiles\1ysqpk5w.default\extensions\ffxtlbr@babylon.com
    Successfully deleted: [Folder] C:\Documents and Settings\Wesclei\Dados de aplicativos\mozilla\firefox\profiles\1ysqpk5w.default\extensions\ffxtlbr@searchya.com
    Successfully deleted the following from C:\Documents and Settings\Wesclei\Dados de aplicativos\mozilla\firefox\profiles\1ysqpk5w.default\prefs.js

    user_pref("backup.old.browser.search.selectedEngine", "Ask.com");
    user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
    user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=113480&tt=010712_2&babsrc=NT_ss&mntrId=28cfe3ee00000000000000224359083d");
    user_pref("browser.search.defaultengine", "Ask.com");
    user_pref("browser.search.defaulturl", "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=");
    user_pref("browser.search.order.1", "Ask.com");
    user_pref("extensions.BabylonToolbar.admin", false);
    user_pref("extensions.BabylonToolbar.aflt", "babsst");
    user_pref("extensions.BabylonToolbar.babExt", "");
    user_pref("extensions.BabylonToolbar.babTrack", "affID=113480&tt=010712_2");
    user_pref("extensions.BabylonToolbar.bbDpng", 21);
    user_pref("extensions.BabylonToolbar.dfltSrch", false);
    user_pref("extensions.BabylonToolbar.hmpg", false);
    user_pref("extensions.BabylonToolbar.id", "28cfe3ee00000000000000224359083d");
    user_pref("extensions.BabylonToolbar.instlDay", "15532");
    user_pref("extensions.BabylonToolbar.instlRef", "sst");
    user_pref("extensions.BabylonToolbar.lastDP", 21);
    user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1711:01:53");
    user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "12.0");
    user_pref("extensions.BabylonToolbar.newTab", true);
    user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
    user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
    user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
    user_pref("extensions.BabylonToolbar.propectorlck", 105075978);
    user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
    user_pref("extensions.BabylonToolbar.ptch_0717", true);
    user_pref("extensions.BabylonToolbar.smplGrp", "czb");
    user_pref("extensions.BabylonToolbar.srcExt", "ss");
    user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
    user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
    user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1711:01:53");
    user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
    user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
    user_pref("extensions.BabylonToolbar_i.babExt", "");
    user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480&tt=010712_2");
    user_pref("extensions.BabylonToolbar_i.hardId", "28cfe3ee00000000000000224359083d");
    user_pref("extensions.BabylonToolbar_i.id", "28cfe3ee00000000000000224359083d");
    user_pref("extensions.BabylonToolbar_i.instlDay", "15532");
    user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
    user_pref("extensions.BabylonToolbar_i.newTab", true);
    user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=113480&tt=010712_2&babsrc=NT_ss&mntrId=28cfe3ee00000000000000224359083d");
    user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
    user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
    user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
    user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
    user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:01:53");
    user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
    user_pref("extensions.searchya.aflt", "foxtab");
    user_pref("extensions.searchya.autoRvrt", false);
    user_pref("extensions.searchya.cntry", "BR");
    user_pref("extensions.searchya.dfltLng", "");
    user_pref("extensions.searchya.dfltSrch", true);
    user_pref("extensions.searchya.dnsErr", true);
    user_pref("extensions.searchya.envrmnt", "production");
    user_pref("extensions.searchya.excTlbr", false);
    user_pref("extensions.searchya.hdrMd5", "9BA9068D17BED675C3F453FEA6B1C223");
    user_pref("extensions.searchya.hmpg", true);
    user_pref("extensions.searchya.hmpgUrl", "hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDzytD0FyDyByCyB0Dzy0B0EtA0E0EtN0D0Tzu0StByEyCtN1L2XzutBtFtCtF
    user_pref("extensions.searchya.id", "0090F5767D9BE3EE");
    user_pref("extensions.searchya.instlDay", "15586");
    user_pref("extensions.searchya.instlRef", "tc-100");
    user_pref("extensions.searchya.isdcmntcmplt", true);
    user_pref("extensions.searchya.lastVrsnTs", "1.5.25.023:1:18");
    user_pref("extensions.searchya.mntrFFxVrsn", "12.0");
    user_pref("extensions.searchya.mntrvrsn", "1.3.0");
    user_pref("extensions.searchya.newTab", true);
    user_pref("extensions.searchya.newTabUrl", "hxxp://www.searchya.com/?s=2&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDzytD0FyDyByCyB0Dzy0B0EtA0E0EtN0D0Tzu0StByEyCtN1L2XzutBtFtC
    user_pref("extensions.searchya.pnu_base", "{\"newVrsn\":\"35\",\"lastVrsn\":\"35\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0
    user_pref("extensions.searchya.prdct", "searchya");
    user_pref("extensions.searchya.prtnrId", "searchya");
    user_pref("extensions.searchya.sg", "none");
    user_pref("extensions.searchya.smplGrp", "none");
    user_pref("extensions.searchya.srchPrvdr", "Search");
    user_pref("extensions.searchya.tlbrId", "base");
    user_pref("extensions.searchya.tlbrSrchUrl", "hxxp://www.searchya.com/?s=3&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDzytD0FyDyByCyB0Dzy0B0EtA0E0EtN0D0Tzu0StByEyCtN1L2XzutBtF
    user_pref("extensions.searchya.vrsn", "1.5.25.0");
    user_pref("extensions.searchya.vrsnTs", "1.5.25.023:1:18");
    user_pref("extensions.searchya.vrsni", "1.5.25.0");
    user_pref("extensions.searchya_i.newTab", true);
    user_pref("extensions.searchya_i.smplGrp", "none");
    user_pref("extensions.searchya_i.vrsnTs", "1.5.25.023:1:18");
    user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0");
    user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent100", "1363660629212");
    user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent101", "1365866975619");
    user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent102", "1366431880672");
    user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent109", "1363879750879");
    user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent111", "1363879750890");
    user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent122", "1363879750899");
    user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1365864756001");
    user_pref("iminent.webbooster.scripts.sslminibar.ShowThankyouPixel", "0");
    user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent100", "1363797098026");
    user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent101", "1365866960432");
    user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1366429872067");
    user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent105", "1362324646653");
    user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent109", "1364054074389");
    user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent111", "1364054074395");
    user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent112", "1364054109627");
    user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent122", "1364054074399");
    user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=113480&tt=010712_2&babsrc=KW_ss&mntrId=28cfe3ee00000000000000224359083d&q=");



    ~~~ Chrome

    Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\cjpglkicenollcignonpgiafdgfeehoj
    Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\gaiilaahiahdejapggenmdmafpmbipje





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 22/04/2013 at 14:19:12,15
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 610
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Notebook com virus, alguns logs para analise.

    Mensagem por joram em Seg Abr 22, 2013 9:00 pm

    Boa Noite! Edvan

    |- Baixe: < [Você precisa estar registrado e conectado para ver este link.] >
    |- Salve-o no desktop!
    |- Desabilite seu antivírus ou antispyware,para que a ferramenta não seja detectada como malware.
    |- Execute AT-Destroyer.exe como administrador,caso utilize Windows Vista ou 7.

    [Você precisa estar registrado e conectado para ver este link.]

    |- Escolha a opção "Buscar" e aguarde a finalização do scan.
    |- Poste o relatório! ( C:\AT-Destroyer.txt )

    -/-

    |- Feche programas/pastas que estejam abertas.
    |- Feche,também,o navegador!
    |- Para Windows Vista,desabilite a [Você precisa estar registrado e conectado para ver este link.].

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
    |- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

    O4 - HKCU\..\Run: [ares] C:\Arquivos de programas\Ares\Ares.exe (.not file.)
    O4 - HKUS\S-1-5-21-2000478354-1532298954-682003330-1003\..\Run: [ares] C:\Arquivos de programas\Ares\Ares.exe (.not file.)
    O42 - Logiciel: Update_DealPly - (...) [HKCU] -- DealPly
    O44 - LFC:[MD5.BB8E23B9C112A79F759681703D021C81] - 11/04/2013 - 23:51:47 ---A- . (...) -- C:\WINDOWS\wmsetup.log [49593]
    O51 - MPSK:{d197fb7d-bf64-11df-b5d1-00224359083d}\AutoRun\command. (...) -- E:\Windows\Install.exe (.not file.)
    O51 - MPSK:{e872f3c4-a96d-11df-b5b8-00224359083d}\AutoRun\command. (...) -- C:\WINDOWS\system32\svchosts.exe (.not file.)
    O51 - MPSK:{f3dcd824-8e4d-11de-b4c0-00224359083d}\AutoRun\command. (...) -- F:\RECYCLER32\dmgr.exe (.not file.)
    O51 - MPSK:{330e1370-ba64-11de-b52b-0090f5767d9b}\AutoRun\command. (...) -- E:\XnrPLT.exe (.not file.)
    O51 - MPSK:{3f52a962-68ba-11de-b475-00224359083d}\AutoRun\command - Orphean Key
    O51 - MPSK:{3fc3080e-7aaa-11de-b491-00224359083d}\AutoRun\command - Orphean Key
    O51 - MPSK:{4a74d131-249d-11e0-b626-0090f5767d9b}\AutoRun\command. (...) -- E:\thbpr.exe (.not file.)
    O51 - MPSK:{60d7a538-8f66-11de-b4c3-0090f5767d9b}\AutoRun\command. (...) -- E:\RECYCLERS32\autorun.exe (.not file.)
    O51 - MPSK:{8ac0cc34-5ecd-11e0-b6ab-00224359083d}\AutoRun\command. (...) -- E:\xcksh.exe (.not file.)
    O51 - MPSK:{918e40eb-883e-11de-b4b3-00224359083d}\AutoRun\command - Orphean Key
    O51 - MPSK:{acebe882-9703-11de-b4e1-00224359083d}\AutoRun\command. (...) -- F:\ayvzxy.exe (.not file.)
    O51 - MPSK:{b6623e24-bc8f-11e1-b8cf-00224359083d}\AutoRun\command. (...) -- E:\RunClubSanDisk.exe (.not file.)
    O51 - MPSK:{e5d94517-678f-11e1-b893-00224359083d}\AutoRun\command. (...) -- E:\RunClubSanDisk.exe (.not file.)
    O51 - MPSK:{e5d94518-678f-11e1-b893-00224359083d}\AutoRun\command. (...) -- E:\application\Nokia_Internet_Modem.exe (.not file.)
    O90 - PUC: "9EC6D81181F59F2459A84176A626F9ED" . (.Iminent.) -- C:\WINDOWS\Installer\{118D6CE9-5F18-42F9-958A-14676A629FDE}\imbooster.ico

    [HKCU\Software\InstallCore]
    [HKCU\Software\searchya.com]
    [HKLM\Software\360Safe]
    [HKLM\Software\Trymedia Systems]
    [HKCU\Software\APN PIP]
    [HKCU\Software\PIP]
    [HKLM\Software\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}]
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [HKCU\Software\APN PIP]
    [HKCU\Software\PIP]
    [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440}
    [HKLM\Software\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}]
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}]
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Iminent]
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
    [HKCU\Software\InstallCore]
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F}]
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E}]
    [HKLM\Software\Classes\Installer\Features\9EC6D81181F59F2459A84176A626F9ED]
    [HKLM\Software\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED]

    proxyfix
    emptytemp
    emptyclsid
    emptyflash
    firewallraz
    sysrestore
    |- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
    |- Minimize o Bloco de Notas.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Clique no menu,"Paste ClipBoard".
    |- Evite a opção "Colar" ( Ctrl+V ),no campo amarelo claro,que não habilita o botão "Go".

    [Você precisa estar registrado e conectado para ver este link.]

    |- Clique "GO" -> Oui.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
    |- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

    Abs!

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Notebook com virus, alguns logs para analise.

    Mensagem por Edvan em Ter Abr 23, 2013 7:12 am

    ta aqui amigo.

    ######################## AT-Destroyer By Infospyware.
    Hora/Día/Mes/Año: 08:08:21 \\\ 23/04/2013
    AT-Destroyer 2.1 By Infospyware ---> [Você precisa estar registrado e conectado para ver este link.]
    Última actualización: 30/11/2012
    Opción escogida: 1 :Buscar
    Versión Internet Explorer:7.0.5730.13
    Mozilla Firefox:12.0.0.4493
    Google Chrome:26.0.1410.64
    Privilegios: Wesclei - Administrador
    Modo Actual: Modo Normal.
    Nombre del pc: WESCLEI
    Información del sistema operativo:X86-WIN_XP-Service Pack 3
    nombre del usuario:Wesclei
    Lenguaje del sistema: Portugués



    >>>>>> Servicios <<<<<<



    >>>>>> Carpetas <<<<<<



    >>>>>> Archivos <<<<<<



    >>>>>> Registro <<<<<<



    >>>>>> Heurística <<<<<<



    >>>>>> Internet Explorer <<<<<<

    Start Page==http://www.google.com
    Local Page==%SystemRoot%\system32\blank.htm
    Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
    Default_search_url==http://go.microsoft.com/fwlink/?LinkId=54896
    Default_Page_URL==http://go.microsoft.com/fwlink/?LinkId=69157


    ''HKCU\Software\Microsoft\Internet Explorer\Main''
    Start Page==http://www.google.com
    Local Page==C:\WINDOWS\system32\blank.htm
    Search Page==http://www.google.com
    Default_search_url==
    Default_Page_URL==


    HKEY_USERS\S-1-5-21-2000478354-1532298954-682003330-1003\Software\Microsoft\Internet Explorer\Main''
    Start Page==http://www.google.com
    Local Page==C:\WINDOWS\system32\blank.htm
    Search Page==http://www.google.com
    Default_search_url==
    Default_Page_URL==


    >>>>>> Firefox <<<<<<

    user_pref("browser.startup.homepage", "https://www.google.com.br/");
    user_pref("browser.startup.homepage_override.buildID", "20120420145725");
    user_pref("browser.startup.homepage_override.mstone", "rv:12.0");


    >>>>>> Plugins Firefox <<<<<<

    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@zylom.com/ZylomGamesPlayer

    >>>>>> Google Chrome <<<<<<

    "homepage_url": "http://www.iminent.com/",
    "homepage": "http://www.searchya.com/?s=0&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDzytD0FyDyByCyB0Dzy0B0EtA0E0EtN0D0Tzu0StByEyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=168719975",
    "homepage_changed": true,
    "homepage_is_newtabpage": true,


    >>>>>> Extensiones Google Chrome <<<<<<

    C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\4
    C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
    C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
    C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
    C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

    ======== Listado ===========

    C:\Documents and Settings\Wesclei\Dados de aplicativos\AdobeUM [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Alawar [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Autodesk [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Avira [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Corel [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\desktop.ini [HSA] 1 KB ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\EleFun Games [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\ex3b.jpg [A] 501 KB ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\FileZilla [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Gamelab [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Help [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\HP [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\HPAppData [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\id [A] 1 KB ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Identities [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\InstallShield [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Macromedia [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Microsoft [S] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Mozilla [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\NCH Software [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Nero [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Octoshape [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Real [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\RealNetworks [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\SView5 [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\U3 [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\WESCLEI [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Windows Live Writer [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\WinRAR [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\xmaq [A] 1 KB ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Zylom [0] 0 ( )
    C:\Arquivos de programas\Alwil Software [0] 0 ( )
    C:\Arquivos de programas\Arquivos comuns [0] 0 ( )
    C:\Arquivos de programas\AVAST Software [0] 0 ( )
    C:\Arquivos de programas\AVG [0] 0 ( )
    C:\Arquivos de programas\Avira [0] 0 ( )
    C:\Arquivos de programas\Bing Bar Installer [0] 0 ( )
    C:\Arquivos de programas\CCleaner [0] 0 ( )
    C:\Arquivos de programas\Claro 3G [0] 0 ( )
    C:\Arquivos de programas\CNPJ2003 [0] 0 ( )
    C:\Arquivos de programas\ComPlus Applications [0] 0 ( )
    C:\Arquivos de programas\Corel [0] 0 ( )
    C:\Arquivos de programas\DsNET Corp [0] 0 ( )
    C:\Arquivos de programas\Google [0] 0 ( )
    C:\Arquivos de programas\HotKey_Driver [0] 0 ( )
    C:\Arquivos de programas\HP [0] 0 ( )
    C:\Arquivos de programas\InstallAffixationInfo [0] 0 ( )
    C:\Arquivos de programas\InstallShield Installation Information [H] 0( 0)
    C:\Arquivos de programas\Internet Explorer [0] 0 ( )
    C:\Arquivos de programas\Java [0] 0 ( )
    C:\Arquivos de programas\Loonies [0] 0 ( )
    C:\Arquivos de programas\Malwarebytes' Anti-Malware [0] 0 ( )
    C:\Arquivos de programas\Marcos Velasco Security [0] 0 ( )
    C:\Arquivos de programas\Messenger [0] 0 ( )
    C:\Arquivos de programas\Microsoft [0] 0 ( )
    C:\Arquivos de programas\microsoft frontpage [0] 0 ( )
    C:\Arquivos de programas\Microsoft Office [0] 0 ( )
    C:\Arquivos de programas\Microsoft Office Outlook Connector [0] 0 ( )
    C:\Arquivos de programas\Microsoft Silverlight [0] 0 ( )
    C:\Arquivos de programas\Microsoft SQL Server Compact Edition [0] 0 ( )
    C:\Arquivos de programas\Microsoft Sync Framework [0] 0 ( )
    C:\Arquivos de programas\Microsoft Visual Studio [0] 0 ( )
    C:\Arquivos de programas\Microsoft Works [0] 0 ( )
    C:\Arquivos de programas\Microsoft.NET [0] 0 ( )
    C:\Arquivos de programas\Motorola [0] 0 ( )
    C:\Arquivos de programas\Movie Maker [0] 0 ( )
    C:\Arquivos de programas\Mozilla Firefox [0] 0 ( )
    C:\Arquivos de programas\Mozilla Maintenance Service [0] 0 ( )
    C:\Arquivos de programas\MSECache [0] 0 ( )
    C:\Arquivos de programas\MSN Gaming Zone [0] 0 ( )
    C:\Arquivos de programas\MSXML 4.0 [0] 0 ( )
    C:\Arquivos de programas\MyPlayCity.com [0] 0 ( )
    C:\Arquivos de programas\NCH Software [0] 0 ( )
    C:\Arquivos de programas\Nero [0] 0 ( )
    C:\Arquivos de programas\NetMeeting [0] 0 ( )
    C:\Arquivos de programas\Outlook Express [0] 0 ( )
    C:\Arquivos de programas\Photo! [0] 0 ( )
    C:\Arquivos de programas\Positivo [0] 0 ( )
    C:\Arquivos de programas\Programas RFB [0] 0 ( )
    C:\Arquivos de programas\Real [0] 0 ( )
    C:\Arquivos de programas\Realtek [0] 0 ( )
    C:\Arquivos de programas\REALTEK RTL8187B Wireless LAN Driver [0] 0 ( )
    C:\Arquivos de programas\REAP [0] 0 ( )
    C:\Arquivos de programas\Serviços on-line [0] 0 ( )
    C:\Arquivos de programas\SiS VGA Utilities V3.83 [0] 0 ( )
    C:\Arquivos de programas\sisagp [0] 0 ( )
    C:\Arquivos de programas\Sistema Simplificado de Caixa [0] 0 ( )
    C:\Arquivos de programas\TeamViewer [0] 0 ( )
    C:\Arquivos de programas\Uninstall Information [H] 0( 0)
    C:\Arquivos de programas\Windows Live [0] 0 ( )
    C:\Arquivos de programas\Windows Live SkyDrive [0] 0 ( )
    C:\Arquivos de programas\Windows Media Connect 2 [0] 0 ( )
    C:\Arquivos de programas\Windows Media Player [0] 0 ( )
    C:\Arquivos de programas\Windows NT [0] 0 ( )
    C:\Arquivos de programas\WindowsUpdate [H] 0( 0)
    C:\Arquivos de programas\WinRAR [0] 0 ( )
    C:\Arquivos de programas\xerox [0] 0 ( )
    C:\Arquivos de programas\XP Codec Pack [0] 0 ( )
    C:\Arquivos de programas\ZHPDiag [0] 0 ( )
    C:\Arquivos de programas\Zylom Games [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Autodesk [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\AVAST Software [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Avira [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\BigFishGamesCache [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\DatacardService [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini [HSA] 1 KB 0
    C:\Documents and Settings\All Users\Dados de aplicativos\Fashion Solitaire 1.2 [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\gas [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Hewlett-Packard [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\HP [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\HP Product Assistant [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\HPSSUPPLY [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\hpzinstall.log [AC] 6 KB 0
    C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\McAfee [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft [S] 0 0
    C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Mozilla [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\NCH Software [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Nero [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\PSafe [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Real [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\WEBREG [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Windows Genuine Advantage [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Zylom [0] 0 ( )
    ======================EOF=======================



    Rapport de ZHPFix 2013.3.9.1 par Nicolas Coolman, Update du 9/03/2013
    Fichier d'export Registre :
    Run by Wesclei at 23/04/2013 8:10:29
    High Elevated Privileges : OK
    Windows XP Professional Service Pack 3 (Build 2600)

    Recycle Files Deleted

    ========== Registry Key ==========
    DELETED Partial Update_DealPly
    DELETED CLSID MPSK: {d197fb7d-bf64-11df-b5d1-00224359083d}
    DELETED CLSID MPSK: {e872f3c4-a96d-11df-b5b8-00224359083d}
    DELETED CLSID MPSK: {f3dcd824-8e4d-11de-b4c0-00224359083d}
    DELETED CLSID MPSK: {330e1370-ba64-11de-b52b-0090f5767d9b}
    DELETED CLSID MPSK: {3f52a962-68ba-11de-b475-00224359083d}
    DELETED CLSID MPSK: {3fc3080e-7aaa-11de-b491-00224359083d}
    DELETED CLSID MPSK: {4a74d131-249d-11e0-b626-0090f5767d9b}
    DELETED CLSID MPSK: {60d7a538-8f66-11de-b4c3-0090f5767d9b}
    DELETED CLSID MPSK: {8ac0cc34-5ecd-11e0-b6ab-00224359083d}
    DELETED CLSID MPSK: {918e40eb-883e-11de-b4b3-00224359083d}
    DELETED CLSID MPSK: {acebe882-9703-11de-b4e1-00224359083d}
    DELETED CLSID MPSK: {b6623e24-bc8f-11e1-b8cf-00224359083d}
    DELETED CLSID MPSK: {e5d94517-678f-11e1-b893-00224359083d}
    DELETED CLSID MPSK: {e5d94518-678f-11e1-b893-00224359083d}
    DELETED Key: \Software\Classes\Installer\Products\\9EC6D81181F59F2459A84176A626F9ED
    DELETED Key: \Software\Classes\Installer\Features\9EC6D81181F59F2459A84176A626F9ED
    DELETED Key: HKCU\Software\InstallCore
    DELETED Key: HKCU\Software\searchya.com
    DELETED Key: HKLM\Software\360Safe
    DELETED Key: HKLM\Software\Trymedia Systems
    DELETED Key: HKCU\Software\APN PIP
    NOT FOUND Key: HKCU\Software\PIP
    DELETED Key: HKLM\Software\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
    DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    DELETED Key: HKLM\Software\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
    DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
    NOT FOUND Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Iminent
    DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
    DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F}
    DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
    NOT FOUND Key: HKLM\Software\Classes\Installer\Features\9EC6D81181F59F2459A84176A626F9ED
    NOT FOUND Key: HKLM\Software\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED
    DELETED Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED

    ========== Registry Value ==========
    NOT FOUND RunValue: ares
    DELETED [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440}
    ProxyFix : Proxy killed successfully
    DELETED ProxyServer Value
    DELETED ProxyEnable Value
    DELETED EnableHttp1_1 Value
    DELETED ProxyHttp1.1 Value
    DELETED ProxyOverride Value
    DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe
    DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe
    DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe
    DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe
    No Value in Firewall Exception Register Key (FirewallRaz)

    ========== Repertory ==========
    No Empty CLSID Directories
    DELETED Flash Cookies

    ========== File ==========
    NOT FOUND File: c:\arquivos de programas\ares\ares.exe
    NOT FOUND File: c:\windows\wmsetup.log
    DELETED Window Temporary
    DELETED Flash Cookies

    ========== Restoration ==========
    Restore System Point created succefully


    ========== Summary ==========
    35 : Registry Key
    13 : Registry Value
    2 : Repertory
    4 : File
    1 : Restoration


    End of clean in 00mn 16s

    ========== Report File ==========
    C:\ZHP\ZHPFix[R1].txt - 23/04/2013 8:10:30 [3969]

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Notebook com virus, alguns logs para analise.

    Mensagem por Edvan em Ter Abr 23, 2013 1:16 pm

    Malwarebytes Anti-Malware 1.75.0.1300
    [Você precisa estar registrado e conectado para ver este link.]

    Database version: v2013.04.23.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 7.0.5730.13
    Wesclei :: WESCLEI [administrator]

    23/04/2013 08:17:14
    mbam-log-2013-04-23 (08-17-14).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 278000
    Time elapsed: 37 minute(s), 23 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Dados de aplicativos\28D5698DF5DFE3EE000028D540BDE922\28D5698DF5DFE3EE000028D540BDE922.exe.vir (Trojan.Agent.zr0) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{A03A362D-05CF-48CC-9656-6E980D24DBC7}\RP394\A0085249.exe (Trojan.Agent.zr0) -> Quarantined and deleted successfully.

    (end)

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 610
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Notebook com virus, alguns logs para analise.

    Mensagem por joram em Qua Abr 24, 2013 8:52 am

    Bom Dia! Edvan

    [Você precisa estar registrado e conectado para ver este link.]

    |- Execute,novamente,a ferramenta AT-Destroyer e escolha a opção "Buscar y Destruir".
    |- Poste o relatório! ( C:\AT-Destroyer.txt )

    -/-

    |- Baixe: < [Você precisa estar registrado e conectado para ver este link.] > ( ... par g3n-h@ckm@n & Saachaa )

    [Você precisa estar registrado e conectado para ver este link.]

    |- Ou aqui: < [Você precisa estar registrado e conectado para ver este link.] > Mirror!

    |- Ou aqui: < [Você precisa estar registrado e conectado para ver este link.] > Caso ocorra impedimentos por malwares!

    |- Estando na página,clique na seta verde ou Mirror 1.

    |- Salve-o no desktop! < [Você precisa estar registrado e conectado para ver esta imagem.] ( winlogon ) >

    |- Desabilite seu antivírus,antispyware,sandbox e/ou firewall.
    |- Feche programas que estejam abertos e execute a ferramenta!

    |- Duplo-clique em Pre_scan.exe. < [Você precisa estar registrado e conectado para ver esta imagem.] >

    |- Ps: Durante o scan,sua área de trabalho irá desaparecer e janelas pretas irão surgir na tela. Tudo isso é normal e faz parte do funcionamento da ferramenta.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Encontrando infecções,pode ocorrer reinicialização e aparecer essa tela,logo àcima.
    |- Ps: Caso apareça e não mostre nenhuma solicitação,clique em "Kill".
    |- Neste caso,haverá novo scan e,ao final,será disponibilizado o relatório.
    |- Poderá haver reboot(s) e prosseguimento do scan. << Aguarde!
    |- Poste ao concluir,o relatório! ( Pre_Scan.txt ) << Link ao relatório!

    |- Para enviar,acesse!: [Você precisa estar registrado e conectado para ver este link.]

    |- Ou...[Você precisa estar registrado e conectado para ver este link.]

    |- Ou...[Você precisa estar registrado e conectado para ver este link.]

    A+

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Notebook com virus, alguns logs para analise.

    Mensagem por Edvan em Qua Abr 24, 2013 12:13 pm

    Log Pre_Scan.txt [Você precisa estar registrado e conectado para ver este link.]

    ######################## AT-Destroyer [2.1] By Infospyware.
    Hora/Día/Mes/Año: 11:02:18 \\\ 24/04/2013
    AT-Destroyer 2.1 By Infospyware ---> [Você precisa estar registrado e conectado para ver este link.]
    Última actualización: 30/11/2012
    Opción escogida: 2 :Buscar y Destruir
    Versión Internet Explorer:7.0.5730.13
    Mozilla Firefox:12.0.0.4493
    Google Chrome:26.0.1410.64
    Privilegios: Wesclei - Administrador
    Modo Actual: Modo Normal.
    Nombre del pc: WESCLEI
    Información del sistema operativo:X86-WIN_XP-Service Pack 3
    nombre del usuario:Wesclei
    Lenguaje del sistema: Portugués



    >>>>>>> Servicios <<<<<<<



    >>>>>> Carpetas <<<<<<



    >>>>>> Archivos <<<<<<



    >>>>>> Registro <<<<<<



    >>>>>> Heurística <<<<<<



    >>>>>> Internet Explorer <<<<<<

    Start Page==[Você precisa estar registrado e conectado para ver este link.]
    Local Page==%SystemRoot%\system32\blank.htm
    Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
    Default_search_url==http://go.microsoft.com/fwlink/?LinkId=54896
    Default_Page_URL==http://go.microsoft.com/fwlink/?LinkId=69157


    ''HKCU\Software\Microsoft\Internet Explorer\Main''
    Start Page==[Você precisa estar registrado e conectado para ver este link.]
    Local Page==C:\WINDOWS\system32\blank.htm
    Search Page==http://www.google.com
    Default_search_url==
    Default_Page_URL==


    HKEY_USERS\S-1-5-21-2000478354-1532298954-682003330-1003\Software\Microsoft\Internet Explorer\Main''
    Start Page==[Você precisa estar registrado e conectado para ver este link.]
    Local Page==C:\WINDOWS\system32\blank.htm
    Search Page==http://www.google.com
    Default_search_url==
    Default_Page_URL==


    >>>>>> Firefox <<<<<<

    user_pref("browser.startup.homepage", "https://www.google.com.br/");
    user_pref("browser.startup.homepage_override.buildID", "20120420145725");
    user_pref("browser.startup.homepage_override.mstone", "rv:12.0");


    >>>>>> Plugins Firefox <<<<<<

    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@zylom.com/ZylomGamesPlayer

    >>>>>> Google Chrome <<<<<<

    "homepage": "http://www.google.com/",
    "homepage_changed": true,
    "homepage_is_newtabpage": false,


    >>>>>> Extensiones Google Chrome <<<<<<

    C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\4
    C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
    C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
    C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
    C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

    ======== Listado ===========

    C:\Documents and Settings\Wesclei\Dados de aplicativos\AdobeUM [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Alawar [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Auslogics [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Autodesk [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Avira [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Corel [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\desktop.ini [HSA] 1 KB ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\EleFun Games [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\ex3b.jpg [A] 501 KB ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\FileZilla [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Gamelab [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Help [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\HP [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\HPAppData [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\id [A] 1 KB ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Identities [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\InstallShield [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Macromedia [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Malwarebytes [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Microsoft [S] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Mozilla [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\NCH Software [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Nero [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Octoshape [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Real [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\RealNetworks [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Sun [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\SView5 [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\U3 [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\WESCLEI [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Windows Live Writer [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\WinRAR [0] 0 ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\xmaq [A] 1 KB ( )
    C:\Documents and Settings\Wesclei\Dados de aplicativos\Zylom [0] 0 ( )
    C:\Arquivos de programas\Alwil Software [0] 0 ( )
    C:\Arquivos de programas\Arquivos comuns [0] 0 ( )
    C:\Arquivos de programas\Auslogics [0] 0 ( )
    C:\Arquivos de programas\AVAST Software [0] 0 ( )
    C:\Arquivos de programas\AVG [0] 0 ( )
    C:\Arquivos de programas\Avira [0] 0 ( )
    C:\Arquivos de programas\Bing Bar Installer [0] 0 ( )
    C:\Arquivos de programas\CCleaner [0] 0 ( )
    C:\Arquivos de programas\Claro 3G [0] 0 ( )
    C:\Arquivos de programas\CNPJ2003 [0] 0 ( )
    C:\Arquivos de programas\ComPlus Applications [0] 0 ( )
    C:\Arquivos de programas\Corel [0] 0 ( )
    C:\Arquivos de programas\DsNET Corp [0] 0 ( )
    C:\Arquivos de programas\Google [0] 0 ( )
    C:\Arquivos de programas\HotKey_Driver [0] 0 ( )
    C:\Arquivos de programas\HP [0] 0 ( )
    C:\Arquivos de programas\InstallAffixationInfo [0] 0 ( )
    C:\Arquivos de programas\InstallShield Installation Information [H] 0( 0)
    C:\Arquivos de programas\Internet Explorer [0] 0 ( )
    C:\Arquivos de programas\Java [0] 0 ( )
    C:\Arquivos de programas\Loonies [0] 0 ( )
    C:\Arquivos de programas\Malwarebytes' Anti-Malware [0] 0 ( )
    C:\Arquivos de programas\Marcos Velasco Security [0] 0 ( )
    C:\Arquivos de programas\Messenger [0] 0 ( )
    C:\Arquivos de programas\Microsoft [0] 0 ( )
    C:\Arquivos de programas\microsoft frontpage [0] 0 ( )
    C:\Arquivos de programas\Microsoft Office [0] 0 ( )
    C:\Arquivos de programas\Microsoft Office Outlook Connector [0] 0 ( )
    C:\Arquivos de programas\Microsoft Silverlight [0] 0 ( )
    C:\Arquivos de programas\Microsoft SQL Server Compact Edition [0] 0 ( )
    C:\Arquivos de programas\Microsoft Sync Framework [0] 0 ( )
    C:\Arquivos de programas\Microsoft Visual Studio [0] 0 ( )
    C:\Arquivos de programas\Microsoft Works [0] 0 ( )
    C:\Arquivos de programas\Microsoft.NET [0] 0 ( )
    C:\Arquivos de programas\Motorola [0] 0 ( )
    C:\Arquivos de programas\Movie Maker [0] 0 ( )
    C:\Arquivos de programas\Mozilla Firefox [0] 0 ( )
    C:\Arquivos de programas\Mozilla Maintenance Service [0] 0 ( )
    C:\Arquivos de programas\MSECache [0] 0 ( )
    C:\Arquivos de programas\MSN Gaming Zone [0] 0 ( )
    C:\Arquivos de programas\MSXML 4.0 [0] 0 ( )
    C:\Arquivos de programas\MyPlayCity.com [0] 0 ( )
    C:\Arquivos de programas\NCH Software [0] 0 ( )
    C:\Arquivos de programas\Nero [0] 0 ( )
    C:\Arquivos de programas\NetMeeting [0] 0 ( )
    C:\Arquivos de programas\Outlook Express [0] 0 ( )
    C:\Arquivos de programas\Photo! [0] 0 ( )
    C:\Arquivos de programas\Positivo [0] 0 ( )
    C:\Arquivos de programas\Programas RFB [0] 0 ( )
    C:\Arquivos de programas\Real [0] 0 ( )
    C:\Arquivos de programas\Realtek [0] 0 ( )
    C:\Arquivos de programas\REALTEK RTL8187B Wireless LAN Driver [0] 0 ( )
    C:\Arquivos de programas\REAP [0] 0 ( )
    C:\Arquivos de programas\Serviços on-line [0] 0 ( )
    C:\Arquivos de programas\SiS VGA Utilities V3.83 [0] 0 ( )
    C:\Arquivos de programas\sisagp [0] 0 ( )
    C:\Arquivos de programas\Sistema Simplificado de Caixa [0] 0 ( )
    C:\Arquivos de programas\TeamViewer [0] 0 ( )
    C:\Arquivos de programas\Uninstall Information [H] 0( 0)
    C:\Arquivos de programas\Windows Live [0] 0 ( )
    C:\Arquivos de programas\Windows Live SkyDrive [0] 0 ( )
    C:\Arquivos de programas\Windows Media Connect 2 [0] 0 ( )
    C:\Arquivos de programas\Windows Media Player [0] 0 ( )
    C:\Arquivos de programas\Windows NT [0] 0 ( )
    C:\Arquivos de programas\WindowsUpdate [H] 0( 0)
    C:\Arquivos de programas\WinRAR [0] 0 ( )
    C:\Arquivos de programas\xerox [0] 0 ( )
    C:\Arquivos de programas\XP Codec Pack [0] 0 ( )
    C:\Arquivos de programas\ZHPDiag [0] 0 ( )
    C:\Arquivos de programas\Zylom Games [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Autodesk [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\AVAST Software [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Avira [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\BigFishGamesCache [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\DatacardService [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini [HSA] 1 KB 0
    C:\Documents and Settings\All Users\Dados de aplicativos\Fashion Solitaire 1.2 [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\gas [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Hewlett-Packard [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\HP [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\HP Product Assistant [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\HPSSUPPLY [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\hpzinstall.log [AC] 6 KB 0
    C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\McAfee [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft [S] 0 0
    C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Mozilla [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\NCH Software [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Nero [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\PSafe [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Real [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\WEBREG [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Windows Genuine Advantage [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller [0] 0 ( )
    C:\Documents and Settings\All Users\Dados de aplicativos\Zylom [0] 0 ( )

    ==================== EOF ==================

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 610
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Notebook com virus, alguns logs para analise.

    Mensagem por joram em Qui Abr 25, 2013 6:33 am

    Bom Dia! Edvan

    [Você precisa estar registrado e conectado para ver este link.]

    |- Abra,novamente,a ferramenta AT-Destroyer e clique "Desinstalar".

    -/-

    |- Baixe: |[Você precisa estar registrado e conectado para ver este link.]| ( ... de Xplode )

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Estando na página,clique na seta verde para o download.
    |- Salve-a em um local conveniente! ( desktop! )
    |- Feche aplicativos que estejam abertos.

    [Você precisa estar registrado e conectado para ver este link.]

    |- Execute-a!
    |- Com as duas checkbox marcadas!
    |- Clique "Run".
    |- Tudo Ok?

    Abs!

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Notebook com virus, alguns logs para analise.

    Mensagem por Edvan em Qui Abr 25, 2013 8:20 am

    pronto amigo, tudo ok.. Very Happy

    # DelFix v10.2 - Logfile created 25/04/2013 at 09:18:43
    # Updated 02/04/2013 by Xplode
    # Username : Wesclei - WESCLEI

    ~ Removing disinfection tools ...

    Deleted : C:\Qoobox
    Deleted : C:\JRT
    Deleted : C:\pre_scan
    Deleted : C:\ZHP
    Deleted : C:\Arquivos de programas\ZHPDiag
    Deleted : C:\AdwCleaner[S1].txt
    Deleted : C:\ComboFix.txt
    Deleted : C:\PhysicalDisk0_MBR.bin
    Deleted : C:\Pre_Scan_24_04_2013_11_52_09.txt
    Deleted : C:\Documents and Settings\Wesclei\Desktop\Pre_Scan.exe
    Deleted : C:\Documents and Settings\Wesclei\Desktop\ZHPDiag2.exe
    Deleted : C:\Documents and Settings\Wesclei\Desktop\ZHPFixReport.txt
    Deleted : C:\Documents and Settings\All Users\Desktop\MBRCheck.lnk
    Deleted : C:\Documents and Settings\All Users\Desktop\ZHPDiag.lnk
    Deleted : C:\Documents and Settings\All Users\Desktop\ZHPFix.lnk
    Deleted : C:\WINDOWS\grep.exe
    Deleted : C:\WINDOWS\PEV.exe
    Deleted : C:\WINDOWS\NIRCMD.exe
    Deleted : C:\WINDOWS\MBR.exe
    Deleted : C:\WINDOWS\SED.exe
    Deleted : C:\WINDOWS\SWREG.exe
    Deleted : C:\WINDOWS\SWSC.exe
    Deleted : C:\WINDOWS\SWXCACLS.exe
    Deleted : C:\WINDOWS\Zip.exe
    Deleted : HKCU\Software\g3n-h@ckm@n
    Deleted : HKLM\SOFTWARE\AdwCleaner
    Deleted : HKLM\SOFTWARE\g3n-h@ckm@n
    Deleted : HKLM\SOFTWARE\Swearware
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

    ~ Cleaning system restore ...

    Deleted : RP #356 [Ponto de verificação do sistema | 01/26/2013 16:59:57]
    Deleted : RP #357 [Ponto de verificação do sistema | 01/27/2013 17:35:19]
    Deleted : RP #358 [Ponto de verificação do sistema | 02/10/2013 03:33:50]
    Deleted : RP #359 [Ponto de verificação do sistema | 02/12/2013 21:06:17]
    Deleted : RP #360 [Ponto de verificação do sistema | 02/14/2013 22:31:02]
    Deleted : RP #361 [Ponto de verificação do sistema | 02/17/2013 18:08:22]
    Deleted : RP #362 [Ponto de verificação do sistema | 02/19/2013 03:28:08]
    Deleted : RP #363 [Ponto de verificação do sistema | 02/21/2013 13:51:31]
    Deleted : RP #364 [Ponto de verificação do sistema | 02/22/2013 22:59:11]
    Deleted : RP #365 [Installed Windows XP -- Software Updates KB952011. | 02/27/2013 22:58:59]
    Deleted : RP #366 [Ponto de verificação do sistema | 03/03/2013 18:26:06]
    Deleted : RP #367 [Ponto de verificação do sistema | 03/05/2013 03:31:20]
    Deleted : RP #368 [Ponto de verificação do sistema | 03/06/2013 16:27:20]
    Deleted : RP #369 [Ponto de verificação do sistema | 03/07/2013 17:12:30]
    Deleted : RP #370 [Ponto de verificação do sistema | 03/09/2013 02:44:26]
    Deleted : RP #371 [Ponto de verificação do sistema | 03/11/2013 21:54:02]
    Deleted : RP #372 [Ponto de verificação do sistema | 03/12/2013 22:33:35]
    Deleted : RP #373 [Ponto de verificação do sistema | 03/14/2013 16:37:29]
    Deleted : RP #374 [Ponto de verificação do sistema | 03/15/2013 23:36:04]
    Deleted : RP #375 [Ponto de verificação do sistema | 03/17/2013 13:46:03]
    Deleted : RP #376 [Ponto de verificação do sistema | 03/18/2013 16:37:05]
    Deleted : RP #377 [Ponto de verificação do sistema | 03/20/2013 02:12:08]
    Deleted : RP #378 [Ponto de verificação do sistema | 03/21/2013 16:41:46]
    Deleted : RP #379 [Ponto de verificação do sistema | 03/22/2013 16:43:21]
    Deleted : RP #380 [Ponto de verificação do sistema | 03/23/2013 16:53:11]
    Deleted : RP #381 [Ponto de verificação do sistema | 03/27/2013 01:57:44]
    Deleted : RP #382 [Ponto de verificação do sistema | 03/28/2013 16:17:12]
    Deleted : RP #383 [Ponto de verificação do sistema | 03/30/2013 03:12:12]
    Deleted : RP #384 [Ponto de verificação do sistema | 03/31/2013 12:30:52]
    Deleted : RP #385 [Ponto de verificação do sistema | 04/02/2013 22:33:44]
    Deleted : RP #386 [Ponto de verificação do sistema | 04/06/2013 13:01:15]
    Deleted : RP #387 [Ponto de verificação do sistema | 04/07/2013 19:06:12]
    Deleted : RP #388 [Ponto de verificação do sistema | 04/09/2013 22:59:08]
    Deleted : RP #389 [Ponto de verificação do sistema | 04/10/2013 23:02:07]
    Deleted : RP #390 [Ponto de verificação do sistema | 04/12/2013 03:38:04]
    Deleted : RP #391 [Ponto de verificação do sistema | 04/13/2013 18:35:13]
    Deleted : RP #392 [Ponto de verificação do sistema | 04/16/2013 00:06:37]
    Deleted : RP #393 [Ponto de verificação do sistema | 04/20/2013 15:49:54]
    Deleted : RP #394 [Ponto de verificação do sistema | 04/21/2013 16:00:14]
    Deleted : RP #395 [Ponto de verificação do sistema | 04/22/2013 20:29:56]
    Deleted : RP #396 [P | 04/23/2013 11:10:29]
    Deleted : RP #397 [Ponto de verificação do sistema | 04/24/2013 11:47:10]

    New restore point created !

    ########## - EOF - ##########

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 610
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Notebook com virus, alguns logs para analise.

    Mensagem por joram em Qui Abr 25, 2013 9:07 pm

    CASO RESOLVIDO!

    Necessitando novo auxílio para este computador,basta abrir "Novo Tópico" e relatar o problema.

    Conteúdo patrocinado

    Re: Notebook com virus, alguns logs para analise.

    Mensagem por Conteúdo patrocinado Hoje à(s) 6:40 pm


      Data/hora atual: Sab Jan 21, 2017 6:40 pm