Portal
Log para analise [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
ComboFix 13-05-14.01 - f001872 15/05/2013 11:30:35.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1013.653 [GMT -3:00]
Executando de: c:\documents and settings\f001872\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - system32: deleted 2 bytes in 1 streams.
ADS - drivers: deleted 208 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\arquivos de programas\FindLyrics\FiNDlyrics.dll
c:\documents and settings\f001872\Meus documentos\~WRL1263.tmp
c:\windows\system\chron32.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-04-15 to 2013-05-15 ))))))))))))))))))))))))))))
.
.
2013-05-15 14:22 . 2013-05-09 08:59 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-15 14:22 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-15 14:22 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-08 18:00 . 2013-05-08 18:00 -------- d-----w- c:\documents and settings\f001872\Configurações locais\Dados de aplicativos\WmaMp3-Converter.com
2013-05-08 17:55 . 2013-05-15 14:34 -------- d-----w- c:\arquivos de programas\FindLyrics
2013-04-26 20:43 . 2013-04-26 20:43 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java
2013-04-26 20:43 . 2013-04-04 08:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-19 16:08 . 2008-04-13 14:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2013-04-19 16:08 . 2008-04-13 14:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 14:23 . 2011-07-15 14:38 17488 ----a-w- c:\windows\gdrv.sys
2013-05-15 11:23 . 2012-03-30 11:21 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 11:23 . 2011-07-15 19:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-09 08:59 . 2011-07-15 14:57 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2011-07-15 14:53 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2011-07-15 14:53 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2011-07-15 14:53 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2011-07-15 14:53 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2011-07-15 14:57 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-07-15 14:53 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-08 08:36 . 2006-03-02 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2006-03-02 12:00 2153984 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56 . 2004-08-04 00:40 2032640 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-05 11:07 . 2012-08-20 20:42 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-05 11:07 . 2011-07-15 17:27 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-02 02:07 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:58 . 2006-03-02 12:00 1867392 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2013-02-27 07:58 . 2011-07-15 13:39 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-03-11 14:56 . 2013-03-11 14:56 263064 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2013-01-22 13:31 1684520 ------w- c:\arquivos de programas\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 11:58 40368 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-01-21 03:20 166912 ----a-r- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-01-21 03:20 134656 ----a-r- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 22:21 1695232 ------w- c:\arquivos de programas\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-01-21 03:18 134656 ----a-r- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-06-25 06:07 17887232 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 10:32 253816 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Arquivos de programas\\Java\\jre7\\launch4j-tmp\\IRPF2013.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [15/05/2013 11:22 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [15/05/2013 11:22 174664]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [21/07/2011 11:37 46888]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [15/07/2011 11:57 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [15/07/2011 11:53 368944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/07/2011 11:53 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [15/05/2013 11:22 66336]
R2 ES lite Service;ES lite Service for program management.;c:\arquivos de programas\Gigabyte\EasySaver\essvr.exe [15/07/2011 10:52 68136]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [21/07/2011 11:37 526888]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [15/07/2011 11:18 44032]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [06/02/2012 17:44 29432]
S2 BCUService;Browser Configuration Utility Service;c:\arquivos de programas\DeviceVM\Browser Configuration Utility\BCUService.exe --> c:\arquivos de programas\DeviceVM\Browser Configuration Utility\BCUService.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15/07/2011 11:06 1684736]
S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [06/02/2012 17:44 29432]
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRVRT
*NewlyCreated* - ASWVMM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-12 12:22 1642448 ----a-w- c:\arquivos de programas\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:23]
.
2013-05-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [2012-09-21 08:58]
.
2013-05-15 c:\windows\Tasks\FindLyrics Update.job
- c:\arquivos de programas\FindLyrics\flcsur.exe [2013-04-22 09:42]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-02-03 17:51]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-02-03 17:51]
.
2013-05-15 c:\windows\Tasks\User_Feed_Synchronization-{18A79B46-95E4-4900-B55E-A000D4AF0BFF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
.
2013-05-15 c:\windows\Tasks\User_Feed_Synchronization-{50A4D2C1-E8E0-4CD2-988E-B1FA9B6DC458}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
TCP: DhcpNameServer = 10.4.65.16
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - ProfilePath - c:\documents and settings\f001872\Dados de aplicativos\Mozilla\Firefox\Profiles\0vz6nf72.default\
FF - ExtSQL: 2013-04-16 15:08; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\documents and settings\f001872\Dados de aplicativos\Mozilla\Firefox\Profiles\0vz6nf72.default\extensions\netvideohunter@netvideohunter.com
FF - ExtSQL: 2013-05-08 14:55; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\arquivos de programas\FindLyrics\FF
.
- - - - ORFÃOS REMOVIDOS - - - -
.
HKLM-Run-BCU - c:\arquivos de programas\DeviceVM\Browser Configuration Utility\BCU.exe
MSConfigStartUp-BCU - c:\arquivos de programas\DeviceVM\Browser Configuration Utility\BCU.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Rootkit scan 2013-05-15 11:35
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\68AB67CA7DA76401B7448A0100000030\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"="READER8;[1]"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"=";1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(980)
c:\arquivos de programas\GBPLUGIN\gbieh.dll
.
Tempo para conclusão: 2013-05-15 11:36:32
ComboFix-quarantined-files.txt 2013-05-15 14:36
.
Pré-execução: 7 pasta(s) 126.072.766.464 bytes disponíveis
Pós execução: 9 pasta(s) 126.050.406.400 bytes disponíveis
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 20B1D83C46DE113D16E24A647602F532
# AdwCleaner v2.300 - Relatório criado em 15/05/2013 às 11:14:37
# Atualizado em 28/04/2013 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : f001872 - FUN0128
# Modo de Boot : Normal
# Executado de : C:\Documents and Settings\f001872\Desktop\adwcleaner.exe
# Opção [Remover]
***** [Serviços] *****
***** [Arquivos/Pastas] *****
Arquivo Removido : C:\Documents and Settings\f001872\Dados de aplicativos\Mozilla\Firefox\Profiles\0vz6nf72.default\searchplugins\Askcom.xml
Arquivo Removido : C:\Documents and Settings\f001872\Dados de aplicativos\Mozilla\Firefox\Profiles\0vz6nf72.default\searchplugins\Babylon.xml
Arquivo Removido : C:\Documents and Settings\f001872\Dados de aplicativos\Mozilla\Firefox\Profiles\0vz6nf72.default\searchplugins\BrowserProtect.xml
Arquivo Removido : C:\Documents and Settings\f001872\Dados de aplicativos\Mozilla\Firefox\Profiles\0vz6nf72.default\searchplugins\delta.xml
Pasta Removido : C:\Arquivos de programas\DeviceVM
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Ask
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia
Pasta Removido : C:\Documents and Settings\f001872\Dados de aplicativos\Babylon
***** [Registro] *****
Chave Removida : HKCU\Software\BabylonToolbar
Chave Removida : HKCU\Software\BI
Chave Removida : HKCU\Software\DataMngr
Chave Removida : HKCU\Software\DataMngr_Toolbar
Chave Removida : HKCU\Software\delta LTD
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chave Removida : HKLM\SOFTWARE\5828dd1bc38b941
Chave Removida : HKLM\Software\Babylon
Chave Removida : HKLM\Software\BabylonToolbar
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
Chave Removida : HKLM\Software\DataMngr
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Navegadores] *****
-\\ Internet Explorer v8.0.6001.18702
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] --> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
-\\ Mozilla Firefox v19.0.2 (pt-BR)
Arquivo : C:\Documents and Settings\f002082\Dados de aplicativos\Mozilla\Firefox\Profiles\3vtg9mmm.default\prefs.js
[OK] Arquivo está limpo.
Arquivo : C:\Documents and Settings\f001872\Dados de aplicativos\Mozilla\Firefox\Profiles\0vz6nf72.default\prefs.js
C:\Documents and Settings\f001872\Dados de aplicativos\Mozilla\Firefox\Profiles\0vz6nf72.default\user.js ... Removido !
Removida : user_pref("extensions.delta.admin", false);
Removida : user_pref("extensions.delta.aflt", "babsst");
Removida : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Removida : user_pref("extensions.delta.autoRvrt", "false");
Removida : user_pref("extensions.delta.bbDpng", "8");
Removida : user_pref("extensions.delta.cntry", "BR");
Removida : user_pref("extensions.delta.dfltLng", "en");
Removida : user_pref("extensions.delta.excTlbr", false);
Removida : user_pref("extensions.delta.ffxUnstlRst", true);
Removida : user_pref("extensions.delta.hdrMd5", "22BEB1D3139EA7159C1B7402515088B3");
Removida : user_pref("extensions.delta.id", "34c884e00000000000006cf049f6d644");
Removida : user_pref("extensions.delta.instlDay", "15833");
Removida : user_pref("extensions.delta.instlRef", "sst");
Removida : user_pref("extensions.delta.lastVrsnTs", "1.8.16.1614:57:26");
Removida : user_pref("extensions.delta.newTab", false);
Removida : user_pref("extensions.delta.prdct", "delta");
Removida : user_pref("extensions.delta.prtnrId", "delta");
Removida : user_pref("extensions.delta.rvrt", "false");
Removida : user_pref("extensions.delta.sg", "tzb");
Removida : user_pref("extensions.delta.smplGrp", "none");
Removida : user_pref("extensions.delta.tlbrId", "base");
Removida : user_pref("extensions.delta.tlbrSrchUrl", "");
Removida : user_pref("extensions.delta.vrsn", "1.8.16.16");
Removida : user_pref("extensions.delta.vrsnTs", "1.8.16.1614:57:26");
Removida : user_pref("extensions.delta.vrsni", "1.8.16.16");
Removida : user_pref("[email=extensions.toolbar@ask.com.install-event-fired][Tens de ter uma conta e sessão iniciada para poderes visualizar este link]-event-fired[/email]", true);
-\\ Google Chrome v26.0.1410.64
Arquivo : C:\Documents and Settings\f002082\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences
[OK] Arquivo está limpo.
Arquivo : C:\Documents and Settings\f001872\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences
[OK] Arquivo está limpo.
*************************
AdwCleaner[S1].txt - [5930 octets] - [15/05/2013 11:14:37]
########## EOF - C:\AdwCleaner[S1].txt - [5990 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by f001872 on 15/05/2013 at 11:42:34,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C9C0DDB8-5616-44D7-B63B-9AF278F7DD68}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Documents and Settings\f001872\Dados de aplicativos\mozilla\firefox\profiles\0vz6nf72.default\invalidprefs.js
Successfully deleted the following from C:\Documents and Settings\f001872\Dados de aplicativos\mozilla\firefox\profiles\0vz6nf72.default\prefs.js
user_pref("extensions.FastestTube_wombat.CachedHttpRequest.hxxp://dyn.lite.adlesse.com/easylist/easylist.txt", "[Adblock Plus 1.1]\n! Checksum: qkwyr95ywXi6yirRVUXJkw\n! EasyL
user_pref("extensions.FastestTube_wombat.CachedHttpRequest.hxxp://dyn.lite.adlesse.com/easylist/easylist_new.txt", "%5BAdblock%20Plus%202.0%5D%0A%21%20Checksum%3A%20sIysRGJ9QX
user_pref("extensions.FastestTube_wombat.script_loader.data", "[email=%5B%7B%22type%22%3A%22background%22%2C%22code%22%3A%22%5Cr%5Cn//%20@sourceRev%20%3D%203734%5Cr%5Cnvar%20trueMD5O]%5B%7B%22type%22%3A%22background%22%2C%22code%22%3A%22%5Cr%5Cn//%20@sourceRev%20%3D%203734%5Cr%5Cnvar%20trueMD5O[/email]
user_pref("[email=extensions.ffxtlbr@delta.com.install-event-fired][Tens de ter uma conta e sessão iniciada para poderes visualizar este link]-event-fired[/email]", true);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/05/2013 at 11:45:29,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ComboFix 13-05-14.01 - f001872 15/05/2013 11:30:35.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1013.653 [GMT -3:00]
Executando de: c:\documents and settings\f001872\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - system32: deleted 2 bytes in 1 streams.
ADS - drivers: deleted 208 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\arquivos de programas\FindLyrics\FiNDlyrics.dll
c:\documents and settings\f001872\Meus documentos\~WRL1263.tmp
c:\windows\system\chron32.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-04-15 to 2013-05-15 ))))))))))))))))))))))))))))
.
.
2013-05-15 14:22 . 2013-05-09 08:59 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-15 14:22 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-15 14:22 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-08 18:00 . 2013-05-08 18:00 -------- d-----w- c:\documents and settings\f001872\Configurações locais\Dados de aplicativos\WmaMp3-Converter.com
2013-05-08 17:55 . 2013-05-15 14:34 -------- d-----w- c:\arquivos de programas\FindLyrics
2013-04-26 20:43 . 2013-04-26 20:43 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java
2013-04-26 20:43 . 2013-04-04 08:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-19 16:08 . 2008-04-13 14:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2013-04-19 16:08 . 2008-04-13 14:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 14:23 . 2011-07-15 14:38 17488 ----a-w- c:\windows\gdrv.sys
2013-05-15 11:23 . 2012-03-30 11:21 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 11:23 . 2011-07-15 19:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-09 08:59 . 2011-07-15 14:57 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2011-07-15 14:53 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2011-07-15 14:53 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2011-07-15 14:53 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2011-07-15 14:53 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2011-07-15 14:57 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-07-15 14:53 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-08 08:36 . 2006-03-02 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2006-03-02 12:00 2153984 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56 . 2004-08-04 00:40 2032640 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-05 11:07 . 2012-08-20 20:42 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-05 11:07 . 2011-07-15 17:27 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-02 02:07 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:58 . 2006-03-02 12:00 1867392 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2013-02-27 07:58 . 2011-07-15 13:39 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-03-11 14:56 . 2013-03-11 14:56 263064 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2013-01-22 13:31 1684520 ------w- c:\arquivos de programas\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 11:58 40368 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-01-21 03:20 166912 ----a-r- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-01-21 03:20 134656 ----a-r- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 22:21 1695232 ------w- c:\arquivos de programas\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-01-21 03:18 134656 ----a-r- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-06-25 06:07 17887232 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 10:32 253816 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Arquivos de programas\\Java\\jre7\\launch4j-tmp\\IRPF2013.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [15/05/2013 11:22 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [15/05/2013 11:22 174664]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [21/07/2011 11:37 46888]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [15/07/2011 11:57 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [15/07/2011 11:53 368944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/07/2011 11:53 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [15/05/2013 11:22 66336]
R2 ES lite Service;ES lite Service for program management.;c:\arquivos de programas\Gigabyte\EasySaver\essvr.exe [15/07/2011 10:52 68136]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [21/07/2011 11:37 526888]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [15/07/2011 11:18 44032]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [06/02/2012 17:44 29432]
S2 BCUService;Browser Configuration Utility Service;c:\arquivos de programas\DeviceVM\Browser Configuration Utility\BCUService.exe --> c:\arquivos de programas\DeviceVM\Browser Configuration Utility\BCUService.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15/07/2011 11:06 1684736]
S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [06/02/2012 17:44 29432]
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRVRT
*NewlyCreated* - ASWVMM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-12 12:22 1642448 ----a-w- c:\arquivos de programas\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:23]
.
2013-05-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [2012-09-21 08:58]
.
2013-05-15 c:\windows\Tasks\FindLyrics Update.job
- c:\arquivos de programas\FindLyrics\flcsur.exe [2013-04-22 09:42]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-02-03 17:51]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-02-03 17:51]
.
2013-05-15 c:\windows\Tasks\User_Feed_Synchronization-{18A79B46-95E4-4900-B55E-A000D4AF0BFF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
.
2013-05-15 c:\windows\Tasks\User_Feed_Synchronization-{50A4D2C1-E8E0-4CD2-988E-B1FA9B6DC458}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
TCP: DhcpNameServer = 10.4.65.16
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - ProfilePath - c:\documents and settings\f001872\Dados de aplicativos\Mozilla\Firefox\Profiles\0vz6nf72.default\
FF - ExtSQL: 2013-04-16 15:08; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\documents and settings\f001872\Dados de aplicativos\Mozilla\Firefox\Profiles\0vz6nf72.default\extensions\netvideohunter@netvideohunter.com
FF - ExtSQL: 2013-05-08 14:55; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\arquivos de programas\FindLyrics\FF
.
- - - - ORFÃOS REMOVIDOS - - - -
.
HKLM-Run-BCU - c:\arquivos de programas\DeviceVM\Browser Configuration Utility\BCU.exe
MSConfigStartUp-BCU - c:\arquivos de programas\DeviceVM\Browser Configuration Utility\BCU.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Rootkit scan 2013-05-15 11:35
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\68AB67CA7DA76401B7448A0100000030\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"="READER8;[1]"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"=";1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(980)
c:\arquivos de programas\GBPLUGIN\gbieh.dll
.
Tempo para conclusão: 2013-05-15 11:36:32
ComboFix-quarantined-files.txt 2013-05-15 14:36
.
Pré-execução: 7 pasta(s) 126.072.766.464 bytes disponíveis
Pós execução: 9 pasta(s) 126.050.406.400 bytes disponíveis
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 20B1D83C46DE113D16E24A647602F532
# AdwCleaner v2.300 - Relatório criado em 15/05/2013 às 11:14:37
# Atualizado em 28/04/2013 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : f001872 - FUN0128
# Modo de Boot : Normal
# Executado de : C:\Documents and Settings\f001872\Desktop\adwcleaner.exe
# Opção [Remover]
***** [Serviços] *****
***** [Arquivos/Pastas] *****
Arquivo Removido : C:\Documents and Settings\f001872\Dados de aplicativos\Mozilla\Firefox\Profiles\0vz6nf72.default\searchplugins\Askcom.xml
Arquivo Removido : C:\Documents and Settings\f001872\Dados de aplicativos\Mozilla\Firefox\Profiles\0vz6nf72.default\searchplugins\Babylon.xml
Arquivo Removido : C:\Documents and Settings\f001872\Dados de aplicativos\Mozilla\Firefox\Profiles\0vz6nf72.default\searchplugins\BrowserProtect.xml
Arquivo Removido : C:\Documents and Settings\f001872\Dados de aplicativos\Mozilla\Firefox\Profiles\0vz6nf72.default\searchplugins\delta.xml
Pasta Removido : C:\Arquivos de programas\DeviceVM
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Ask
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia
Pasta Removido : C:\Documents and Settings\f001872\Dados de aplicativos\Babylon
***** [Registro] *****
Chave Removida : HKCU\Software\BabylonToolbar
Chave Removida : HKCU\Software\BI
Chave Removida : HKCU\Software\DataMngr
Chave Removida : HKCU\Software\DataMngr_Toolbar
Chave Removida : HKCU\Software\delta LTD
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chave Removida : HKLM\SOFTWARE\5828dd1bc38b941
Chave Removida : HKLM\Software\Babylon
Chave Removida : HKLM\Software\BabylonToolbar
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
Chave Removida : HKLM\Software\DataMngr
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Navegadores] *****
-\\ Internet Explorer v8.0.6001.18702
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] --> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
-\\ Mozilla Firefox v19.0.2 (pt-BR)
Arquivo : C:\Documents and Settings\f002082\Dados de aplicativos\Mozilla\Firefox\Profiles\3vtg9mmm.default\prefs.js
[OK] Arquivo está limpo.
Arquivo : C:\Documents and Settings\f001872\Dados de aplicativos\Mozilla\Firefox\Profiles\0vz6nf72.default\prefs.js
C:\Documents and Settings\f001872\Dados de aplicativos\Mozilla\Firefox\Profiles\0vz6nf72.default\user.js ... Removido !
Removida : user_pref("extensions.delta.admin", false);
Removida : user_pref("extensions.delta.aflt", "babsst");
Removida : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Removida : user_pref("extensions.delta.autoRvrt", "false");
Removida : user_pref("extensions.delta.bbDpng", "8");
Removida : user_pref("extensions.delta.cntry", "BR");
Removida : user_pref("extensions.delta.dfltLng", "en");
Removida : user_pref("extensions.delta.excTlbr", false);
Removida : user_pref("extensions.delta.ffxUnstlRst", true);
Removida : user_pref("extensions.delta.hdrMd5", "22BEB1D3139EA7159C1B7402515088B3");
Removida : user_pref("extensions.delta.id", "34c884e00000000000006cf049f6d644");
Removida : user_pref("extensions.delta.instlDay", "15833");
Removida : user_pref("extensions.delta.instlRef", "sst");
Removida : user_pref("extensions.delta.lastVrsnTs", "1.8.16.1614:57:26");
Removida : user_pref("extensions.delta.newTab", false);
Removida : user_pref("extensions.delta.prdct", "delta");
Removida : user_pref("extensions.delta.prtnrId", "delta");
Removida : user_pref("extensions.delta.rvrt", "false");
Removida : user_pref("extensions.delta.sg", "tzb");
Removida : user_pref("extensions.delta.smplGrp", "none");
Removida : user_pref("extensions.delta.tlbrId", "base");
Removida : user_pref("extensions.delta.tlbrSrchUrl", "");
Removida : user_pref("extensions.delta.vrsn", "1.8.16.16");
Removida : user_pref("extensions.delta.vrsnTs", "1.8.16.1614:57:26");
Removida : user_pref("extensions.delta.vrsni", "1.8.16.16");
Removida : user_pref("[email=extensions.toolbar@ask.com.install-event-fired][Tens de ter uma conta e sessão iniciada para poderes visualizar este link]-event-fired[/email]", true);
-\\ Google Chrome v26.0.1410.64
Arquivo : C:\Documents and Settings\f002082\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences
[OK] Arquivo está limpo.
Arquivo : C:\Documents and Settings\f001872\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences
[OK] Arquivo está limpo.
*************************
AdwCleaner[S1].txt - [5930 octets] - [15/05/2013 11:14:37]
########## EOF - C:\AdwCleaner[S1].txt - [5990 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by f001872 on 15/05/2013 at 11:42:34,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C9C0DDB8-5616-44D7-B63B-9AF278F7DD68}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Documents and Settings\f001872\Dados de aplicativos\mozilla\firefox\profiles\0vz6nf72.default\invalidprefs.js
Successfully deleted the following from C:\Documents and Settings\f001872\Dados de aplicativos\mozilla\firefox\profiles\0vz6nf72.default\prefs.js
user_pref("extensions.FastestTube_wombat.CachedHttpRequest.hxxp://dyn.lite.adlesse.com/easylist/easylist.txt", "[Adblock Plus 1.1]\n! Checksum: qkwyr95ywXi6yirRVUXJkw\n! EasyL
user_pref("extensions.FastestTube_wombat.CachedHttpRequest.hxxp://dyn.lite.adlesse.com/easylist/easylist_new.txt", "%5BAdblock%20Plus%202.0%5D%0A%21%20Checksum%3A%20sIysRGJ9QX
user_pref("extensions.FastestTube_wombat.script_loader.data", "[email=%5B%7B%22type%22%3A%22background%22%2C%22code%22%3A%22%5Cr%5Cn//%20@sourceRev%20%3D%203734%5Cr%5Cnvar%20trueMD5O]%5B%7B%22type%22%3A%22background%22%2C%22code%22%3A%22%5Cr%5Cn//%20@sourceRev%20%3D%203734%5Cr%5Cnvar%20trueMD5O[/email]
user_pref("[email=extensions.ffxtlbr@delta.com.install-event-fired][Tens de ter uma conta e sessão iniciada para poderes visualizar este link]-event-fired[/email]", true);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/05/2013 at 11:45:29,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
» KpRm ( ... by Kernel-panik )
» ESET Rogue Applications Remover ( ... by Eset.com )
» PW Clean 2.7 ( ... by Doutor PW )
» CKScanner ( ... by askey127 )
» AdwCleaner ( ... by XPlode )
» ZHPDiag ( ... de Nicolas Coolman )
» Argente - Registry Cleaner ( ... by Argente Software )
» ListChkdskResult ( ... by SleepyDude )