Fórum SecSecurity

Implementando Limpeza e Seguranca em seu computador!

Palavras chave

Últimos assuntos

» ResetBrowser ( ... de Nicolas Coolman )
Ter Maio 31, 2016 5:58 am por joram

» herdProtectScan ( ... by herdprotect.com )
Seg Mar 07, 2016 10:58 pm por joram

» Emsisoft Emergency Kit ( ... by Emsisoft.com )
Dom Fev 28, 2016 5:40 am por joram

» Dr.WEB Link Checker ( ... by Doctor Web.Ltd )
Qui Fev 11, 2016 9:51 am por joram

» Computador com erros no navegador
Sab Ago 29, 2015 8:04 pm por joram

» Justiça determina que PSafe retire alertas desleais
Qua Ago 19, 2015 6:58 am por joram

» Google vai fazer buscas offline internas no desktop do seu PC
Ter Ago 18, 2015 8:19 am por joram

» Baidu lança buscador no Brasil!
Seg Ago 17, 2015 12:25 pm por joram

» Kaspersky é acusada de inventar vírus!
Sex Ago 14, 2015 3:32 pm por joram

Dezembro 2016

SegTerQuaQuiSexSabDom
   1234
567891011
12131415161718
19202122232425
262728293031 

Calendário Calendário

Parceiros

Fórum grátis

Os membros mais marcados


    Propaganda aleatoria ao acessa qualquer navegador, log para analise.

    Compartilhe

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Propaganda aleatoria ao acessa qualquer navegador, log para analise.

    Mensagem por Edvan em Sab Jun 08, 2013 9:02 pm

    # AdwCleaner v2.303 - Logfile created 06/08/2013 at 21:37:12
    # Updated 08/06/2013 by Xplode
    # Operating system : Windows 7 Ultimate (64 bits)
    # User : Edvan - EDVAN-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Edvan\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\END
    Folder Deleted : C:\Program Files (x86)\CouponDropDown Plugin
    Folder Deleted : C:\Program Files (x86)\DeviceVM
    Folder Deleted : C:\ProgramData\DeviceVM
    Folder Deleted : C:\Users\Edvan\AppData\Local\CouponDropDown Plugin
    Folder Deleted : C:\Users\Edvan\AppData\Local\Google\Chrome\User Data\Default\Extensions\phogapapkjenakenccmiinkeonkiidle
    Folder Deleted : C:\Users\Edvan\AppData\Roaming\DeviceVM
    Folder Deleted : C:\Users\Edvan\AppData\Roaming\pdfforge

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\AppDataLow\Software\CouponDropDown Plugin
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211771193}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211771193}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0027793.BHO
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0027793.BHO.1
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0027793.Sandbox
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0027793.Sandbox.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440244774493}
    Key Deleted : HKLM\Software\CouponDropDown Plugin
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211771193}
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\V9Software
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211771193}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220222772293}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550255775593}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660266776693}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211771193}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211771193}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211771193}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CouponDropDown Plugin
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255775593}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266776693}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
    Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16448

    [OK] Registry is clean.

    -\\ Google Chrome v27.0.1453.110

    File : C:\Users\Edvan\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [4404 octets] - [08/06/2013 21:37:12]

    ########## EOF - C:\AdwCleaner[S1].txt - [4464 octets] ##########



    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Windows 7 Ultimate x64
    Ran by Edvan on 08/06/2013 at 21:41:27,81
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{ED144D9C-3E73-49F0-8F6F-C5246C357E51}



    ~~~ Files



    ~~~ Folders



    ~~~ Chrome

    Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 08/06/2013 at 21:45:24,28
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~









    ComboFix 13-06-08.02 - Edvan 08/06/2013 21:51:54.1.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.2070.18.4008.2558 [GMT -3:00]
    Executando de: c:\users\Edvan\Desktop\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Criado um novo ponto de restauração
    .
    .
    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\ntuser.dat
    c:\windows\SysWow64\pt
    c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll
    c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll
    .
    .
    (((((((((((((((( Arquivos/Ficheiros criados de 2013-05-09 to 2013-06-09 ))))))))))))))))))))))))))))
    .
    .
    2013-06-09 00:56 . 2013-06-09 00:56 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-06-09 00:41 . 2013-06-09 00:41 -------- d-----w- c:\windows\ERUNT
    2013-06-09 00:41 . 2013-06-09 00:41 -------- d-----w- C:\JRT
    2013-06-08 20:59 . 2013-06-08 20:59 -------- d-----w- c:\users\Edvan\AppData\Local\Updater27793
    2013-06-01 13:27 . 2013-06-01 13:27 -------- d-----w- c:\program files\webrec
    2013-05-27 20:31 . 2013-05-28 15:40 -------- d-----w- C:\Pictures
    2013-05-27 17:44 . 2002-08-02 15:00 147512 ----a-w- c:\windows\SysWow64\temp.004
    2013-05-27 17:44 . 2013-05-27 17:44 -------- d-----w- c:\program files (x86)\Client
    2013-05-27 17:44 . 2007-05-16 11:41 49152 ----a-w- c:\windows\SysWow64\inetocx.ocx
    2013-05-27 17:44 . 2007-05-14 15:47 28672 ----a-w- c:\windows\SysWow64\UdpSock.dll
    2013-05-27 17:44 . 2007-05-11 01:00 290816 ----a-w- c:\windows\SysWow64\DVRClient.ocx
    2013-05-27 17:44 . 2007-05-09 13:10 24576 ----a-w- c:\windows\SysWow64\temp.003
    2013-05-27 17:44 . 2007-03-19 13:01 49152 ----a-w- c:\windows\SysWow64\Mp4Decoder.dll
    2013-05-27 17:44 . 2006-02-25 17:14 77824 ----a-w- c:\windows\SysWow64\xvid.ax
    2013-05-27 17:44 . 2005-07-09 23:58 61440 ----a-w- c:\windows\SysWow64\TalkDll.dll
    2013-05-27 17:44 . 2003-03-16 00:24 565248 ----a-w- c:\windows\SysWow64\svmp4.dll
    2013-05-27 17:44 . 2000-12-07 00:18 28672 ----a-w- c:\windows\SysWow64\DrawDll.dll
    2013-05-15 21:54 . 2013-06-08 21:26 -------- d-----w- C:\FFOutput
    2013-05-14 15:36 . 2013-05-14 15:36 -------- d-----w- c:\program files (x86)\Common Files\Java
    2013-05-14 15:36 . 2013-04-04 08:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-05-10 22:21 . 2013-05-10 22:21 -------- d-----w- c:\windows\SysWow64\webclient
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-05-14 22:52 . 2012-08-24 14:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-05-14 22:52 . 2012-08-24 14:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-05-09 08:59 . 2013-03-01 21:42 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-05-09 08:59 . 2013-03-01 21:42 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-05-09 08:59 . 2012-08-16 22:52 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-05-09 08:59 . 2012-08-16 22:52 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2013-05-09 08:59 . 2012-08-16 22:52 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-05-09 08:59 . 2012-08-16 22:52 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-05-09 08:59 . 2012-08-16 22:52 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-05-09 08:59 . 2012-08-16 22:52 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-05-09 08:58 . 2012-08-16 22:52 41664 ----a-w- c:\windows\avastSS.scr
    2013-05-09 08:58 . 2012-08-16 22:52 287840 ----a-w- c:\windows\system32\aswBoot.exe
    2013-04-09 18:13 . 2013-04-21 20:10 110264 ----a-w- c:\windows\system32\pdfcmon.dll
    2013-03-27 19:34 . 2013-03-27 19:33 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    .
    .
    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas.
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-24 39408]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    S0 aswRvrt;aswRvrt; [x]
    S0 aswVmm;aswVmm; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
    S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
    S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
    S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
    S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
    S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
    .
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 22:52]
    .
    2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-16 22:52]
    .
    2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-16 22:52]
    .
    2013-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4069876537-3619617356-1919562461-1000Core.job
    - c:\users\Edvan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24 14:44]
    .
    2013-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4069876537-3619617356-1919562461-1000UA.job
    - c:\users\Edvan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24 14:44]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 168216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 416024]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    .
    ------- Scan Suplementar -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = [Você precisa estar registrado e conectado para ver este link.]
    mDefault_Page_URL = about:blank
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = 192.168.1.117:3128
    IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 187.123.79.52 187.123.79.56 192.168.1.1
    DPF: {021AFC0F-30F4-474D-9903-CE42D9539B17} - [Você precisa estar registrado e conectado para ver este link.]
    DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - [Você precisa estar registrado e conectado para ver este link.]
    DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} - [Você precisa estar registrado e conectado para ver este link.]
    DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - [Você precisa estar registrado e conectado para ver este link.]
    .
    - - - - ORFÃOS REMOVIDOS - - - -
    .
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    AddRemove-WebClient - c:\windows\system32\WebClient\uninstall.cmd
    .
    .
    .
    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4069876537-3619617356-1919562461-1000\Software\Adobe\CommonFiles\Usage\CS5]
    @DACL=(02 0000)
    "Date"="2012-11-02T00:15Z"
    .
    [HKEY_USERS\S-1-5-21-4069876537-3619617356-1919562461-1000\Software\Adobe\CommonFiles\Usage\Demographic]
    @DACL=(02 0000)
    "JobFunction"="NOVALUE"
    "Industry"="NOVALUE"
    "CompanySize"="NOVALUE"
    .
    [HKEY_USERS\S-1-5-21-4069876537-3619617356-1919562461-1000\Software\Adobe\CommonFiles\Usage\Reader 9]
    @DACL=(02 0000)
    "throttle"=dword:00000003
    "Date"="2012-09-29T23:12Z"
    "OptIn"=dword:00000000
    .
    [HKEY_USERS\S-1-5-21-4069876537-3619617356-1919562461-1000\Software\Gabest\Media Player Classic\Settings\PnSPresets]
    @DACL=(02 0000)
    "Preset0"="Scale to 16:9 TV,0.500,0.500,1.000,1.333"
    "Preset1"="Zoom To Widescreen,0.500,0.500,1.333,1.333"
    "Preset2"="Zoom To Ultra-Widescreen,0.500,0.500,1.763,1.763"
    .
    [HKEY_USERS\S-1-5-21-4069876537-3619617356-1919562461-1000\Software\Microsoft\Installer\Products\6DED2C82B5237CC489A371778C7FBFBA\SourceList\Media]
    @DACL=(02 0000)
    "1"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\79EB7C9295ED2A736A78A2DD351249A8\SourceList\Media]
    @DACL=(02 0000)
    "100"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\F307481C0422F334BAB073BCA72235B0\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="Microsoft's Silverlight Installation [1]"
    "100"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\1007C6B46D7C017319E3B52CF3EC196E\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="[1]"
    "1"=";1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\135DCCF583B149A429C421F727F20207\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="[1]"
    "1"=";"
    "2"=";"
    "3"=";"
    "4"=";"
    "5"=";"
    "6"=";"
    "7"=";"
    "8"=";"
    "9"=";"
    "10"=";"
    "11"=";"
    "12"=";"
    "13"=";"
    "14"=";"
    "15"=";"
    "16"=";"
    "17"=";"
    "18"=";"
    "19"=";"
    "20"=";"
    "21"=";"
    "22"=";"
    "23"=";"
    "24"=";"
    "25"=";"
    "26"=";"
    "27"=";"
    "28"=";"
    "29"=";"
    "30"=";"
    "31"=";"
    "32"=";"
    "33"=";"
    "34"=";"
    "35"=";"
    "36"=";"
    "37"=";"
    "38"=";"
    "39"=";"
    "40"=";"
    "41"=";"
    "42"=";"
    "43"=";"
    "44"=";"
    "45"=";"
    "46"=";"
    "47"=";"
    "48"=";"
    "49"=";"
    "50"=";"
    "51"=";"
    "52"=";"
    "53"=";"
    "54"=";"
    "55"=";"
    "56"=";"
    "57"=";"
    "58"=";"
    "59"=";"
    "60"=";"
    "61"=";"
    "62"=";"
    "63"=";"
    "64"=";"
    "65"=";"
    "66"=";"
    "67"=";"
    "68"=";"
    "69"=";"
    "70"=";"
    "71"=";"
    "72"=";"
    "73"=";"
    "74"=";"
    "75"=";"
    "76"=";"
    "77"=";"
    "78"=";"
    "79"=";"
    "80"=";"
    "81"=";"
    "82"=";"
    "83"=";"
    "84"=";"
    "85"=";"
    "86"=";"
    "87"=";"
    "88"=";"
    "89"=";"
    "90"=";"
    "91"=";"
    "92"=";"
    "93"=";"
    "94"=";"
    "95"=";"
    "96"=";"
    "97"=";"
    "98"=";"
    "99"=";"
    "100"=";"
    "101"=";"
    "102"=";"
    "103"=";"
    "104"=";"
    "105"=";"
    "106"=";"
    "107"=";"
    "108"=";"
    "109"=";"
    "110"=";"
    "111"=";"
    "112"=";"
    "113"=";"
    "114"=";"
    "115"=";"
    "116"=";"
    "117"=";"
    "118"=";"
    "119"=";"
    "120"=";"
    "121"=";"
    "122"=";"
    "123"=";"
    "124"=";"
    "125"=";"
    "126"=";"
    "127"=";"
    "128"=";"
    "129"=";"
    "130"=";"
    "131"=";"
    "132"=";"
    "133"=";"
    "134"=";"
    "135"=";"
    "136"=";"
    "137"=";"
    "138"=";"
    "139"=";"
    "140"=";"
    "141"=";"
    "142"=";"
    "143"=";"
    "144"=";"
    "145"=";"
    "146"=";"
    "147"=";"
    "148"=";"
    "149"=";"
    "150"=";"
    "151"=";"
    "152"=";"
    "153"=";"
    "154"=";"
    "155"=";"
    "156"=";"
    "157"=";"
    "158"=";"
    "159"=";"
    "160"=";"
    "161"=";"
    "162"=";"
    "163"=";"
    "164"=";"
    "165"=";"
    "166"=";"
    "167"=";"
    "168"=";"
    "169"=";"
    "170"=";"
    "171"=";"
    "172"=";"
    "173"=";"
    "174"=";"
    "175"=";"
    "176"=";"
    "177"=";"
    "178"=";"
    "179"=";"
    "180"=";"
    "181"=";"
    "182"=";"
    "183"=";"
    "184"=";"
    "185"=";"
    "186"=";"
    "187"=";"
    "188"=";"
    "189"=";"
    "190"=";"
    "191"=";"
    "192"=";"
    "193"=";"
    "194"=";"
    "195"=";"
    "196"=";"
    "197"=";"
    "198"=";"
    "199"=";"
    "200"=";"
    "201"=";"
    "202"=";"
    "203"=";"
    "204"=";"
    "205"=";"
    "206"=";"
    "207"=";"
    "208"=";"
    "209"=";"
    "210"=";"
    "211"=";"
    "212"=";"
    "213"=";"
    "214"=";"
    "215"=";"
    "216"=";"
    "217"=";"
    "218"=";"
    "219"=";"
    "220"=";"
    "221"=";"
    "222"=";"
    "223"=";"
    "224"=";"
    "225"=";"
    "226"=";"
    "227"=";"
    "228"=";"
    "229"=";"
    "230"=";"
    "231"=";"
    "232"=";"
    "233"=";"
    "234"=";"
    "235"=";"
    "236"=";"
    "237"=";"
    "238"=";"
    "239"=";"
    "240"=";"
    "241"=";"
    "242"=";"
    "243"=";"
    "244"=";"
    "245"=";"
    "246"=";"
    "247"=";"
    "248"=";"
    "249"=";"
    "250"=";"
    "251"=";"
    "252"=";"
    "253"=";"
    "254"=";"
    "255"=";"
    "256"=";"
    "257"=";"
    "258"=";"
    "259"=";"
    "260"=";"
    "261"=";"
    "262"=";"
    "263"=";"
    "264"=";"
    "265"=";"
    "266"=";"
    "267"=";"
    "268"=";"
    "269"=";"
    "270"=";"
    "271"=";"
    "272"=";"
    "273"=";"
    "274"=";"
    "275"=";"
    "276"=";"
    "277"=";"
    "278"=";"
    "279"=";"
    "280"=";"
    "281"=";"
    "282"=";"
    "283"=";"
    "284"=";"
    "285"=";"
    "286"=";"
    "287"=";"
    "288"=";"
    "289"=";"
    "290"=";"
    "291"=";"
    "292"=";"
    "293"=";"
    "294"=";"
    "295"=";"
    "296"=";"
    "297"=";"
    "298"=";"
    "299"=";"
    "300"=";"
    "301"=";"
    "302"=";"
    "303"=";"
    "304"=";"
    "305"=";"
    "306"=";"
    "307"=";"
    "308"=";"
    "309"=";"
    "310"=";"
    "311"=";"
    "312"=";"
    "313"=";"
    "314"=";"
    "315"=";"
    "316"=";"
    "317"=";"
    "318"=";"
    "319"=";"
    "320"=";"
    "321"=";"
    "322"=";"
    "323"=";"
    "324"=";"
    "325"=";"
    "326"=";"
    "327"=";"
    "328"=";"
    "329"=";"
    "330"=";"
    "331"=";"
    "332"=";"
    "333"=";"
    "334"=";"
    "335"=";"
    "336"=";"
    "337"=";"
    "338"=";"
    "339"=";"
    "340"=";"
    "341"=";"
    "342"=";"
    "343"=";"
    "344"=";"
    "345"=";"
    "346"=";"
    "347"=";"
    "348"=";"
    "349"=";"
    "350"=";"
    "351"=";"
    "352"=";"
    "353"=";"
    "354"=";"
    "355"=";"
    "356"=";"
    "357"=";"
    "358"=";"
    "359"=";"
    "360"=";"
    "361"=";"
    "362"=";"
    "363"=";"
    "364"=";"
    "365"=";"
    "366"=";"
    "367"=";"
    "368"=";"
    "369"=";"
    "370"=";"
    "371"=";"
    "372"=";"
    "373"=";"
    "374"=";"
    "375"=";"
    "376"=";"
    "377"=";"
    "378"=";"
    "379"=";"
    "380"=";"
    "381"=";"
    "382"=";"
    "383"=";"
    "384"=";"
    "385"=";"
    "386"=";"
    "387"=";"
    "388"=";"
    "389"=";"
    "390"=";"
    "391"=";"
    "392"=";"
    "393"=";"
    "394"=";"
    "395"=";"
    "396"=";"
    "397"=";"
    "398"=";"
    "399"=";"
    "400"=";"
    "401"=";"
    "402"=";"
    "403"=";"
    "404"=";"
    "405"=";"
    "406"=";"
    "407"=";"
    "408"=";"
    "409"=";"
    "410"=";"
    "411"=";"
    "412"=";"
    "413"=";"
    "414"=";"
    "415"=";"
    "416"=";"
    "417"=";"
    "418"=";"
    "419"=";"
    "420"=";"
    "421"=";"
    "422"=";"
    "423"=";"
    "424"=";"
    "425"=";"
    "426"=";"
    "427"=";"
    "428"=";"
    "429"=";"
    "430"=";"
    "431"=";"
    "432"=";"
    "433"=";"
    "434"=";"
    "435"=";"
    "436"=";"
    "437"=";"
    "438"=";"
    "439"=";"
    "440"=";"
    "441"=";"
    "442"=";"
    "443"=";"
    "444"=";"
    "445"=";"
    "446"=";"
    "447"=";"
    "448"=";"
    "449"=";"
    "450"=";"
    "451"=";"
    "452"=";"
    "453"=";"
    "454"=";"
    "455"=";"
    "456"=";"
    "457"=";"
    "458"=";"
    "459"=";"
    "460"=";"
    "461"=";"
    "462"=";"
    "463"=";"
    "464"=";"
    "465"=";"
    "466"=";"
    "467"=";"
    "468"=";"
    "469"=";"
    "470"=";"
    "471"=";"
    "472"=";"
    "473"=";"
    "474"=";"
    "475"=";"
    "476"=";"
    "477"=";"
    "478"=";"
    "479"=";"
    "480"=";"
    "481"=";"
    "482"=";"
    "483"=";"
    "484"=";"
    "485"=";"
    "486"=";"
    "487"=";"
    "488"=";"
    "489"=";"
    "490"=";"
    "491"=";"
    "492"=";"
    "493"=";"
    "494"=";"
    "495"=";"
    "496"=";"
    "497"=";"
    "498"=";"
    "499"=";"
    "500"=";"
    "501"=";"
    "502"=";"
    "503"=";"
    "504"=";"
    "505"=";"
    "506"=";"
    "507"=";"
    "508"=";"
    "509"=";"
    "510"=";"
    "511"=";"
    "512"=";"
    "513"=";"
    "514"=";"
    "515"=";"
    "516"=";"
    "517"=";"
    "518"=";"
    "519"=";"
    "520"=";"
    "521"=";"
    "522"=";"
    "523"=";"
    "524"=";"
    "525"=";"
    "526"=";"
    "527"=";"
    "528"=";"
    "529"=";"
    "530"=";"
    "531"=";"
    "532"=";"
    "533"=";"
    "534"=";"
    "535"=";"
    "536"=";"
    "537"=";"
    "538"=";"
    "539"=";"
    "540"=";"
    "541"=";"
    "542"=";"
    "543"=";"
    "544"=";"
    "545"=";"
    "546"=";"
    "547"=";"
    "548"=";"
    "549"=";"
    "550"=";"
    "551"=";"
    "552"=";"
    "553"=";"
    "554"=";"
    "555"=";"
    "556"=";"
    "557"=";"
    "558"=";"
    "559"=";"
    "560"=";"
    "561"=";"
    "562"=";"
    "563"=";"
    "564"=";"
    "565"=";"
    "566"=";"
    "567"=";"
    "568"=";"
    "569"=";"
    "570"=";"
    "571"=";"
    "572"=";"
    "573"=";"
    "574"=";"
    "575"=";"
    "576"=";"
    "577"=";"
    "578"=";"
    "579"=";"
    "580"=";"
    "581"=";"
    "582"=";"
    "583"=";"
    "584"=";"
    "585"=";"
    "586"=";"
    "587"=";"
    "588"=";"
    "589"=";"
    "590"=";"
    "591"=";"
    "592"=";"
    "593"=";"
    "594"=";"
    "595"=";"
    "596"=";"
    "597"=";"
    "598"=";"
    "599"=";"
    "600"=";"
    "601"=";"
    "602"=";"
    "603"=";"
    "604"=";"
    "605"=";"
    "606"=";"
    "607"=";"
    "608"=";"
    "609"=";"
    "610"=";"
    "611"=";"
    "612"=";"
    "613"=";"
    "614"=";"
    "615"=";"
    "616"=";"
    "617"=";"
    "618"=";"
    "619"=";"
    "620"=";"
    "621"=";"
    "622"=";"
    "623"=";"
    "624"=";"
    "625"=";"
    "626"=";"
    "627"=";"
    "628"=";"
    "629"=";"
    "630"=";"
    "631"=";"
    "632"=";"
    "633"=";"
    "634"=";"
    "635"=";"
    "636"=";"
    "637"=";"
    "638"=";"
    "639"=";"
    "640"=";"
    "641"=";"
    "642"=";"
    "643"=";"
    "644"=";"
    "645"=";"
    "646"=";"
    "647"=";"
    "648"=";"
    "649"=";"
    "650"=";"
    "651"=";"
    "652"=";"
    "653"=";"
    "654"=";"
    "655"=";"
    "656"=";"
    "657"=";"
    "658"=";"
    "659"=";"
    "660"=";"
    "661"=";"
    "662"=";"
    "663"=";"
    "664"=";"
    "665"=";"
    "666"=";"
    "667"=";"
    "668"=";"
    "669"=";"
    "670"=";"
    "671"=";"
    "672"=";"
    "673"=";"
    "674"=";"
    "675"=";"
    "676"=";"
    "677"=";"
    "678"=";"
    "679"=";"
    "680"=";"
    "681"=";"
    "682"=";"
    "683"=";"
    "684"=";"
    "685"=";"
    "686"=";"
    "687"=";"
    "688"=";"
    "689"=";"
    "690"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\1926E8D15D0BCE53481466615F760A7F\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="[1]"
    "1"=";1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\1af2a8da7e60d0b429d7e6453b3d0182\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="[1]"
    "1"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "2"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "3"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "4"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "5"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "6"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "7"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "8"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "9"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "10"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "11"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="[1]"
    "1"=";1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="[1]"
    "1"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "2"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "3"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "4"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "5"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "6"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "7"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "8"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "9"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "10"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "11"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\4E6E1C288176DFE4D9CC2E676D09FE64\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="Plug-in Autodesk Inventor Fusion for AutoCAD 2013 [1]"
    "1"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\5784F2EFC590C724A979F4D80EA5FC22\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="Plug-in Autodesk Inventor Fusion for AutoCAD 2013 [1]"
    "1"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\6E8A266FCD4F2A1409E1C8110F44DBCE\SourceList\Media]
    @DACL=(02 0000)
    "1"=";"
    "2"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\7D2F3875100B0000102000060BECB6AB\SourceList\Media]
    @DACL=(02 0000)
    "MediaPackage"="\\x64\\acad"
    "DiskPrompt"="AutoCAD 2013 - Brasil: [1]"
    "1"="acad2013;"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\7D2F3875100B6140112000060BECB6AB\SourceList\Media]
    @DACL=(02 0000)
    "MediaPackage"="\\x64\\acad\\pt-BR"
    "DiskPrompt"="AutoCAD 2013 - Brasil: [1]"
    "1"="acad2013;"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\7D2F3875100B6140122000060BECB6AB\SourceList\Media]
    @DACL=(02 0000)
    "MediaPackage"="\\x64\\acad\\[LANG2LONG]"
    "DiskPrompt"="AutoCAD 2013 - Brasil: [1]"
    "1"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\9500CD411F0026F4DBA1BA32DC159AE5\SourceList\Media]
    @DACL=(02 0000)
    "1"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\9B21E606F14644642AA2FF83EA89A0DF\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="[1]"
    "1"="DISK1;1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\9eab5ec6ac3d99b498a1d16c1c815acf\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="[1]"
    "1"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "2"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "3"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "4"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "5"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "6"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "7"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "8"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "9"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "10"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    "11"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\A76A12931BA584E449447C8141FC0372\SourceList\Media]
    @DACL=(02 0000)
    "1"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\A929A4608ED4FC049A10DB041CE4D452\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="PDF Installation [1]"
    "1"=";CD-ROM #1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\B0FEE8C6EB4C7A53FB80C7C366E76BA2\SourceList\Media]
    @DACL=(02 0000)
    "1"=";1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\B17E077734D20084C93BB5C6AABEBEAE\SourceList\Media]
    @DACL=(02 0000)
    "1"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="[1]"
    "1"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "2"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "3"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "4"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "5"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "6"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "7"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "8"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "9"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "10"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    "11"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\BA920F262F58000068A6F90CDD99DDCB\SourceList\Media]
    @DACL=(02 0000)
    "1"="ContentService_1;"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\BA920F262F58100068A6F90CDD99DDCB\SourceList\Media]
    @DACL=(02 0000)
    "1"="ContentService_1_EN-US;"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\BDF3778CBD0D25EB5D634FF889685BB7\SourceList\Media]
    @DACL=(02 0000)
    "1"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\BEEBE7110BD58C34F96DDD85D31B25DD\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="[1]"
    "1"="DISK1;1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\C28643E881181F13CBC489DC69571E2C\SourceList\Media]
    @DACL=(02 0000)
    "1"=";1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\CB47F5EE5DC52FE468AB186EFC641AF8\SourceList\Media]
    @DACL=(02 0000)
    "1"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="[1]"
    "1"=";1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="Microsoft's Silverlight Installation [1]"
    "1"=";1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\DB775D1AD2969CA489FDE8C3337B294E\SourceList\Media]
    @DACL=(02 0000)
    "1"=";"
    "2"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\DDA39468D428E8B4DB27C8D5DC5CA217\SourceList\Media]
    @DACL=(02 0000)
    "1"=";"
    "2"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\DFC90B5F2B0FFA63D84FD16F6BF37C4B\SourceList\Media]
    @DACL=(02 0000)
    "1"=";1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\E83E246D42D0C684A9D23E61DD96F6B4\SourceList\Media]
    @DACL=(02 0000)
    "1"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\EB940C659E972054EB7A79453A6EF0B9\SourceList\Media]
    @DACL=(02 0000)
    "1"=";"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\EDC3967BB470C1035948CF343496C6B8\SourceList\Media]
    @DACL=(02 0000)
    "1"=";1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\F9165FFF310246008AE599497FA0E9D5\SourceList\Media]
    @DACL=(02 0000)
    "DiskPrompt"="Please insert the DVD labeled \"[1]\""
    "1"=";Inventor Fusion 2013 Disk 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Tempo para conclusão: 2013-06-08 21:58:18
    ComboFix-quarantined-files.txt 2013-06-09 00:58
    .
    Pré-execução: 253.861.425.152 bytes disponíveis
    Pós execução: 253.651.496.960 bytes disponíveis
    .
    - - End Of File - - B630AED4A65ABD91A96D4908E0D1BF4A
    A36C5E4F47E84449FF07ED3517B43A31

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Propaganda aleatoria ao acessa qualquer navegador, log para analise.

    Mensagem por Edvan em Sab Jun 08, 2013 9:13 pm

    Ops!!! log para analise [Você precisa estar registrado e conectado para ver este link.]

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Propaganda aleatoria ao acessa qualquer navegador, log para analise.

    Mensagem por joram em Dom Jun 09, 2013 7:53 am

    Bom Dia! Edvan

    |- Baixe: < [Você precisa estar registrado e conectado para ver este link.] >
    |- Salve-o no desktop!
    |- Desabilite seu antivírus ou antispyware,para que a ferramenta não seja detectada como malware.
    |- Execute AT-Destroyer.exe como administrador,caso utilize Windows Vista ou 7.

    [Você precisa estar registrado e conectado para ver este link.]

    |- Escolha a opção "Buscar" e aguarde a finalização do scan.
    |- Poste o relatório! ( C:\AT-Destroyer.txt )

    -/-

    |- Feche programas/pastas que estejam abertas.
    |- Feche,também,o navegador!
    |- Para Windows Vista,desabilite a [Você precisa estar registrado e conectado para ver este link.].

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
    |- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

    [MD5.00000000000000000000000000000000] [APT] [{97CAD944-A341-4D2D-A421-5A9572EC2ADD}] (...) -- C:\Users\Edvan\Desktop\VirtualBox-4.2.4-81684-Win.exe (.not file.) [0]
    O3 - Toolbar: (no name) [64Bits] - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} Orphean Key
    O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Orphean Key
    O87 - FAEL: "TCP Query User{69823462-E832-47AC-87A2-8EF8D3AFC93A}C:\program files\telexfree\run.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\telexfree\run.exe (.not file.)
    O87 - FAEL: "UDP Query User{1A81B48A-EE20-4C37-956A-4E1BB1EF50C3}C:\program files\telexfree\run.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\telexfree\run.exe (.not file.)
    O87 - FAEL: "{D3A884D8-7C0D-413E-9F61-F9F59FAC6F77}" |In - Public - P17 - TRUE | .(...) -- C:\program files\telexfree\run.exe (.not file.)
    O87 - FAEL: "{DDCB2F19-FAD2-4B88-8B06-12F1B59B65F5}" |In - Public - P6 - TRUE | .(...) -- C:\program files\telexfree\run.exe (.not file.)
    G2 - GCE: Preference [User Data\Default] [dhkplhfnhceodhffomolpfigojocbpcb] Babylon Toolbar v.1.8 (Désactivé) => Infection BT (Toolbar.Babylon)

    proxyfix
    emptytemp
    emptyclsid
    emptyflash
    firewallraz
    sysrestore
    |- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
    |- Minimize o Bloco de Notas.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Clique no menu,"Paste ClipBoard".
    |- Evite a opção "Colar" ( Ctrl+V ),no campo amarelo claro,que não habilita o botão "Go".

    [Você precisa estar registrado e conectado para ver este link.]

    |- Clique "GO" -> Oui.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
    |- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

    Abs!

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Propaganda aleatoria ao acessa qualquer navegador, log para analise.

    Mensagem por Edvan em Dom Jun 09, 2013 7:57 pm

    ######################## AT-Destroyer By Infospyware.
    Hora/Día/Mes/Año: 20:54:30 \\\ 09/06/2013
    AT-Destroyer 2.1 By Infospyware ---> [Você precisa estar registrado e conectado para ver este link.]
    Última actualización: 30/11/2012
    Opción escogida: 1 :Buscar
    Versión Internet Explorer:9.0.8112.16421
    Privilegios: Edvan - Administrador
    Modo Actual: Modo Normal.
    Nombre del pc: EDVAN-PC
    Información del sistema operativo:X64-WIN_7-
    nombre del usuario:Edvan
    Lenguaje del sistema: Portugués



    >>>>>> Servicios <<<<<<



    >>>>>> Carpetas <<<<<<



    >>>>>> Archivos <<<<<<



    >>>>>> Registro <<<<<<



    >>>>>> Heurística <<<<<<

    Encontrado: C:\Users\Edvan\2012-12-05-01-57-51.020-VirtualBox.exe-3900.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-03-07-22-30-33.000-VirtualBox.exe-3808.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-00-14-19.048-VirtualBox.exe-2284.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-00-15-22.022-VirtualBox.exe-4588.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-00-16-11.092-VirtualBox.exe-5028.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-00-26-19.079-VirtualBox.exe-3540.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-00-28-04.013-VirtualBox.exe-3500.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-02-09-46.091-VirtualBox.exe-3500.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-02-11-49.073-VirtualBox.exe-3996.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-02-12-44.062-VirtualBox.exe-5032.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-02-13-46.032-VirtualBox.exe-4612.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-02-16-13.033-VirtualBox.exe-4972.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-02-16-22.070-VirtualBox.exe-4376.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-02-16-46.041-VirtualBox.exe-4848.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-02-18-28.036-VirtualBox.exe-3340.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-02-19-22.076-VirtualBox.exe-4408.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-02-21-13.058-VirtualBox.exe-4220.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-02-21-19.086-VirtualBox.exe-3828.log (Heur malware.win32.generic)
    Encontrado: C:\Users\Edvan\2013-04-21-02-23-07.053-VirtualBox.exe-3700.log (Heur malware.win32.generic)


    >>>>>> Internet Explorer <<<<<<

    Start Page==about:blank
    Local Page==C:\Windows\SysWOW64\blank.htm
    Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
    Default_search_url==http://go.microsoft.com/fwlink/?LinkId=54896
    Default_Page_URL==about:blank


    ''HKCU\Software\Microsoft\Internet Explorer\Main''
    Start Page==http://www.google.com.br/
    Local Page==C:\Windows\system32\blank.htm
    Search Page==http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_search_url==
    Default_Page_URL==


    HKEY_USERS\S-1-5-21-4069876537-3619617356-1919562461-1000\Software\Microsoft\Internet Explorer\Main''
    Start Page==http://www.google.com.br/
    Local Page==C:\Windows\system32\blank.htm
    Search Page==http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_search_url==
    Default_Page_URL==


    >>>>>> Extensiones Firefox <<<<<<



    >>>>>> Plugins Firefox <<<<<<

    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@EDVR/WebClient
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3

    >>>>>> Google Chrome <<<<<<

    "homepage": "http://www.google.com.br/",
    "homepage_changed": true,
    "homepage_is_newtabpage": false,


    >>>>>> Extensiones Google Chrome <<<<<<

    C:\Users\Edvan\AppData\Local\Google\Chrome\User Data\Default\Extensions\2
    C:\Users\Edvan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
    C:\Users\Edvan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk

    ======== Listado ===========

    C:\Users\Edvan\AppData\Roaming\Autodesk [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\DAEMON Tools Lite [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\EPSON [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\Google [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\Identities [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\InstallShield [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\Macromedia [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\Malwarebytes [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\Media Center Programs [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\Media Player Classic [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\Microsoft [SDI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\Mozilla [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\Nero [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\PDF Architect [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\PhotoScape [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\Real [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\Skype [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\TeamViewer [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\TelexFree [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\uTorrent [DI] 0 ( )
    C:\Users\Edvan\AppData\Roaming\WinRAR [D] 0 ( )
    C:\Program Files (x86)\Adobe Download Assistant [D] 0( 0)
    C:\Program Files (x86)\Auslogics [D] 0( 0)
    C:\Program Files (x86)\Autodesk [D] 0( 0)
    C:\Program Files (x86)\Blok Free 4 [D] 0( 0)
    C:\Program Files (x86)\Blok Master [D] 0( 0)
    C:\Program Files (x86)\Client [D] 0( 0)
    C:\Program Files (x86)\Common Files [D] 0( 0)
    C:\Program Files (x86)\DAEMON Tools Lite [D] 0( 0)
    C:\Program Files (x86)\desktop.ini [HSA] 174 bytes( 0)
    C:\Program Files (x86)\DMMultiView [D] 0( 0)
    C:\Program Files (x86)\DsNET Corp [D] 0( 0)
    C:\Program Files (x86)\EASEUS [D] 0( 0)
    C:\Program Files (x86)\epson [D] 0( 0)
    C:\Program Files (x86)\Epson Software [D] 0( 0)
    C:\Program Files (x86)\Foxit Software [D] 0( 0)
    C:\Program Files (x86)\FreeTime [D] 0( 0)
    C:\Program Files (x86)\Google [D] 0( 0)
    C:\Program Files (x86)\InstallShield Installation Information [HD] 0( 0)
    C:\Program Files (x86)\Intel [D] 0( 0)
    C:\Program Files (x86)\Internet Explorer [D] 0( 0)
    C:\Program Files (x86)\Java [D] 0( 0)
    C:\Program Files (x86)\K-Lite Codec Pack [D] 0( 0)
    C:\Program Files (x86)\Malwarebytes' Anti-Malware [D] 0( 0)
    C:\Program Files (x86)\Marcos Velasco Security [D] 0( 0)
    C:\Program Files (x86)\Microsoft [D] 0( 0)
    C:\Program Files (x86)\Microsoft Office [D] 0( 0)
    C:\Program Files (x86)\Microsoft Silverlight [D] 0( 0)
    C:\Program Files (x86)\Microsoft Visual Studio [D] 0( 0)
    C:\Program Files (x86)\Microsoft Works [D] 0( 0)
    C:\Program Files (x86)\Microsoft.NET [D] 0( 0)
    C:\Program Files (x86)\Mozilla Firefox [D] 0( 0)
    C:\Program Files (x86)\MSBuild [D] 0( 0)
    C:\Program Files (x86)\MSXML 4.0 [D] 0( 0)
    C:\Program Files (x86)\Nero [D] 0( 0)
    C:\Program Files (x86)\PDF Architect [D] 0( 0)
    C:\Program Files (x86)\PDFCreator [D] 0( 0)
    C:\Program Files (x86)\PhotoScape [D] 0( 0)
    C:\Program Files (x86)\Real [D] 0( 0)
    C:\Program Files (x86)\Realtek [D] 0( 0)
    C:\Program Files (x86)\Reference Assemblies [D] 0( 0)
    C:\Program Files (x86)\Skype [RD] 0( 0)
    C:\Program Files (x86)\TeamViewer [D] 0( 0)
    C:\Program Files (x86)\Temp [HD] 0( 0)
    C:\Program Files (x86)\Uninstall Information [HD] 0( 0)
    C:\Program Files (x86)\uTorrent [D] 0( 0)
    C:\Program Files (x86)\uTorrent Acceleration Tool [D] 0( 0)
    C:\Program Files (x86)\v9Soft [D] 0( 0)
    C:\Program Files (x86)\VS Revo Group [D] 0( 0)
    C:\Program Files (x86)\Winco [D] 0( 0)
    C:\Program Files (x86)\Windows Defender [D] 0( 0)
    C:\Program Files (x86)\Windows Live [D] 0( 0)
    C:\Program Files (x86)\Windows Live SkyDrive [D] 0( 0)
    C:\Program Files (x86)\Windows Mail [D] 0( 0)
    C:\Program Files (x86)\Windows Media Player [D] 0( 0)
    C:\Program Files (x86)\Windows NT [D] 0( 0)
    C:\Program Files (x86)\Windows Photo Viewer [D] 0( 0)
    C:\Program Files (x86)\Windows Portable Devices [D] 0( 0)
    C:\Program Files (x86)\Windows Sidebar [D] 0( 0)
    C:\Program Files (x86)\WinRAR [D] 0( 0)
    C:\Program Files (x86)\ZHPDiag [D] 0( 0)
    C:\ProgramData\Ambiente de trabalho [HSDLI] 0 0
    C:\ProgramData\Apple [DI] 0 0
    C:\ProgramData\Application Data [HSDLI] 0 0
    C:\ProgramData\Autodesk [DI] 0 0
    C:\ProgramData\AVAST Software [DI] 0 0
    C:\ProgramData\bf4ppp.bmp [H] 4,00 MB 0
    C:\ProgramData\BMPPP.bmp [H] 4,00 MB 0
    C:\ProgramData\CorelDRAW Graphics Suite X6 [DI] 0 0
    C:\ProgramData\DAEMON Tools Lite [DI] 0 0
    C:\ProgramData\Desktop [HSDLI] 0 0
    C:\ProgramData\Documentos [HSDLI] 0 0
    C:\ProgramData\Documents [HSDLI] 0 0
    C:\ProgramData\EPSON [DI] 0 0
    C:\ProgramData\Favorites [HSDLI] 0 0
    C:\ProgramData\Favoritos [HSDLI] 0 0
    C:\ProgramData\FLEXnet [DI] 0 0
    C:\ProgramData\Google [DI] 0 0
    C:\ProgramData\GP0 [HD] 0 0
    C:\ProgramData\gwp2.sys [H] 264 bytes 0
    C:\ProgramData\Intel [DI] 0 0
    C:\ProgramData\Malwarebytes [DI] 0 0
    C:\ProgramData\Menu Iniciar [HSDLI] 0 0
    C:\ProgramData\Microsoft [SDI] 0 0
    C:\ProgramData\Microsoft Help [DI] 0 0
    C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [AI] 153 bytes 0
    C:\ProgramData\Modelos [HSDLI] 0 0
    C:\ProgramData\Nero [DI] 0 0
    C:\ProgramData\NTUser.dat.LOG1 [HSAI] 5,00 KB 0
    C:\ProgramData\NTUser.dat.LOG2 [HSAI] 0 bytes 0
    C:\ProgramData\NTUser.dat{27fa61ef-e80e-11e1-9998-3085a935c190}.TM.blf [HSAI] 64,0 KB 0
    C:\ProgramData\NTUser.dat{27fa61ef-e80e-11e1-9998-3085a935c190}.TMContainer00000000000000000001.regtrans-ms [HSAI] 512 KB 0
    C:\ProgramData\NTUser.dat{27fa61ef-e80e-11e1-9998-3085a935c190}.TMContainer00000000000000000002.regtrans-ms [HSAI] 512 KB 0
    C:\ProgramData\NTUser.dat{27fa61fa-e80e-11e1-9998-3085a935c190}.TM.blf [HSAI] 64,0 KB 0
    C:\ProgramData\NTUser.dat{27fa61fa-e80e-11e1-9998-3085a935c190}.TMContainer00000000000000000001.regtrans-ms [HSAI] 512 KB 0
    C:\ProgramData\NTUser.dat{27fa61fa-e80e-11e1-9998-3085a935c190}.TMContainer00000000000000000002.regtrans-ms [HSAI] 512 KB 0
    C:\ProgramData\Real [DI] 0 0
    C:\ProgramData\regid.1986-12.com.adobe [DI] 0 0
    C:\ProgramData\Skype [DI] 0 0
    C:\ProgramData\Start Menu [HSDLI] 0 0
    C:\ProgramData\Sun [DI] 0 0
    C:\ProgramData\TEMP [DAI] 0 0
    C:\ProgramData\Templates [HSDLI] 0 0
    C:\ProgramData\UDL [DI] 0 0
    ======================EOF=======================


    Rapport de ZHPFix 2013.6.4.1 par Nicolas Coolman, Update du 04/06/2013
    Fichier d'export Registre :
    Run by Edvan at 09/06/2013 20:56:06
    High Elevated Privileges : OK
    Windows 7 Ultimate Edition, 64-bit (Build 7600)

    Recycle Files Deleted

    ========== Registry Key ==========
    DELETED Key: CLSID: [HKLM\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
    DELETED Key: CLSID: [HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]

    ========== Registry Value ==========
    DELETED Toolbar: {9421DD08-935F-4701-A9CA-22DF90AC4EA6}
    DELETED Toolbar: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
    NOT FOUND TCP Query User{69823462-E832-47AC-87A2-8EF8D3AFC93A}C:/program files/telexfree/run.exe
    NOT FOUND UDP Query User{1A81B48A-EE20-4C37-956A-4E1BB1EF50C3}C:/program files/telexfree/run.exe
    DELETED {D3A884D8-7C0D-413E-9F61-F9F59FAC6F77}
    DELETED {DDCB2F19-FAD2-4B88-8B06-12F1B59B65F5}
    ProxyFix : Proxy killed successfully
    DELETED ProxyServer Value
    DELETED ProxyEnable Value
    DELETED EnableHttp1_1 Value
    DELETED ProxyHttp1.1 Value
    DELETED ProxyOverride Value
    No Value in Standard Profile Register Key FirewallRaz :
    No Value in Domain Profile Register Key FirewallRaz :
    DELETED FirewallRaz (Private) : TCP Query User{69823462-E832-47AC-87A2-8EF8D3AFC93A}C:\program files\telexfree\run.exe
    DELETED FirewallRaz (Private) : UDP Query User{1A81B48A-EE20-4C37-956A-4E1BB1EF50C3}C:\program files\telexfree\run.exe

    ========== Browser Profiles ==========
    NOT FOUND Folder Chrome: C:\Users\Edvan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

    ========== Repertory ==========
    No Empty CLSID Directories
    DELETED Flash Cookies

    ========== File ==========
    DELETED Window Temporary
    DELETED Flash Cookies

    ========== Task ==========
    DELETED Task: {97CAD944-A341-4D2D-A421-5A9572EC2ADD}

    ========== Restoration ==========
    Restore System Point created succefully


    ========== Summary ==========
    2 : Registry Key
    16 : Registry Value
    2 : Repertory
    2 : File
    1 : Browser Profiles
    1 : Task
    1 : Restoration


    End of clean in 00mn 24s

    ========== Report File ==========
    C:\ZHP\ZHPFix[R1].txt - 09/06/2013 20:56:06 [2158]

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Propaganda aleatoria ao acessa qualquer navegador, log para analise.

    Mensagem por joram em Seg Jun 10, 2013 9:03 am

    Bom Dia! Edvan

    < [Você precisa estar registrado e conectado para ver este link.] >

    |- Detectado pela ferramenta AT-Destroyer,segundo a heurística estabelecida,a VirtualBox como "Heur malware.win32.generic". Acredito ser FP já que seu antivírus,Avast,nada detectou!

    [Você precisa estar registrado e conectado para ver este link.]

    |- Abra,novamente,a ferramenta AT-Destroyer e clique "Desinstalar".

    -/-

    < C:\Program Files (x86)\v9Soft [D] 0( 0) >

    |- Delete esta pasta,em destaque,pois parece estar vazia.

    |- Baixe: < [Você precisa estar registrado e conectado para ver este link.] > ( ... by Oleg N. Scherbakov )
    |- Salve-o no desktop!
    |- Para Windows 7,clique direito em JRT.exe e execute-o ... [Você precisa estar registrado e conectado para ver esta imagem.]
    |- Aguarde a conclusão e poste o relatório. ( JRT.txt )

    A+

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Propaganda aleatoria ao acessa qualquer navegador, log para analise.

    Mensagem por Edvan em Seg Jun 10, 2013 11:28 am

    Detectado pela ferramenta AT-Destroyer,segundo a heurística estabelecida,a VirtualBox como "Heur malware.win32.generic". Acredito ser FP já que seu antivírus,Avast,nada detectou!

    |- Abra,novamente,a ferramenta AT-Destroyer e clique "Desinstalar".



    Sobre o <VirtualBox>, realmente tenho algumas maquinas virtuais para estudo (Linux)..


    C:\Program Files (x86)\v9Soft [D] 0( 0) >

    |- Delete esta pasta,em destaque,pois parece estar vazia.

    Fui lá na pasta ==> v9Soft, realmente nao tinha nada dentro, deletei a mesma..

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Windows 7 Ultimate x64
    Ran by Edvan on 10/06/2013 at 12:17:51,95
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 10/06/2013 at 12:22:10,33
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Propaganda aleatoria ao acessa qualquer navegador, log para analise.

    Mensagem por joram em Seg Jun 10, 2013 11:32 am

    Ok! Edvan

    |- Não vejo mais Adwares em seu PC.

    -/-

    |- Baixe: |[Você precisa estar registrado e conectado para ver este link.]| ( ... de Xplode )

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Estando na página,clique na seta verde para o download.
    |- Salve-a em um local conveniente! ( desktop! )
    |- Feche aplicativos que estejam abertos.

    [Você precisa estar registrado e conectado para ver este link.]

    |- Execute-a!
    |- Com as duas checkbox marcadas!
    |- Clique "Run".
    |- Tudo Ok?

    Abs!

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Propaganda aleatoria ao acessa qualquer navegador, log para analise.

    Mensagem por Edvan em Seg Jun 10, 2013 11:34 am

    tudo ok amigo, mais uma vez obrigado.

    # DelFix v10.3 - Logfile created 10/06/2013 at 12:30:34
    # Updated 08/06/2013 by Xplode
    # Username : Edvan - EDVAN-PC
    # Operating System : Windows 7 Ultimate (64 bits)

    ~ Removing disinfection tools ...

    Deleted : C:\Qoobox
    Deleted : C:\JRT
    Deleted : C:\ZHP
    Deleted : C:\Program Files (x86)\ZHPDiag
    Deleted : C:\AdwCleaner[S1].txt
    Deleted : C:\ComboFix.txt
    Deleted : C:\PhysicalDisk0_MBR.bin
    Deleted : C:\rapport.txt
    Deleted : C:\Users\Edvan\Desktop\adwcleaner.exe
    Deleted : C:\Users\Edvan\Desktop\ComboFix.exe
    Deleted : C:\Users\Edvan\Desktop\JRT.exe
    Deleted : C:\Users\Edvan\Desktop\JRT.txt
    Deleted : C:\Users\Edvan\Desktop\ZHPDiag.txt
    Deleted : C:\Users\Edvan\Desktop\ZHPDiag2.exe
    Deleted : C:\Users\Public\Desktop\MBRCheck.lnk
    Deleted : C:\Users\Public\Desktop\ZHPDiag.lnk
    Deleted : C:\Users\Public\Desktop\ZHPFix.lnk
    Deleted : C:\Windows\grep.exe
    Deleted : C:\Windows\PEV.exe
    Deleted : C:\Windows\NIRCMD.exe
    Deleted : C:\Windows\MBR.exe
    Deleted : C:\Windows\SED.exe
    Deleted : C:\Windows\SWREG.exe
    Deleted : C:\Windows\SWSC.exe
    Deleted : C:\Windows\SWXCACLS.exe
    Deleted : C:\Windows\Zip.exe
    Deleted : HKLM\SOFTWARE\AdwCleaner
    Deleted : HKLM\SOFTWARE\Swearware
    Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

    ~ Cleaning system restore ...

    Deleted : RP #64 [Installed Java 7 Update 21 | 05/14/2013 15:35:05]
    Deleted : RP #65 [Removed TelexFree | 05/16/2013 00:49:17]
    Deleted : RP #66 [Removed Microsoft Web Platform Installer 4.5 | 05/16/2013 00:51:11]
    Deleted : RP #67 [Ponto de Verificação Agendado | 05/27/2013 01:27:49]
    Deleted : RP #68 [Ponto de Verificação Agendado | 06/06/2013 17:08:51]
    Deleted : RP #69 [ComboFix created restore point | 06/09/2013 00:50:24]
    Deleted : RP #70 [P | 06/09/2013 23:55:50]

    New restore point created !

    ########## - EOF - ##########

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Propaganda aleatoria ao acessa qualquer navegador, log para analise.

    Mensagem por joram em Seg Jun 10, 2013 11:37 am

    CASO RESOLVIDO!

    Necessitando novo auxílio para este computador,basta abrir "Novo Tópico" e relatar o problema.

    Conteúdo patrocinado

    Re: Propaganda aleatoria ao acessa qualquer navegador, log para analise.

    Mensagem por Conteúdo patrocinado Hoje à(s) 12:56 pm


      Data/hora atual: Sex Dez 02, 2016 12:55 pm