Fórum SecSecurity

Implementando Limpeza e Seguranca em seu computador!

Palavras chave

Últimos assuntos

» 9-Lab Malware Removal Tool ( ... by 9-lab.com )
Sab Dez 31, 2016 4:24 am por joram

» SFCFix ( ... de niemiro )
Sab Dez 24, 2016 9:29 am por joram

» ResetBrowser ( ... de Nicolas Coolman )
Ter Maio 31, 2016 5:58 am por joram

» herdProtectScan ( ... by herdprotect.com )
Seg Mar 07, 2016 10:58 pm por joram

» Emsisoft Emergency Kit ( ... by Emsisoft.com )
Dom Fev 28, 2016 5:40 am por joram

» Dr.WEB Link Checker ( ... by Doctor Web.Ltd )
Qui Fev 11, 2016 9:51 am por joram

» Computador com erros no navegador
Sab Ago 29, 2015 8:04 pm por joram

» Justiça determina que PSafe retire alertas desleais
Qua Ago 19, 2015 6:58 am por joram

» Google vai fazer buscas offline internas no desktop do seu PC
Ter Ago 18, 2015 8:19 am por joram

Janeiro 2017

SegTerQuaQuiSexSabDom
      1
2345678
9101112131415
16171819202122
23242526272829
3031     

Calendário Calendário

Parceiros

Fórum grátis

Os membros mais marcados


    Propaganda aleatoria ao acessa qualquer navegador, log para analise.

    Compartilhe

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Propaganda aleatoria ao acessa qualquer navegador, log para analise.

    Mensagem por Edvan em Sab Jun 08, 2013 9:02 pm

    # AdwCleaner v2.303 - Logfile created 06/08/2013 at 21:37:12
    # Updated 08/06/2013 by Xplode
    # Operating system : Windows 7 Ultimate (64 bits)
    # User : Edvan - EDVAN-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Edvan\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\END
    Folder Deleted : C:\Program Files (x86)\CouponDropDown Plugin
    Folder Deleted : C:\Program Files (x86)\DeviceVM
    Folder Deleted : C:\ProgramData\DeviceVM
    Folder Deleted : C:\Users\Edvan\AppData\Local\CouponDropDown Plugin
    Folder Deleted : C:\Users\Edvan\AppData\Local\Google\Chrome\User Data\Default\Extensions\phogapapkjenakenccmiinkeonkiidle
    Folder Deleted : C:\Users\Edvan\AppData\Roaming\DeviceVM
    Folder Deleted : C:\Users\Edvan\AppData\Roaming\pdfforge

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\AppDataLow\Software\CouponDropDown Plugin
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211771193}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211771193}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0027793.BHO
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0027793.BHO.1
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0027793.Sandbox
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0027793.Sandbox.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440244774493}
    Key Deleted : HKLM\Software\CouponDropDown Plugin
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211771193}
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\V9Software
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211771193}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220222772293}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550255775593}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660266776693}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211771193}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211771193}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211771193}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CouponDropDown Plugin
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255775593}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266776693}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
    Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16448

    [OK] Registry is clean.

    -\\ Google Chrome v27.0.1453.110

    File : C:\Users\Edvan\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [4404 octets] - [08/06/2013 21:37:12]

    ########## EOF - C:\AdwCleaner[S1].txt - [4464 octets] ##########



    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Windows 7 Ultimate x64
    Ran by Edvan on 08/06/2013 at 21:41:27,81
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{ED144D9C-3E73-49F0-8F6F-C5246C357E51}



    ~~~ Files



    ~~~ Folders



    ~~~ Chrome

    Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 08/06/2013 at 21:45:24,28
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~









    ComboFix 13-06-08.02 - Edvan 08/06/2013 21:51:54.1.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.2070.18.4008.2558 [GMT -3:00]
    Executando de: c:\users\Edvan\Desktop\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Criado um novo ponto de restauração
    .
    .
    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\ntuser.dat
    c:\windows\SysWow64\pt
    c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll
    c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll
    .
    .
    (((((((((((((((( Arquivos/Ficheiros criados de 2013-05-09 to 2013-06-09 ))))))))))))))))))))))))))))
    .
    .
    2013-06-09 00:56 . 2013-06-09 00:56 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-06-09 00:41 . 2013-06-09 00:41 -------- d-----w- c:\windows\ERUNT
    2013-06-09 00:41 . 2013-06-09 00:41 -------- d-----w- C:\JRT
    2013-06-08 20:59 . 2013-06-08 20:59 -------- d-----w- c:\users\Edvan\AppData\Local\Updater27793
    2013-06-01 13:27 . 2013-06-01 13:27 -------- d-----w- c:\program files\webrec
    2013-05-27 20:31 . 2013-05-28 15:40 -------- d-----w- C:\Pictures
    2013-05-27 17:44 . 2002-08-02 15:00 147512 ----a-w- c:\windows\SysWow64\temp.004
    2013-05-27 17:44 . 2013-05-27 17:44 -------- d-----w- c:\program files (x86)\Client
    2013-05-27 17:44 . 2007-05-16 11:41 49152 ----a-w- c:\windows\SysWow64\inetocx.ocx
    2013-05-27 17:44 . 2007-05-14 15:47 28672 ----a-w- c:\windows\SysWow64\UdpSock.dll
    2013-05-27 17:44 . 2007-05-11 01:00 290816 ----a-w- c:\windows\SysWow64\DVRClient.ocx
    2013-05-27 17:44 . 2007-05-09 13:10 24576 ----a-w- c:\windows\SysWow64\temp.003
    2013-05-27 17:44 . 2007-03-19 13:01 49152 ----a-w- c:\windows\SysWow64\Mp4Decoder.dll
    2013-05-27 17:44 . 2006-02-25 17:14 77824 ----a-w- c:\windows\SysWow64\xvid.ax
    2013-05-27 17:44 . 2005-07-09 23:58 61440 ----a-w- c:\windows\SysWow64\TalkDll.dll
    2013-05-27 17:44 . 2003-03-16 00:24 565248 ----a-w- c:\windows\SysWow64\svmp4.dll
    2013-05-27 17:44 . 2000-12-07 00:18 28672 ----a-w- c:\windows\SysWow64\DrawDll.dll
    2013-05-15 21:54 . 2013-06-08 21:26 -------- d-----w- C:\FFOutput
    2013-05-14 15:36 . 2013-05-14 15:36 -------- d-----w- c:\program files (x86)\Common Files\Java
    2013-05-14 15:36 . 2013-04-04 08:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-05-10 22:21 . 2013-05-10 22:21 -------- d-----w- c:\windows\SysWow64\webclient
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-05-14 22:52 . 2012-08-24 14:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-05-14 22:52 . 2012-08-24 14:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-05-09 08:59 . 2013-03-01 21:42 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-05-09 08:59 . 2013-03-01 21:42 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-05-09 08:59 . 2012-08-16 22:52 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-05-09 08:59 . 2012-08-16 22:52 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2013-05-09 08:59 . 2012-08-16 22:52 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-05-09 08:59 . 2012-08-16 22:52 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-05-09 08:59 . 2012-08-16 22:52 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-05-09 08:59 . 2012-08-16 22:52 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-05-09 08:58 . 2012-08-16 22:52 41664 ----a-w- c:\windows\avastSS.scr
    2013-05-09 08:58 . 2012-08-16 22:52 287840 ----a-w- c:\windows\system32\aswBoot.exe
    2013-04-09 18:13 . 2013-04-21 20:10 110264 ----a-w- c:\windows\system32\pdfcmon.dll
    2013-03-27 19:34 . 2013-03-27 19:33 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    .
    .
    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas.
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-24 39408]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    S0 aswRvrt;aswRvrt; [x]
    S0 aswVmm;aswVmm; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
    S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
    S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
    S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
    S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
    S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
    .
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 22:52]
    .
    2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-16 22:52]
    .
    2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-16 22:52]
    .
    2013-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4069876537-3619617356-1919562461-1000Core.job
    - c:\users\Edvan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24 14:44]
    .
    2013-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4069876537-3619617356-1919562461-1000UA.job
    - c:\users\Edvan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24 14:44]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 168216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 416024]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    .
    ------- Scan Suplementar -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = [Você precisa estar registrado e conectado para ver este link.]
    mDefault_Page_URL = about:blank
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = 192.168.1.117:3128
    IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 187.123.79.52 187.123.79.56 192.168.1.1
    DPF: {021AFC0F-30F4-474D-9903-CE42D9539B17} - [Você precisa estar registrado e conectado para ver este link.]
    DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - [Você precisa estar registrado e conectado para ver este link.]
    DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} - [Você precisa estar registrado e conectado para ver este link.]
    DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - [Você precisa estar registrado e conectado para ver este link.]
    .
    - - - - ORFÃOS REMOVIDOS - - - -
    .
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    AddRemove-WebClient - c:\windows\system32\WebClient\uninstall.cmd
    .
    .
    .
    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4069876537-3619617356-1919562461-1000\Software\Adobe\CommonFiles\Usage\CS5]
    @DACL=(02 0000)
    "Date"="2012-11-02T00:15Z"
    .
    [HKEY_USERS\S-1-5-21-4069876537-3619617356-1919562461-1000\Software\Adobe\CommonFiles\Usage\Demographic]
    @DACL=(02 0000)
    "JobFunction"="NOVALUE"
    "Industry"="NOVALUE"
    "CompanySize"="NOVALUE"
    .
    [HKEY_USERS\S-1-5-21-4069876537-3619617356-1919562461-1000\Software\Adobe\CommonFiles\Usage\Reader 9]
    @DACL=(02 0000)
    "throttle"=dword:00000003
    "Date"="2012-09-29T23:12Z"
    "OptIn"=dword:00000000
    .
    [HKEY_USERS\S-1-5-21-4069876537-3619617356-1919562461-1000\Software\Gabest\Media Player Classic\Settings\PnSPresets]
    @DACL=(02 0000)
    "Preset0"="Scale to 16:9 TV,0.500,0.500,1.000,1.333"
    "Preset1"="Zoom To Widescreen,0.500,0.500,1.333,1.333"
    "Preset2"="Zoom To Ultra-Widescreen,0.500,0.500,1.763,1.763"
    .
    [HKEY_USERS\S-1-5-21-4069876537-3619617356-1919562461-1000\Software\Microsoft\Installer\Products\6DED2C82B5237CC489A371778C7FBFBA\SourceList\Media]
    @DACL=(02 0000)
    "1"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\79EB7C9295ED2A736A78A2DD351249A8\SourceList\Media]
    @DACL=(02 0000)
    "100"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\F307481C0422F334BAB073BCA72235B0\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="Microsoft's Silverlight Installation [1]"
    "100"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\1007C6B46D7C017319E3B52CF3EC196E\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="[1]"
    "1"=";1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\135DCCF583B149A429C421F727F20207\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="[1]"
    "1"=";"
    "2"=";"
    "3"=";"
    "4"=";"
    "5"=";"
    "6"=";"
    "7"=";"
    "8"=";"
    "9"=";"
    "10"=";"
    "11"=";"
    "12"=";"
    "13"=";"
    "14"=";"
    "15"=";"
    "16"=";"
    "17"=";"
    "18"=";"
    "19"=";"
    "20"=";"
    "21"=";"
    "22"=";"
    "23"=";"
    "24"=";"
    "25"=";"
    "26"=";"
    "27"=";"
    "28"=";"
    "29"=";"
    "30"=";"
    "31"=";"
    "32"=";"
    "33"=";"
    "34"=";"
    "35"=";"
    "36"=";"
    "37"=";"
    "38"=";"
    "39"=";"
    "40"=";"
    "41"=";"
    "42"=";"
    "43"=";"
    "44"=";"
    "45"=";"
    "46"=";"
    "47"=";"
    "48"=";"
    "49"=";"
    "50"=";"
    "51"=";"
    "52"=";"
    "53"=";"
    "54"=";"
    "55"=";"
    "56"=";"
    "57"=";"
    "58"=";"
    "59"=";"
    "60"=";"
    "61"=";"
    "62"=";"
    "63"=";"
    "64"=";"
    "65"=";"
    "66"=";"
    "67"=";"
    "68"=";"
    "69"=";"
    "70"=";"
    "71"=";"
    "72"=";"
    "73"=";"
    "74"=";"
    "75"=";"
    "76"=";"
    "77"=";"
    "78"=";"
    "79"=";"
    "80"=";"
    "81"=";"
    "82"=";"
    "83"=";"
    "84"=";"
    "85"=";"
    "86"=";"
    "87"=";"
    "88"=";"
    "89"=";"
    "90"=";"
    "91"=";"
    "92"=";"
    "93"=";"
    "94"=";"
    "95"=";"
    "96"=";"
    "97"=";"
    "98"=";"
    "99"=";"
    "100"=";"
    "101"=";"
    "102"=";"
    "103"=";"
    "104"=";"
    "105"=";"
    "106"=";"
    "107"=";"
    "108"=";"
    "109"=";"
    "110"=";"
    "111"=";"
    "112"=";"
    "113"=";"
    "114"=";"
    "115"=";"
    "116"=";"
    "117"=";"
    "118"=";"
    "119"=";"
    "120"=";"
    "121"=";"
    "122"=";"
    "123"=";"
    "124"=";"
    "125"=";"
    "126"=";"
    "127"=";"
    "128"=";"
    "129"=";"
    "130"=";"
    "131"=";"
    "132"=";"
    "133"=";"
    "134"=";"
    "135"=";"
    "136"=";"
    "137"=";"
    "138"=";"
    "139"=";"
    "140"=";"
    "141"=";"
    "142"=";"
    "143"=";"
    "144"=";"
    "145"=";"
    "146"=";"
    "147"=";"
    "148"=";"
    "149"=";"
    "150"=";"
    "151"=";"
    "152"=";"
    "153"=";"
    "154"=";"
    "155"=";"
    "156"=";"
    "157"=";"
    "158"=";"
    "159"=";"
    "160"=";"
    "161"=";"
    "162"=";"
    "163"=";"
    "164"=";"
    "165"=";"
    "166"=";"
    "167"=";"
    "168"=";"
    "169"=";"
    "170"=";"
    "171"=";"
    "172"=";"
    "173"=";"
    "174"=";"
    "175"=";"
    "176"=";"
    "177"=";"
    "178"=";"
    "179"=";"
    "180"=";"
    "181"=";"
    "182"=";"
    "183"=";"
    "184"=";"
    "185"=";"
    "186"=";"
    "187"=";"
    "188"=";"
    "189"=";"
    "190"=";"
    "191"=";"
    "192"=";"
    "193"=";"
    "194"=";"
    "195"=";"
    "196"=";"
    "197"=";"
    "198"=";"
    "199"=";"
    "200"=";"
    "201"=";"
    "202"=";"
    "203"=";"
    "204"=";"
    "205"=";"
    "206"=";"
    "207"=";"
    "208"=";"
    "209"=";"
    "210"=";"
    "211"=";"
    "212"=";"
    "213"=";"
    "214"=";"
    "215"=";"
    "216"=";"
    "217"=";"
    "218"=";"
    "219"=";"
    "220"=";"
    "221"=";"
    "222"=";"
    "223"=";"
    "224"=";"
    "225"=";"
    "226"=";"
    "227"=";"
    "228"=";"
    "229"=";"
    "230"=";"
    "231"=";"
    "232"=";"
    "233"=";"
    "234"=";"
    "235"=";"
    "236"=";"
    "237"=";"
    "238"=";"
    "239"=";"
    "240"=";"
    "241"=";"
    "242"=";"
    "243"=";"
    "244"=";"
    "245"=";"
    "246"=";"
    "247"=";"
    "248"=";"
    "249"=";"
    "250"=";"
    "251"=";"
    "252"=";"
    "253"=";"
    "254"=";"
    "255"=";"
    "256"=";"
    "257"=";"
    "258"=";"
    "259"=";"
    "260"=";"
    "261"=";"
    "262"=";"
    "263"=";"
    "264"=";"
    "265"=";"
    "266"=";"
    "267"=";"
    "268"=";"
    "269"=";"
    "270"=";"
    "271"=";"
    "272"=";"
    "273"=";"
    "274"=";"
    "275"=";"
    "276"=";"
    "277"=";"
    "278"=";"
    "279"=";"
    "280"=";"
    "281"=";"
    "282"=";"
    "283"=";"
    "284"=";"
    "285"=";"
    "286"=";"
    "287"=";"
    "288"=";"
    "289"=";"
    "290"=";"
    "291"=";"
    "292"=";"
    "293"=";"
    "294"=";"
    "295"=";"
    "296"=";"
    "297"=";"
    "298"=";"
    "299"=";"
    "300"=";"
    "301"=";"
    "302"=";"
    "303"=";"
    "304"=";"
    "305"=";"
    "306"=";"
    "307"=";"
    "308"=";"
    "309"=";"
    "310"=";"
    "311"=";"
    "312"=";"
    "313"=";"
    "314"=";"
    "315"=";"
    "316"=";"
    "317"=";"
    "318"=";"
    "319"=";"
    "320"=";"
    "321"=";"
    "322"=";"
    "323"=";"
    "324"=";"
    "325"=";"
    "326"=";"
    "327"=";"
    "328"=";"
    "329"=";"
    "330"=";"
    "331"=";"
    "332"=";"
    "333"=";"
    "334"=";"
    "335"=";"
    "336"=";"
    "337"=";"
    "338"=";"
    "339"=";"
    "340"=";"
    "341"=";"
    "342"=";"
    "343"=";"
    "344"=";"
    "345"=";"
    "346"=";"
    "347"=";"
    "348"=";"
    "349"=";"
    "350"=";"
    "351"=";"
    "352"=";"
    "353"=";"
    "354"=";"
    "355"=";"
    "356"=";"
    "357"=";"
    "358"=";"
    "359"=";"
    "360"=";"
    "361"=";"
    "362"=";"
    "363"=";"
    "364"=";"
    "365"=";"
    "366"=";"
    "367"=";"
    "368"=";"
    "369"=";"
    "370"=";"
    "371"=";"
    "372"=";"
    "373"=";"
    "374"=";"
    "375"=";"
    "376"=";"
    "377"=";"
    "378"=";"
    "379"=";"
    "380"=";"
    "381"=";"
    "382"=";"
    "383"=";"
    "384"=";"
    "385"=";"
    "386"=";"
    "387"=";"
    "388"=";"
    "389"=";"
    "390"=";"
    "391"=";"
    "392"=";"
    "393"=";"
    "394"=";"
    "395"=";"
    "396"=";"
    "397"=";"
    "398"=";"
    "399"=";"
    "400"=";"
    "401"=";"
    "402"=";"
    "403"=";"
    "404"=";"
    "405"=";"
    "406"=";"
    "407"=";"
    "408"=";"
    "409"=";"
    "410"=";"
    "411"=";"
    "412"=";"
    "413"=";"
    "414"=";"
    "415"=";"
    "416"=";"
    "417"=";"
    "418"=";"
    "419"=";"
    "420"=";"
    "421"=";"
    "422"=";"
    "423"=";"
    "424"=";"
    "425"=";"
    "426"=";"
    "427"=";"
    "428"=";"
    "429"=";"
    "430"=";"
    "431"=";"
    "432"=";"
    "433"=";"
    "434"=";"
    "435"=";"
    "436"=";"
    "437"=";"
    "438"=";"
    "439"=";"
    "440"=";"
    "441"=";"
    "442"=";"
    "443"=";"
    "444"=";"
    "445"=";"
    "446"=";"
    "447"=";"
    "448"=";"
    "449"=";"
    "450"=";"
    "451"=";"
    "452"=";"
    "453"=";"
    "454"=";"
    "455"=";"
    "456"=";"
    "457"=";"
    "458"=";"
    "459"=";"
    "460"=";"
    "461"=";"
    "462"=";"
    "463"=";"
    "464"=";"
    "465"=";"
    "466"=";"
    "467"=";"
    "468"=";"
    "469"=";"
    "470"=";"
    "471"=";"
    "472"=";"
    "473"=";"
    "474"=";"
    "475"=";"
    "476"=";"
    "477"=";"
    "478"=";"
    "479"=";"
    "480"=";"
    "481"=";"
    "482"=";"
    "483"=";"
    "484"=";"
    "485"=";"
    "486"=";"
    "487"=";"
    "488"=";"
    "489"=";"
    "490"=";"
    "491"=";"
    "492"=";"
    "493"=";"
    "494"=";"
    "495"=";"
    "496"=";"
    "497"=";"
    "498"=";"
    "499"=";"
    "500"=";"
    "501"=";"
    "502"=";"
    "503"=";"
    "504"=";"
    "505"=";"
    "506"=";"
    "507"=";"
    "508"=";"
    "509"=";"
    "510"=";"
    "511"=";"
    "512"=";"
    "513"=";"
    "514"=";"
    "515"=";"
    "516"=";"
    "517"=";"
    "518"=";"
    "519"=";"
    "520"=";"
    "521"=";"
    "522"=";"
    "523"=";"
    "524"=";"
    "525"=";"
    "526"=";"
    "527"=";"
    "528"=";"
    "529"=";"
    "530"=";"
    "531"=";"
    "532"=";"
    "533"=";"
    "534"=";"
    "535"=";"
    "536"=";"
    "537"=";"
    "538"=";"
    "539"=";"
    "540"=";"
    "541"=";"
    "542"=";"
    "543"=";"
    "544"=";"
    "545"=";"
    "546"=";"
    "547"=";"
    "548"=";"
    "549"=";"
    "550"=";"
    "551"=";"
    "552"=";"
    "553"=";"
    "554"=";"
    "555"=";"
    "556"=";"
    "557"=";"
    "558"=";"
    "559"=";"
    "560"=";"
    "561"=";"
    "562"=";"
    "563"=";"
    "564"=";"
    "565"=";"
    "566"=";"
    "567"=";"
    "568"=";"
    "569"=";"
    "570"=";"
    "571"=";"
    "572"=";"
    "573"=";"
    "574"=";"
    "575"=";"
    "576"=";"
    "577"=";"
    "578"=";"
    "579"=";"
    "580"=";"
    "581"=";"
    "582"=";"
    "583"=";"
    "584"=";"
    "585"=";"
    "586"=";"
    "587"=";"
    "588"=";"
    "589"=";"
    "590"=";"
    "591"=";"
    "592"=";"
    "593"=";"
    "594"=";"
    "595"=";"
    "596"=";"
    "597"=";"
    "598"=";"
    "599"=";"
    "600"=";"
    "601"=";"
    "602"=";"
    "603"=";"
    "604"=";"
    "605"=";"
    "606"=";"
    "607"=";"
    "608"=";"
    "609"=";"
    "610"=";"
    "611"=";"
    "612"=";"
    "613"=";"
    "614"=";"
    "615"=";"
    "616"=";"
    "617"=";"
    "618"=";"
    "619"=";"
    "620"=";"
    "621"=";"
    "622"=";"
    "623"=";"
    "624"=";"
    "625"=";"
    "626"=";"
    "627"=";"
    "628"=";"
    "629"=";"
    "630"=";"
    "631"=";"
    "632"=";"
    "633"=";"
    "634"=";"
    "635"=";"
    "636"=";"
    "637"=";"
    "638"=";"
    "639"=";"
    "640"=";"
    "641"=";"
    "642"=";"
    "643"=";"
    "644"=";"
    "645"=";"
    "646"=";"
    "647"=";"
    "648"=";"
    "649"=";"
    "650"=";"
    "651"=";"
    "652"=";"
    "653"=";"
    "654"=";"
    "655"=";"
    "656"=";"
    "657"=";"
    "658"=";"
    "659"=";"
    "660"=";"
    "661"=";"
    "662"=";"
    "663"=";"
    "664"=";"
    "665"=";"
    "666"=";"
    "667"=";"
    "668"=";"
    "669"=";"
    "670"=";"
    "671"=";"
    "672"=";"
    "673"=";"
    "674"=";"
    "675"=";"
    "676"=";"
    "677"=";"
    "678"=";"
    "679"=";"
    "680"=";"
    "681"=";"
    "682"=";"
    "683"=";"
    "684"=";"
    "685"=";"
    "686"=";"
    "687"=";"
    "688"=";"
    "689"=";"
    "690"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\1926E8D15D0BCE53481466615F760A7F\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="[1]"
    "1"=";1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\1af2a8da7e60d0b429d7e6453b3d0182\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="[1]"
    "1"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "2"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "3"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "4"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "5"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "6"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "7"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "8"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "9"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "10"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "11"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="[1]"
    "1"=";1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="[1]"
    "1"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "2"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "3"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "4"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "5"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "6"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "7"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "8"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "9"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "10"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "11"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\4E6E1C288176DFE4D9CC2E676D09FE64\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="Plug-in Autodesk Inventor Fusion for AutoCAD 2013 [1]"
    "1"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\5784F2EFC590C724A979F4D80EA5FC22\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="Plug-in Autodesk Inventor Fusion for AutoCAD 2013 [1]"
    "1"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\6E8A266FCD4F2A1409E1C8110F44DBCE\SourceList\Media]
    @DACL=(02 0000)
    "1"=";"
    "2"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\7D2F3875100B0000102000060BECB6AB\SourceList\Media]
    @DACL=(02 0000)
    "MediaPackage"="\\x64\\acad"
    "DiskPrompt"="AutoCAD 2013 - Brasil: [1]"
    "1"="acad2013;"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\7D2F3875100B6140112000060BECB6AB\SourceList\Media]
    @DACL=(02 0000)
    "MediaPackage"="\\x64\\acad\\pt-BR"
    "DiskPrompt"="AutoCAD 2013 - Brasil: [1]"
    "1"="acad2013;"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\7D2F3875100B6140122000060BECB6AB\SourceList\Media]
    @DACL=(02 0000)
    "MediaPackage"="\\x64\\acad\\[LANG2LONG]"
    "DiskPrompt"="AutoCAD 2013 - Brasil: [1]"
    "1"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\9500CD411F0026F4DBA1BA32DC159AE5\SourceList\Media]
    @DACL=(02 0000)
    "1"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\9B21E606F14644642AA2FF83EA89A0DF\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="[1]"
    "1"="DISK1;1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\9eab5ec6ac3d99b498a1d16c1c815acf\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="[1]"
    "1"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "2"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "3"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "4"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "5"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "6"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "7"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "8"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "9"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "10"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "11"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\A76A12931BA584E449447C8141FC0372\SourceList\Media]
    @DACL=(02 0000)
    "1"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\A929A4608ED4FC049A10DB041CE4D452\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="PDF Installation [1]"
    "1"=";CD-ROM #1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\B0FEE8C6EB4C7A53FB80C7C366E76BA2\SourceList\Media]
    @DACL=(02 0000)
    "1"=";1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\B17E077734D20084C93BB5C6AABEBEAE\SourceList\Media]
    @DACL=(02 0000)
    "1"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="[1]"
    "1"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "2"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "3"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "4"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "5"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "6"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "7"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "8"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "9"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "10"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "11"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\BA920F262F58000068A6F90CDD99DDCB\SourceList\Media]
    @DACL=(02 0000)
    "1"="ContentService_1;"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\BA920F262F58100068A6F90CDD99DDCB\SourceList\Media]
    @DACL=(02 0000)
    "1"="ContentService_1_EN-US;"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\BDF3778CBD0D25EB5D634FF889685BB7\SourceList\Media]
    @DACL=(02 0000)
    "1"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\BEEBE7110BD58C34F96DDD85D31B25DD\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="[1]"
    "1"="DISK1;1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\C28643E881181F13CBC489DC69571E2C\SourceList\Media]
    @DACL=(02 0000)
    "1"=";1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\CB47F5EE5DC52FE468AB186EFC641AF8\SourceList\Media]
    @DACL=(02 0000)
    "1"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="[1]"
    "1"=";1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="Microsoft's Silverlight Installation [1]"
    "1"=";1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\DB775D1AD2969CA489FDE8C3337B294E\SourceList\Media]
    @DACL=(02 0000)
    "1"=";"
    "2"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\DDA39468D428E8B4DB27C8D5DC5CA217\SourceList\Media]
    @DACL=(02 0000)
    "1"=";"
    "2"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\DFC90B5F2B0FFA63D84FD16F6BF37C4B\SourceList\Media]
    @DACL=(02 0000)
    "1"=";1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\E83E246D42D0C684A9D23E61DD96F6B4\SourceList\Media]
    @DACL=(02 0000)
    "1"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\EB940C659E972054EB7A79453A6EF0B9\SourceList\Media]
    @DACL=(02 0000)
    "1"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\EDC3967BB470C1035948CF343496C6B8\SourceList\Media]
    @DACL=(02 0000)
    "1"=";1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\F9165FFF310246008AE599497FA0E9D5\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="Please insert the DVD labeled \"[1]\""
    "1"=";Inventor Fusion 2013 Disk 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Tempo para conclusão: 2013-06-08 21:58:18
    ComboFix-quarantined-files.txt 2013-06-09 00:58
    .
    Pré-execução: 253.861.425.152 bytes disponíveis
    Pós execução: 253.651.496.960 bytes disponíveis
    .
    - - End Of File - - B630AED4A65ABD91A96D4908E0D1BF4A
    A36C5E4F47E84449FF07ED3517B43A31

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Propaganda aleatoria ao acessa qualquer navegador, log para analise.

    Mensagem por Edvan em Sab Jun 08, 2013 9:13 pm

    Ops!!! log para analise [Você precisa estar registrado e conectado para ver este link.]

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 610
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Propaganda aleatoria ao acessa qualquer navegador, log para analise.

    Mensagem por joram em Dom Jun 09, 2013 7:53 am

    Bom Dia! Edvan

    |- Baixe: < [Você precisa estar registrado e conectado para ver este link.] >
    |- Salve-o no desktop!
    |- Desabilite seu antivírus ou antispyware,para que a ferramenta não seja detectada como malware.
    |- Execute AT-Destroyer.exe como administrador,caso utilize Windows Vista ou 7.

    [Você precisa estar registrado e conectado para ver este link.]

    |- Escolha a opção "Buscar" e aguarde a finalização do scan.
    |- Poste o relatório! ( C:\AT-Destroyer.txt )

    -/-

    |- Feche programas/pastas que estejam abertas.
    |- Feche,também,o navegador!
    |- Para Windows Vista,desabilite a [Você precisa estar registrado e conectado para ver este link.].

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
    |- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

    [MD5.00000000000000000000000000000000] [APT] [{97CAD944-A341-4D2D-A421-5A9572EC2ADD}] (...) -- C:\Users\Edvan\Desktop\VirtualBox-4.2.4-81684-Win.exe (.not file.) [0]
    O3 - Toolbar: (no name) [64Bits] - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} Orphean Key
    O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Orphean Key
    O87 - FAEL: "TCP Query User{69823462-E832-47AC-87A2-8EF8D3AFC93A}C:\program files\telexfree\run.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\telexfree\run.exe (.not file.)
    O87 - FAEL: "UDP Query User{1A81B48A-EE20-4C37-956A-4E1BB1EF50C3}C:\program files\telexfree\run.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\telexfree\run.exe (.not file.)
    O87 - FAEL: "{D3A884D8-7C0D-413E-9F61-F9F59FAC6F77}" |In - Public - P17 - TRUE | .(...) -- C:\program files\telexfree\run.exe (.not file.)
    O87 - FAEL: "{DDCB2F19-FAD2-4B88-8B06-12F1B59B65F5}" |In - Public - P6 - TRUE | .(...) -- C:\program files\telexfree\run.exe (.not file.)
    G2 - GCE: Preference [User Data\Default] [dhkplhfnhceodhffomolpfigojocbpcb] Babylon Toolbar v.1.8 (Désactivé) => Infection BT (Toolbar.Babylon)

    proxyfix
    emptytemp
    emptyclsid
    emptyflash
    firewallraz
    sysrestore
    |- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
    |- Minimize o Bloco de Notas.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Clique no menu,"Paste ClipBoard".
    |- Evite a opção "Colar" ( Ctrl+V ),no campo amarelo claro,que não habilita o botão "Go".

    [Você precisa estar registrado e conectado para ver este link.]

    |- Clique "GO" -> Oui.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
    |- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

    Abs!

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Propaganda aleatoria ao acessa qualquer navegador, log para analise.

    Mensagem por Edvan em Dom Jun 09, 2013 7:57 pm

    ######################## AT-Destroyer By Infospyware.
    Hora/Día/Mes/Año: 20:54:30 \\\ 09/06/2013
    AT-Destroyer 2.1 By Infospyware ---> [Você precisa estar registrado e conectado para ver este link.]
    Última actualización: 30/11/2012
    Opción escogida: 1 :Buscar
    Versión Internet Explorer:9.0.8112.16421
    Privilegios: Edvan - Administrador
    Modo Actual: Modo Normal.
    Nombre del pc: EDVAN-PC
    Información del sistema operativo:X64-WIN_7-
    nombre del usuario:Edvan
    Lenguaje del sistema: Portugués



    >>>>>> Servicios <<<<<<



    >>>>>> Carpetas <<<<<<



    >>>>>> Archivos <<<<<<



    >>>>>> Registro <<<<<<



    >>>>>> Heurística <<<<<<

    Encontrado: C:\Users\Edvan\2012-12-05-01-57-51.020-VirtualBox.exe-3900.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-03-07-22-30-33.000-VirtualBox.exe-3808.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-00-14-19.048-VirtualBox.exe-2284.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-00-15-22.022-VirtualBox.exe-4588.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-00-16-11.092-VirtualBox.exe-5028.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-00-26-19.079-VirtualBox.exe-3540.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-00-28-04.013-VirtualBox.exe-3500.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-02-09-46.091-VirtualBox.exe-3500.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-02-11-49.073-VirtualBox.exe-3996.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-02-12-44.062-VirtualBox.exe-5032.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-02-13-46.032-VirtualBox.exe-4612.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-02-16-13.033-VirtualBox.exe-4972.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-02-16-22.070-VirtualBox.exe-4376.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-02-16-46.041-VirtualBox.exe-4848.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-02-18-28.036-VirtualBox.exe-3340.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-02-19-22.076-VirtualBox.exe-4408.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-02-21-13.058-VirtualBox.exe-4220.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-02-21-19.086-VirtualBox.exe-3828.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-02-23-07.053-VirtualBox.exe-3700.log (Heur malware.win32.generic)


    >>>>>> Internet Explorer <<<<<<

    Start Page==about:blank
    Local Page==C:\Windows\SysWOW64\blank.htm
    Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
    Default_search_url==http://go.microsoft.com/fwlink/?LinkId=54896
    Default_Page_URL==about:blank


    ''HKCU\Software\Microsoft\Internet Explorer\Main''
    Start Page==http://www.google.com.br/
    Local Page==C:\Windows\system32\blank.htm
    Search Page==http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_search_url==
    Default_Page_URL==


    HKEY_USERS\S-1-5-21-4069876537-3619617356-1919562461-1000\Software\Microsoft\Internet Explorer\Main''
    Start Page==http://www.google.com.br/
    Local Page==C:\Windows\system32\blank.htm
    Search Page==http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_search_url==
    Default_Page_URL==


    >>>>>> Extensiones Firefox <<<<<<



    >>>>>> Plugins Firefox <<<<<<

    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@EDVR/WebClient
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3

    >>>>>> Google Chrome <<<<<<

    "homepage": "http://www.google.com.br/",
    "homepage_changed": true,
    "homepage_is_newtabpage": false,


    >>>>>> Extensiones Google Chrome <<<<<<

    C:\Users\Edvan\AppData\Local\Google\Chrome\User Data\Default\Extensions\2
    C:\Users\Edvan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
    C:\Users\Edvan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk

    ======== Listado ===========

    C:\Users\Edvan\AppData\Roaming\Autodesk [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\DAEMON Tools Lite [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\EPSON [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\Google [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\Identities [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\InstallShield [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\Macromedia [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\Malwarebytes [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\Media Center Programs [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\Media Player Classic [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\Microsoft [SDI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\Mozilla [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\Nero [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\PDF Architect [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\PhotoScape [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\Real [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\Skype [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\TeamViewer [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\TelexFree [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\uTorrent [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\WinRAR [D] 0 ( )
    C:\Program Files (x86)\Adobe Download Assistant [D] 0( 0)
    C:\Program Files (x86)\Auslogics [D] 0( 0)
    C:\Program Files (x86)\Autodesk [D] 0( 0)
    C:\Program Files (x86)\Blok Free 4 [D] 0( 0)
    C:\Program Files (x86)\Blok Master [D] 0( 0)
    C:\Program Files (x86)\Client [D] 0( 0)
    C:\Program Files (x86)\Common Files [D] 0( 0)
    C:\Program Files (x86)\DAEMON Tools Lite [D] 0( 0)
    C:\Program Files (x86)\desktop.ini [HSA] 174 bytes( 0)
    C:\Program Files (x86)\DMMultiView [D] 0( 0)
    C:\Program Files (x86)\DsNET Corp [D] 0( 0)
    C:\Program Files (x86)\EASEUS [D] 0( 0)
    C:\Program Files (x86)\epson [D] 0( 0)
    C:\Program Files (x86)\Epson Software [D] 0( 0)
    C:\Program Files (x86)\Foxit Software [D] 0( 0)
    C:\Program Files (x86)\FreeTime [D] 0( 0)
    C:\Program Files (x86)\Google [D] 0( 0)
    C:\Program Files (x86)\InstallShield Installation Information [HD] 0( 0)
    C:\Program Files (x86)\Intel [D] 0( 0)
    C:\Program Files (x86)\Internet Explorer [D] 0( 0)
    C:\Program Files (x86)\Java [D] 0( 0)
    C:\Program Files (x86)\K-Lite Codec Pack [D] 0( 0)
    C:\Program Files (x86)\Malwarebytes' Anti-Malware [D] 0( 0)
    C:\Program Files (x86)\Marcos Velasco Security [D] 0( 0)
    C:\Program Files (x86)\Microsoft [D] 0( 0)
    C:\Program Files (x86)\Microsoft Office [D] 0( 0)
    C:\Program Files (x86)\Microsoft Silverlight [D] 0( 0)
    C:\Program Files (x86)\Microsoft Visual Studio [D] 0( 0)
    C:\Program Files (x86)\Microsoft Works [D] 0( 0)
    C:\Program Files (x86)\Microsoft.NET [D] 0( 0)
    C:\Program Files (x86)\Mozilla Firefox [D] 0( 0)
    C:\Program Files (x86)\MSBuild [D] 0( 0)
    C:\Program Files (x86)\MSXML 4.0 [D] 0( 0)
    C:\Program Files (x86)\Nero [D] 0( 0)
    C:\Program Files (x86)\PDF Architect [D] 0( 0)
    C:\Program Files (x86)\PDFCreator [D] 0( 0)
    C:\Program Files (x86)\PhotoScape [D] 0( 0)
    C:\Program Files (x86)\Real [D] 0( 0)
    C:\Program Files (x86)\Realtek [D] 0( 0)
    C:\Program Files (x86)\Reference Assemblies [D] 0( 0)
    C:\Program Files (x86)\Skype [RD] 0( 0)
    C:\Program Files (x86)\TeamViewer [D] 0( 0)
    C:\Program Files (x86)\Temp [HD] 0( 0)
    C:\Program Files (x86)\Uninstall Information [HD] 0( 0)
    C:\Program Files (x86)\uTorrent [D] 0( 0)
    C:\Program Files (x86)\uTorrent Acceleration Tool [D] 0( 0)
    C:\Program Files (x86)\v9Soft [D] 0( 0)
    C:\Program Files (x86)\VS Revo Group [D] 0( 0)
    C:\Program Files (x86)\Winco [D] 0( 0)
    C:\Program Files (x86)\Windows Defender [D] 0( 0)
    C:\Program Files (x86)\Windows Live [D] 0( 0)
    C:\Program Files (x86)\Windows Live SkyDrive [D] 0( 0)
    C:\Program Files (x86)\Windows Mail [D] 0( 0)
    C:\Program Files (x86)\Windows Media Player [D] 0( 0)
    C:\Program Files (x86)\Windows NT [D] 0( 0)
    C:\Program Files (x86)\Windows Photo Viewer [D] 0( 0)
    C:\Program Files (x86)\Windows Portable Devices [D] 0( 0)
    C:\Program Files (x86)\Windows Sidebar [D] 0( 0)
    C:\Program Files (x86)\WinRAR [D] 0( 0)
    C:\Program Files (x86)\ZHPDiag [D] 0( 0)
    C:\ProgramData\Ambiente de trabalho [HSDLI] 0 0
    C:\ProgramData\Apple [DI] 0 0
    C:\ProgramData\Application Data [HSDLI] 0 0
    C:\ProgramData\Autodesk [DI] 0 0
    C:\ProgramData\AVAST Software [DI] 0 0
    C:\ProgramData\bf4ppp.bmp [H] 4,00 MB 0
    C:\ProgramData\BMPPP.bmp [H] 4,00 MB 0
    C:\ProgramData\CorelDRAW Graphics Suite X6 [DI] 0 0
    C:\ProgramData\DAEMON Tools Lite [DI] 0 0
    C:\ProgramData\Desktop [HSDLI] 0 0
    C:\ProgramData\Documentos [HSDLI] 0 0
    C:\ProgramData\Documents [HSDLI] 0 0
    C:\ProgramData\EPSON [DI] 0 0
    C:\ProgramData\Favorites [HSDLI] 0 0
    C:\ProgramData\Favoritos [HSDLI] 0 0
    C:\ProgramData\FLEXnet [DI] 0 0
    C:\ProgramData\Google [DI] 0 0
    C:\ProgramData\GP0 [HD] 0 0
    C:\ProgramData\gwp2.sys [H] 264 bytes 0
    C:\ProgramData\Intel [DI] 0 0
    C:\ProgramData\Malwarebytes [DI] 0 0
    C:\ProgramData\Menu Iniciar [HSDLI] 0 0
    C:\ProgramData\Microsoft [SDI] 0 0
    C:\ProgramData\Microsoft Help [DI] 0 0
    C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [AI] 153 bytes 0
    C:\ProgramData\Modelos [HSDLI] 0 0
    C:\ProgramData\Nero [DI] 0 0
    C:\ProgramData\NTUser.dat.LOG1 [HSAI] 5,00 KB 0
    C:\ProgramData\NTUser.dat.LOG2 [HSAI] 0 bytes 0
    C:\ProgramData\NTUser.dat{27fa61ef-e80e-11e1-9998-3085a935c190}.TM.blf [HSAI] 64,0 KB 0
    C:\ProgramData\NTUser.dat{27fa61ef-e80e-11e1-9998-3085a935c190}.TMContainer00000000000000000001.regtrans-ms [HSAI] 512 KB 0
    C:\ProgramData\NTUser.dat{27fa61ef-e80e-11e1-9998-3085a935c190}.TMContainer00000000000000000002.regtrans-ms [HSAI] 512 KB 0
    C:\ProgramData\NTUser.dat{27fa61fa-e80e-11e1-9998-3085a935c190}.TM.blf [HSAI] 64,0 KB 0
    C:\ProgramData\NTUser.dat{27fa61fa-e80e-11e1-9998-3085a935c190}.TMContainer00000000000000000001.regtrans-ms [HSAI] 512 KB 0
    C:\ProgramData\NTUser.dat{27fa61fa-e80e-11e1-9998-3085a935c190}.TMContainer00000000000000000002.regtrans-ms [HSAI] 512 KB 0
    C:\ProgramData\Real [DI] 0 0
    C:\ProgramData\regid.1986-12.com.adobe [DI] 0 0
    C:\ProgramData\Skype [DI] 0 0
    C:\ProgramData\Start Menu [HSDLI] 0 0
    C:\ProgramData\Sun [DI] 0 0
    C:\ProgramData\TEMP [DAI] 0 0
    C:\ProgramData\Templates [HSDLI] 0 0
    C:\ProgramData\UDL [DI] 0 0
    ======================EOF=======================


    Rapport de ZHPFix 2013.6.4.1 par Nicolas Coolman, Update du 04/06/2013
    Fichier d'export Registre :
    Run by Edvan at 09/06/2013 20:56:06
    High Elevated Privileges : OK
    Windows 7 Ultimate Edition, 64-bit (Build 7600)

    Recycle Files Deleted

    ========== Registry Key ==========
    DELETED Key: CLSID: [HKLM\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
    DELETED Key: CLSID: [HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]

    ========== Registry Value ==========
    DELETED Toolbar: {9421DD08-935F-4701-A9CA-22DF90AC4EA6}
    DELETED Toolbar: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
    NOT FOUND TCP Query User{69823462-E832-47AC-87A2-8EF8D3AFC93A}C:/program files/telexfree/run.exe
    NOT FOUND UDP Query User{1A81B48A-EE20-4C37-956A-4E1BB1EF50C3}C:/program files/telexfree/run.exe
    DELETED {D3A884D8-7C0D-413E-9F61-F9F59FAC6F77}
    DELETED {DDCB2F19-FAD2-4B88-8B06-12F1B59B65F5}
    ProxyFix : Proxy killed successfully
    DELETED ProxyServer Value
    DELETED ProxyEnable Value
    DELETED EnableHttp1_1 Value
    DELETED ProxyHttp1.1 Value
    DELETED ProxyOverride Value
    No Value in Standard Profile Register Key FirewallRaz :
    No Value in Domain Profile Register Key FirewallRaz :
    DELETED FirewallRaz (Private) : TCP Query User{69823462-E832-47AC-87A2-8EF8D3AFC93A}C:\program files\telexfree\run.exe
    DELETED FirewallRaz (Private) : UDP Query User{1A81B48A-EE20-4C37-956A-4E1BB1EF50C3}C:\program files\telexfree\run.exe

    ========== Browser Profiles ==========
    NOT FOUND Folder Chrome: C:\Users\Edvan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

    ========== Repertory ==========
    No Empty CLSID Directories
    DELETED Flash Cookies

    ========== File ==========
    DELETED Window Temporary
    DELETED Flash Cookies

    ========== Task ==========
    DELETED Task: {97CAD944-A341-4D2D-A421-5A9572EC2ADD}

    ========== Restoration ==========
    Restore System Point created succefully


    ========== Summary ==========
    2 : Registry Key
    16 : Registry Value
    2 : Repertory
    2 : File
    1 : Browser Profiles
    1 : Task
    1 : Restoration


    End of clean in 00mn 24s

    ========== Report File ==========
    C:\ZHP\ZHPFix[R1].txt - 09/06/2013 20:56:06 [2158]

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 610
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Propaganda aleatoria ao acessa qualquer navegador, log para analise.

    Mensagem por joram em Seg Jun 10, 2013 9:03 am

    Bom Dia! Edvan

    < [Você precisa estar registrado e conectado para ver este link.] >

    |- Detectado pela ferramenta AT-Destroyer,segundo a heurística estabelecida,a VirtualBox como "Heur malware.win32.generic". Acredito ser FP já que seu antivírus,Avast,nada detectou!

    [Você precisa estar registrado e conectado para ver este link.]

    |- Abra,novamente,a ferramenta AT-Destroyer e clique "Desinstalar".

    -/-

    < C:\Program Files (x86)\v9Soft [D] 0( 0) >

    |- Delete esta pasta,em destaque,pois parece estar vazia.

    |- Baixe: < [Você precisa estar registrado e conectado para ver este link.] > ( ... by Oleg N. Scherbakov )
    |- Salve-o no desktop!
    |- Para Windows 7,clique direito em JRT.exe e execute-o ... [Você precisa estar registrado e conectado para ver esta imagem.]
    |- Aguarde a conclusão e poste o relatório. ( JRT.txt )

    A+

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Propaganda aleatoria ao acessa qualquer navegador, log para analise.

    Mensagem por Edvan em Seg Jun 10, 2013 11:28 am

    Detectado pela ferramenta AT-Destroyer,segundo a heurística estabelecida,a VirtualBox como "Heur malware.win32.generic". Acredito ser FP já que seu antivírus,Avast,nada detectou!

    |- Abra,novamente,a ferramenta AT-Destroyer e clique "Desinstalar".



    Sobre o <VirtualBox>, realmente tenho algumas maquinas virtuais para estudo (Linux)..


    C:\Program Files (x86)\v9Soft [D] 0( 0) >

    |- Delete esta pasta,em destaque,pois parece estar vazia.

    Fui lá na pasta ==> v9Soft, realmente nao tinha nada dentro, deletei a mesma..

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Windows 7 Ultimate x64
    Ran by Edvan on 10/06/2013 at 12:17:51,95
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 10/06/2013 at 12:22:10,33
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 610
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Propaganda aleatoria ao acessa qualquer navegador, log para analise.

    Mensagem por joram em Seg Jun 10, 2013 11:32 am

    Ok! Edvan

    |- Não vejo mais Adwares em seu PC.

    -/-

    |- Baixe: |[Você precisa estar registrado e conectado para ver este link.]| ( ... de Xplode )

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Estando na página,clique na seta verde para o download.
    |- Salve-a em um local conveniente! ( desktop! )
    |- Feche aplicativos que estejam abertos.

    [Você precisa estar registrado e conectado para ver este link.]

    |- Execute-a!
    |- Com as duas checkbox marcadas!
    |- Clique "Run".
    |- Tudo Ok?

    Abs!

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Propaganda aleatoria ao acessa qualquer navegador, log para analise.

    Mensagem por Edvan em Seg Jun 10, 2013 11:34 am

    tudo ok amigo, mais uma vez obrigado.

    # DelFix v10.3 - Logfile created 10/06/2013 at 12:30:34
    # Updated 08/06/2013 by Xplode
    # Username : Edvan - EDVAN-PC
    # Operating System : Windows 7 Ultimate (64 bits)

    ~ Removing disinfection tools ...

    Deleted : C:\Qoobox
    Deleted : C:\JRT
    Deleted : C:\ZHP
    Deleted : C:\Program Files (x86)\ZHPDiag
    Deleted : C:\AdwCleaner[S1].txt
    Deleted : C:\ComboFix.txt
    Deleted : C:\PhysicalDisk0_MBR.bin
    Deleted : C:\rapport.txt
    Deleted : C:\Users\Edvan\Desktop\adwcleaner.exe
    Deleted : C:\Users\Edvan\Desktop\ComboFix.exe
    Deleted : C:\Users\Edvan\Desktop\JRT.exe
    Deleted : C:\Users\Edvan\Desktop\JRT.txt
    Deleted : C:\Users\Edvan\Desktop\ZHPDiag.txt
    Deleted : C:\Users\Edvan\Desktop\ZHPDiag2.exe
    Deleted : C:\Users\Public\Desktop\MBRCheck.lnk
    Deleted : C:\Users\Public\Desktop\ZHPDiag.lnk
    Deleted : C:\Users\Public\Desktop\ZHPFix.lnk
    Deleted : C:\Windows\grep.exe
    Deleted : C:\Windows\PEV.exe
    Deleted : C:\Windows\NIRCMD.exe
    Deleted : C:\Windows\MBR.exe
    Deleted : C:\Windows\SED.exe
    Deleted : C:\Windows\SWREG.exe
    Deleted : C:\Windows\SWSC.exe
    Deleted : C:\Windows\SWXCACLS.exe
    Deleted : C:\Windows\Zip.exe
    Deleted : HKLM\SOFTWARE\AdwCleaner
    Deleted : HKLM\SOFTWARE\Swearware
    Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

    ~ Cleaning system restore ...

    Deleted : RP #64 [Installed Java 7 Update 21 | 05/14/2013 15:35:05]
    Deleted : RP #65 [Removed TelexFree | 05/16/2013 00:49:17]
    Deleted : RP #66 [Removed Microsoft Web Platform Installer 4.5 | 05/16/2013 00:51:11]
    Deleted : RP #67 [Ponto de Verificação Agendado | 05/27/2013 01:27:49]
    Deleted : RP #68 [Ponto de Verificação Agendado | 06/06/2013 17:08:51]
    Deleted : RP #69 [ComboFix created restore point | 06/09/2013 00:50:24]
    Deleted : RP #70 [P | 06/09/2013 23:55:50]

    New restore point created !

    ########## - EOF - ##########

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 610
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Propaganda aleatoria ao acessa qualquer navegador, log para analise.

    Mensagem por joram em Seg Jun 10, 2013 11:37 am

    CASO RESOLVIDO!

    Necessitando novo auxílio para este computador,basta abrir "Novo Tópico" e relatar o problema.

    Conteúdo patrocinado

    Re: Propaganda aleatoria ao acessa qualquer navegador, log para analise.

    Mensagem por Conteúdo patrocinado Hoje à(s) 7:01 am


      Data/hora atual: Qua Jan 18, 2017 7:01 am