Propaganda aleatoria ao acessa qualquer navegador, log para analise.

# AdwCleaner v2.303 - Logfile created 06/08/2013 at 21:37:12
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Ultimate (64 bits)
# User : Edvan - EDVAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Edvan\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\Program Files (x86)\CouponDropDown Plugin
Folder Deleted : C:\Program Files (x86)\DeviceVM
Folder Deleted : C:\ProgramData\DeviceVM
Folder Deleted : C:\Users\Edvan\AppData\Local\CouponDropDown Plugin
Folder Deleted : C:\Users\Edvan\AppData\Local\Google\Chrome\User Data\Default\Extensions\phogapapkjenakenccmiinkeonkiidle
Folder Deleted : C:\Users\Edvan\AppData\Roaming\DeviceVM
Folder Deleted : C:\Users\Edvan\AppData\Roaming\pdfforge

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\CouponDropDown Plugin
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211771193}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211771193}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0027793.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0027793.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0027793.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0027793.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440244774493}
Key Deleted : HKLM\Software\CouponDropDown Plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211771193}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\V9Software
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211771193}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220222772293}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550255775593}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660266776693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211771193}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211771193}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211771193}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CouponDropDown Plugin
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255775593}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266776693}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16448

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Edvan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4404 octets] - [08/06/2013 21:37:12]

########## EOF - C:\AdwCleaner[S1].txt - [4464 octets] ##########



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by Edvan on 08/06/2013 at 21:41:27,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{ED144D9C-3E73-49F0-8F6F-C5246C357E51}



~~~ Files



~~~ Folders



~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/06/2013 at 21:45:24,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~









ComboFix 13-06-08.02 - Edvan 08/06/2013 21:51:54.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.2070.18.4008.2558 [GMT -3:00]
Executando de: c:\users\Edvan\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll
c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-05-09 to 2013-06-09 ))))))))))))))))))))))))))))
.
.
2013-06-09 00:56 . 2013-06-09 00:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-09 00:41 . 2013-06-09 00:41 -------- d-----w- c:\windows\ERUNT
2013-06-09 00:41 . 2013-06-09 00:41 -------- d-----w- C:\JRT
2013-06-08 20:59 . 2013-06-08 20:59 -------- d-----w- c:\users\Edvan\AppData\Local\Updater27793
2013-06-01 13:27 . 2013-06-01 13:27 -------- d-----w- c:\program files\webrec
2013-05-27 20:31 . 2013-05-28 15:40 -------- d-----w- C:\Pictures
2013-05-27 17:44 . 2002-08-02 15:00 147512 ----a-w- c:\windows\SysWow64\temp.004
2013-05-27 17:44 . 2013-05-27 17:44 -------- d-----w- c:\program files (x86)\Client
2013-05-27 17:44 . 2007-05-16 11:41 49152 ----a-w- c:\windows\SysWow64\inetocx.ocx
2013-05-27 17:44 . 2007-05-14 15:47 28672 ----a-w- c:\windows\SysWow64\UdpSock.dll
2013-05-27 17:44 . 2007-05-11 01:00 290816 ----a-w- c:\windows\SysWow64\DVRClient.ocx
2013-05-27 17:44 . 2007-05-09 13:10 24576 ----a-w- c:\windows\SysWow64\temp.003
2013-05-27 17:44 . 2007-03-19 13:01 49152 ----a-w- c:\windows\SysWow64\Mp4Decoder.dll
2013-05-27 17:44 . 2006-02-25 17:14 77824 ----a-w- c:\windows\SysWow64\xvid.ax
2013-05-27 17:44 . 2005-07-09 23:58 61440 ----a-w- c:\windows\SysWow64\TalkDll.dll
2013-05-27 17:44 . 2003-03-16 00:24 565248 ----a-w- c:\windows\SysWow64\svmp4.dll
2013-05-27 17:44 . 2000-12-07 00:18 28672 ----a-w- c:\windows\SysWow64\DrawDll.dll
2013-05-15 21:54 . 2013-06-08 21:26 -------- d-----w- C:\FFOutput
2013-05-14 15:36 . 2013-05-14 15:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-14 15:36 . 2013-04-04 08:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-10 22:21 . 2013-05-10 22:21 -------- d-----w- c:\windows\SysWow64\webclient
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-14 22:52 . 2012-08-24 14:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 22:52 . 2012-08-24 14:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-09 08:59 . 2013-03-01 21:42 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2013-03-01 21:42 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2012-08-16 22:52 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2012-08-16 22:52 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2012-08-16 22:52 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-08-16 22:52 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2012-08-16 22:52 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2012-08-16 22:52 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2012-08-16 22:52 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-08-16 22:52 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-04-09 18:13 . 2013-04-21 20:10 110264 ----a-w- c:\windows\system32\pdfcmon.dll
2013-03-27 19:34 . 2013-03-27 19:33 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-24 39408]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 22:52]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-16 22:52]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-16 22:52]
.
2013-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4069876537-3619617356-1919562461-1000Core.job
- c:\users\Edvan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24 14:44]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4069876537-3619617356-1919562461-1000UA.job
- c:\users\Edvan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24 14:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 416024]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 192.168.1.117:3128
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 187.123.79.52 187.123.79.56 192.168.1.1
DPF: {021AFC0F-30F4-474D-9903-CE42D9539B17} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
AddRemove-WebClient - c:\windows\system32\WebClient\uninstall.cmd
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-4069876537-3619617356-1919562461-1000\Software\Adobe\CommonFiles\Usage\CS5]
@DACL=(02 0000)
"Date"="2012-11-02T00:15Z"
.
[HKEY_USERS\S-1-5-21-4069876537-3619617356-1919562461-1000\Software\Adobe\CommonFiles\Usage\Demographic]
@DACL=(02 0000)
"JobFunction"="NOVALUE"
"Industry"="NOVALUE"
"CompanySize"="NOVALUE"
.
[HKEY_USERS\S-1-5-21-4069876537-3619617356-1919562461-1000\Software\Adobe\CommonFiles\Usage\Reader 9]
@DACL=(02 0000)
"throttle"=dword:00000003
"Date"="2012-09-29T23:12Z"
"OptIn"=dword:00000000
.
[HKEY_USERS\S-1-5-21-4069876537-3619617356-1919562461-1000\Software\Gabest\Media Player Classic\Settings\PnSPresets]
@DACL=(02 0000)
"Preset0"="Scale to 16:9 TV,0.500,0.500,1.000,1.333"
"Preset1"="Zoom To Widescreen,0.500,0.500,1.333,1.333"
"Preset2"="Zoom To Ultra-Widescreen,0.500,0.500,1.763,1.763"
.
[HKEY_USERS\S-1-5-21-4069876537-3619617356-1919562461-1000\Software\Microsoft\Installer\Products\6DED2C82B5237CC489A371778C7FBFBA\SourceList\Media]
@DACL=(02 0000)
"1"=";"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\79EB7C9295ED2A736A78A2DD351249A8\SourceList\Media]
@DACL=(02 0000)
"100"=";"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\F307481C0422F334BAB073BCA72235B0\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="Microsoft's Silverlight Installation [1]"
"100"=";"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\1007C6B46D7C017319E3B52CF3EC196E\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"=";1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\135DCCF583B149A429C421F727F20207\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"=";"
"2"=";"
"3"=";"
"4"=";"
"5"=";"
"6"=";"
"7"=";"
"8"=";"
"9"=";"
"10"=";"
"11"=";"
"12"=";"
"13"=";"
"14"=";"
"15"=";"
"16"=";"
"17"=";"
"18"=";"
"19"=";"
"20"=";"
"21"=";"
"22"=";"
"23"=";"
"24"=";"
"25"=";"
"26"=";"
"27"=";"
"28"=";"
"29"=";"
"30"=";"
"31"=";"
"32"=";"
"33"=";"
"34"=";"
"35"=";"
"36"=";"
"37"=";"
"38"=";"
"39"=";"
"40"=";"
"41"=";"
"42"=";"
"43"=";"
"44"=";"
"45"=";"
"46"=";"
"47"=";"
"48"=";"
"49"=";"
"50"=";"
"51"=";"
"52"=";"
"53"=";"
"54"=";"
"55"=";"
"56"=";"
"57"=";"
"58"=";"
"59"=";"
"60"=";"
"61"=";"
"62"=";"
"63"=";"
"64"=";"
"65"=";"
"66"=";"
"67"=";"
"68"=";"
"69"=";"
"70"=";"
"71"=";"
"72"=";"
"73"=";"
"74"=";"
"75"=";"
"76"=";"
"77"=";"
"78"=";"
"79"=";"
"80"=";"
"81"=";"
"82"=";"
"83"=";"
"84"=";"
"85"=";"
"86"=";"
"87"=";"
"88"=";"
"89"=";"
"90"=";"
"91"=";"
"92"=";"
"93"=";"
"94"=";"
"95"=";"
"96"=";"
"97"=";"
"98"=";"
"99"=";"
"100"=";"
"101"=";"
"102"=";"
"103"=";"
"104"=";"
"105"=";"
"106"=";"
"107"=";"
"108"=";"
"109"=";"
"110"=";"
"111"=";"
"112"=";"
"113"=";"
"114"=";"
"115"=";"
"116"=";"
"117"=";"
"118"=";"
"119"=";"
"120"=";"
"121"=";"
"122"=";"
"123"=";"
"124"=";"
"125"=";"
"126"=";"
"127"=";"
"128"=";"
"129"=";"
"130"=";"
"131"=";"
"132"=";"
"133"=";"
"134"=";"
"135"=";"
"136"=";"
"137"=";"
"138"=";"
"139"=";"
"140"=";"
"141"=";"
"142"=";"
"143"=";"
"144"=";"
"145"=";"
"146"=";"
"147"=";"
"148"=";"
"149"=";"
"150"=";"
"151"=";"
"152"=";"
"153"=";"
"154"=";"
"155"=";"
"156"=";"
"157"=";"
"158"=";"
"159"=";"
"160"=";"
"161"=";"
"162"=";"
"163"=";"
"164"=";"
"165"=";"
"166"=";"
"167"=";"
"168"=";"
"169"=";"
"170"=";"
"171"=";"
"172"=";"
"173"=";"
"174"=";"
"175"=";"
"176"=";"
"177"=";"
"178"=";"
"179"=";"
"180"=";"
"181"=";"
"182"=";"
"183"=";"
"184"=";"
"185"=";"
"186"=";"
"187"=";"
"188"=";"
"189"=";"
"190"=";"
"191"=";"
"192"=";"
"193"=";"
"194"=";"
"195"=";"
"196"=";"
"197"=";"
"198"=";"
"199"=";"
"200"=";"
"201"=";"
"202"=";"
"203"=";"
"204"=";"
"205"=";"
"206"=";"
"207"=";"
"208"=";"
"209"=";"
"210"=";"
"211"=";"
"212"=";"
"213"=";"
"214"=";"
"215"=";"
"216"=";"
"217"=";"
"218"=";"
"219"=";"
"220"=";"
"221"=";"
"222"=";"
"223"=";"
"224"=";"
"225"=";"
"226"=";"
"227"=";"
"228"=";"
"229"=";"
"230"=";"
"231"=";"
"232"=";"
"233"=";"
"234"=";"
"235"=";"
"236"=";"
"237"=";"
"238"=";"
"239"=";"
"240"=";"
"241"=";"
"242"=";"
"243"=";"
"244"=";"
"245"=";"
"246"=";"
"247"=";"
"248"=";"
"249"=";"
"250"=";"
"251"=";"
"252"=";"
"253"=";"
"254"=";"
"255"=";"
"256"=";"
"257"=";"
"258"=";"
"259"=";"
"260"=";"
"261"=";"
"262"=";"
"263"=";"
"264"=";"
"265"=";"
"266"=";"
"267"=";"
"268"=";"
"269"=";"
"270"=";"
"271"=";"
"272"=";"
"273"=";"
"274"=";"
"275"=";"
"276"=";"
"277"=";"
"278"=";"
"279"=";"
"280"=";"
"281"=";"
"282"=";"
"283"=";"
"284"=";"
"285"=";"
"286"=";"
"287"=";"
"288"=";"
"289"=";"
"290"=";"
"291"=";"
"292"=";"
"293"=";"
"294"=";"
"295"=";"
"296"=";"
"297"=";"
"298"=";"
"299"=";"
"300"=";"
"301"=";"
"302"=";"
"303"=";"
"304"=";"
"305"=";"
"306"=";"
"307"=";"
"308"=";"
"309"=";"
"310"=";"
"311"=";"
"312"=";"
"313"=";"
"314"=";"
"315"=";"
"316"=";"
"317"=";"
"318"=";"
"319"=";"
"320"=";"
"321"=";"
"322"=";"
"323"=";"
"324"=";"
"325"=";"
"326"=";"
"327"=";"
"328"=";"
"329"=";"
"330"=";"
"331"=";"
"332"=";"
"333"=";"
"334"=";"
"335"=";"
"336"=";"
"337"=";"
"338"=";"
"339"=";"
"340"=";"
"341"=";"
"342"=";"
"343"=";"
"344"=";"
"345"=";"
"346"=";"
"347"=";"
"348"=";"
"349"=";"
"350"=";"
"351"=";"
"352"=";"
"353"=";"
"354"=";"
"355"=";"
"356"=";"
"357"=";"
"358"=";"
"359"=";"
"360"=";"
"361"=";"
"362"=";"
"363"=";"
"364"=";"
"365"=";"
"366"=";"
"367"=";"
"368"=";"
"369"=";"
"370"=";"
"371"=";"
"372"=";"
"373"=";"
"374"=";"
"375"=";"
"376"=";"
"377"=";"
"378"=";"
"379"=";"
"380"=";"
"381"=";"
"382"=";"
"383"=";"
"384"=";"
"385"=";"
"386"=";"
"387"=";"
"388"=";"
"389"=";"
"390"=";"
"391"=";"
"392"=";"
"393"=";"
"394"=";"
"395"=";"
"396"=";"
"397"=";"
"398"=";"
"399"=";"
"400"=";"
"401"=";"
"402"=";"
"403"=";"
"404"=";"
"405"=";"
"406"=";"
"407"=";"
"408"=";"
"409"=";"
"410"=";"
"411"=";"
"412"=";"
"413"=";"
"414"=";"
"415"=";"
"416"=";"
"417"=";"
"418"=";"
"419"=";"
"420"=";"
"421"=";"
"422"=";"
"423"=";"
"424"=";"
"425"=";"
"426"=";"
"427"=";"
"428"=";"
"429"=";"
"430"=";"
"431"=";"
"432"=";"
"433"=";"
"434"=";"
"435"=";"
"436"=";"
"437"=";"
"438"=";"
"439"=";"
"440"=";"
"441"=";"
"442"=";"
"443"=";"
"444"=";"
"445"=";"
"446"=";"
"447"=";"
"448"=";"
"449"=";"
"450"=";"
"451"=";"
"452"=";"
"453"=";"
"454"=";"
"455"=";"
"456"=";"
"457"=";"
"458"=";"
"459"=";"
"460"=";"
"461"=";"
"462"=";"
"463"=";"
"464"=";"
"465"=";"
"466"=";"
"467"=";"
"468"=";"
"469"=";"
"470"=";"
"471"=";"
"472"=";"
"473"=";"
"474"=";"
"475"=";"
"476"=";"
"477"=";"
"478"=";"
"479"=";"
"480"=";"
"481"=";"
"482"=";"
"483"=";"
"484"=";"
"485"=";"
"486"=";"
"487"=";"
"488"=";"
"489"=";"
"490"=";"
"491"=";"
"492"=";"
"493"=";"
"494"=";"
"495"=";"
"496"=";"
"497"=";"
"498"=";"
"499"=";"
"500"=";"
"501"=";"
"502"=";"
"503"=";"
"504"=";"
"505"=";"
"506"=";"
"507"=";"
"508"=";"
"509"=";"
"510"=";"
"511"=";"
"512"=";"
"513"=";"
"514"=";"
"515"=";"
"516"=";"
"517"=";"
"518"=";"
"519"=";"
"520"=";"
"521"=";"
"522"=";"
"523"=";"
"524"=";"
"525"=";"
"526"=";"
"527"=";"
"528"=";"
"529"=";"
"530"=";"
"531"=";"
"532"=";"
"533"=";"
"534"=";"
"535"=";"
"536"=";"
"537"=";"
"538"=";"
"539"=";"
"540"=";"
"541"=";"
"542"=";"
"543"=";"
"544"=";"
"545"=";"
"546"=";"
"547"=";"
"548"=";"
"549"=";"
"550"=";"
"551"=";"
"552"=";"
"553"=";"
"554"=";"
"555"=";"
"556"=";"
"557"=";"
"558"=";"
"559"=";"
"560"=";"
"561"=";"
"562"=";"
"563"=";"
"564"=";"
"565"=";"
"566"=";"
"567"=";"
"568"=";"
"569"=";"
"570"=";"
"571"=";"
"572"=";"
"573"=";"
"574"=";"
"575"=";"
"576"=";"
"577"=";"
"578"=";"
"579"=";"
"580"=";"
"581"=";"
"582"=";"
"583"=";"
"584"=";"
"585"=";"
"586"=";"
"587"=";"
"588"=";"
"589"=";"
"590"=";"
"591"=";"
"592"=";"
"593"=";"
"594"=";"
"595"=";"
"596"=";"
"597"=";"
"598"=";"
"599"=";"
"600"=";"
"601"=";"
"602"=";"
"603"=";"
"604"=";"
"605"=";"
"606"=";"
"607"=";"
"608"=";"
"609"=";"
"610"=";"
"611"=";"
"612"=";"
"613"=";"
"614"=";"
"615"=";"
"616"=";"
"617"=";"
"618"=";"
"619"=";"
"620"=";"
"621"=";"
"622"=";"
"623"=";"
"624"=";"
"625"=";"
"626"=";"
"627"=";"
"628"=";"
"629"=";"
"630"=";"
"631"=";"
"632"=";"
"633"=";"
"634"=";"
"635"=";"
"636"=";"
"637"=";"
"638"=";"
"639"=";"
"640"=";"
"641"=";"
"642"=";"
"643"=";"
"644"=";"
"645"=";"
"646"=";"
"647"=";"
"648"=";"
"649"=";"
"650"=";"
"651"=";"
"652"=";"
"653"=";"
"654"=";"
"655"=";"
"656"=";"
"657"=";"
"658"=";"
"659"=";"
"660"=";"
"661"=";"
"662"=";"
"663"=";"
"664"=";"
"665"=";"
"666"=";"
"667"=";"
"668"=";"
"669"=";"
"670"=";"
"671"=";"
"672"=";"
"673"=";"
"674"=";"
"675"=";"
"676"=";"
"677"=";"
"678"=";"
"679"=";"
"680"=";"
"681"=";"
"682"=";"
"683"=";"
"684"=";"
"685"=";"
"686"=";"
"687"=";"
"688"=";"
"689"=";"
"690"=";"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\1926E8D15D0BCE53481466615F760A7F\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"=";1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\1af2a8da7e60d0b429d7e6453b3d0182\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
"2"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
"3"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
"4"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
"5"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
"6"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
"7"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
"8"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
"9"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
"10"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
"11"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"=";1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"2"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"3"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"4"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"5"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"6"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"7"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"8"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"9"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"10"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"11"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\4E6E1C288176DFE4D9CC2E676D09FE64\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="Plug-in Autodesk Inventor Fusion for AutoCAD 2013 [1]"
"1"=";"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\5784F2EFC590C724A979F4D80EA5FC22\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="Plug-in Autodesk Inventor Fusion for AutoCAD 2013 [1]"
"1"=";"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\6E8A266FCD4F2A1409E1C8110F44DBCE\SourceList\Media]
@DACL=(02 0000)
"1"=";"
"2"=";"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\7D2F3875100B0000102000060BECB6AB\SourceList\Media]
@DACL=(02 0000)
"MediaPackage"="\\x64\\acad"
"DiskPrompt"="AutoCAD 2013 - Brasil: [1]"
"1"="acad2013;"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\7D2F3875100B6140112000060BECB6AB\SourceList\Media]
@DACL=(02 0000)
"MediaPackage"="\\x64\\acad\\pt-BR"
"DiskPrompt"="AutoCAD 2013 - Brasil: [1]"
"1"="acad2013;"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\7D2F3875100B6140122000060BECB6AB\SourceList\Media]
@DACL=(02 0000)
"MediaPackage"="\\x64\\acad\\[LANG2LONG]"
"DiskPrompt"="AutoCAD 2013 - Brasil: [1]"
"1"=";"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\9500CD411F0026F4DBA1BA32DC159AE5\SourceList\Media]
@DACL=(02 0000)
"1"=";"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\9B21E606F14644642AA2FF83EA89A0DF\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"="DISK1;1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\9eab5ec6ac3d99b498a1d16c1c815acf\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
"2"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
"3"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
"4"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
"5"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
"6"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
"7"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
"8"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
"9"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
"10"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
"11"=";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\A76A12931BA584E449447C8141FC0372\SourceList\Media]
@DACL=(02 0000)
"1"=";"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\A929A4608ED4FC049A10DB041CE4D452\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="PDF Installation [1]"
"1"=";CD-ROM #1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\B0FEE8C6EB4C7A53FB80C7C366E76BA2\SourceList\Media]
@DACL=(02 0000)
"1"=";1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\B17E077734D20084C93BB5C6AABEBEAE\SourceList\Media]
@DACL=(02 0000)
"1"=";"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"2"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"3"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"4"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"5"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"6"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"7"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"8"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"9"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"10"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"11"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\BA920F262F58000068A6F90CDD99DDCB\SourceList\Media]
@DACL=(02 0000)
"1"="ContentService_1;"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\BA920F262F58100068A6F90CDD99DDCB\SourceList\Media]
@DACL=(02 0000)
"1"="ContentService_1_EN-US;"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\BDF3778CBD0D25EB5D634FF889685BB7\SourceList\Media]
@DACL=(02 0000)
"1"=";"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\BEEBE7110BD58C34F96DDD85D31B25DD\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"="DISK1;1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\C28643E881181F13CBC489DC69571E2C\SourceList\Media]
@DACL=(02 0000)
"1"=";1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\CB47F5EE5DC52FE468AB186EFC641AF8\SourceList\Media]
@DACL=(02 0000)
"1"=";"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"=";1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="Microsoft's Silverlight Installation [1]"
"1"=";1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\DB775D1AD2969CA489FDE8C3337B294E\SourceList\Media]
@DACL=(02 0000)
"1"=";"
"2"=";"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\DDA39468D428E8B4DB27C8D5DC5CA217\SourceList\Media]
@DACL=(02 0000)
"1"=";"
"2"=";"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\DFC90B5F2B0FFA63D84FD16F6BF37C4B\SourceList\Media]
@DACL=(02 0000)
"1"=";1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\E83E246D42D0C684A9D23E61DD96F6B4\SourceList\Media]
@DACL=(02 0000)
"1"=";"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\EB940C659E972054EB7A79453A6EF0B9\SourceList\Media]
@DACL=(02 0000)
"1"=";"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\EDC3967BB470C1035948CF343496C6B8\SourceList\Media]
@DACL=(02 0000)
"1"=";1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\F9165FFF310246008AE599497FA0E9D5\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="Please insert the DVD labeled \"[1]\""
"1"=";Inventor Fusion 2013 Disk 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2013-06-08 21:58:18
ComboFix-quarantined-files.txt 2013-06-09 00:58
.
Pré-execução: 253.861.425.152 bytes disponíveis
Pós execução: 253.651.496.960 bytes disponíveis
.
- - End Of File - - B630AED4A65ABD91A96D4908E0D1BF4A
A36C5E4F47E84449FF07ED3517B43A31

Ops!!! log para analise [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Bom Dia! Edvan

|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
|- Salve-o no desktop!
|- Desabilite seu antivírus ou antispyware,para que a ferramenta não seja detectada como malware.
|- Execute AT-Destroyer.exe como administrador,caso utilize Windows Vista ou 7.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

|- Escolha a opção "Buscar" e aguarde a finalização do scan.
|- Poste o relatório! ( C:\AT-Destroyer.txt )

-/-

|- Feche programas/pastas que estejam abertas.
|- Feche,também,o navegador!
|- Para Windows Vista,desabilite a [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

[MD5.00000000000000000000000000000000] [APT] [{97CAD944-A341-4D2D-A421-5A9572EC2ADD}] (...) -- C:\Users\Edvan\Desktop\VirtualBox-4.2.4-81684-Win.exe (.not file.) [0]
O3 - Toolbar: (no name) [64Bits] - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} Orphean Key
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Orphean Key
O87 - FAEL: "TCP Query User{69823462-E832-47AC-87A2-8EF8D3AFC93A}C:\program files\telexfree\run.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\telexfree\run.exe (.not file.)
O87 - FAEL: "UDP Query User{1A81B48A-EE20-4C37-956A-4E1BB1EF50C3}C:\program files\telexfree\run.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\telexfree\run.exe (.not file.)
O87 - FAEL: "{D3A884D8-7C0D-413E-9F61-F9F59FAC6F77}" |In - Public - P17 - TRUE | .(...) -- C:\program files\telexfree\run.exe (.not file.)
O87 - FAEL: "{DDCB2F19-FAD2-4B88-8B06-12F1B59B65F5}" |In - Public - P6 - TRUE | .(...) -- C:\program files\telexfree\run.exe (.not file.)
G2 - GCE: Preference [User Data\Default] [dhkplhfnhceodhffomolpfigojocbpcb] Babylon Toolbar v.1.8 (Désactivé) => Infection BT (Toolbar.Babylon)

proxyfix
emptytemp
emptyclsid
emptyflash
firewallraz
sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
|- Minimize o Bloco de Notas.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique no menu,"Paste ClipBoard".
|- Evite a opção "Colar" ( Ctrl+V ),no campo amarelo claro,que não habilita o botão "Go".

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

|- Clique "GO" -> Oui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

Abs!

######################## AT-Destroyer By Infospyware.
Hora/Día/Mes/Año: 20:54:30 \\\ 09/06/2013
AT-Destroyer 2.1 By Infospyware ---> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Última actualización: 30/11/2012
Opción escogida: 1 :Buscar
Versión Internet Explorer:9.0.8112.16421
Privilegios: Edvan - Administrador
Modo Actual: Modo Normal.
Nombre del pc: EDVAN-PC
Información del sistema operativo:X64-WIN_7-
nombre del usuario:Edvan
Lenguaje del sistema: Portugués



>>>>>> Servicios <<<<<<



>>>>>> Carpetas <<<<<<



>>>>>> Archivos <<<<<<



>>>>>> Registro <<<<<<



>>>>>> Heurística <<<<<<

Encontrado: C:\Users\Edvan\2012-12-05-01-57-51.020-VirtualBox.exe-3900.log (Heur malware.win32.generic)
Encontrado: C:\Users\Edvan\2013-03-07-22-30-33.000-VirtualBox.exe-3808.log (Heur malware.win32.generic)
Encontrado: C:\Users\Edvan\2013-04-21-00-14-19.048-VirtualBox.exe-2284.log (Heur malware.win32.generic)
Encontrado: C:\Users\Edvan\2013-04-21-00-15-22.022-VirtualBox.exe-4588.log (Heur malware.win32.generic)
Encontrado: C:\Users\Edvan\2013-04-21-00-16-11.092-VirtualBox.exe-5028.log (Heur malware.win32.generic)
Encontrado: C:\Users\Edvan\2013-04-21-00-26-19.079-VirtualBox.exe-3540.log (Heur malware.win32.generic)
Encontrado: C:\Users\Edvan\2013-04-21-00-28-04.013-VirtualBox.exe-3500.log (Heur malware.win32.generic)
Encontrado: C:\Users\Edvan\2013-04-21-02-09-46.091-VirtualBox.exe-3500.log (Heur malware.win32.generic)
Encontrado: C:\Users\Edvan\2013-04-21-02-11-49.073-VirtualBox.exe-3996.log (Heur malware.win32.generic)
Encontrado: C:\Users\Edvan\2013-04-21-02-12-44.062-VirtualBox.exe-5032.log (Heur malware.win32.generic)
Encontrado: C:\Users\Edvan\2013-04-21-02-13-46.032-VirtualBox.exe-4612.log (Heur malware.win32.generic)
Encontrado: C:\Users\Edvan\2013-04-21-02-16-13.033-VirtualBox.exe-4972.log (Heur malware.win32.generic)
Encontrado: C:\Users\Edvan\2013-04-21-02-16-22.070-VirtualBox.exe-4376.log (Heur malware.win32.generic)
Encontrado: C:\Users\Edvan\2013-04-21-02-16-46.041-VirtualBox.exe-4848.log (Heur malware.win32.generic)
Encontrado: C:\Users\Edvan\2013-04-21-02-18-28.036-VirtualBox.exe-3340.log (Heur malware.win32.generic)
Encontrado: C:\Users\Edvan\2013-04-21-02-19-22.076-VirtualBox.exe-4408.log (Heur malware.win32.generic)
Encontrado: C:\Users\Edvan\2013-04-21-02-21-13.058-VirtualBox.exe-4220.log (Heur malware.win32.generic)
Encontrado: C:\Users\Edvan\2013-04-21-02-21-19.086-VirtualBox.exe-3828.log (Heur malware.win32.generic)
Encontrado: C:\Users\Edvan\2013-04-21-02-23-07.053-VirtualBox.exe-3700.log (Heur malware.win32.generic)


>>>>>> Internet Explorer <<<<<<

Start Page==about:blank
Local Page==C:\Windows\SysWOW64\blank.htm
Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
Default_search_url==http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL==about:blank


''HKCU\Software\Microsoft\Internet Explorer\Main''
Start Page==http://www.google.com.br/
Local Page==C:\Windows\system32\blank.htm
Search Page==http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_search_url==
Default_Page_URL==


HKEY_USERS\S-1-5-21-4069876537-3619617356-1919562461-1000\Software\Microsoft\Internet Explorer\Main''
Start Page==http://www.google.com.br/
Local Page==C:\Windows\system32\blank.htm
Search Page==http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_search_url==
Default_Page_URL==


>>>>>> Extensiones Firefox <<<<<<



>>>>>> Plugins Firefox <<<<<<

HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@EDVR/WebClient
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3

>>>>>> Google Chrome <<<<<<

"homepage": "http://www.google.com.br/",
"homepage_changed": true,
"homepage_is_newtabpage": false,


>>>>>> Extensiones Google Chrome <<<<<<

C:\Users\Edvan\AppData\Local\Google\Chrome\User Data\Default\Extensions\2
C:\Users\Edvan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
C:\Users\Edvan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk

======== Listado ===========

C:\Users\Edvan\AppData\Roaming\Autodesk [DI] 0 ( )
C:\Users\Edvan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [DI] 0 ( )
C:\Users\Edvan\AppData\Roaming\DAEMON Tools Lite [DI] 0 ( )
C:\Users\Edvan\AppData\Roaming\EPSON [DI] 0 ( )
C:\Users\Edvan\AppData\Roaming\Google [DI] 0 ( )
C:\Users\Edvan\AppData\Roaming\Identities [DI] 0 ( )
C:\Users\Edvan\AppData\Roaming\InstallShield [DI] 0 ( )
C:\Users\Edvan\AppData\Roaming\Macromedia [DI] 0 ( )
C:\Users\Edvan\AppData\Roaming\Malwarebytes [DI] 0 ( )
C:\Users\Edvan\AppData\Roaming\Media Center Programs [DI] 0 ( )
C:\Users\Edvan\AppData\Roaming\Media Player Classic [DI] 0 ( )
C:\Users\Edvan\AppData\Roaming\Microsoft [SDI] 0 ( )
C:\Users\Edvan\AppData\Roaming\Mozilla [DI] 0 ( )
C:\Users\Edvan\AppData\Roaming\Nero [DI] 0 ( )
C:\Users\Edvan\AppData\Roaming\PDF Architect [DI] 0 ( )
C:\Users\Edvan\AppData\Roaming\PhotoScape [DI] 0 ( )
C:\Users\Edvan\AppData\Roaming\Real [DI] 0 ( )
C:\Users\Edvan\AppData\Roaming\Skype [DI] 0 ( )
C:\Users\Edvan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [DI] 0 ( )
C:\Users\Edvan\AppData\Roaming\TeamViewer [DI] 0 ( )
C:\Users\Edvan\AppData\Roaming\TelexFree [DI] 0 ( )
C:\Users\Edvan\AppData\Roaming\uTorrent [DI] 0 ( )
C:\Users\Edvan\AppData\Roaming\WinRAR [D] 0 ( )
C:\Program Files (x86)\Adobe Download Assistant [D] 0( 0)
C:\Program Files (x86)\Auslogics [D] 0( 0)
C:\Program Files (x86)\Autodesk [D] 0( 0)
C:\Program Files (x86)\Blok Free 4 [D] 0( 0)
C:\Program Files (x86)\Blok Master [D] 0( 0)
C:\Program Files (x86)\Client [D] 0( 0)
C:\Program Files (x86)\Common Files [D] 0( 0)
C:\Program Files (x86)\DAEMON Tools Lite [D] 0( 0)
C:\Program Files (x86)\desktop.ini [HSA] 174 bytes( 0)
C:\Program Files (x86)\DMMultiView [D] 0( 0)
C:\Program Files (x86)\DsNET Corp [D] 0( 0)
C:\Program Files (x86)\EASEUS [D] 0( 0)
C:\Program Files (x86)\epson [D] 0( 0)
C:\Program Files (x86)\Epson Software [D] 0( 0)
C:\Program Files (x86)\Foxit Software [D] 0( 0)
C:\Program Files (x86)\FreeTime [D] 0( 0)
C:\Program Files (x86)\Google [D] 0( 0)
C:\Program Files (x86)\InstallShield Installation Information [HD] 0( 0)
C:\Program Files (x86)\Intel [D] 0( 0)
C:\Program Files (x86)\Internet Explorer [D] 0( 0)
C:\Program Files (x86)\Java [D] 0( 0)
C:\Program Files (x86)\K-Lite Codec Pack [D] 0( 0)
C:\Program Files (x86)\Malwarebytes' Anti-Malware [D] 0( 0)
C:\Program Files (x86)\Marcos Velasco Security [D] 0( 0)
C:\Program Files (x86)\Microsoft [D] 0( 0)
C:\Program Files (x86)\Microsoft Office [D] 0( 0)
C:\Program Files (x86)\Microsoft Silverlight [D] 0( 0)
C:\Program Files (x86)\Microsoft Visual Studio [D] 0( 0)
C:\Program Files (x86)\Microsoft Works [D] 0( 0)
C:\Program Files (x86)\Microsoft.NET [D] 0( 0)
C:\Program Files (x86)\Mozilla Firefox [D] 0( 0)
C:\Program Files (x86)\MSBuild [D] 0( 0)
C:\Program Files (x86)\MSXML 4.0 [D] 0( 0)
C:\Program Files (x86)\Nero [D] 0( 0)
C:\Program Files (x86)\PDF Architect [D] 0( 0)
C:\Program Files (x86)\PDFCreator [D] 0( 0)
C:\Program Files (x86)\PhotoScape [D] 0( 0)
C:\Program Files (x86)\Real [D] 0( 0)
C:\Program Files (x86)\Realtek [D] 0( 0)
C:\Program Files (x86)\Reference Assemblies [D] 0( 0)
C:\Program Files (x86)\Skype [RD] 0( 0)
C:\Program Files (x86)\TeamViewer [D] 0( 0)
C:\Program Files (x86)\Temp [HD] 0( 0)
C:\Program Files (x86)\Uninstall Information [HD] 0( 0)
C:\Program Files (x86)\uTorrent [D] 0( 0)
C:\Program Files (x86)\uTorrent Acceleration Tool [D] 0( 0)
C:\Program Files (x86)\v9Soft [D] 0( 0)
C:\Program Files (x86)\VS Revo Group [D] 0( 0)
C:\Program Files (x86)\Winco [D] 0( 0)
C:\Program Files (x86)\Windows Defender [D] 0( 0)
C:\Program Files (x86)\Windows Live [D] 0( 0)
C:\Program Files (x86)\Windows Live SkyDrive [D] 0( 0)
C:\Program Files (x86)\Windows Mail [D] 0( 0)
C:\Program Files (x86)\Windows Media Player [D] 0( 0)
C:\Program Files (x86)\Windows NT [D] 0( 0)
C:\Program Files (x86)\Windows Photo Viewer [D] 0( 0)
C:\Program Files (x86)\Windows Portable Devices [D] 0( 0)
C:\Program Files (x86)\Windows Sidebar [D] 0( 0)
C:\Program Files (x86)\WinRAR [D] 0( 0)
C:\Program Files (x86)\ZHPDiag [D] 0( 0)
C:\ProgramData\Ambiente de trabalho [HSDLI] 0 0
C:\ProgramData\Apple [DI] 0 0
C:\ProgramData\Application Data [HSDLI] 0 0
C:\ProgramData\Autodesk [DI] 0 0
C:\ProgramData\AVAST Software [DI] 0 0
C:\ProgramData\bf4ppp.bmp [H] 4,00 MB 0
C:\ProgramData\BMPPP.bmp [H] 4,00 MB 0
C:\ProgramData\CorelDRAW Graphics Suite X6 [DI] 0 0
C:\ProgramData\DAEMON Tools Lite [DI] 0 0
C:\ProgramData\Desktop [HSDLI] 0 0
C:\ProgramData\Documentos [HSDLI] 0 0
C:\ProgramData\Documents [HSDLI] 0 0
C:\ProgramData\EPSON [DI] 0 0
C:\ProgramData\Favorites [HSDLI] 0 0
C:\ProgramData\Favoritos [HSDLI] 0 0
C:\ProgramData\FLEXnet [DI] 0 0
C:\ProgramData\Google [DI] 0 0
C:\ProgramData\GP0 [HD] 0 0
C:\ProgramData\gwp2.sys [H] 264 bytes 0
C:\ProgramData\Intel [DI] 0 0
C:\ProgramData\Malwarebytes [DI] 0 0
C:\ProgramData\Menu Iniciar [HSDLI] 0 0
C:\ProgramData\Microsoft [SDI] 0 0
C:\ProgramData\Microsoft Help [DI] 0 0
C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [AI] 153 bytes 0
C:\ProgramData\Modelos [HSDLI] 0 0
C:\ProgramData\Nero [DI] 0 0
C:\ProgramData\NTUser.dat.LOG1 [HSAI] 5,00 KB 0
C:\ProgramData\NTUser.dat.LOG2 [HSAI] 0 bytes 0
C:\ProgramData\NTUser.dat{27fa61ef-e80e-11e1-9998-3085a935c190}.TM.blf [HSAI] 64,0 KB 0
C:\ProgramData\NTUser.dat{27fa61ef-e80e-11e1-9998-3085a935c190}.TMContainer00000000000000000001.regtrans-ms [HSAI] 512 KB 0
C:\ProgramData\NTUser.dat{27fa61ef-e80e-11e1-9998-3085a935c190}.TMContainer00000000000000000002.regtrans-ms [HSAI] 512 KB 0
C:\ProgramData\NTUser.dat{27fa61fa-e80e-11e1-9998-3085a935c190}.TM.blf [HSAI] 64,0 KB 0
C:\ProgramData\NTUser.dat{27fa61fa-e80e-11e1-9998-3085a935c190}.TMContainer00000000000000000001.regtrans-ms [HSAI] 512 KB 0
C:\ProgramData\NTUser.dat{27fa61fa-e80e-11e1-9998-3085a935c190}.TMContainer00000000000000000002.regtrans-ms [HSAI] 512 KB 0
C:\ProgramData\Real [DI] 0 0
C:\ProgramData\regid.1986-12.com.adobe [DI] 0 0
C:\ProgramData\Skype [DI] 0 0
C:\ProgramData\Start Menu [HSDLI] 0 0
C:\ProgramData\Sun [DI] 0 0
C:\ProgramData\TEMP [DAI] 0 0
C:\ProgramData\Templates [HSDLI] 0 0
C:\ProgramData\UDL [DI] 0 0
======================EOF=======================


Rapport de ZHPFix 2013.6.4.1 par Nicolas Coolman, Update du 04/06/2013
Fichier d'export Registre :
Run by Edvan at 09/06/2013 20:56:06
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit (Build 7600)

Recycle Files Deleted

========== Registry Key ==========
DELETED Key: CLSID: [HKLM\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
DELETED Key: CLSID: [HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]

========== Registry Value ==========
DELETED Toolbar: {9421DD08-935F-4701-A9CA-22DF90AC4EA6}
DELETED Toolbar: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
NOT FOUND TCP Query User{69823462-E832-47AC-87A2-8EF8D3AFC93A}C:/program files/telexfree/run.exe
NOT FOUND UDP Query User{1A81B48A-EE20-4C37-956A-4E1BB1EF50C3}C:/program files/telexfree/run.exe
DELETED {D3A884D8-7C0D-413E-9F61-F9F59FAC6F77}
DELETED {DDCB2F19-FAD2-4B88-8B06-12F1B59B65F5}
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
No Value in Standard Profile Register Key FirewallRaz :
No Value in Domain Profile Register Key FirewallRaz :
DELETED FirewallRaz (Private) : TCP Query User{69823462-E832-47AC-87A2-8EF8D3AFC93A}C:\program files\telexfree\run.exe
DELETED FirewallRaz (Private) : UDP Query User{1A81B48A-EE20-4C37-956A-4E1BB1EF50C3}C:\program files\telexfree\run.exe

========== Browser Profiles ==========
NOT FOUND Folder Chrome: C:\Users\Edvan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

========== Repertory ==========
No Empty CLSID Directories
DELETED Flash Cookies

========== File ==========
DELETED Window Temporary
DELETED Flash Cookies

========== Task ==========
DELETED Task: {97CAD944-A341-4D2D-A421-5A9572EC2ADD}

========== Restoration ==========
Restore System Point created succefully


========== Summary ==========
2 : Registry Key
16 : Registry Value
2 : Repertory
2 : File
1 : Browser Profiles
1 : Task
1 : Restoration


End of clean in 00mn 24s

========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 09/06/2013 20:56:06 [2158]

Bom Dia! Edvan

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

|- Detectado pela ferramenta AT-Destroyer,segundo a heurística estabelecida,a VirtualBox como "Heur malware.win32.generic". Acredito ser FP já que seu antivírus,Avast,nada detectou!

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

|- Abra,novamente,a ferramenta AT-Destroyer e clique "Desinstalar".

-/-

< C:\Program Files (x86)\v9Soft [D] 0( 0) >

|- Delete esta pasta,em destaque,pois parece estar vazia.

|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Oleg N. Scherbakov )
|- Salve-o no desktop!
|- Para Windows 7,clique direito em JRT.exe e execute-o ... [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

A+

Detectado pela ferramenta AT-Destroyer,segundo a heurística estabelecida,a VirtualBox como "Heur malware.win32.generic". Acredito ser FP já que seu antivírus,Avast,nada detectou!

|- Abra,novamente,a ferramenta AT-Destroyer e clique "Desinstalar".

Sobre o <VirtualBox>, realmente tenho algumas maquinas virtuais para estudo (Linux)..

C:\Program Files (x86)\v9Soft [D] 0( 0) >

|- Delete esta pasta,em destaque,pois parece estar vazia.

Fui lá na pasta ==> v9Soft, realmente nao tinha nada dentro, deletei a mesma..

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by Edvan on 10/06/2013 at 12:17:51,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/06/2013 at 12:22:10,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Ok! Edvan

|- Não vejo mais Adwares em seu PC.

-/-

|- Baixe: |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| ( ... de Xplode )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

|- Execute-a!
|- Com as duas checkbox marcadas!
|- Clique "Run".
|- Tudo Ok?

Abs!

tudo ok amigo, mais uma vez obrigado.

# DelFix v10.3 - Logfile created 10/06/2013 at 12:30:34
# Updated 08/06/2013 by Xplode
# Username : Edvan - EDVAN-PC
# Operating System : Windows 7 Ultimate (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\JRT
Deleted : C:\ZHP
Deleted : C:\Program Files (x86)\ZHPDiag
Deleted : C:\AdwCleaner[S1].txt
Deleted : C:\ComboFix.txt
Deleted : C:\PhysicalDisk0_MBR.bin
Deleted : C:\rapport.txt
Deleted : C:\Users\Edvan\Desktop\adwcleaner.exe
Deleted : C:\Users\Edvan\Desktop\ComboFix.exe
Deleted : C:\Users\Edvan\Desktop\JRT.exe
Deleted : C:\Users\Edvan\Desktop\JRT.txt
Deleted : C:\Users\Edvan\Desktop\ZHPDiag.txt
Deleted : C:\Users\Edvan\Desktop\ZHPDiag2.exe
Deleted : C:\Users\Public\Desktop\MBRCheck.lnk
Deleted : C:\Users\Public\Desktop\ZHPDiag.lnk
Deleted : C:\Users\Public\Desktop\ZHPFix.lnk
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Cleaning system restore ...

Deleted : RP #64 [Installed Java 7 Update 21 | 05/14/2013 15:35:05]
Deleted : RP #65 [Removed TelexFree | 05/16/2013 00:49:17]
Deleted : RP #66 [Removed Microsoft Web Platform Installer 4.5 | 05/16/2013 00:51:11]
Deleted : RP #67 [Ponto de Verificação Agendado | 05/27/2013 01:27:49]
Deleted : RP #68 [Ponto de Verificação Agendado | 06/06/2013 17:08:51]
Deleted : RP #69 [ComboFix created restore point | 06/09/2013 00:50:24]
Deleted : RP #70 [P | 06/09/2013 23:55:50]

New restore point created !

########## - EOF - ##########

CASO RESOLVIDO!

Necessitando novo auxílio para este computador,basta abrir "Novo Tópico" e relatar o problema.