Procurar

Palavras-chaves

Últimos assuntos

» OpenTip (...by Kaspersky.com)
Muitos Adwares, log para analise Empty

Sáb Mar 23, 2024 10:28 am por joram

» KpRm ( ... by Kernel-panik )
Muitos Adwares, log para analise Empty

Ter Ago 11, 2020 9:47 pm por joram

» ESET Rogue Applications Remover ( ... by Eset.com )
Muitos Adwares, log para analise Empty

Sáb Ago 01, 2020 7:49 am por joram

» PW Clean 2.7 ( ... by Doutor PW )
Muitos Adwares, log para analise Empty

Ter maio 15, 2018 9:27 am por joram

» CKScanner ( ... by askey127 )
Muitos Adwares, log para analise Empty

Sáb maio 05, 2018 1:12 pm por joram

» AdwCleaner ( ... by XPlode )
Muitos Adwares, log para analise Empty

Seg Abr 16, 2018 8:47 am por joram

» ZHPDiag ( ... de Nicolas Coolman )
Muitos Adwares, log para analise Empty

Sáb Abr 14, 2018 8:56 am por joram

» Argente - Registry Cleaner ( ... by Argente Software )
Muitos Adwares, log para analise Empty

Dom Nov 19, 2017 4:36 pm por joram

» ListChkdskResult ( ... by SleepyDude )
Muitos Adwares, log para analise Empty

Dom Set 24, 2017 1:39 pm por joram

abril 2024

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

Calendário

Parceiros

Os membros mais mencionados

Nenhum usuário

Muitos Adwares, log para analise

Edvan

Edvan: Membro; Mensagens : 428
Data de inscrição : 14/02/2013
Idade : 43
Localização : Natal/RN

Mensagem nº1

Muitos Adwares, log para analise

por Edvan Ter Jun 18, 2013 9:11 pm

Log para analise [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Amigo, essa maquina está muito contaminada, muitos Adwares, analise por favor esse log, todos os dias a noite estarei passando os procedimentos ate termino da limpeza.

P.S: Seria interessante rodar o combofix?

# AdwCleaner v2.303 - Relatório criado em 18/06/2013 às 21:17:53
# Atualizado em 08/06/2013 por Xplode
# Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)
# Usuário : monica - MONICA-PC
# Modo de Boot : Normal
# Executado de : C:\Users\monica\Downloads\adwcleaner.exe
# Opção [Remover]

***** [Serviços] *****

Encerrado & Removido : DatamngrCoordinator
Encerrado & Removido : WebCake Desktop Updater

***** [Arquivos/Pastas] *****

Arquivo Removido : C:\Users\monica\AppData\Local\funmoods.crx
Arquivo Removido : C:\Users\monica\AppData\Local\funmoods-speeddial.crx
Arquivo Removido : C:\Users\monica\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Arquivo Removido : C:\Users\monica\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Arquivo Removido : C:\Users\monica\AppData\Roaming\Mozilla\Firefox\Profiles\n6ev0466.default\bprotector_extensions.sqlite
Arquivo Removido : C:\Users\monica\AppData\Roaming\Mozilla\Firefox\Profiles\n6ev0466.default\bprotector_prefs.js
Arquivo Removido : C:\Users\monica\AppData\Roaming\Mozilla\Firefox\Profiles\n6ev0466.default\searchplugins\Askcom.xml
Arquivo Removido : C:\Users\monica\AppData\Roaming\Mozilla\Firefox\Profiles\n6ev0466.default\searchplugins\Search_Results.xml
Arquivo Removido : C:\windows\Tasks\DSite.job
Pasta Removido : C:\Program Files\Delta
Pasta Removido : C:\Program Files\WebCake
Pasta Removido : C:\ProgramData\Ask
Pasta Removido : C:\ProgramData\Babylon
Pasta Removido : C:\ProgramData\Browser Manager
Pasta Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Pasta Removido : C:\ProgramData\Tarma Installer
Pasta Removido : C:\Users\monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Pasta Removido : C:\Users\monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbajpeofkjjeiamcglnmldoboonfkiol
Pasta Removido : C:\Users\monica\AppData\LocalLow\BabylonToolbar
Pasta Removido : C:\Users\monica\AppData\Roaming\Babylon
Pasta Removido : C:\Users\monica\AppData\Roaming\DealPly
Pasta Removido : C:\Users\monica\AppData\Roaming\Delta
Pasta Removido : C:\Users\monica\AppData\Roaming\DSite
Pasta Removido : C:\Users\monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Pasta Removido : C:\Users\monica\AppData\Roaming\Mozilla\Firefox\Profiles\n6ev0466.default\extensions\plugin@getwebcake.com
Pasta Removido : C:\Users\monica\AppData\Roaming\OpenCandy
Pasta Removido : C:\Users\monica\AppData\Roaming\WebCake
Removido Durante o reboot : C:\Program Files\Search Results Toolbar

***** [Registro] *****

Chave Removida : HKCU\Software\5ae8fdcb538be40
Chave Removida : HKCU\Software\APN DTX
Chave Removida : HKCU\Software\AppDataLow\Software\Crossrider
Chave Removida : HKCU\Software\DataMngr_Toolbar
Chave Removida : HKCU\Software\DealPly
Chave Removida : HKCU\Software\Delta
Chave Removida : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Removida : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Removida : HKCU\Software\ilivid
Chave Removida : HKCU\Software\Iminent
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\InstalledBrowserExtensions
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311251140}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Removida : HKCU\Software\Softonic
Chave Removida : HKLM\SOFTWARE\5ae8fdcb538be40
Chave Removida : HKLM\Software\Babylon
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311251140}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322252240}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Chave Removida : HKLM\SOFTWARE\Classes\CrossriderApp0032540.BHO
Chave Removida : HKLM\SOFTWARE\Classes\CrossriderApp0032540.BHO.1
Chave Removida : HKLM\SOFTWARE\Classes\CrossriderApp0032540.Sandbox
Chave Removida : HKLM\SOFTWARE\Classes\CrossriderApp0032540.Sandbox.1
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaappCore
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Chave Removida : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Chave Removida : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Chave Removida : HKLM\SOFTWARE\Classes\f
Chave Removida : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Chave Removida : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Chave Removida : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Chave Removida : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Chave Removida : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Chave Removida : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Chave Removida : HKLM\Software\Classes\Installer\Features\7E685771E24E83F4381D1DB5A45F7B41
Chave Removida : HKLM\Software\Classes\Installer\Products\7E685771E24E83F4381D1DB5A45F7B41
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355255540}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366256640}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
Chave Removida : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Chave Removida : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344254440}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Removida : HKLM\Software\DataMngr
Chave Removida : HKLM\Software\DealPly
Chave Removida : HKLM\Software\Delta
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\jbajpeofkjjeiamcglnmldoboonfkiol
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Chave Removida : HKLM\Software\iLividSRTB
Chave Removida : HKLM\Software\Iminent
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311251140}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311251140}
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7E685771E24E83F4381D1DB5A45F7B41
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{177586E7-E42E-4F38-83D1-D15B4AF5B714}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Chave Removida : HKLM\Software\Tarma Installer
Chave Removida : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Dados Removida : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\mgrldr.dll
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Valor Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WebCake Desktop]
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{377E5D4D-77E5-476A-8716-7E70A9272DA0}]
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Navegadores] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registro está limpo.

-\\ Mozilla Firefox v21.0 (en-US)

Arquivo : C:\Users\monica\AppData\Roaming\Mozilla\Firefox\Profiles\n6ev0466.default\prefs.js

C:\Users\monica\AppData\Roaming\Mozilla\Firefox\Profiles\n6ev0466.default\user.js ... Removido !

Removida : user_pref("browser.search.order.1", "Ask.com");
Removida : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/406?appid=484");
Removida : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=484&systemid=406&apn[...]

-\\ Google Chrome v27.0.1453.110

Arquivo : C:\Users\monica\AppData\Local\Google\Chrome\User Data\Default\Preferences

Removida [l.37] : keyword = "search-results.com",
Removida [l.41] : search_url = "hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=484&systemid=406&apn_uid=[...]
Removida [l.2524] : homepage = "hxxp://www.searchnu.com/406?appid=484",
Removida [l.3045] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406?appid=484" ]

*************************

AdwCleaner[S1].txt - [21012 octets] - [18/06/2013 21:17:53]

########## EOF - C:\AdwCleaner[S1].txt - [21073 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Starter x86
Ran by monica on 18/06/2013 at 21:46:24,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7D79AD85-4075-4B97-9548-08DA102BD467}

~~~ Files

Successfully deleted: [File] C:\windows\system32\sho3B5.tmp
Successfully deleted: [File] C:\windows\system32\sho652E.tmp
Successfully deleted: [File] C:\windows\system32\sho8999.tmp
Successfully deleted: [File] C:\windows\system32\sho9022.tmp
Successfully deleted: [File] C:\windows\system32\shoD730.tmp

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu"
Successfully deleted: [Folder] "C:\ProgramData\datamngr"
Successfully deleted: [Folder] "C:\ProgramData\wincert"
Successfully deleted: [Folder] "C:\Users\monica\AppData\Roaming\baidu"
Successfully deleted: [Folder] "C:\Users\monica\appdata\locallow\datamngr"
Failed to delete: [Folder] "C:\Program Files\search results toolbar"
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{011EE2FD-20A0-4F69-8168-02612915929C}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{01DECD23-184B-41A7-8E56-AB9EB056028E}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{01F87046-4225-45CB-AA5C-959BE8BC48E5}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{03169C89-8966-4BFA-813F-6C2748A9834C}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{035BF965-C8AA-4A42-8DDA-7638B30677FB}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{05624015-4A1D-4A7E-8217-E433C99EFA33}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{0B3610C7-59F4-483A-9013-23602D4B9172}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{0D44C0D4-7935-460D-B158-223E3DFB007A}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{0E802931-D8C8-4E39-AFE0-26ECF6EDA072}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{1130F7CE-7F2C-4228-B133-90E0AB3A4774}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{13FB1BCF-BFC0-42FA-9C10-11E9459D2DB3}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{14524E9A-7BF1-49DE-B2CD-C334D9C7E4AA}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{147360FF-EF2D-406E-B2B6-07B639C84E7B}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{15EA2557-6E9F-4865-9DB5-777FE945022C}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{15F7FB60-0F62-4A66-AB5A-EB4C725D003B}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{1643814E-C882-4833-B420-C82307311722}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{176803BD-9EC1-417A-B920-C6155E4564FF}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{1B084E22-82D2-41FF-99D2-D8F8741EBD99}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{1C40B527-D34D-4F31-9E99-46305FB107C1}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{1C440412-17F5-4DF3-BB47-AA1647336128}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{1C4821A1-A063-48CC-A902-BE33B1B8B477}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{1D06D182-022F-444C-BD26-8ADB2EDDF7E0}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{1D1883EA-CFEF-4272-992E-C42E3CFF9D19}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{1F86861A-658B-44CC-A551-1B043E32CC12}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{2196F6B2-46D0-44C5-BD6F-0A107CA540BD}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{22B7BAEF-BC88-4BEC-A764-A2F9FB1B5555}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{25B9D3D0-55A3-4AFB-96EC-28C9455B2499}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{2661485E-280F-4368-82E5-6D83F63753AC}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{27B34397-FF13-41AC-B88B-FA9227E82365}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{29899FD8-34CF-45BB-ADDE-6F8854C57C7E}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{2ABBE549-D386-4F3C-BEEB-137B2D7488FC}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{2ED93D33-15EF-4E1D-83A9-E2CC5DA1262F}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{2F61DDE4-4E53-4794-86B0-2DBEEAA591CF}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{3073E50E-B114-45D0-B03C-5A342BD7BEE3}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{30B19B43-EF2A-4BD5-A954-55B80959CDC3}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{30F84718-3916-4405-A9A0-321848258DE1}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{31E43AF2-52C1-4A66-9801-772A91221862}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{329DB66A-B4DE-41D8-9A44-011DB45EE578}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{32E1278D-5D96-4FDE-BD27-49D12FF8274D}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{3776028B-995A-492A-869E-615398446C24}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{387DCC0D-1AE9-4565-A9A5-EF79F3F49F91}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{39980D29-01CB-492B-853B-D5ECD0CA1C82}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{39B8BA53-8892-452F-943B-4FA2B2892227}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{3A5F9221-BAD5-4411-827F-5E8B7005EBF7}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{3A9C8DDF-F140-4A84-89C3-0039FF156715}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{3AF154AA-E304-403A-B98B-6B609149D656}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{3CA2AC85-40D2-49C5-962C-986019255BDC}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{3D208EBA-AFF3-4E88-9632-134A22154C99}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{3EAC1D27-8A4F-4A4A-A562-454C00779DFA}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{3F2A14D2-7E04-4615-BC58-B518838EBC17}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{4069D43C-7491-421A-8419-434BBC2918E2}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{43B76F91-5CF3-4D57-9BDE-CDE9996C11E4}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{4585493F-4999-4F6E-94BC-065B81A73868}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{45896C76-922A-4077-8085-40D857F57F36}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{45DD9ABF-11F2-4D0B-951E-1674363D744A}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{47537848-B1D6-4857-8C46-F47FDEB8A5D5}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{49E047EC-D0FF-4D9A-A1F5-566D7582104E}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{4D897199-66D3-4126-81E9-3692F556F66B}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{50135184-A035-48DA-9CB2-74A3ABA0495D}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{502CF659-ED87-4C43-9163-E24AE7C2DFCB}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{543F3AED-5EA7-42D0-B6BA-A864D56DF9B0}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{54E0EA95-8FAF-41E0-A231-9D52AA4D5AD8}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{56DE1988-1D20-4A8F-9682-0D43F40CFA05}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{58290FE5-9BE0-47E6-9763-F81304FAEF72}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{58C8CB39-94C4-485B-B2B8-17071318F561}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{59116400-9211-4EF7-834C-C93785980234}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{5919FEE8-80F2-4789-AC18-7C5AA7BF8460}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{59EFCAA6-299A-47A0-B276-6F778D46B24A}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{5BE1DEF8-EF55-4FC1-960D-7AF7393EFCC6}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{5E3DCBE1-5102-495C-A26D-A4D42899FFE0}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{60633B3D-7717-4A8D-A1A5-A0A5BEB54D4E}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{60D3F82C-6C87-4A99-A30F-921B5358DAF0}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{623ED6CF-E46F-443C-B99D-B548902A46D2}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{62D79825-0BC0-4BC9-A67B-14F1626AAED6}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{6544F273-C441-4545-AD51-F585E50F797C}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{6A1BFEFE-F254-4DA2-A742-2C09E876478A}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{6EA916AC-9310-4138-8FDC-9BE454A497F0}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{6FD06AA9-2D52-41DE-AEC4-6274EBF17F8A}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{727D6332-8427-4EF4-923E-5B3A4814A915}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{7366B495-66D9-44EB-81CF-7640E9F2D095}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{75719C68-C318-4C75-AB15-F6C8DE6E02D0}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{7674A07A-E4E4-473C-BFF1-EAB978EA8853}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{76C1C5EB-3A30-4626-8ACE-D6ECC668F84B}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{780C211F-AF26-462E-B4BE-8BAC5958FEF9}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{79470748-4EA6-4791-BBF4-DFFBEA97EC8F}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{7AC1E160-D1E7-4AE8-A01D-7CC3F59D7334}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{7C58BABB-B1AA-406A-9FA8-59CBAC1B19BC}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{7E58F2CA-4D3F-40FD-8FDC-AEE03511C18F}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{7ED093BC-1242-49C8-9292-61B97BA9FAFD}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{81853484-8581-4F86-B511-E4BD598FA223}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{84F31FEF-347E-4CA3-9704-A0EB0FD6A2D2}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{85993DF9-B090-4C57-9E80-D77C12B1E1BF}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{85A570A3-49EA-4148-8EAF-8A4D4872C4B4}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{87C99132-6183-4798-B0BB-95F563E2F5C4}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{938C5EAE-FC72-4DC1-8EB0-0650718B370F}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{960510DE-AA5D-4CD2-B26F-4A756D43401F}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{9A0A2B13-B805-4F3B-BF54-8D557938185D}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{9A8A772B-7B50-4B00-9AB2-790564C34922}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{9BD334B6-172F-4017-B259-BA53DECD499A}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{9BEBCD76-0898-4FF6-AEDD-46A681D553DB}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{9D0DAA0B-024E-4172-BDA5-EA932EA66971}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{9DE90FC0-5ED6-49E1-9F3F-7BA79D8E8C84}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{A04E506D-AAE4-420F-B92E-04EA7D2E9DEB}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{A3D95E16-9890-487F-B5A7-958636D98BAA}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{A4831B7E-971A-4891-A803-F3ECE4E30F4E}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{A58D244A-AB6B-4E4C-A64C-074255CC9912}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{A7A2478E-9830-43A5-B9E9-40A27EB1853B}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{AA23F987-3D0D-4646-BE26-B7904A95295D}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{AA319035-F154-4F6C-B739-6032C91F477C}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{AB4D15FF-C218-4D05-8D6D-B0E64925C206}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{AC1BF9EA-3490-4769-8993-CE4A5BA13EA0}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{AE308620-DD78-47BF-9FFC-2277C5DF6B17}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{AE73F7DB-EBD9-4FCE-85B3-F6712E984D92}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{B0E4BD44-525C-400C-AFBE-E7BDC718A1AC}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{B0F38465-9AEC-4344-A7EC-AA4E168D52A1}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{B16B321D-B983-4C33-B2E8-33F4FA4A58FF}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{B47D5515-1D41-4D84-AC4C-A11CA7C4955A}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{B77A61BD-9479-4C62-A60D-494E1C97A809}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{B81E7018-B2D8-49D5-85F6-2768AEA76225}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{B8728146-E5C3-418D-AE0B-260572B3F872}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{BA1F92A8-A7E0-4FF2-A5FE-CB9CD3349C8A}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{BBCB92F0-6880-4260-A8E6-850E2B2E2794}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{BDDF9693-F88B-4EF2-B9F8-507A399AD29A}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{BFBA457E-08A5-4E56-8DCC-0D7D952D789B}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{BFC07D60-622B-4DFA-8E0C-B940712ADDA4}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{C042319C-6B05-4DD9-8776-02253127A5A8}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{C1159BC3-2E8B-4187-84F9-8E09B1D962FB}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{C1C1B2FA-5B89-4834-93CA-3ED143595E5C}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{C2042E2F-6266-4E4E-9DE7-872064335C04}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{C31D4C8B-B896-43EA-9D26-DEC3D767A9DB}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{C3AC42F1-D504-49DD-B722-A1A669E46D45}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{C616075B-852F-4AC2-A783-67390DCBB80E}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{C7469CB7-F2F7-40ED-B0A0-6E0E780C37CF}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{C8BDBCF0-134D-408E-B603-A93188E2C90A}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{CAC73D8B-8D77-4666-AFF0-C2E1C0A140F1}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{CC900E58-97FA-4573-B6D1-9CC02ADDB7AB}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{CD2D98C9-DEB7-4A34-ACD4-2C05734CE6EF}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{CEA6E8C0-D408-42BA-B106-DCAAAD2E1CF7}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{CF103D8A-7E4D-4F9B-9650-ADA2A5BBE921}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{CF22B557-F331-4BFD-A506-7CB39505DEF4}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{D1495F45-84A2-4164-B24C-42FAD99247DA}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{D1631F5E-1324-434B-8B48-853FAC70A9F9}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{D265DB42-A53A-4C75-90AA-821C2C93A23E}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{D4B3EDDF-C13D-486A-8F0F-C17EE1D3B483}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{D53E08AC-99E9-49ED-BBD6-3BABA8085835}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{D6A5DCFE-8606-4B6B-BDF3-3B1CAAF641F5}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{D6BC47E9-885D-4578-A068-3ECFF5316453}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{D9AA71D6-D1FE-4132-A2E8-208B9D5E8110}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{DCA5CE40-EDD6-4BFB-99B3-6D6C2104F1F4}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{E280A544-0011-4759-B821-ED9C74464794}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{E8DD39ED-E637-4F03-8DA5-D593C2217FAF}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{EBBF40B0-2989-48D2-9F13-75643F45C88F}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{EFC8595D-01BA-4D3C-AB83-D9273A511FCF}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{F0B81909-7487-4B5D-BBC9-35D3482BBC76}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{F3C82196-26B3-4BA4-A729-A87A121C5612}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{F73C79C7-9D16-4514-B47C-2906D277126A}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{FB68C2A3-8585-472B-959B-2FB49E0F761D}
Successfully deleted: [Empty Folder] C:\Users\monica\appdata\local\{FF549857-D6B4-4418-871C-139ACE64C30A}

~~~ FireFox

Successfully deleted the following from C:\Users\monica\AppData\Roaming\mozilla\firefox\profiles\n6ev0466.default\prefs.js

user_pref("extensions.crossrider.bic", "13eb88b610c71f02f31c199a88468490");
Emptied folder: C:\Users\monica\AppData\Roaming\mozilla\firefox\profiles\n6ev0466.default\minidumps [18 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/06/2013 at 21:49:05,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

joram

joram: Administrador Fundador; Mensagens : 626
Data de inscrição : 14/08/2012
Idade : 70
Localização : Rio de Janeiro

Mensagem nº2

Re: Muitos Adwares, log para analise

por joram Qua Jun 19, 2013 2:20 pm

Boa Tarde! Edvan

P.S: Seria interessante rodar o combofix?

|- Sim! Mas recomendo que seja realizado,após a utilização de ZHPDiag e seu Fix.

|- Baixe: | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] | *ºº* < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> *ºº* ( ... de Nicolas Coolman )

|- Salve-o no desktop!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Confirme todos os passos,ao instalar ZHPDiag.
|- Conclua a instalação,clicando em "Termine".

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:

|- <1> MBRCheck
|- <2> ZHPDiag2
|- <3> ZHPFix

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique no ícone do pergaminho. ( ZHPScript )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )
|- Habilite todas as opções de diagnóstico,clicando em "Options".

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique em All.
|- Desmarque,à seguir,as caixinhas de n° O45,O61,O62,O65,O82.

|- [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique em "Calendar" e escolha 30 dias!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique no botão UAC,para desabilitar essa proteção.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )
|- Ao concluir,clique em "Save Report".
|- Salve-o em um local conveniente! ( ZHPDiag.txt )
|- Ps: Não poste,diretamente,esse arquivo texto.

|- Envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link],clicando na seta azul! < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]>

|- Ou acesse: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

|- Ou acesse: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

|- Maiores informações: < |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| >

Abraços!

Edvan

Edvan: Membro; Mensagens : 428
Data de inscrição : 14/02/2013
Idade : 43
Localização : Natal/RN

Mensagem nº3

Re: Muitos Adwares, log para analise

por Edvan Qua Jun 19, 2013 4:37 pm

Código:: Sim! Mas recomendo que seja realizado,após a utilização de ZHPDiag e seu Fix.

O log do ZHPDiag já postei logo no começo.

Você quer que passe o combofix antes, depois eu poste o log do ZHPDiag?

joram

joram: Administrador Fundador; Mensagens : 626
Data de inscrição : 14/08/2012
Idade : 70
Localização : Rio de Janeiro

Mensagem nº4

Re: Muitos Adwares, log para analise

por joram Qua Jun 19, 2013 11:09 pm

OLÁ! Edvan

|- Pode passar o ComboFix e ... depois,a ferramenta ZHPDiag.

A+

Edvan

Edvan: Membro; Mensagens : 428
Data de inscrição : 14/02/2013
Idade : 43
Localização : Natal/RN

Mensagem nº5

Re: Muitos Adwares, log para analise

por Edvan Seg Jun 24, 2013 9:16 pm

Log ZHPDiag [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

ComboFix 13-06-24.01 - monica 24/06/2013 21:59:33.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.55.1046.18.1956.1187 [GMT -3]
Executando de: c:\users\monica\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LyricsOn\lrCSon.dll
c:\programdata\1371148378.bdinstall.bin
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-05-25 to 2013-06-25 Wink

)))))))))))))))))))))))))))
.
.
2013-06-25 01:09 . 2013-06-25 01:09 -------- d-----w- c:\users\monica\AppData\Local\temp
2013-06-25 01:09 . 2013-06-25 01:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-22 10:21 . 2013-06-22 10:21 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-06-19 01:03 . 2013-06-19 01:03 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2013-06-19 01:00 . 2013-06-19 01:03 -------- d-----w- C:\ZHP
2013-06-19 01:00 . 2013-06-19 01:03 -------- d-----w- c:\program files\ZHPDiag
2013-06-19 00:46 . 2013-06-19 00:46 -------- d-----w- c:\windows\ERUNT
2013-06-19 00:46 . 2013-06-19 00:46 -------- d-----w- C:\JRT
2013-06-19 00:18 . 2013-06-19 00:18 107 ----a-w- c:\windows\DeleteOnReboot.bat
2013-06-13 18:53 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-06-13 18:53 . 2013-05-09 08:59 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-13 18:53 . 2013-05-09 08:59 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-06-13 18:53 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-06-13 18:53 . 2013-05-09 08:59 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-13 18:53 . 2013-05-09 08:59 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-13 18:53 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-13 18:53 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-13 18:53 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-06-13 18:52 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-06-13 18:52 . 2013-06-13 18:52 -------- d-----w- c:\program files\AVAST Software
2013-06-13 18:49 . 2013-06-13 18:52 -------- d-----w- c:\programdata\AVAST Software
2013-06-12 09:47 . 2013-06-25 01:03 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F78787F-6A2C-4FDF-B0C2-47281B6975FE}\offreg.dll
2013-06-12 09:45 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F78787F-6A2C-4FDF-B0C2-47281B6975FE}\mpengine.dll
2013-06-11 17:09 . 2013-06-11 17:09 -------- d-----w- c:\users\monica\AppData\Local\DealPlyLive
2013-06-11 17:09 . 2013-06-11 17:09 -------- d-----w- c:\program files\DealPlyLive
2013-06-11 17:09 . 2013-06-11 17:09 -------- d-----w- c:\programdata\DealPlyLive
2013-06-11 17:08 . 2013-06-25 01:08 -------- d-----w- c:\program files\LyricsOn
2013-06-11 16:58 . 2013-06-11 16:59 -------- d-----w- c:\program files\Common Files\DivX Shared
2013-06-11 16:55 . 2013-06-11 17:00 -------- d-----w- c:\program files\DivX
2013-06-11 16:55 . 2013-06-11 16:55 -------- d-----w- c:\users\monica\AppData\Roaming\LavFilters
2013-06-11 16:55 . 2013-06-11 16:55 -------- d-----w- c:\users\monica\AppData\Roaming\CDXReader
2013-06-11 16:55 . 2013-06-11 16:55 -------- d-----w- c:\program files\Lame For Audacity
2013-06-11 16:55 . 2013-06-11 16:55 -------- d-----w- c:\program files\DSP-worx
2013-06-11 16:55 . 2013-06-11 17:00 -------- d-----w- c:\programdata\DivX
2013-06-11 16:54 . 2013-06-11 16:54 -------- d-----w- c:\program files\OpenSource Flash Video Splitter
2013-06-11 16:53 . 2013-06-19 00:17 -------- d-----w- c:\program files\Search Results Toolbar
2013-06-10 19:15 . 2013-06-10 19:15 -------- d-----w- c:\program files\Common Files\Java
2013-06-10 19:15 . 2013-06-10 19:14 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-10 19:15 . 2013-06-10 19:14 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-10 19:14 . 2013-06-10 19:14 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-10 19:14 . 2013-06-10 19:14 -------- d-----w- c:\program files\Java
2013-05-28 01:54 . 2013-05-28 01:54 -------- d-----w- c:\users\monica\AppData\Roaming\TuneUp Software
2013-05-28 01:54 . 2013-05-28 01:54 -------- d-----w- c:\programdata\TuneUp Software
2013-05-28 01:53 . 2013-05-28 02:02 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-05-28 01:53 . 2013-05-28 01:53 -------- d--h--w- c:\programdata\Common Files
2013-05-28 01:53 . 2013-05-28 01:53 -------- d-----w- c:\users\monica\AppData\Roaming\AnvSoft
2013-05-28 01:51 . 2013-05-28 01:51 -------- d-----w- c:\users\monica\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 09:44 . 2012-10-05 13:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 09:44 . 2012-10-05 13:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-14 02:24 . 2011-03-28 09:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-05 11:18 . 2013-05-05 11:18 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-05 11:18 . 2013-05-05 11:18 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-05-05 11:18 . 2013-05-05 11:18 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-05-05 11:18 . 2013-05-05 11:18 158720 ----a-w- c:\windows\system32\msls31.dll
2013-05-05 11:18 . 2013-05-05 11:17 1766912 ----a-w- c:\windows\system32\wininet.dll
2013-05-05 11:17 . 2013-05-05 11:17 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-05 11:17 . 2013-05-05 11:17 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-05 11:17 . 2013-05-05 11:17 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-05-05 11:17 . 2013-05-05 11:17 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-05-05 11:17 . 2013-05-05 11:17 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-05-05 11:17 . 2013-05-05 11:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-05 11:17 . 2013-05-05 11:17 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-05-05 11:17 . 2013-05-05 11:17 361984 ----a-w- c:\windows\system32\html.iec
2013-05-05 11:17 . 2013-05-05 11:17 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-05-05 11:17 . 2013-05-05 11:17 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-05 11:17 . 2013-05-05 11:17 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-05 11:17 . 2013-05-05 11:17 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-05-05 11:17 . 2013-05-05 11:17 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-05 11:17 . 2013-05-05 11:17 138752 ----a-w- c:\windows\system32\wextract.exe
2013-05-05 11:17 . 2013-05-05 11:17 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-05 11:17 . 2013-05-05 11:17 12800 ----a-w- c:\windows\system32\mshta.exe
2013-05-05 11:17 . 2013-05-05 11:17 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-05 11:17 . 2013-05-05 11:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-05-02 05:06 . 2012-11-08 12:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-12 13:45 . 2013-05-04 23:31 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-07 02:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 02:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 02:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-07 02:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-07 02:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-07 02:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\monica\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-20 138096]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-03 19603048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-11-04 11463272]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-13 143640]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-13 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-11-13 178456]
"RemoteControl10"="c:\program files\CyberLink\Media+Player10\Media+Player10Serv.exe" [2010-09-20 87336]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2010-11-12 1812264]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\monica\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R2 AnySendService;AnySend;c:\program files\AnySend\AnySendSVC.exe [x]
R2 dealplylive;ServiÃ§o do DealPly Live (dealplylive);c:\program files\DealPlyLive\Update\DealPlyLive.exe [2013-06-11 148000]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-03 162408]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-04-29 249504]
R3 dealplylivem;ServiÃ§o do DealPly Live (dealplylivem);c:\program files\DealPlyLive\Update\DealPlyLive.exe [2013-06-11 148000]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 131888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [2012-06-01 54912]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 10752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-06-13 4150112]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-10 27632]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 116008]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 269824]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-01-27 337512]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-05 09:44]
.
2013-06-24 c:\windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
- c:\program files\DealPlyLive\Update\DealPlyLive.exe [2013-06-11 17:09]
.
2013-06-25 c:\windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
- c:\program files\DealPlyLive\Update\DealPlyLive.exe [2013-06-11 17:09]
.
2013-06-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3950813928-957304356-2887969799-1000Core.job
- c:\users\monica\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-20 20:40]
.
2013-06-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3950813928-957304356-2887969799-1000UA.job
- c:\users\monica\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-20 20:40]
.
2013-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-18 01:08]
.
2013-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-18 01:08]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3950813928-957304356-2887969799-1000Core.job
- c:\users\monica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 12:47]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3950813928-957304356-2887969799-1000UA.job
- c:\users\monica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 12:47]
.
2013-06-24 c:\windows\Tasks\Lyrics On Update.job
- c:\program files\LyricsOn\lyricupdater.exe [2013-06-02 20:34]
.
2013-06-25 c:\windows\Tasks\Plus-HD-1.8-chromeinstaller.job
- c:\program files\Plus-HD-1.8\Plus-HD-1.8-chromeinstaller.exe [2013-05-18 01:09]
.
2013-06-25 c:\windows\Tasks\Plus-HD-1.8-codedownloader.job
- c:\program files\Plus-HD-1.8\Plus-HD-1.8-codedownloader.exe [2013-05-18 01:09]
.
2013-06-25 c:\windows\Tasks\Plus-HD-1.8-enabler.job
- c:\program files\Plus-HD-1.8\Plus-HD-1.8-enabler.exe [2013-05-18 01:10]
.
2013-06-25 c:\windows\Tasks\Plus-HD-1.8-firefoxinstaller.job
- c:\program files\Plus-HD-1.8\Plus-HD-1.8-firefoxinstaller.exe [2013-05-18 01:09]
.
2013-06-25 c:\windows\Tasks\Plus-HD-1.8-updater.job
- c:\program files\Plus-HD-1.8\Plus-HD-1.8-updater.exe [2013-05-18 01:10]
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
TCP: DhcpNameServer = 189.124.128.33 189.124.128.32
FF - ProfilePath - c:\users\monica\AppData\Roaming\Mozilla\Firefox\Profiles\n6ev0466.default\
FF - prefs.js: browser.startup.homepage - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - ExtSQL: 2013-05-30 16:59; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\program files\YTKaraoke\FF
FF - ExtSQL: 2013-06-11 13:54; {377e5d4d-77e5-476a-8716-7e70a9272da0}; c:\users\monica\AppData\Roaming\Mozilla\Firefox\Profiles\n6ev0466.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}
FF - ExtSQL: 2013-06-11 14:00; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2013-06-11 14:08; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\program files\LyricsOn\FF
FF - ExtSQL: 2013-06-13 15:53; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-AnySend User Interface - c:\program files\AnySend\AnySendUI.exe
AddRemove-ilividtoolbargaw - c:\progra~1\SEARCH~1\Datamngr\SRTOOL~1\uninstall.exe
AddRemove-DSite - c:\users\monica\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2013-06-24 22:12:44
ComboFix-quarantined-files.txt 2013-06-25 01:12
.
Pré-execução: 156.038.598.656 bytes disponíveis
Pós execução: 155.812.446.208 bytes disponíveis
.
- - End Of File - - 4E882DCF57D53053CC331F9BE3FDC3C4
2E5DEBB2116B3417023E0D6562D7ED07

# AdwCleaner v2.303 - Relatório criado em 24/06/2013 às 22:23:42
# Atualizado em 08/06/2013 por Xplode
# Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)
# Usuário : monica - MONICA-PC
# Modo de Boot : Normal
# Executado de : C:\Users\monica\Downloads\adwcleaner.exe
# Opção [Remover]

***** [Serviços] *****

***** [Arquivos/Pastas] *****

Removido Durante o reboot : C:\Program Files\Search Results Toolbar

***** [Registro] *****

***** [Navegadores] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registro está limpo.

-\\ Mozilla Firefox v21.0 (en-US)

Arquivo : C:\Users\monica\AppData\Roaming\Mozilla\Firefox\Profiles\n6ev0466.default\prefs.js

[OK] Arquivo está limpo.

-\\ Google Chrome v27.0.1453.116

Arquivo : C:\Users\monica\AppData\Local\Google\Chrome\User Data\Default\Preferences

Removida [l.2158] : homepage = "hxxp://www.searchnu.com/?appid=",

*************************

AdwCleaner[S2].txt - [954 octets] - [24/06/2013 22:23:42]

########## EOF - C:\AdwCleaner[S2].txt - [1013 octets] ##########

joram

joram: Administrador Fundador; Mensagens : 626
Data de inscrição : 14/08/2012
Idade : 70
Localização : Rio de Janeiro

Mensagem nº6

Re: Muitos Adwares, log para analise

por joram Ter Jun 25, 2013 10:23 am

Bom Dia! Edvan

|- Feche programas/pastas que estejam abertas.
|- Feche,também,o navegador!
|- Para Windows Vista,desabilite a [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

G0 - GCSP: Preference [User Data\Default][HomePage] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[MD5.00000000000000000000000000000000] [APT] [DealPly] (...) -- C:\Users\monica\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.exe (.not file.) [0] => Infection PUP (PUP.DealPly)
M2 - MFEP: prefs.js [monica - n6ev0466.default\{377e5d4d-77e5-476a-8716-7e70a9272da0}] [] Search-Results Toolbar v1.2.0.0 (..)
[MD5.00000000000000000000000000000000] [APT] [AnySendUpdate] (...) -- C:\Program Files\AnySend\AnySendUpdater.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [AnySendUpdateLogin] (...) -- C:\Program Files\AnySend\AnySendUpdater.exe (.not file.) [0]
O4 - GS\SendTo: AnySend.lnk . (...) -- C:\Program Files\AnySend\AnySendUI.exe (.not file.)
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O23 - Service: AnySend (AnySendService) . (...) - C:\Program Files\AnySend\AnySendSVC.exe (.not file.)
O43 - CFD: 11/06/2013 - 14:09:09 - [0] ----D C:\Users\monica\AppData\Local\DealPlyLive
O87 - FAEL: "{87F5874C-2B34-4BD8-A66D-529D949ED448}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files\AnySend\AnySendSVC.exe (.not file.)
O87 - FAEL: "TCP Query User{42A8BFA3-BC73-4ECD-9E07-86D5758C578A}C:\program files\heroes of newerth (latin america)\hon.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\heroes of newerth (latin america)\hon.exe (.not file.)
O87 - FAEL: "UDP Query User{EFD6E258-1CDC-48B4-9C82-EC13B93F1ED4}C:\program files\heroes of newerth (latin america)\hon.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\heroes of newerth (latin america)\hon.exe (.not file.)
O87 - FAEL: "{730FEE3D-8C2D-4A46-B8D1-A80BFD48860C}" |In - Domain - P17 - TRUE | .(...) -- C:\Users\monica\AppData\Local\Temp\_nowcdn_\DownEngineSDK_digitalic_DigimonMasters.dll (.not file.)
O87 - FAEL: "{E9F3E6C1-CF4E-48F4-B177-1911B839BA8F}" |Out - Domain - P17 - TRUE | .(...) -- C:\Users\monica\AppData\Local\Temp\_nowcdn_\DownEngineSDK_digitalic_DigimonMasters.dll (.not file.)
O87 - FAEL: "TCP Query User{4049F789-DD81-416D-A0A4-8BDCB7BBD326}C:\users\monica\appdata\local\temp\_nowcdn_\nowdn_s.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\monica\appdata\local\temp\_nowcdn_\nowdn_s.exe (.not file.)
O87 - FAEL: "UDP Query User{120B4417-1E9B-47D6-8D75-7D8025139D03}C:\users\monica\appdata\local\temp\_nowcdn_\nowdn_s.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\monica\appdata\local\temp\_nowcdn_\nowdn_s.exe (.not file.)
O87 - FAEL: "TCP Query User{4D3888BF-504F-4EA8-A751-80731CDEF27E}C:\users\monica\appdata\local\temp\_nowcdn_\nowdn_s.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\monica\appdata\local\temp\_nowcdn_\nowdn_s.exe (.not file.)
O87 - FAEL: "UDP Query User{520CD93F-DE73-4D9F-9A32-F3035313098B}C:\users\monica\appdata\local\temp\_nowcdn_\nowdn_s.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\monica\appdata\local\temp\_nowcdn_\nowdn_s.exe (.not file.)
O87 - FAEL: "{5A5B206F-955D-4F85-82B9-FB5E1A7C1207}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe (.not file.)
O87 - FAEL: "{DB60B00C-A7A4-45E0-850F-A86F12B5B10D}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe (.not file.)

[HKLM\Software\360Safe] => Infection Diverse (Lozavita.Troj)

proxyfix
emptytemp
emptyclsid
emptyflash
firewallraz
sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
|- Minimize o Bloco de Notas.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique no menu,"Paste ClipBoard".
|- Evite a opção "Colar" ( Ctrl+V ),no campo amarelo claro,que não habilita o botão "Go".

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

|- Clique "GO" -> Oui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

-/-

|- Selecione e copie,o conteúdo que está em "vermelho",para o Bloco de Notas.
|- Salve-o,no desktop,com o nome: CFScript << Texto!

KillAll::
File::
c:\windows\Tasks\Lyrics On Update.job
c:\program files\LyricsOn\lyricupdater.exe
c:\program files\DealPlyLive\Update\DealPlyLive.exe
c:\windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
c:\windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job

Firefox::
FF - ExtSQL: 2013-06-11 14:08; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\program files\LyricsOn\FF

Folder::
c:\program files\DealPlyLive\Update
c:\users\monica\AppData\Local\DealPlyLive
c:\program files\DealPlyLive
c:\programdata\DealPlyLive
c:\program files\LyricsOn

Driver::
dealplylive
dealplylivem

ClearJavaCache::
Quit::

|- Ps: Desabilite,temporariamente,seu antivírus.
|- Ps: Não utilizem este script em outra máquina!
|- Arraste,o CFScript.txt para o ícone/interior do ComboFix.
|- Veja a demonstração!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Atenda à solicitação,que deverá surgir,para rodar o ComboFix.
|- Ps: Faça o arraste,até surgir essa solicitação! ( janela )
|- Caso apareça alguma mensagem para atualizar a ferramenta,clique Sim!
|- Concluindo,poste: C:\ComboFix.txt <<

Abs!

Edvan

Edvan: Membro; Mensagens : 428
Data de inscrição : 14/02/2013
Idade : 43
Localização : Natal/RN

Mensagem nº7

Re: Muitos Adwares, log para analise

por Edvan Ter Jun 25, 2013 9:44 pm

Amigo no script para combofix, quando terminou o procedimento, daí reiniciou e quando voltou demorou um pouco, mais gerou o relatório, daí nao consigo mais acessar nenhum navegador ou msconfig, nao consigo acessar nada.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

joram

joram: Administrador Fundador; Mensagens : 626
Data de inscrição : 14/08/2012
Idade : 70
Localização : Rio de Janeiro

Mensagem nº8

Re: Muitos Adwares, log para analise

por joram Qua Jun 26, 2013 8:58 am

Bom Dia! Edvan

Amigo no script para combofix, quando terminou o procedimento, daí reiniciou e quando voltou demorou um pouco, mais gerou o relatório, daí nao consigo mais acessar nenhum navegador ou msconfig, nao consigo acessar nada.

|- Caso tenha acesso à pasta Qoobox,restaure algum arquivo relacionado ao sistema,que tenha sido removido pela ferramenta. Lembre-se que estão renomeados na estensão ".VIR" e que não podem ser restaurados dessa forma.
|- Ou... acione o Ponto de restauração do sistema,que foi estabelecido por ZHPDiag.

G0 - GCSP: Preference [User Data\Default][HomePage] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[MD5.00000000000000000000000000000000] [APT] [DealPly] (...) -- C:\Users\monica\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.exe (.not file.) [0] => Infection PUP (PUP.DealPly)
M2 - MFEP: prefs.js [monica - n6ev0466.default\{377e5d4d-77e5-476a-8716-7e70a9272da0}] [] Search-Results Toolbar v1.2.0.0 (..)
------------
------------
------------
O87 - FAEL: "{5A5B206F-955D-4F85-82B9-FB5E1A7C1207}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe (.not file.)
O87 - FAEL: "{DB60B00C-A7A4-45E0-850F-A86F12B5B10D}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe (.not file.)

[HKLM\Software\360Safe] => Infection Diverse (Lozavita.Troj)

proxyfix
emptytemp
emptyclsid
emptyflash
firewallraz

|- Concluindo,execute novamente o mesmo script em ZHPFix.
|- Poste o relatório!

Abs!

Edvan

Edvan: Membro; Mensagens : 428
Data de inscrição : 14/02/2013
Idade : 43
Localização : Natal/RN

Mensagem nº9

Re: Muitos Adwares, log para analise

por Edvan Qua Jun 26, 2013 8:31 pm

ComboFix 13-06-25.01 - monica 25/06/2013 21:53:17.2.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.55.1046.18.1956.1036 [GMT -3:00]
Executando de: c:\users\monica\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\monica\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\DealPlyLive\Update\DealPlyLive.exe"
"c:\program files\LyricsOn\lyricupdater.exe"
"c:\windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job"
"c:\windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job"
"c:\windows\Tasks\Lyrics On Update.job"
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DealPlyLive
c:\program files\DealPlyLive\Update\1.3.23.0\DealPlyLive.exe
c:\program files\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe
c:\program files\DealPlyLive\Update\1.3.23.0\DealPlyLiveHandler.exe
c:\program files\DealPlyLive\Update\1.3.23.0\DealPlyLiveHelper.msi
c:\program files\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe
c:\program files\DealPlyLive\Update\1.3.23.0\goopdate.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_am.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_ar.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_bg.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_bn.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_ca.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_cs.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_da.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_de.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_el.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_en-GB.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_en.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_es-419.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_es.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_et.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_fa.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_fi.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_fil.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_fr.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_gu.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_hi.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_hr.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_hu.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_id.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_is.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_it.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_iw.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_ja.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_kn.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_ko.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_lt.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_lv.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_ml.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_mr.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_ms.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_nl.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_no.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_pl.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_pt-BR.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_pt-PT.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_ro.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_sk.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_sl.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_sr.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_sv.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_sw.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_ta.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_te.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_th.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_tr.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_uk.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_ur.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_vi.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_zh-CN.dll
c:\program files\DealPlyLive\Update\1.3.23.0\goopdateres_zh-TW.dll
c:\program files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll
c:\program files\DealPlyLive\Update\1.3.23.0\psmachine.dll
c:\program files\DealPlyLive\Update\1.3.23.0\psuser.dll
c:\program files\DealPlyLive\Update\DealPlyLive.exe
c:\program files\LyricsOn
c:\program files\LyricsOn\chrome.crx
c:\program files\LyricsOn\chrome.manifest
c:\program files\LyricsOn\FF\chrome.manifest
c:\program files\LyricsOn\FF\chrome\content\icon.png
c:\program files\LyricsOn\FF\chrome\content\main.js
c:\program files\LyricsOn\FF\chrome\content\overlay.xul
c:\program files\LyricsOn\FF\install.rdf
c:\program files\LyricsOn\lyricupdater.exe
c:\program files\LyricsOn\Uninstall.exe
c:\programdata\DealPlyLive
c:\programdata\DealPlyLive\Update\Log\DealPlyLive.log
c:\windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
c:\windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
c:\windows\Tasks\Lyrics On Update.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_dealplylive
-------\Service_dealplylivem
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-05-26 to 2013-06-26 ))))))))))))))))))))))))))))
.
.
2013-06-26 01:03 . 2013-06-26 01:19 -------- d-----w- c:\users\monica\AppData\Local\temp
2013-06-26 01:03 . 2013-06-26 01:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-26 00:30 . 2013-06-26 00:30 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F78787F-6A2C-4FDF-B0C2-47281B6975FE}\offreg.dll
2013-06-22 10:21 . 2013-06-22 10:21 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-06-19 01:03 . 2013-06-25 01:19 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2013-06-19 01:00 . 2013-06-26 00:47 -------- d-----w- C:\ZHP
2013-06-19 01:00 . 2013-06-25 01:19 -------- d-----w- c:\program files\ZHPDiag
2013-06-19 00:46 . 2013-06-19 00:46 -------- d-----w- c:\windows\ERUNT
2013-06-19 00:46 . 2013-06-19 00:46 -------- d-----w- C:\JRT
2013-06-19 00:18 . 2013-06-25 01:24 214 ----a-w- c:\windows\DeleteOnReboot.bat
2013-06-13 18:53 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-06-13 18:53 . 2013-05-09 08:59 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-13 18:53 . 2013-05-09 08:59 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-06-13 18:53 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-06-13 18:53 . 2013-05-09 08:59 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-13 18:53 . 2013-05-09 08:59 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-13 18:53 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-13 18:53 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-13 18:53 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-06-13 18:52 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-06-13 18:52 . 2013-06-13 18:52 -------- d-----w- c:\program files\AVAST Software
2013-06-13 18:49 . 2013-06-13 18:52 -------- d-----w- c:\programdata\AVAST Software
2013-06-12 09:45 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F78787F-6A2C-4FDF-B0C2-47281B6975FE}\mpengine.dll
2013-06-11 16:58 . 2013-06-11 16:59 -------- d-----w- c:\program files\Common Files\DivX Shared
2013-06-11 16:55 . 2013-06-11 17:00 -------- d-----w- c:\program files\DivX
2013-06-11 16:55 . 2013-06-11 16:55 -------- d-----w- c:\users\monica\AppData\Roaming\LavFilters
2013-06-11 16:55 . 2013-06-11 16:55 -------- d-----w- c:\users\monica\AppData\Roaming\CDXReader
2013-06-11 16:55 . 2013-06-11 16:55 -------- d-----w- c:\program files\Lame For Audacity
2013-06-11 16:55 . 2013-06-11 16:55 -------- d-----w- c:\program files\DSP-worx
2013-06-11 16:55 . 2013-06-11 17:00 -------- d-----w- c:\programdata\DivX
2013-06-11 16:54 . 2013-06-11 16:54 -------- d-----w- c:\program files\OpenSource Flash Video Splitter
2013-06-11 16:53 . 2013-06-19 00:17 -------- d-----w- c:\program files\Search Results Toolbar
2013-06-10 19:15 . 2013-06-10 19:15 -------- d-----w- c:\program files\Common Files\Java
2013-06-10 19:15 . 2013-06-10 19:14 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-10 19:15 . 2013-06-10 19:14 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-10 19:14 . 2013-06-10 19:14 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-10 19:14 . 2013-06-10 19:14 -------- d-----w- c:\program files\Java
2013-05-28 01:54 . 2013-05-28 01:54 -------- d-----w- c:\users\monica\AppData\Roaming\TuneUp Software
2013-05-28 01:54 . 2013-05-28 01:54 -------- d-----w- c:\programdata\TuneUp Software
2013-05-28 01:53 . 2013-05-28 02:02 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-05-28 01:53 . 2013-05-28 01:53 -------- d--h--w- c:\programdata\Common Files
2013-05-28 01:53 . 2013-05-28 01:53 -------- d-----w- c:\users\monica\AppData\Roaming\AnvSoft
2013-05-28 01:51 . 2013-05-28 01:51 -------- d-----w- c:\users\monica\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 09:44 . 2012-10-05 13:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 09:44 . 2012-10-05 13:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-14 02:24 . 2011-03-28 09:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-05 11:18 . 2013-05-05 11:18 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-05 11:18 . 2013-05-05 11:18 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-05-05 11:18 . 2013-05-05 11:18 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-05-05 11:18 . 2013-05-05 11:18 158720 ----a-w- c:\windows\system32\msls31.dll
2013-05-05 11:18 . 2013-05-05 11:17 1766912 ----a-w- c:\windows\system32\wininet.dll
2013-05-05 11:17 . 2013-05-05 11:17 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-05 11:17 . 2013-05-05 11:17 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-05 11:17 . 2013-05-05 11:17 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-05-05 11:17 . 2013-05-05 11:17 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-05-05 11:17 . 2013-05-05 11:17 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-05-05 11:17 . 2013-05-05 11:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-05 11:17 . 2013-05-05 11:17 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-05-05 11:17 . 2013-05-05 11:17 361984 ----a-w- c:\windows\system32\html.iec
2013-05-05 11:17 . 2013-05-05 11:17 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-05-05 11:17 . 2013-05-05 11:17 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-05 11:17 . 2013-05-05 11:17 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-05 11:17 . 2013-05-05 11:17 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-05-05 11:17 . 2013-05-05 11:17 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-05 11:17 . 2013-05-05 11:17 138752 ----a-w- c:\windows\system32\wextract.exe
2013-05-05 11:17 . 2013-05-05 11:17 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-05 11:17 . 2013-05-05 11:17 12800 ----a-w- c:\windows\system32\mshta.exe
2013-05-05 11:17 . 2013-05-05 11:17 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-05 11:17 . 2013-05-05 11:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-05-02 05:06 . 2012-11-08 12:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-12 13:45 . 2013-05-04 23:31 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-07 02:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 02:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 02:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-07 02:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-07 02:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-07 02:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\monica\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-20 138096]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-03 19603048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-11-04 11463272]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-13 143640]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-13 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-11-13 178456]
"RemoteControl10"="c:\program files\CyberLink\Media+Player10\Media+Player10Serv.exe" [2010-09-20 87336]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2010-11-12 1812264]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\monica\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-03 162408]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-04-29 249504]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 131888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [2012-06-01 54912]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 10752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-06-13 4150112]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-10 27632]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 116008]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 269824]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-01-27 337512]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-05 09:44]
.
2013-06-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3950813928-957304356-2887969799-1000Core.job
- c:\users\monica\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-20 20:40]
.
2013-06-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3950813928-957304356-2887969799-1000UA.job
- c:\users\monica\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-20 20:40]
.
2013-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-18 01:08]
.
2013-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-18 01:08]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3950813928-957304356-2887969799-1000Core.job
- c:\users\monica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 12:47]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3950813928-957304356-2887969799-1000UA.job
- c:\users\monica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 12:47]
.
2013-06-26 c:\windows\Tasks\Plus-HD-1.8-chromeinstaller.job
- c:\program files\Plus-HD-1.8\Plus-HD-1.8-chromeinstaller.exe [2013-05-18 01:09]
.
2013-06-26 c:\windows\Tasks\Plus-HD-1.8-codedownloader.job
- c:\program files\Plus-HD-1.8\Plus-HD-1.8-codedownloader.exe [2013-05-18 01:09]
.
2013-06-26 c:\windows\Tasks\Plus-HD-1.8-enabler.job
- c:\program files\Plus-HD-1.8\Plus-HD-1.8-enabler.exe [2013-05-18 01:10]
.
2013-06-26 c:\windows\Tasks\Plus-HD-1.8-firefoxinstaller.job
- c:\program files\Plus-HD-1.8\Plus-HD-1.8-firefoxinstaller.exe [2013-05-18 01:09]
.
2013-06-26 c:\windows\Tasks\Plus-HD-1.8-updater.job
- c:\program files\Plus-HD-1.8\Plus-HD-1.8-updater.exe [2013-05-18 01:10]
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
TCP: DhcpNameServer = 189.124.128.33 189.124.128.32
FF - ProfilePath - c:\users\monica\AppData\Roaming\Mozilla\Firefox\Profiles\n6ev0466.default\
FF - prefs.js: browser.startup.homepage - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - ExtSQL: 2013-05-30 16:59; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\program files\YTKaraoke\FF
FF - ExtSQL: 2013-06-11 13:54; {377e5d4d-77e5-476a-8716-7e70a9272da0}; c:\users\monica\AppData\Roaming\Mozilla\Firefox\Profiles\n6ev0466.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}
FF - ExtSQL: 2013-06-11 14:00; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2013-06-11 14:08; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\program files\LyricsOn\FF
FF - ExtSQL: 2013-06-13 15:53; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORFÃOS REMOVIDOS - - - -
.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - c:\program files\LyricsOn\uninstall.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'Explorer.exe'(4676)
c:\program files\Samsung\Movie Color Enhancer\WinCRT.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\taskhost.exe
c:\program files\TeamViewer\Version8\TeamViewer.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\TeamViewer\Version8\tv_w32.exe
c:\program files\CyberLink\YouCam\YCMMirage.exe
c:\program files\Samsung\Easy Display Manager\WifiManager.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\conhost.exe
c:\program files\Elantech\ETDCtrlHelper.exe
c:\program files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
c:\program files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files\teamviewer\version8\TeamViewer_Desktop.exe
c:\program files\Samsung\SamsungFastStart\SmartRestarter.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\windows\system32\sppsvc.exe
c:\program files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
c:\program files\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe
.
**************************************************************************
.
Tempo para conclusão: 2013-06-25 22:25:00 - Máquina reiniciou
ComboFix-quarantined-files.txt 2013-06-26 01:24
ComboFix2.txt 2013-06-25 01:12
.
Pré-execução: 154.992.656.384 bytes disponíveis
Pós execução: 154.797.031.424 bytes disponíveis
.
- - End Of File - - 9D5209AE9F1F3ACBCDFD679F0C68926A
2E5DEBB2116B3417023E0D6562D7ED07

Rapport de ZHPFix 2013.6.12.3 par Nicolas Coolman, Update du 12/06/2013
Fichier d'export Registre :
Run by monica at 25/06/2013 21:47:37
High Elevated Privileges : OK
Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)

Recycle Files Deleted

========== Registry Key ==========
DELETED Key: Service: AnySendService
DELETED Key: HKLM\Software\360Safe

========== Registry Value ==========
DELETED {87F5874C-2B34-4BD8-A66D-529D949ED448}
DELETED TCP Query User{42A8BFA3-BC73-4ECD-9E07-86D5758C578A}C:\program files\heroes of newerth (latin america)\hon.exe
DELETED UDP Query User{EFD6E258-1CDC-48B4-9C82-EC13B93F1ED4}C:\program files\heroes of newerth (latin america)\hon.exe
DELETED {730FEE3D-8C2D-4A46-B8D1-A80BFD48860C}
DELETED {E9F3E6C1-CF4E-48F4-B177-1911B839BA8F}
DELETED TCP Query User{4049F789-DD81-416D-A0A4-8BDCB7BBD326}C:\users\monica\appdata\local\temp\_nowcdn_\nowdn_s.exe
DELETED UDP Query User{120B4417-1E9B-47D6-8D75-7D8025139D03}C:\users\monica\appdata\local\temp\_nowcdn_\nowdn_s.exe
DELETED TCP Query User{4D3888BF-504F-4EA8-A751-80731CDEF27E}C:\users\monica\appdata\local\temp\_nowcdn_\nowdn_s.exe
DELETED UDP Query User{520CD93F-DE73-4D9F-9A32-F3035313098B}C:\users\monica\appdata\local\temp\_nowcdn_\nowdn_s.exe
DELETED {5A5B206F-955D-4F85-82B9-FB5E1A7C1207}
DELETED {DB60B00C-A7A4-45E0-850F-A86F12B5B10D}
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
No Value in Standard Profile Register Key FirewallRaz :
No Value in Domain Profile Register Key FirewallRaz :
DELETED FirewallRaz (Private) : TCP Query User{B529BAD2-6A26-48B5-B66E-A21021AC39A6}C:\users\monica\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
DELETED FirewallRaz (Private) : UDP Query User{AF54AEEE-94A2-4AE6-9A9F-19E7BEE56CD9}C:\users\monica\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe

========== Browser Profiles ==========
FOUND Chrome File: C:\Users\monica\AppData\Local\Google\Chrome\User Data\Default\Preferences
NOT FOUND Chrome Site: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

========== Repertory ==========
DELETED Folder: C:\Users\monica\AppData\Local\{112B7856-06CC-49CC-A483-F20A3D72CD0D}
DELETED Folder: C:\Users\monica\AppData\Local\{23BE11B3-BD45-4508-A470-50CE153AFE64}
DELETED Folder: C:\Users\monica\AppData\Local\{5747FAB8-62C3-42B6-9234-A3D1063250EB}
DELETED Folder: C:\Users\monica\AppData\Local\{71C908E0-43EC-4F95-A5B0-4481A71472E3}
DELETED Folder: C:\Users\monica\AppData\Local\{ADF663BC-028F-41E9-AA7E-741475892D36}
DELETED Folder: C:\Users\monica\AppData\Local\{D7610853-DBA3-465D-A6FA-F06A4D1FC4DE}
DELETED Folder: C:\Users\monica\AppData\Local\{E3D0F2D5-54C3-40A5-A0D6-91DCB65BD8A6}
DELETED Folder: C:\Users\monica\AppData\Local\{E9D49C06-6AE6-4264-A5DD-C96F5C7166C3}
DELETED Flash Cookies

========== File ==========
NOT FOUND File: c:\users\monica\appdata\roaming\microsoft\windows\sendto\o4 - gs\sendto: anysend.lnk
NOT FOUND File: c:\program files\anysend\anysendui.exe
DELETED File: c:\users\monica\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk
NOT FOUND File: c:\program files\anysend\anysendsvc.exe
DELETED Window Temporary
DELETED Flash Cookies

========== Task ==========
DELETED Task: DealPly
DELETED Task: AnySendUpdate
DELETED Task: AnySendUpdateLogin

========== Restoration ==========
Restore System Point created succefully

========== Summary ==========
2 : Registry Key
21 : Registry Value
9 : Repertory
6 : File
2 : Browser Profiles
3 : Task
1 : Restoration

End of clean in 00mn 49s

========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 25/06/2013 21:47:38 [3763]

joram

joram: Administrador Fundador; Mensagens : 626
Data de inscrição : 14/08/2012
Idade : 70
Localização : Rio de Janeiro

Mensagem nº10

Re: Muitos Adwares, log para analise

por joram Qua Jun 26, 2013 10:43 pm

Boa Noite! Edvan

|- Qual foi o procedimento que utilizou para acessar o Windows?

-/-

|- Baixe: |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| ( ... de Xplode )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

|- Execute-a!
|- Com as duas checkbox marcadas!
|- Clique "Run".

-/-

|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> ( ... by OldTimer Tools )

|- Salve-o no desktop!
|- Duplo clique em OTL.exe >> Executar ou [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Ps: Tendo dificuldades ao executar OTL.exe,delete o arquivo e baixe-o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] ou [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

|- Configure a ferramenta,segundo a screenshot!
|- Em "Exame Extra do Registro",assinale "Nenhum".

Código:: SAVEMBR:0 *crack* /s *keygen* /s *serial* /s *AutoKMS* /s *loader* /s *netsvcs* *msconfig* *activex* *drivers32* %SYSTEMDRIVE%\*.* %APPDATA%\Local\*. %APPDATA%\*.exe /s %APPDATA%\*. %systemdrive%\drivers\*.exe %USERPROFILE%\AppData\Local\*.* %USERPROFILE%\AppData\Roaming\*.* %systemroote%\*. /mp /s %systemroot%\system32\*.ini %systemroot%\Tasks\*.* %systemroot%\system32\tasks\*.* /s /64 %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\drivers\*.* /90 %systemroot%\assembly\tmp\*.* /S /MD5 %systemroot%\assembly\temp\*.* /S /MD5 %systemroot%\assembly\GAC\*.* /S /MD5 %systemroot%\assembly\GAC_32\*.* /S /MD5 %systemroot%\assembly\GAC_64\*.* /S /MD5 %systemroot%\system32\config\systemprofile\AppData\Local\*.* %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings /md5start services.exe /md5stop regedit /e c:\registrybackup.reg /c %windir%\tasks\*.* /s

|- Copie estas informações que estão no Code,para o Bloco de Notas.
|- Salve-as em Meus Documentos ou desktop,com o nome scan. << Texto!
|- Clique na área "Exames Personalizados/Correções".

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

|- Clique em Ok para procurar um arquivo com exame personalizado.
|- Clique "Abrir". ( scan.txt )

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

|- Após colar as informações na área branca,clique em [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

|- Concluindo,poste o relatório: OTL.txt << Link ao relatório!

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

|- Para enviar,acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

|- Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>

|- Maiores informações: < |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| >

Abs!

Edvan

Edvan: Membro; Mensagens : 428
Data de inscrição : 14/02/2013
Idade : 43
Localização : Natal/RN

Mensagem nº11

Re: Muitos Adwares, log para analise

por Edvan Qua Jul 03, 2013 2:05 pm

Código:: Boa Noite! Edvan |- Qual foi o procedimento que utilizou para acessar o Windows?

Naquele dia perdi a conexão, dai mandei uma mensagem pelo celular dizendo que dava continuidade no outro dia, liguei para a pessoa no dia seguinte perguntando se a mesma estava com algum problema para navegar na internet e fazer qualquer outra coisa, ela disse para mim que estava normal. Em fim, acho que ela desligou e quando ligou novamente voltou a funcionar.

P>S: Amigo nao postei nada ainda pq nao tive mais acesso a maquina, eu acesso esse pc remotamente a noite, mais a dona do pc nao pode liberar o acesso ainda, vou falar com ela hoje para dar continuidade.

joram

joram: Administrador Fundador; Mensagens : 626
Data de inscrição : 14/08/2012
Idade : 70
Localização : Rio de Janeiro

Mensagem nº12

Re: Muitos Adwares, log para analise

por joram Qua Jul 03, 2013 2:51 pm

Edvan escreveu:

Código:

Boa Noite! Edvan |- Qual foi o procedimento que utilizou para acessar o Windows?

Naquele dia perdi a conexão, dai mandei uma mensagem pelo celular dizendo que dava continuidade no outro dia, liguei para a pessoa no dia seguinte perguntando se a mesma estava com algum problema para navegar na internet e fazer qualquer outra coisa, ela disse para mim que estava normal. Em fim, acho que ela desligou e quando ligou novamente voltou a funcionar.

P>S: Amigo nao postei nada ainda pq nao tive mais acesso a maquina, eu acesso esse pc remotamente a noite, mais a dona do pc nao pode liberar o acesso ainda, vou falar com ela hoje para dar continuidade.

Olá! Edvan

|- Se está tudo Ok,podemos encerrar o caso já que tens dificuldades em acessar a máquina da Usuária.
A utilização da ferramenta OTL,seria para ter um relatório mais completo da situação. A condição do PC,antes do procedimento com DelFix,foi animador e acredito que não haja mais problemas.

A+

Última edição por joram em Sex Jul 05, 2013 3:04 pm, editado 1 vez(es)

Edvan