Ir para conteúdo

Foto

Problema com Certificado do facebook


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
18 respostas neste tópico

#1
reneallan

reneallan

    Novato

  • Novato
  • Pip
  • 38 posts
Boa tarde,

Enquanto eu navegava, abriu rapidamente uma página do Adobe Flash Player com este endereço "http://184.22.51.164...s/header.js/?A", já pedindo a autorização para download do possível update, sem pensar eu autorizei o download e instalação.

Desde então, quando tento acessar o Facebook, ele emite a seguinte mensagem: Certificado de servidor inválido, a internet começou a cair a cada 2 minutos.

Então segue o log do Hijackthis para análise:

Logfile of HijackThis v1.99.1
Scan saved at 15:24:29, on 06/04/2012
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Renê\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://afo.kasperupd...2012/attwin.dat
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 67.221.174.30 tagged.com
O1 - Hosts: 204.9.178.11 typepad.com
O1 - Hosts: 74.113.152.32 istockphoto.com
O1 - Hosts: 208.94.0.38 yfrog.com
O1 - Hosts: 123.125.50.22 126.com
O1 - Hosts: 174.36.28.11 slideshare.com
O1 - Hosts: 213.238.60.190 xing.com
O1 - Hosts: 59.106.98.139 seesaa.net
O1 - Hosts: 184.72.253.170 hootsuite.com
O1 - Hosts: 211.151.146.16 soku.com
O1 - Hosts: 72.32.120.222 metacafe.com
O1 - Hosts: 204.11.109.133 tribalfusion.com
O1 - Hosts: 207.154.14.31tripadvisor.com
O1 - Hosts: 216.52.240.133 ustream.tv
O1 - Hosts: 174.36.244.132 linkwithin.com
O1 - Hosts: 121.67.203.61 scan.novirusthanks.org
O1 - Hosts: 209.172.34.139 imagevenue.com
O1 - Hosts: 91.206.232.220 booking.com
O1 - Hosts: 118.69.251.6 vnexpress.net
O1 - Hosts: 208.85.40.80 pandora.com
O1 - Hosts: 194.116.241.57 softonic.com
O1 - Hosts: 208.83.243.15 match.com
O1 - Hosts: 202.57.69.84 nwt.com
O1 - Hosts: 65.11.53.80 nttnavi.com
O1 - Hosts: 72.51.41.235 nrk.no
O1 - Hosts: 110.16.19.157 nozonedata.com
O1 - Hosts: 76.106.43.251 nachtagenten.com
O1 - Hosts: 195.82.124.124 musicmatch.com
O1 - Hosts: 70.52.56.163 moscowtimes.com
O1 - Hosts: 124.217.235.76 gsn.com
O1 - Hosts: 61.178.63.198 mgd.com
O1 - Hosts: 174.142.24.205 mediastorm.hu
O1 - Hosts: 38.113.207.59 media-servers.com
O1 - Hosts: 116.66.206.161 m5prod.com
O1 - Hosts: 74.175.65.66 lupa.com
O1 - Hosts: 207.200.66.53 liveintercom.com
O1 - Hosts: 71.96.135.20 keenspace.com
O1 - Hosts: 202.51.107.37 jetsoftware.com
O1 - Hosts: 60.251.54.208 jamba.com
O1 - Hosts: 222.161.3.133 ir.com
O1 - Hosts: 200.24.227.170 investopedia.com
O1 - Hosts: 202.149.24.216 choiceradio.com
O1 - Hosts: 91.206.232.220 booking.com
O1 - Hosts: 118.69.251.6 vnexpress.net
O1 - Hosts: 141.76.45.18 chip.com
O1 - Hosts: 128.006.192.15 redv.net
O1 - Hosts: 194.42.17.124 cgi.com
O1 - Hosts: 199.26.254.66 centcomm.com
O1 - Hosts: 202.149.24.216 digitallook.com
O1 - Hosts: 60.251.189.134 domainfactory.com
O1 - Hosts: 222.161.3.133 dvdfocomm.nu
O1 - Hosts: 157.95.56.15 e-kolay.com
O1 - Hosts: 85.249.23.115 eurosport.com
O1 - Hosts: 189.104.149.61 f1cd.com
O1 - Hosts: 125.162.92.234 free6.com
O1 - Hosts: 80.81.159.20 cdmworldsoftware.com
O1 - Hosts: 117.102.101.219 grafika.com
O1 - Hosts: 85.249.23.115 adware-delete.com
O1 - Hosts: 69.89.22.135 hbv.com
O1 - Hosts: 92.48.201.39 protectorsuite.com
O1 - Hosts: 128.31.1.16 howstuffworks.com
O1 - Hosts: 132.239.17.2 gns.com
O1 - Hosts: 85.249.23.117 hyena.com
O1 - Hosts: 219.139.158.59 iinfo.com67.221.174.30 tagged.com
O1 - Hosts: 204.9.178.11 typepad.com
O1 - Hosts: 74.113.152.32 istockphoto.com
O1 - Hosts: 208.94.0.38 yfrog.com
O1 - Hosts: 123.125.50.22 126.com
O1 - Hosts: 174.36.28.11 slideshare.com
O1 - Hosts: 213.238.60.190 xing.com
O1 - Hosts: 59.106.98.139 seesaa.net
O1 - Hosts: 184.72.253.170 hootsuite.com
O1 - Hosts: 211.151.146.16 soku.com
O1 - Hosts: 72.32.120.222 metacafe.com
O1 - Hosts: 204.11.109.133 tribalfusion.com
O1 - Hosts: 207.154.14.31tripadvisor.com
O1 - Hosts: 216.52.240.133 ustream.tv
O1 - Hosts: 174.36.244.132 linkwithin.com
O1 - Hosts: 121.67.203.61 scan.novirusthanks.org
O1 - Hosts: 209.172.34.139 imagevenue.com
O1 - Hosts: 91.206.232.220 booking.com
O1 - Hosts: 118.69.251.6 vnexpress.net
O1 - Hosts: 208.85.40.80 pandora.com
O1 - Hosts: 194.116.241.57 softonic.com
O1 - Hosts: 208.83.243.15 match.com
O1 - Hosts: 202.57.69.84 nwt.com
O1 - Hosts: 65.11.53.80 nttnavi.com
O1 - Hosts: 72.51.41.235 nrk.no
O1 - Hosts: 110.16.19.157 nozonedata.com
O1 - Hosts: 76.106.43.251 nachtagenten.com
O1 - Hosts: 195.82.124.124 musicmatch.com
O1 - Hosts: 70.52.56.163 moscowtimes.com
O1 - Hosts: 124.217.235.76 gsn.com
O1 - Hosts: 61.178.63.198 mgd.com
O1 - Hosts: 174.142.24.205 mediastorm.hu
O1 - Hosts: 38.113.207.59 media-servers.com
O1 - Hosts: 116.66.206.161 m5prod.com
O1 - Hosts: 74.175.65.66 lupa.com
O1 - Hosts: 207.200.66.53 liveintercom.com
O1 - Hosts: 71.96.135.20 keenspace.com
O1 - Hosts: 202.51.107.37 jetsoftware.com
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Segue também o log do Malwarebytes:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Versão da Base de Dados: v2012.04.06.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Renê :: REN-PC [administrador]

06/04/2012 15:24:03
mbam-log-2012-04-06 (16-28-11).txt

Tipo de Verificação: Verificação Completa
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 433531
Tempo decorrido: 1 hora(s), 3 minuto(s), 48 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GOOGLEUPDATE.EXE (Trojan.Agent) -> Nenhuma ação foi feita.

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 4
D:\Install\Antivirus\KIS 2012 PT-BR\ktr_2012.exe (Trojan.Agent.CK) -> Nenhuma ação foi feita.
D:\Install\autocad2012 x64\x-force_2012_x64.exe (Trojan.Agent.ck) -> Nenhuma ação foi feita.
D:\Install\Microsoft Office 2010 x86 - SP1+Ativador Senha 123\Ativador office 2010\mini-KMS_Activator_v1.053.exe (PUP.Hacktool.Office) -> Nenhuma ação foi feita.
C:\Users\Renê\AppData\Roaming\googleupdate.exe (Trojan.Agent) -> Nenhuma ação foi feita.

(fim)

Ótima pascoa à todos
Att. Renê Allan Pasko


#2
killer

killer

    Assistente Emérito

  • Emérito
  • 11.382 posts
Faça o download do BankerFix:
http://www.linhadefe...rg/dl/bankerfix

** Usuários do Windows Vista e Windows 7:
Clique com o direito sobre o arquivo, depois clique em
Imagem Postada
Executar como administrador


Importante: A ferramenta irá finalizar o Internet Explorer. Salve qualquer link que você precisa acessar depois antes de executá-la.

Dê dois cliques no bankerfix.exe para executá-lo.

Clique em OK na primeira e [CANCELAR] na segunda tela para impedir a execução do BankerFix.

Feito isso, vá em C:\LinhaDefensiva\ e execute o arquivo Iniciar-Bankerfix.vbs. Confirme que deseja atualizar o software e em [OK] para executar o software.

Quando ele executar, aparecerá uma tela preta pedindo para que aperte qualquer tecla. Tecle Enter e espere ele terminar. Pode levar algum tempo.

Ao terminar, leia a mensagem na tela e aperte Enter novamente. Quando ele terminar, poste o arquivo relatorio.txt localizado em: C:\LinhaDefensiva\relatorio.txt

- Linha Defensiva no FaceBook
Twitter Linha Defensiva Khan Academy

st-cs.jpg
Não abandone o seu tópico, alguém dedicou parte do seu tempo para ajudá-lo!


#3
reneallan

reneallan

    Novato

  • Novato
  • Pip
  • 38 posts
Seguem dois relatórios, pois executei o bankerfix duas vezes e apareceram resultados diferentes.

Segue o primeiro:
-------------------------------------------------------
BankerFix 3.1 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefe....org/bankerfix/
-------------------------------------------------------
Data: 2012-04-07 - 19:24
-------------------------------------------------------
Lista de Definição: 2012-03-19-1 | CORE: 2012-01-27-1
=======================================================

Arquivo infectado detectado: C:\Windows\System32\explorer.exe
O arquivo só será removido quando o sistema for reiniciado


IP malicioso encontrado no hosts: 124.217

IP malicioso encontrado no hosts: 174.36

IP malicioso encontrado no hosts: 189.1

IP malicioso encontrado no hosts: 67.20

IP malicioso encontrado no hosts: 69.2

IP malicioso encontrado no hosts: 76.10

IP malicioso encontrado no hosts: 76.163



----- Fim -------------------------



-------------------------------------------------------
BankerFix 3.1 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefe....org/bankerfix/
-------------------------------------------------------
Data: 2012-04-07 - 19:27
-------------------------------------------------------
Lista de Definição: 2012-03-19-1 | CORE: 2012-01-27-1
=======================================================

Segue o Segundo:
BankerFix 3.1 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefe....org/bankerfix/
-------------------------------------------------------
Data: 2012-04-07 - 19:27
-------------------------------------------------------
Lista de Definição: 2012-03-19-1 | CORE: 2012-01-27-1
=======================================================



----- Fim -------------------------

Att.
Renê Allan Pasko


#4
killer

killer

    Assistente Emérito

  • Emérito
  • 11.382 posts
Baixe OTL by OldTimer, e salve na sua área de trabalho.

** Usuários do Windows Vista e Windows 7:
Clique com o direito sobre o arquivo, depois clique em
Imagem Postada
Executar como administrador


Feche todas as janelas e execute a ferramenta.
Onde diz Saída, marque Padrão
Marque também estas opções:
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar


netsvcs
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%(x86)\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
C:\windows\system32\Tasks\*.* /s /64
%windir%\tasks\*.*
CREATERESTOREPOINT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments




Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão Verificar

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do Extras.txt e cole na sua resposta.
Anexe o arquivo OTL.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.


:legal:

- Linha Defensiva no FaceBook
Twitter Linha Defensiva Khan Academy

st-cs.jpg
Não abandone o seu tópico, alguém dedicou parte do seu tempo para ajudá-lo!


#5
reneallan

reneallan

    Novato

  • Novato
  • Pip
  • 38 posts
Olá,

Percebi que o site do Gmail e Orkut estão apresentando o mesmo problema, apenas com o navegador do Google Chrome.

Segui sua orientação, porém, gerou apenas o OTL.txt.

Segue:

OTL logfile created on: 07/04/2012 22:59:37 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Renê\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

8,00 Gb Total Physical Memory | 6,05 Gb Available Physical Memory | 75,60% Memory free
16,00 Gb Paging File | 13,82 Gb Available in Paging File | 86,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 265,31 Gb Total Space | 158,50 Gb Free Space | 59,74% Space Free | Partition Type: NTFS
Drive D: | 200,45 Gb Total Space | 106,02 Gb Free Space | 52,89% Space Free | Partition Type: NTFS

Computer Name: REN-PC | User Name: Renê | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/07 22:57:42 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Renê\Desktop\OTL.exe
PRC - [2012/04/03 22:56:42 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/02/13 19:15:28 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/10 20:18:46 | 002,592,768 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe
PRC - [2011/12/14 08:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/08/20 20:49:33 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/03 22:56:41 | 000,444,400 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
MOD - [2012/04/03 22:56:39 | 003,915,248 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.151\pdf.dll
MOD - [2012/04/03 22:55:14 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.151\avutil-51.dll
MOD - [2012/04/03 22:55:12 | 000,220,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.151\avformat-53.dll
MOD - [2012/04/03 22:55:11 | 001,747,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.151\avcodec-53.dll
MOD - [2012/03/21 12:12:32 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/03/21 12:12:29 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/03/21 12:12:29 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2012/03/21 12:12:29 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/03/21 12:12:29 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/02/13 19:15:28 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2012/01/10 20:18:46 | 002,592,768 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/30 13:58:02 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/30 19:13:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/14 08:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/11/12 23:34:47 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/11 23:47:41 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Arquivos de Programas\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de Programas\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/11/30 14:44:02 | 010,497,024 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/11/30 13:13:28 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/08/11 14:54:24 | 000,099,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C60x64.sys -- (L1C)
DRV:64bit: - [2011/07/29 12:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 12:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/06/06 19:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2009/10/21 00:30:32 | 001,270,784 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/16 00:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 22:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 22:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 22:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 20:08:37 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/05/22 11:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/02/17 14:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2011/07/29 12:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 12:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E E5 E3 0A 13 14 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://afo.kasperupd...2012/attwin.dat


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Renê\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Pesquisa do Google = C:\Users\Renê\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Bleach Theme2 = C:\Users\Renê\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbgbfeiijkpelbhpmbdliomlgbdiggho\2_0\
CHR - Extension: Skype Click to Call = C:\Users\Renê\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gmail = C:\Users\Renê\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/07 19:28:03 | 000,450,226 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 67.221.174.30 tagged.com
O1 - Hosts: 204.9.178.11 typepad.com
O1 - Hosts: 74.113.152.32 istockphoto.com
O1 - Hosts: 208.94.0.38 yfrog.com
O1 - Hosts: 123.125.50.22 126.com
O1 - Hosts: 213.238.60.190 xing.com
O1 - Hosts: 59.106.98.139 seesaa.net
O1 - Hosts: 184.72.253.170 hootsuite.com
O1 - Hosts: 211.151.146.16 soku.com
O1 - Hosts: 72.32.120.222 metacafe.com
O1 - Hosts: 204.11.109.133 tribalfusion.com
O1 - Hosts: 207.154.14.31tripadvisor.com
O1 - Hosts: 216.52.240.133 ustream.tv
O1 - Hosts: 209.172.34.139 imagevenue.com
O1 - Hosts: 91.206.232.220 booking.com
O1 - Hosts: 208.85.40.80 pandora.com
O1 - Hosts: 194.116.241.57 softonic.com
O1 - Hosts: 208.83.243.15 match.com
O1 - Hosts: 202.57.69.84 nwt.com
O1 - Hosts: 65.11.53.80 nttnavi.com
O1 - Hosts: 72.51.41.235 nrk.no
O1 - Hosts: 110.16.19.157 nozonedata.com
O1 - Hosts: 195.82.124.124 musicmatch.com
O1 - Hosts: 70.52.56.163 moscowtimes.com
O1 - Hosts: 61.178.63.198 mgd.com
O1 - Hosts: 15470 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Arquivos de Programas\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Arquivos de Programas\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BankerFixV3] \LinhaDefensiva\rotinas\postreboot.bat ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.7.0.15 189.7.0.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C21A16C-4988-4E33-913B-F72B158FE832}: DhcpNameServer = 189.7.0.15 189.7.0.14
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{98a31865-d7b0-11dd-9cde-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{98a31865-d7b0-11dd-9cde-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{fc23c29e-c938-11e0-a3b9-14dae96ef502}\Shell - "" = AutoRun
O33 - MountPoints2\{fc23c29e-c938-11e0-a3b9-14dae96ef502}\Shell\AutoRun\command - "" = F:\OriginInstaller.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/07 22:57:36 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Renê\Desktop\OTL.exe
[2012/04/07 19:23:12 | 000,000,000 | ---D | C] -- C:\LinhaDefensiva
[2012/04/07 19:12:36 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{8536E49B-D785-4F30-BB71-923EB73CB8F1}
[2012/04/06 15:20:54 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2012/04/06 15:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/06 15:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/06 13:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/06 13:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/06 13:44:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/04/06 13:33:02 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{B16C0F9E-684F-4779-A2CC-2A30C1C5D762}
[2012/04/06 05:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\KONAMI
[2012/04/06 00:11:09 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{491B19F6-F637-403C-9473-A57C88E7C1BA}
[2012/04/05 12:36:19 | 000,000,000 | ---D | C] -- C:\Neowiz
[2012/04/05 12:10:44 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{EA2DEB03-C16F-452B-8889-95239C82A5D3}
[2012/04/04 11:54:37 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{6E7ABB87-A5C7-462E-AF52-7AC44C5454C8}
[2012/04/03 22:00:05 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{7F16E2DB-0292-4CEE-9874-17D938CED4CA}
[2012/04/03 09:59:40 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{7767B123-16C7-41B6-BAE1-B85BEF3F80B9}
[2012/04/02 21:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIKA
[2012/04/02 21:27:07 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OnGame
[2012/04/02 21:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnGame
[2012/04/02 18:45:25 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{4FB743EC-438B-4944-9C72-EDFC05C7511F}
[2012/04/02 06:44:50 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{05898E5A-1A52-4E0B-97DA-34D74CC45D21}
[2012/04/01 18:44:37 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{7394A64B-3928-4DA6-9830-3E50ACB0E2CC}
[2012/03/31 11:57:29 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{D80B7277-2503-40E6-A14E-63A873310883}
[2012/03/30 12:13:28 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{0078095E-179B-42F9-9B64-45B2A83E2F7E}
[2012/03/29 23:57:02 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{5271B807-C61B-4AA3-B8A0-695DB1439115}
[2012/03/29 11:56:37 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{1EAAB7AD-CF81-45A5-80F9-A3AEC6B45DB0}
[2012/03/28 12:07:25 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{DE35ACC5-75DF-4A3A-8A45-8F399D2AE6DF}
[2012/03/28 12:07:01 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{D3DC3CA2-E17C-43BE-B038-56836F4A9836}
[2012/03/28 00:06:36 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{701F68F4-6FA9-4CD3-862D-A3A4843649CC}
[2012/03/28 00:06:13 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{5254549F-32A6-4D78-96EC-09DAFBCF8B22}
[2012/03/27 12:05:48 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{6B969C6B-3783-42D5-BC9D-7430D207F6FE}
[2012/03/27 12:05:25 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{CFC6ED1B-B563-4FF5-89AB-86993DF99F09}
[2012/03/27 00:04:59 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{46AFA499-D649-465C-8320-E3EC33485FC0}
[2012/03/27 00:04:36 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{754B1709-0FB2-4E12-9D71-C98BE6A31093}
[2012/03/26 12:04:11 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{91AA278E-D820-4E0D-9D8C-5153C2005875}
[2012/03/26 12:03:46 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{D52E9E2A-373D-4C5F-BDD3-AE5EA50361C5}
[2012/03/26 11:17:49 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{F0CAD5CF-E5DC-4DAB-8B34-3C49118AE6E7}
[2012/03/25 13:23:01 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{E12A2513-69A0-45D0-AD1F-D621CB7350F2}
[2012/03/25 13:22:38 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{8E2FB3CA-5857-4D05-9D19-C45CAC03D25D}
[2012/03/25 01:22:12 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{5A5DF807-179E-4364-A5A8-7FD9AD8CBA0E}
[2012/03/24 13:21:35 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{C9F3C7FF-A5A7-4FB3-A8A7-0BCA19C8BE2B}
[2012/03/24 13:21:21 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{83395B0B-92E4-4648-81B0-24B87B9DDD72}
[2012/03/24 00:03:34 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{E43DC7FD-6810-464A-9F52-5CC468599A04}
[2012/03/24 00:03:11 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{1D5B487B-3FE9-4C37-A1A5-6B9E0CFAE9A7}
[2012/03/23 12:02:45 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{2FE67889-42C2-4258-BD2A-BFC7050F15B7}
[2012/03/23 12:02:23 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{52CF7AB3-4376-4C22-9654-54DC9E46DACD}
[2012/03/23 00:01:57 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{B98DC20E-6CB3-4C26-B8C5-52940B8E75E7}
[2012/03/23 00:01:34 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{D390E6CB-D624-461C-BC0E-CFE280BFF5F0}
[2012/03/22 12:01:08 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{750D91D3-E9A2-4D08-B1B8-0B9A3A7AD743}
[2012/03/22 12:00:56 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{98955493-E484-497F-B4DB-C8E8B127EB55}
[2012/03/21 12:13:25 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{D4F1D9E6-89AB-44EB-A2B1-D1E0D363658E}
[2012/03/21 12:13:13 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{A18ED83A-6103-40E8-AF3E-5710789795FB}
[2012/03/20 21:25:11 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{CE4A0277-678E-4337-A398-FA9C0393104B}
[2012/03/20 21:24:48 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{05577817-1856-4922-A8AC-C27FEC72AEB3}
[2012/03/20 09:24:21 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{715F2A37-1694-48D5-B254-486A82C52299}
[2012/03/20 09:24:10 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{7F536143-DB16-4CD0-8495-9A483D6CFAC3}
[2012/03/19 21:20:38 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{7AC01DFF-AFDA-4B47-A2E8-C1D1C8117254}
[2012/03/19 21:20:15 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{0FE1564E-CABB-457A-A4C8-B05434324F94}
[2012/03/19 18:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/19 18:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/03/19 09:19:49 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{28AA1D54-A0FE-4689-9834-1AAA2F5217BB}
[2012/03/19 09:19:37 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{143DBCA8-8D08-456A-B3C2-019B3AFD9B71}
[2012/03/18 17:25:10 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{56A99C77-FBFD-43F1-BE7B-AA67F45E8AAE}
[2012/03/18 17:24:57 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{71C0D75B-2FA0-438D-B2C9-7717A268E00E}
[2012/03/17 11:43:42 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{5E7540D3-5220-40CF-8484-D4C57A3533EC}
[2012/03/17 11:43:29 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{AC871B34-4F5A-4F53-B49B-CCC4F5EDEAA4}
[2012/03/16 12:14:26 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{BCAE4F2F-53D1-4830-AE6B-0315EBF8E126}
[2012/03/16 12:14:15 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{EAA1348E-65FC-46F7-9CE3-3BF3E13436A4}
[2012/03/15 22:30:19 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{2C3B8724-B94A-4197-8D2C-84DF17F2C6DE}
[2012/03/15 22:29:56 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{CB4E3EF8-69FD-4045-A21A-8EE7B5028A52}
[2012/03/15 21:14:20 | 000,000,000 | ---D | C] -- C:\Downloads
[2012/03/15 12:54:22 | 000,000,000 | ---D | C] -- C:\Users\Renê\Documents\NFSTR
[2012/03/15 12:38:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Need for Speed The Run
[2012/03/15 12:21:17 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012/03/15 10:29:30 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{368B715D-9581-475E-BCFF-8970616D4593}
[2012/03/15 10:29:18 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{857767CE-40C4-4F46-9355-0C10C6852508}
[2012/03/14 12:46:38 | 000,000,000 | ---D | C] -- C:\Users\Renê\Documents\Remedy
[2012/03/14 12:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remedy Entertainment
[2012/03/14 12:40:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Remedy Entertainment
[2012/03/14 08:56:19 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{0A5A4F25-5692-49BD-AABA-528365CFE9A2}
[2012/03/14 08:56:07 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{624FDB33-9EE0-4C4C-BC5D-FF9C2D7DB966}
[2012/03/13 18:44:25 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{5E468F95-B9EA-4F49-BE99-D48102D5B8D3}
[2012/03/13 18:44:02 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{239AAF6F-5561-4767-8DB4-5CFC751E309C}
[2012/03/13 06:43:37 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{579F6FE8-64A9-4BD2-8344-78693BED0006}
[2012/03/13 06:43:13 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{F5BBAC18-42A2-42F4-8D45-1FF62271C862}
[2012/03/12 18:43:01 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{BB0304BB-397E-466F-BB82-708C59FC9C8B}
[2012/03/12 18:42:38 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{76EB34D0-0FB6-4D07-B703-FB952CB0B0F2}
[2012/03/12 12:36:14 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\SKIDROW
[2012/03/12 12:36:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo dos Renegados
[2012/03/12 06:42:10 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{BF83C3E6-1D23-49C5-B72C-7F9EE1003549}
[2012/03/12 06:41:55 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{6DBE937E-FB9D-4D9F-AD06-2BC9901A4927}
[2012/03/10 11:45:39 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{DEF0174D-D9FC-4588-AC35-B756EA749127}
[2012/03/10 11:45:26 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{972D0D08-4D36-4800-81BF-E32F7B86BBA8}
[2012/03/09 18:59:37 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{D815FBA9-1332-48C2-9B17-50F15A1CC0D2}
[2012/03/09 18:59:25 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{F15B8B29-AF8E-4014-95CE-637B8526A603}
[2012/03/08 23:52:15 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{03A44884-CF0E-4502-94D7-808D3B991A7A}
[2012/03/08 23:51:52 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{7B248A92-E6FA-47BE-B6E1-2F529C35ED4B}
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/07 22:57:42 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Renê\Desktop\OTL.exe
[2012/04/07 22:47:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/07 19:28:03 | 000,450,226 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/07 19:17:00 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/07 19:17:00 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/07 19:11:57 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/07 19:11:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/07 19:11:42 | 2146,836,479 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/06 15:23:17 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/06 13:44:39 | 000,001,258 | ---- | M] () -- C:\Users\Renê\Desktop\Spybot - Search & Destroy.lnk
[2012/04/06 04:22:21 | 000,002,937 | -HS- | M] () -- C:\Users\Renê\sec.vbe
[2012/04/06 04:22:21 | 000,001,733 | -HS- | M] () -- C:\Users\Renê\nebp.vbe
[2012/04/05 12:36:22 | 000,001,485 | ---- | M] () -- C:\Users\Public\Desktop\Seven Souls Online.lnk
[2012/04/01 22:03:37 | 000,010,331 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120406-140515.backup
[2012/03/15 12:54:16 | 000,001,730 | ---- | M] () -- C:\Users\Renê\Desktop\Need For Speed The Run - Atalho.lnk
[2012/03/14 18:58:00 | 001,635,264 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/14 18:58:00 | 000,705,602 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2012/03/14 18:58:00 | 000,654,170 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/14 18:58:00 | 000,147,288 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2012/03/14 18:58:00 | 000,122,002 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/14 12:46:10 | 000,002,151 | ---- | M] () -- C:\Users\Public\Desktop\Alan Wake.lnk
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/06 15:23:17 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/06 13:44:39 | 000,001,258 | ---- | C] () -- C:\Users\Renê\Desktop\Spybot - Search & Destroy.lnk
[2012/04/06 04:22:21 | 000,002,937 | -HS- | C] () -- C:\Users\Renê\sec.vbe
[2012/04/06 04:22:21 | 000,001,733 | -HS- | C] () -- C:\Users\Renê\nebp.vbe
[2012/04/05 12:36:22 | 000,001,485 | ---- | C] () -- C:\Users\Public\Desktop\Seven Souls Online.lnk
[2012/03/15 12:54:16 | 000,001,730 | ---- | C] () -- C:\Users\Renê\Desktop\Need For Speed The Run - Atalho.lnk
[2012/03/14 12:46:10 | 000,002,151 | ---- | C] () -- C:\Users\Public\Desktop\Alan Wake.lnk
[2011/12/07 11:29:27 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/12/07 11:29:27 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/12/07 11:29:27 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/12/07 11:29:27 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/12/07 11:29:27 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/11/30 13:29:04 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/11/30 13:29:04 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/10/11 23:48:15 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/10/03 10:22:37 | 001,646,102 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/30 16:59:56 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/09/12 20:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/11 00:35:39 | 000,117,152 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/09/07 02:29:18 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/09/01 19:27:03 | 000,005,120 | ---- | C] () -- C:\Users\Renê\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/30 00:39:15 | 000,000,017 | ---- | C] () -- C:\Users\Renê\AppData\Local\resmon.resmoncfg
[2011/08/24 20:19:10 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/08/18 01:15:02 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/08/18 01:15:01 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/08/18 01:14:51 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/08/18 01:14:51 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/08/17 22:31:59 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/08/17 22:31:57 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011/08/17 22:31:57 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/08/17 22:31:57 | 000,612,864 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011/08/17 22:31:57 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/08/17 22:31:56 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/08/17 22:19:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/08/17 22:00:39 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/08/17 22:00:32 | 000,017,222 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/06/27 15:23:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== LOP Check ==========

[2011/10/13 00:18:59 | 000,000,000 | ---D | M] -- C:\Users\Renê\AppData\Roaming\Autodesk
[2011/08/29 21:40:16 | 000,000,000 | ---D | M] -- C:\Users\Renê\AppData\Roaming\BFBC2CC
[2012/04/06 05:06:57 | 000,000,000 | ---D | M] -- C:\Users\Renê\AppData\Roaming\BSplayer
[2011/08/17 22:36:54 | 000,000,000 | ---D | M] -- C:\Users\Renê\AppData\Roaming\BSplayer Pro
[2011/08/29 20:57:12 | 000,000,000 | ---D | M] -- C:\Users\Renê\AppData\Roaming\FlashGet
[2011/08/17 22:30:37 | 000,000,000 | ---D | M] -- C:\Users\Renê\AppData\Roaming\Foxit
[2011/09/07 14:51:27 | 000,000,000 | ---D | M] -- C:\Users\Renê\AppData\Roaming\LolClient
[2012/01/10 19:55:42 | 000,000,000 | ---D | M] -- C:\Users\Renê\AppData\Roaming\TeamViewer
[2011/10/29 11:16:58 | 000,000,000 | ---D | M] -- C:\Users\Renê\AppData\Roaming\TS3Client
[2012/03/15 21:17:20 | 000,000,000 | ---D | M] -- C:\Users\Renê\AppData\Roaming\uTorrent
[2012/02/21 19:55:44 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/08/20 20:55:29 | 000,000,006 | ---- | M] () -- C:\7Loader.TAG
[2009/07/13 22:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2011/08/17 21:33:40 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/08/20 20:55:21 | 000,171,136 | RHS- | M] () -- C:\grldr
[2012/04/07 19:11:42 | 2146,836,479 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/07 19:11:43 | 4294,107,135 | -HS- | M] () -- C:\pagefile.sys

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >

< %PROGRAMFILES%(x86)\*.* >

< %LOCALAPPDATA%\*.exe >

< %LOCALAPPDATA%\*.txt >

< %LOCALAPPDATA%\*.ini >
[2011/11/17 18:41:31 | 000,005,120 | ---- | M] () -- C:\Users\Renê\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< %LOCALAPPDATA%\*.dll >

< %LOCALAPPDATA%\*.dat >
[2012/01/30 19:22:59 | 000,116,152 | ---- | M] () -- C:\Users\Renê\AppData\Local\GDIPFONTCACHEV1.DAT

< %USERPROFILE%\*.exe >

< %USERPROFILE%\*.txt >

< %USERPROFILE%\*.ini >
[2011/08/17 21:45:51 | 000,000,020 | -HS- | M] () -- C:\Users\Renê\ntuser.ini

< %USERPROFILE%\*.dll >

< %USERPROFILE%\*.dat /30 >
[2012/04/07 23:01:09 | 007,340,032 | -HS- | M] () -- C:\Users\Renê\ntuser.dat

< C:\windows\system32\Tasks\*.* /s /64 >
[2012/03/22 12:42:32 | 000,003,808 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskMachineCore
[2012/03/22 12:42:33 | 000,004,060 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskMachineUA
[2012/04/06 04:22:21 | 000,003,260 | ---- | M] () -- C:\Windows\SysNative\Tasks\Tasker
[2012/04/06 04:22:21 | 000,003,262 | ---- | M] () -- C:\Windows\SysNative\Tasks\Wisker
[2011/09/07 02:28:19 | 000,002,878 | ---- | M] () -- C:\Windows\SysNative\Tasks\{2904DEA9-2E8F-44B6-A181-2AA3A463C818}
[2012/04/06 04:57:10 | 000,003,120 | ---- | M] () -- C:\Windows\SysNative\Tasks\{5EF6945A-CEF4-4000-85AD-17B508355FA0}
[2011/10/02 17:54:54 | 000,003,120 | ---- | M] () -- C:\Windows\SysNative\Tasks\{A3B55FA5-8AB3-4599-B8FE-2794E501B3ED}
[2011/08/18 01:15:07 | 000,003,054 | ---- | M] () -- C:\Windows\SysNative\Tasks\ASUS\ASUS RegRun Loader
[2011/08/19 10:38:54 | 000,004,158 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
[2009/07/14 01:53:29 | 000,004,472 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
[2009/07/14 01:53:29 | 000,003,854 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
[2009/07/14 01:54:39 | 000,002,900 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\AppID\PolicyConverter
[2009/07/14 01:54:39 | 000,003,790 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
[2009/07/14 01:54:05 | 000,003,458 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Application Experience\AitAgent
[2009/07/14 01:54:05 | 000,003,614 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
[2009/07/14 01:49:22 | 000,003,026 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Autochk\Proxy
[2009/07/14 01:57:09 | 000,001,862 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
[2009/07/14 01:53:22 | 000,004,130 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
[2009/07/14 01:53:22 | 000,003,868 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask
[2009/07/14 02:09:01 | 000,003,134 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
[2009/07/14 01:57:09 | 000,002,934 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
[2009/07/14 01:53:33 | 000,003,946 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
[2009/07/14 01:54:08 | 000,003,598 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
[2009/07/14 01:57:12 | 000,003,886 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
[2009/07/14 01:57:07 | 000,004,018 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Diagnosis\Scheduled
[2011/09/05 09:54:18 | 000,003,760 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
[2011/08/17 21:37:11 | 000,002,538 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
[2009/07/14 01:57:13 | 000,003,554 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Location\Notifications
[2011/08/18 14:25:13 | 000,004,036 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Maintenance\WinSAT
[2011/08/17 21:37:23 | 000,002,420 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch
[2011/08/17 21:37:22 | 000,002,448 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService
[2011/09/11 18:51:26 | 000,003,690 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks
[2011/08/17 21:37:21 | 000,002,400 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\ehDRMInit
[2011/08/17 21:37:23 | 000,002,546 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\InstallPlayReady
[2011/08/17 21:37:15 | 000,002,790 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\mcupdate
[2011/08/17 21:37:17 | 000,002,954 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask
[2011/08/17 21:37:16 | 000,002,958 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
[2011/08/17 21:37:21 | 000,002,380 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\OCURActivate
[2011/08/17 21:37:21 | 000,002,400 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\OCURDiscovery
[2011/08/17 21:37:21 | 000,002,384 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PBDADiscovery
[2011/08/17 21:37:19 | 000,003,226 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1
[2011/08/17 21:37:20 | 000,003,228 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2
[2011/08/17 21:37:19 | 000,003,822 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry
[2011/08/17 21:37:16 | 000,002,926 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask
[2011/08/17 21:37:16 | 000,002,918 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask
[2011/08/17 21:37:17 | 000,003,078 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\RecordingRestart
[2011/08/17 21:37:22 | 000,002,408 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows&

#6
reneallan

reneallan

    Novato

  • Novato
  • Pip
  • 38 posts
Desculpe o equivoco, agora que percebi que não coube todo o texto. Então segue o arquivo .rar

Att.
Renê Allan Pasko

Arquivo(s) anexado(s)

  • Arquivo anexado  OTL.rar   15,16K   1 Downloads


#7
killer

killer

    Assistente Emérito

  • Emérito
  • 11.382 posts
1. Selecione estas linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar:

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://afo.kasperupd...2012/attwin.dat
O4 - HKLM..\Run: [BankerFixV3] \LinhaDefensiva\rotinas\postreboot.bat ()
[2012/04/06 04:22:21 | 000,002,937 | -HS- | M] () -- C:\Users\Renê\sec.vbe
[2012/04/06 04:22:21 | 000,001,733 | -HS- | M] () -- C:\Users\Renê\nebp.vbe


:Commands
[CREATERESTOREPOINT]
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]


Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.
Siga as intruções desta página e peça ajuda em Remoção de Malware


Execute o OTL.exe

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL) e clique no botão
Imagem Postada

O programa executará o script e reiniciará o seu computador.

Poste o novo log na próxima resposta.

Obs: Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log


2. Execute o OTL.exe

Feche TODAS as janelas (exceto o próprio OTL).
Onde diz Saída, marque a opção Padrão
Clique no botão
Imagem Postada

Na caixa Exame extra do Registro marque Usar SafeList e em seguida clique no botão
Imagem Postada

Imagem Postada

Quando terminar, um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo do log EXTRAS.TXT que será aberto minimizado.

Uma cópia deste log ficará armazenado na mesma pasta onde está o OTL.exe, ou seja, na sua área de trabalho, com o nome Extras.txt

Editado por killer, 09 abril 2012 - 15:51.

- Linha Defensiva no FaceBook
Twitter Linha Defensiva Khan Academy

st-cs.jpg
Não abandone o seu tópico, alguém dedicou parte do seu tempo para ajudá-lo!


#8
reneallan

reneallan

    Novato

  • Novato
  • Pip
  • 38 posts
Seguem os logs,

04092012_182731.log
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BankerFixV3 deleted successfully.
File move failed. \LinhaDefensiva\rotinas\postreboot.bat scheduled to be moved on reboot.
C:\Users\Renê\sec.vbe moved successfully.
C:\Users\Renê\nebp.vbe moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Convidado
->Temp folder emptied: 50175 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Renê
->Temp folder emptied: 3418772 bytes
->Temporary Internet Files folder emptied: 22673340 bytes
->Java cache emptied: 456083 bytes
->Google Chrome cache emptied: 60137670 bytes
->Flash cache emptied: 982 bytes

User: Renˆ

User: Todos os Usuários

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2428680 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 80430 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68006 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 85,00 mb


[EMPTYFLASH]

User: All Users

User: Convidado

User: Default

User: Default User

User: Public

User: Renê
->Flash cache emptied: 0 bytes

User: Renˆ

User: Todos os Usuários

User: Usuário Padrão

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04092012_182731

Files\Folders moved on Reboot...
File move failed. \LinhaDefensiva\rotinas\postreboot.bat scheduled to be moved on reboot.
C:\Users\Renê\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

--------------------------------------------------------------------------------

LOG Extras.txt

OTL Extras logfile created on: 09/04/2012 18:33:36 - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Renê\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

8,00 Gb Total Physical Memory | 6,29 Gb Available Physical Memory | 78,66% Memory free
16,00 Gb Paging File | 14,19 Gb Available in Paging File | 88,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 265,31 Gb Total Space | 157,36 Gb Free Space | 59,31% Space Free | Partition Type: NTFS
Drive D: | 200,45 Gb Total Space | 106,02 Gb Free Space | 52,89% Space Free | Partition Type: NTFS

Computer Name: REN-PC | User Name: Renê | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09F75D2E-0393-CE6B-C01A-79008E91B6EF}" = AMD Media Foundation Decoders
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{3099E885-DE8A-4099-ABE2-561DC8589DFA}" = Microsoft Antimalware Service PT-BR Language Pack
"{3F829160-B531-B9F0-5BC7-918167BB5DCE}" = ccc-utility64
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5783F2D7-A001-0409-0102-0060B0CE6BBA}" = AutoCAD 2012 - English
"{5783F2D7-A001-0409-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - English
"{5C1858C7-B7A8-7085-60AA-A538954E3832}" = ccc-utility64
"{6A7F7056-14E1-D8E4-0B87-BC3F18EAC8AC}" = ATI AVIVO64 Codecs
"{6C8EEF0B-C4BE-35A7-BF08-7C3C667EB62A}" = Microsoft .NET Framework 4 Extended PTB Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84C3FCBF-8A79-E383-9CC6-B6661CAF8675}" = AMD Media Foundation Decoders
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9828EE10-F994-6C74-05F3-5228D7CDE37D}" = AMD Catalyst Install Manager
"{AB813B91-07DB-F136-C09A-3743AA7CA23F}" = AMD AVIVO64 Codecs
"{B7693CDE-074B-301C-9584-FC4343696C8B}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client PT-BR Language Pack
"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012
"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"{F480BE66-C9F2-608F-A47A-E9F966080883}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"AutoCAD 2012 - English" = AutoCAD 2012 - English
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion plug-in for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = Arquivo do WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02446EBD-7E93-8DB2-662A-20A8BE5630E0}" = Catalyst Control Center InstallProxy
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05B7B9BA-9EBC-4C5B-933D-49F372EFE7A1}" = Adobe Photoshop CS4
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AFBB699-665E-616E-1863-168A6C62C6C5}" = CCC Help Spanish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D03ED1F-A3B1-1089-B47D-96A3C7BED398}" = Catalyst Control Center Localization All
"{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}" = Need for Speed™ The Run
"{0F99EAFA-4054-4ABC-A3D3-D2299210572F}" = Adobe Bridge CS4
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19D41B9A-C474-D1A9-CAA1-499D362F2DD1}" = CCC Help Dutch
"{1B7A4B3C-9A00-123A-1BC8-AD5DB6517EE4}" = CCC Help Turkish
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{235BBFC6-D863-4066-A01A-3BD504C31046}" = Nero 7 Ultra Edition
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{298EEE62-A419-E250-9D01-58DFA08E0D11}" = Catalyst Control Center Graphics Previews Common
"{2C5FF744-EE63-D37C-09B6-8DD5DD192578}" = Catalyst Control Center Localization All
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{35070A8C-1660-952E-6638-7B4BDFE7DE5E}" = CCC Help Polish
"{35F9CEEB-B54F-7BF9-39B9-0AC67505E1CF}" = CCC Help Norwegian
"{38141809-CC3B-D09A-5270-3882AFE4134F}" = CCC Help Finnish
"{3D8AAFC2-4DD0-89BB-5738-8FFC250918FE}" = CCC Help Czech
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{48C19885-4773-5A0B-4373-7F33594B195D}" = CCC Help Swedish
"{4925872A-F7E7-23CB-1C1B-D8E1392728B5}" = CCC Help Greek
"{49C09E32-B9FD-4EDC-9152-9BC0CC618A13}" = GetDataBack for FAT and GetDataBack for NTFS
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B64E5A1-8988-F6B0-F87B-464D09998451}" = CCC Help German
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5047CFAD-8181-5563-68E0-EE3558E251AB}" = CCC Help Thai
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51989139-5EBD-F77E-FE25-588CBC39078A}" = CCC Help Chinese Traditional
"{5352A52A-751E-FD13-7BF4-FC97A38E077F}" = CCC Help Japanese
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5A8E2AE3-F83A-F29C-B588-13159782D407}" = Catalyst Control Center Graphics Previews Common
"{5CBBB59D-45C5-1FDF-B8B0-8176A2691C2F}" = CCC Help French
"{62380A96-B00B-D943-E3BC-E2C372604EB1}" = CCC Help Czech
"{64F0B15A-A3BF-7943-2937-7DA4C2F0B2DC}" = CCC Help English
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{66EA0C27-9DE8-0390-9BD9-58F5F472F531}" = CCC Help Chinese Standard
"{675E907A-E267-10E3-7BB1-B535646D0F1D}" = Catalyst Control Center
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6EC9AD7E-DC4C-41D4-04CC-ABFF1E741BB5}" = CCC Help English
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78D7928B-5928-ADB3-CB9F-09BBB5ED9D5D}" = CCC Help Turkish
"{7B41BE0A-6A6E-CA1F-0922-4FF69305B868}" = CCC Help Thai
"{7CA1DEB6-FEDE-84E1-EAC3-F8C01D1DE1F2}" = CCC Help Norwegian
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82A1CEEC-19D4-E243-82B6-A780DE1FC389}" = CCC Help Danish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9583CCD2-E842-AE10-B2AB-086BCFF55DF8}" = CCC Help Russian
"{95CA013B-0AAE-E2F0-82CE-97160DDA9796}" = CCC Help Greek
"{98780400-EC17-11E0-96CF-B8AC6F97B88E}" = Google Earth Plug-in
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E77326C-5661-EA4E-B3C2-82F5FEEF68D8}" = CCC Help Swedish
"{A1C9D1DA-7803-4586-B509-450009938312}" = Adobe Setup
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A97FB5C1-1064-7046-8806-F19B51D7FC7D}" = Catalyst Control Center
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AF2A8E58-DBC6-36D3-A145-7252029F6F48}" = Microsoft Report Viewer Redistributable 2008 SP1
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4C4A2CE-F4A4-D2E7-85A5-828932A59D20}" = CCC Help German
"{B501D576-E145-AD74-9C12-18DDB082E87D}" = CCC Help Portuguese
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE6E693C-F64D-702A-FE70-3D840094F882}" = CCC Help Finnish
"{C08A8130-6ADB-9C19-5307-E250256A6FB7}" = CCC Help Korean
"{C1ACD2C6-909C-EAD9-9AF6-C37318311BA7}" = CCC Help Korean
"{C355AA5E-A808-E1D6-4135-1A535695984E}" = CCC Help Portuguese
"{C4418DF9-5B57-4C5D-ACC2-D6B1338CCE09}" = Photoshop Camera Raw
"{C4B85AD5-3FF2-472A-D1D7-6A498773426B}" = HydraVision
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2824608-FA77-BADF-AE4B-96032F7B814E}" = CCC Help Hungarian
"{D3CC02D6-1767-33F0-D3D4-C2FB9E49C1DD}" = CCC Help French
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7778B61-4D55-6290-7A37-993C91276039}" = CCC Help Italian
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB766BE3-CD84-18EE-6665-B9F836A7FDB4}" = CCC Help Spanish
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDD2B96C-DF53-3BE0-10AA-A34A58B45D25}" = CCC Help Dutch
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6195FA5-1049-EC5F-3AD1-C570D38AC28E}" = CCC Help Hungarian
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{E7FFFA9A-ADD3-35E7-FB83-56C22023B0BF}" = CCC Help Chinese Standard
"{E8627DF4-F0B2-E7C1-0E66-2779E4F0AAC8}" = HydraVision
"{EC139E50-6C33-BD5F-15FA-9E5F45AFB26C}" = CCC Help Danish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F15CED14-5BB9-65C7-122E-8A8499E2FF48}" = CCC Help Polish
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F56D3FB8-AC0F-41EA-A4F0-735D985FD80D}" = CCC Help Chinese Traditional
"{F7FC09BA-5A3E-49C0-AD4C-07D8FD5CE3EA}" = Seven Souls Online
"{F92295B6-7391-1A6B-4E84-7A8EBAC6F814}" = CCC Help Italian
"{FAB432C3-4578-09A1-F98A-7E9F0A339261}" = CCC Help Japanese
"{FE386918-377B-B94A-504B-064CFB00799D}" = CCC Help Russian
"Adobe_b741c3c52d3108664cedeb2b76f6d96" = Adobe Photoshop CS4
"Alan Wake_is1" = Alan Wake
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"FlashGet" = FlashGet 1.9.2.1028
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 1.99.1
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Gerenciador de dispositivo de plataforma
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.60.1.1000
"Microsoft Report Viewer Redistributable 2008 SP1" = Microsoft Report Viewer Redistributable 2008 SP1
"MV RegClean 6.0_is1" = MV RegClean 6.0
"Rage BR" = Rage Tradução BR v1.01
"Steam App 10" = Counter-Strike
"Steam App 9200" = RAGE
"TeamViewer 7" = TeamViewer 7
"Tradução Adobe Photoshop CS4_is1" = Adobe Photoshop CS4 1.0
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/04/2012 17:31:25 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de: <http://www.download....uthrootstl.cab>
com erro: Não foi possível encontrar o procedimento especificado. .

Error - 09/04/2012 17:31:26 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de: <http://www.download....uthrootstl.cab>
com erro: Não foi possível encontrar o procedimento especificado. .

Error - 09/04/2012 17:31:26 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de: <http://www.download....uthrootstl.cab>
com erro: Não foi possível encontrar o procedimento especificado. .

Error - 09/04/2012 17:31:26 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de: <http://www.download....uthrootstl.cab>
com erro: Não foi possível encontrar o procedimento especificado. .

Error - 09/04/2012 17:31:27 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de: <http://www.download....uthrootstl.cab>
com erro: Não foi possível encontrar o procedimento especificado. .

Error - 09/04/2012 17:31:27 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de: <http://www.download....uthrootstl.cab>
com erro: Não foi possível encontrar o procedimento especificado. .

Error - 09/04/2012 17:31:28 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de: <http://www.download....uthrootstl.cab>
com erro: Não foi possível encontrar o procedimento especificado. .

Error - 09/04/2012 17:31:39 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de: <http://www.download....uthrootstl.cab>
com erro: Não foi possível encontrar o procedimento especificado. .

Error - 09/04/2012 17:31:39 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de: <http://www.download....uthrootstl.cab>
com erro: Não foi possível encontrar o procedimento especificado. .

Error - 09/04/2012 17:31:40 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de: <http://www.download....uthrootstl.cab>
com erro: Não foi possível encontrar o procedimento especificado. .

[ System Events ]
Error - 03/01/2012 11:28:11 | Computer Name = Renê-PC | Source = DCOM | ID = 10010
Description =

Error - 03/01/2012 16:24:09 | Computer Name = Renê-PC | Source = Microsoft Antimalware | ID = 3002
Description = O recurso de Proteção em Tempo Real %%860 encontrou um erro e falhou.

Recurso:
%%835 Código do Erro: 0x80004005 Descrição do Erro: Erro não especificado Motivo:
%%842

Error - 03/01/2012 23:23:58 | Computer Name = Renê-PC | Source = DCOM | ID = 10010
Description =

Error - 04/01/2012 08:39:09 | Computer Name = Renê-PC | Source = Microsoft Antimalware | ID = 3002
Description = O recurso de Proteção em Tempo Real %%860 encontrou um erro e falhou.

Recurso:
%%835 Código do Erro: 0x80004005 Descrição do Erro: Erro não especificado Motivo:
%%842

Error - 04/01/2012 16:10:08 | Computer Name = Renê-PC | Source = DCOM | ID = 10010
Description =

Error - 04/01/2012 16:21:55 | Computer Name = Renê-PC | Source = Microsoft Antimalware | ID = 3002
Description = O recurso de Proteção em Tempo Real %%860 encontrou um erro e falhou.

Recurso:
%%835 Código do Erro: 0x80004005 Descrição do Erro: Erro não especificado Motivo:
%%842

Error - 04/01/2012 19:01:24 | Computer Name = Renê-PC | Source = NetBT | ID = 4321
Description = O nome "WORKGROUP :1d" não pôde ser registrado na interface com
o endereço IP 192.168.0.2. O computador de endereço IP 192.168.0.3 não permitiu
que o nome fosse reivindicado por este computador.

Error - 04/01/2012 19:19:28 | Computer Name = Renê-PC | Source = DCOM | ID = 10010
Description =

Error - 04/01/2012 19:20:29 | Computer Name = Renê-PC | Source = Microsoft Antimalware | ID = 3002
Description = O recurso de Proteção em Tempo Real %%860 encontrou um erro e falhou.

Recurso:
%%835 Código do Erro: 0x80004005 Descrição do Erro: Erro não especificado Motivo:
%%842

Error - 04/01/2012 23:00:42 | Computer Name = Renê-PC | Source = DCOM | ID = 10010
Description =


< End of report >

Att.
Renê Allan Pasko


#9
killer

killer

    Assistente Emérito

  • Emérito
  • 11.382 posts
Olá,

Como está o computador?

Poste um novo log do HijackThis.

- Linha Defensiva no FaceBook
Twitter Linha Defensiva Khan Academy

st-cs.jpg
Não abandone o seu tópico, alguém dedicou parte do seu tempo para ajudá-lo!


#10
reneallan

reneallan

    Novato

  • Novato
  • Pip
  • 38 posts
Boa noite,

Voltei a ter acesso aos sites, parece que o problema foi resolvido.

Segue o log:


Logfile of HijackThis v1.99.1
Scan saved at 23:28:46, on 10/04/2012
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Renê\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://afo.kasperupd...2012/attwin.dat
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Att.
Renê Allan Pasko


#11
reneallan

reneallan

    Novato

  • Novato
  • Pip
  • 38 posts
Perdão novamente pela resposta seguida. Mas eu havia esquecido que o Malwarebytes continua bloqueando o googleupdate.exe como visto nesse log


2012/04/10 00:40:27 -0300 REN-PC Renê IP-BLOCK 199.27.135.6 (Type: outgoing, Port: 51697, Process: chrome.exe)
2012/04/10 00:40:27 -0300 REN-PC Renê IP-BLOCK 173.245.60.73 (Type: outgoing, Port: 51701, Process: chrome.exe)
2012/04/10 11:27:08 -0300 REN-PC Renê MESSAGE Starting protection
2012/04/10 11:27:12 -0300 REN-PC Renê MESSAGE Protection started successfully
2012/04/10 11:27:15 -0300 REN-PC Renê MESSAGE Starting IP protection
2012/04/10 11:27:16 -0300 REN-PC Renê MESSAGE IP Protection started successfully
2012/04/10 12:39:52 -0300 REN-PC Renê IP-BLOCK 94.100.23.90 (Type: outgoing, Port: 50064, Process: chrome.exe)
2012/04/10 12:39:52 -0300 REN-PC Renê IP-BLOCK 94.100.23.90 (Type: outgoing, Port: 50065, Process: chrome.exe)
2012/04/10 12:39:52 -0300 REN-PC Renê IP-BLOCK 94.100.23.90 (Type: outgoing, Port: 50066, Process: chrome.exe)
2012/04/10 12:39:52 -0300 REN-PC Renê IP-BLOCK 94.100.23.90 (Type: outgoing, Port: 50067, Process: chrome.exe)
2012/04/10 12:39:52 -0300 REN-PC Renê IP-BLOCK 94.100.23.90 (Type: outgoing, Port: 50068, Process: chrome.exe)
2012/04/10 12:39:52 -0300 REN-PC Renê IP-BLOCK 94.100.23.90 (Type: outgoing, Port: 50069, Process: chrome.exe)
2012/04/10 18:03:30 -0300 REN-PC Renê MESSAGE Starting protection
2012/04/10 18:03:33 -0300 REN-PC Renê MESSAGE Protection started successfully
2012/04/10 18:03:36 -0300 REN-PC Renê MESSAGE Executing scheduled update: Daily
2012/04/10 18:03:36 -0300 REN-PC Renê MESSAGE Starting IP protection
2012/04/10 18:03:37 -0300 REN-PC Renê MESSAGE IP Protection started successfully
2012/04/10 18:03:53 -0300 REN-PC Renê MESSAGE Scheduled update executed successfully: database updated from version v2012.04.04.08 to version v2012.04.10.09
2012/04/10 18:03:53 -0300 REN-PC Renê MESSAGE Starting database refresh
2012/04/10 18:03:53 -0300 REN-PC Renê MESSAGE Stopping IP protection
2012/04/10 18:05:30 -0300 REN-PC Renê MESSAGE IP Protection stopped
2012/04/10 18:05:33 -0300 REN-PC Renê MESSAGE Database refreshed successfully
2012/04/10 18:05:33 -0300 REN-PC Renê MESSAGE Starting IP protection
2012/04/10 18:05:33 -0300 REN-PC Renê MESSAGE IP Protection started successfully
2012/04/10 19:23:06 -0300 REN-PC Renê MESSAGE Starting protection
2012/04/10 19:23:08 -0300 REN-PC Renê MESSAGE Protection started successfully
2012/04/10 19:23:11 -0300 REN-PC Renê MESSAGE Starting IP protection
2012/04/10 19:23:12 -0300 REN-PC Renê MESSAGE IP Protection started successfully
2012/04/10 19:27:12 -0300 REN-PC Renê IP-BLOCK 199.27.135.6 (Type: outgoing, Port: 49508, Process: chrome.exe)
2012/04/10 19:27:12 -0300 REN-PC Renê IP-BLOCK 173.245.60.73 (Type: outgoing, Port: 49509, Process: chrome.exe)
2012/04/10 19:50:26 -0300 REN-PC Renê IP-BLOCK 199.27.135.6 (Type: outgoing, Port: 50193, Process: chrome.exe)
2012/04/10 19:50:26 -0300 REN-PC Renê IP-BLOCK 173.245.60.73 (Type: outgoing, Port: 50197, Process: chrome.exe)

Att.
Renê Allan Pasko

#12
killer

killer

    Assistente Emérito

  • Emérito
  • 11.382 posts
Olá,

Infelizmente você ainda está infectado. Sugiro que não use sites de bancos por enquanto e troque todas as suas senhas.

Perdão novamente pela resposta seguida. Mas eu havia esquecido que o Malwarebytes continua bloqueando o googleupdate.exe como visto nesse log

Como o GoogleUpdate.exe é um processo legitimo, basta desativar a proteção em tempo real do Malwarebytes.

1. Delete o OTL.exe que se encontra em C:\Users\Renê\Desktop

2. Baixe OTL by OldTimer, e salve na sua área de trabalho.

** Usuários do Windows Vista e Windows 7:
Clique com o direito sobre o arquivo, depois clique em
Imagem Postada
Executar como administrador


Feche todas as janelas e execute a ferramenta.
Onde diz Saída, marque Padrão
Marque também estas opções:
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar


netsvcs
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%(x86)\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
C:\windows\system32\Tasks\*.* /s /64
%windir%\tasks\*.*
CREATERESTOREPOINT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments




Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão Verificar

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do Extras.txt e cole na sua resposta.
Anexe o arquivo OTL.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.


:legal:

- Linha Defensiva no FaceBook
Twitter Linha Defensiva Khan Academy

st-cs.jpg
Não abandone o seu tópico, alguém dedicou parte do seu tempo para ajudá-lo!


#13
reneallan

reneallan

    Novato

  • Novato
  • Pip
  • 38 posts
Boa noite,

Ao tentar acessar o site linhadefensiva.org do meu computador ele emite a seguinte mensagem no navegador: "não foi possível conectar-se ao servidor proxy". pode estar relacionado ao banker?

Seguem os logs.

OTL Extras logfile created on: 11/04/2012 18:52:12 - Run 4
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Renê\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

8,00 Gb Total Physical Memory | 6,08 Gb Available Physical Memory | 76,03% Memory free
16,00 Gb Paging File | 14,02 Gb Available in Paging File | 87,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 265,31 Gb Total Space | 156,59 Gb Free Space | 59,02% Space Free | Partition Type: NTFS
Drive D: | 200,45 Gb Total Space | 106,02 Gb Free Space | 52,89% Space Free | Partition Type: NTFS

Computer Name: REN-PC | User Name: Renê | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09F75D2E-0393-CE6B-C01A-79008E91B6EF}" = AMD Media Foundation Decoders
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{3099E885-DE8A-4099-ABE2-561DC8589DFA}" = Microsoft Antimalware Service PT-BR Language Pack
"{3F829160-B531-B9F0-5BC7-918167BB5DCE}" = ccc-utility64
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5783F2D7-A001-0409-0102-0060B0CE6BBA}" = AutoCAD 2012 - English
"{5783F2D7-A001-0409-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - English
"{5C1858C7-B7A8-7085-60AA-A538954E3832}" = ccc-utility64
"{6A7F7056-14E1-D8E4-0B87-BC3F18EAC8AC}" = ATI AVIVO64 Codecs
"{6C8EEF0B-C4BE-35A7-BF08-7C3C667EB62A}" = Microsoft .NET Framework 4 Extended PTB Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84C3FCBF-8A79-E383-9CC6-B6661CAF8675}" = AMD Media Foundation Decoders
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9828EE10-F994-6C74-05F3-5228D7CDE37D}" = AMD Catalyst Install Manager
"{AB813B91-07DB-F136-C09A-3743AA7CA23F}" = AMD AVIVO64 Codecs
"{B7693CDE-074B-301C-9584-FC4343696C8B}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client PT-BR Language Pack
"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012
"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"{F480BE66-C9F2-608F-A47A-E9F966080883}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"AutoCAD 2012 - English" = AutoCAD 2012 - English
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion plug-in for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = Arquivo do WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02446EBD-7E93-8DB2-662A-20A8BE5630E0}" = Catalyst Control Center InstallProxy
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05B7B9BA-9EBC-4C5B-933D-49F372EFE7A1}" = Adobe Photoshop CS4
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AFBB699-665E-616E-1863-168A6C62C6C5}" = CCC Help Spanish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D03ED1F-A3B1-1089-B47D-96A3C7BED398}" = Catalyst Control Center Localization All
"{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}" = Need for Speed™ The Run
"{0F99EAFA-4054-4ABC-A3D3-D2299210572F}" = Adobe Bridge CS4
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19D41B9A-C474-D1A9-CAA1-499D362F2DD1}" = CCC Help Dutch
"{1B7A4B3C-9A00-123A-1BC8-AD5DB6517EE4}" = CCC Help Turkish
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{235BBFC6-D863-4066-A01A-3BD504C31046}" = Nero 7 Ultra Edition
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{298EEE62-A419-E250-9D01-58DFA08E0D11}" = Catalyst Control Center Graphics Previews Common
"{2C5FF744-EE63-D37C-09B6-8DD5DD192578}" = Catalyst Control Center Localization All
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{35070A8C-1660-952E-6638-7B4BDFE7DE5E}" = CCC Help Polish
"{35F9CEEB-B54F-7BF9-39B9-0AC67505E1CF}" = CCC Help Norwegian
"{38141809-CC3B-D09A-5270-3882AFE4134F}" = CCC Help Finnish
"{3D8AAFC2-4DD0-89BB-5738-8FFC250918FE}" = CCC Help Czech
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{48C19885-4773-5A0B-4373-7F33594B195D}" = CCC Help Swedish
"{4925872A-F7E7-23CB-1C1B-D8E1392728B5}" = CCC Help Greek
"{49C09E32-B9FD-4EDC-9152-9BC0CC618A13}" = GetDataBack for FAT and GetDataBack for NTFS
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B64E5A1-8988-F6B0-F87B-464D09998451}" = CCC Help German
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5047CFAD-8181-5563-68E0-EE3558E251AB}" = CCC Help Thai
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51989139-5EBD-F77E-FE25-588CBC39078A}" = CCC Help Chinese Traditional
"{5352A52A-751E-FD13-7BF4-FC97A38E077F}" = CCC Help Japanese
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5A8E2AE3-F83A-F29C-B588-13159782D407}" = Catalyst Control Center Graphics Previews Common
"{5CBBB59D-45C5-1FDF-B8B0-8176A2691C2F}" = CCC Help French
"{62380A96-B00B-D943-E3BC-E2C372604EB1}" = CCC Help Czech
"{64F0B15A-A3BF-7943-2937-7DA4C2F0B2DC}" = CCC Help English
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{66EA0C27-9DE8-0390-9BD9-58F5F472F531}" = CCC Help Chinese Standard
"{675E907A-E267-10E3-7BB1-B535646D0F1D}" = Catalyst Control Center
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6EC9AD7E-DC4C-41D4-04CC-ABFF1E741BB5}" = CCC Help English
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78D7928B-5928-ADB3-CB9F-09BBB5ED9D5D}" = CCC Help Turkish
"{7B41BE0A-6A6E-CA1F-0922-4FF69305B868}" = CCC Help Thai
"{7CA1DEB6-FEDE-84E1-EAC3-F8C01D1DE1F2}" = CCC Help Norwegian
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82A1CEEC-19D4-E243-82B6-A780DE1FC389}" = CCC Help Danish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9583CCD2-E842-AE10-B2AB-086BCFF55DF8}" = CCC Help Russian
"{95CA013B-0AAE-E2F0-82CE-97160DDA9796}" = CCC Help Greek
"{98780400-EC17-11E0-96CF-B8AC6F97B88E}" = Google Earth Plug-in
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E77326C-5661-EA4E-B3C2-82F5FEEF68D8}" = CCC Help Swedish
"{A1C9D1DA-7803-4586-B509-450009938312}" = Adobe Setup
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A97FB5C1-1064-7046-8806-F19B51D7FC7D}" = Catalyst Control Center
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AF2A8E58-DBC6-36D3-A145-7252029F6F48}" = Microsoft Report Viewer Redistributable 2008 SP1
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4C4A2CE-F4A4-D2E7-85A5-828932A59D20}" = CCC Help German
"{B501D576-E145-AD74-9C12-18DDB082E87D}" = CCC Help Portuguese
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE6E693C-F64D-702A-FE70-3D840094F882}" = CCC Help Finnish
"{C08A8130-6ADB-9C19-5307-E250256A6FB7}" = CCC Help Korean
"{C1ACD2C6-909C-EAD9-9AF6-C37318311BA7}" = CCC Help Korean
"{C355AA5E-A808-E1D6-4135-1A535695984E}" = CCC Help Portuguese
"{C4418DF9-5B57-4C5D-ACC2-D6B1338CCE09}" = Photoshop Camera Raw
"{C4B85AD5-3FF2-472A-D1D7-6A498773426B}" = HydraVision
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2824608-FA77-BADF-AE4B-96032F7B814E}" = CCC Help Hungarian
"{D3CC02D6-1767-33F0-D3D4-C2FB9E49C1DD}" = CCC Help French
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7778B61-4D55-6290-7A37-993C91276039}" = CCC Help Italian
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB766BE3-CD84-18EE-6665-B9F836A7FDB4}" = CCC Help Spanish
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDD2B96C-DF53-3BE0-10AA-A34A58B45D25}" = CCC Help Dutch
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6195FA5-1049-EC5F-3AD1-C570D38AC28E}" = CCC Help Hungarian
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{E7FFFA9A-ADD3-35E7-FB83-56C22023B0BF}" = CCC Help Chinese Standard
"{E8627DF4-F0B2-E7C1-0E66-2779E4F0AAC8}" = HydraVision
"{EC139E50-6C33-BD5F-15FA-9E5F45AFB26C}" = CCC Help Danish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F15CED14-5BB9-65C7-122E-8A8499E2FF48}" = CCC Help Polish
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F56D3FB8-AC0F-41EA-A4F0-735D985FD80D}" = CCC Help Chinese Traditional
"{F7FC09BA-5A3E-49C0-AD4C-07D8FD5CE3EA}" = Seven Souls Online
"{F92295B6-7391-1A6B-4E84-7A8EBAC6F814}" = CCC Help Italian
"{FAB432C3-4578-09A1-F98A-7E9F0A339261}" = CCC Help Japanese
"{FE386918-377B-B94A-504B-064CFB00799D}" = CCC Help Russian
"Adobe_b741c3c52d3108664cedeb2b76f6d96" = Adobe Photoshop CS4
"Alan Wake_is1" = Alan Wake
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"FlashGet" = FlashGet 1.9.2.1028
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 1.99.1
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Gerenciador de dispositivo de plataforma
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.61.0.1400
"Microsoft Report Viewer Redistributable 2008 SP1" = Microsoft Report Viewer Redistributable 2008 SP1
"MV RegClean 6.0_is1" = MV RegClean 6.0
"Rage BR" = Rage Tradução BR v1.01
"Steam App 10" = Counter-Strike
"Steam App 9200" = RAGE
"TeamViewer 7" = TeamViewer 7
"Tradução Adobe Photoshop CS4_is1" = Adobe Photoshop CS4 1.0
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/04/2012 10:39:23 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de: <http://www.download....uthrootstl.cab>
com erro: Não foi possível encontrar o procedimento especificado. .

Error - 10/04/2012 10:39:23 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de: <http://www.download....uthrootstl.cab>
com erro: Não foi possível encontrar o procedimento especificado. .

Error - 10/04/2012 10:39:23 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de: <http://www.download....uthrootstl.cab>
com erro: Não foi possível encontrar o procedimento especificado. .

Error - 10/04/2012 10:39:23 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de: <http://www.download....uthrootstl.cab>
com erro: Não foi possível encontrar o procedimento especificado. .

Error - 10/04/2012 10:39:23 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de: <http://www.download....uthrootstl.cab>
com erro: Não foi possível encontrar o procedimento especificado. .

Error - 10/04/2012 10:39:23 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de: <http://www.download....uthrootstl.cab>
com erro: Não foi possível encontrar o procedimento especificado. .

Error - 10/04/2012 10:39:38 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de: <http://www.download....uthrootstl.cab>
com erro: Não foi possível encontrar o procedimento especificado. .

Error - 10/04/2012 10:39:38 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de: <http://www.download....uthrootstl.cab>
com erro: Não foi possível encontrar o procedimento especificado. .

Error - 10/04/2012 10:39:38 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de: <http://www.download....uthrootstl.cab>
com erro: Não foi possível encontrar o procedimento especificado. .

Error - 10/04/2012 10:39:51 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de: <http://www.download....uthrootstl.cab>
com erro: Não foi possível encontrar o procedimento especificado. .

[ System Events ]
Error - 03/01/2012 10:22:35 | Computer Name = Renê-PC | Source = Microsoft Antimalware | ID = 3002
Description = O recurso de Proteção em Tempo Real %%860 encontrou um erro e falhou.

Recurso:
%%835 Código do Erro: 0x80004005 Descrição do Erro: Erro não especificado Motivo:
%%842

Error - 03/01/2012 11:28:11 | Computer Name = Renê-PC | Source = DCOM | ID = 10010
Description =

Error - 03/01/2012 16:24:09 | Computer Name = Renê-PC | Source = Microsoft Antimalware | ID = 3002
Description = O recurso de Proteção em Tempo Real %%860 encontrou um erro e falhou.

Recurso:
%%835 Código do Erro: 0x80004005 Descrição do Erro: Erro não especificado Motivo:
%%842

Error - 03/01/2012 23:23:58 | Computer Name = Renê-PC | Source = DCOM | ID = 10010
Description =

Error - 04/01/2012 08:39:09 | Computer Name = Renê-PC | Source = Microsoft Antimalware | ID = 3002
Description = O recurso de Proteção em Tempo Real %%860 encontrou um erro e falhou.

Recurso:
%%835 Código do Erro: 0x80004005 Descrição do Erro: Erro não especificado Motivo:
%%842

Error - 04/01/2012 16:10:08 | Computer Name = Renê-PC | Source = DCOM | ID = 10010
Description =

Error - 04/01/2012 16:21:55 | Computer Name = Renê-PC | Source = Microsoft Antimalware | ID = 3002
Description = O recurso de Proteção em Tempo Real %%860 encontrou um erro e falhou.

Recurso:
%%835 Código do Erro: 0x80004005 Descrição do Erro: Erro não especificado Motivo:
%%842

Error - 04/01/2012 19:01:24 | Computer Name = Renê-PC | Source = NetBT | ID = 4321
Description = O nome "WORKGROUP :1d" não pôde ser registrado na interface com
o endereço IP 192.168.0.2. O computador de endereço IP 192.168.0.3 não permitiu
que o nome fosse reivindicado por este computador.

Error - 04/01/2012 19:19:28 | Computer Name = Renê-PC | Source = DCOM | ID = 10010
Description =

Error - 04/01/2012 19:20:29 | Computer Name = Renê-PC | Source = Microsoft Antimalware | ID = 3002
Description = O recurso de Proteção em Tempo Real %%860 encontrou um erro e falhou.

Recurso:
%%835 Código do Erro: 0x80004005 Descrição do Erro: Erro não especificado Motivo:
%%842


< End of report >

Arquivo(s) anexado(s)

  • Arquivo anexado  OTL.rar   14,34K   1 Downloads


#14
killer

killer

    Assistente Emérito

  • Emérito
  • 11.382 posts

"não foi possível conectar-se ao servidor proxy". pode estar relacionado ao banker?

Você ainda está enfrentando esse problema? Hoje a tarde o site do Linha apresentou problemas (pelo menos para mim) para abrir.

Selecione estas linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar:

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://afo.kasperupd...2012/attwin.dat


:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[CREATERESTOREPOINT]


Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.
Siga as intruções desta página e peça ajuda em Remoção de Malware


Execute o OTL.exe

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL) e clique no botão
Imagem Postada

O programa executará o script e reiniciará o seu computador.

Poste o novo log na próxima resposta.

Obs: Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

:legal:

- Linha Defensiva no FaceBook
Twitter Linha Defensiva Khan Academy

st-cs.jpg
Não abandone o seu tópico, alguém dedicou parte do seu tempo para ajudá-lo!


#15
reneallan

reneallan

    Novato

  • Novato
  • Pip
  • 38 posts
Olá,

Estou acessando o site novamente pelo desktop.

Segue o Log:


All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Convidado
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Renê
->Temp folder emptied: 1366602 bytes
->Temporary Internet Files folder emptied: 3206394 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 39242094 bytes
->Flash cache emptied: 1143 bytes

User: Renˆ

User: Todos os Usuários

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 79692 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 42,00 mb


[EMPTYFLASH]

User: All Users

User: Convidado

User: Default

User: Default User

User: Public

User: Renê
->Flash cache emptied: 0 bytes

User: Renˆ

User: Todos os Usuários

User: Usuário Padrão

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.39.2 log created on 04122012_231141

Files\Folders moved on Reboot...
C:\Users\Renê\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

#16
killer

killer

    Assistente Emérito

  • Emérito
  • 11.382 posts
Olá,

Poste um novo log do Hijackthis.

- Linha Defensiva no FaceBook
Twitter Linha Defensiva Khan Academy

st-cs.jpg
Não abandone o seu tópico, alguém dedicou parte do seu tempo para ajudá-lo!


#17
reneallan

reneallan

    Novato

  • Novato
  • Pip
  • 38 posts
Olá,

Ao meio-dia mandei rodar o Panda Activescan Cleaner, ele fez 4 detecções.
Agora a noite não acusou nada, se bem que o computador ficou desligado a tarde toda... mas enfim.

Segue o log.


Logfile of HijackThis v1.99.1
Scan saved at 18:46:40, on 13/04/2012
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Renê\Desktop\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ÿþ127.0.0.1 localhost
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Obrigado

#18
killer

killer

    Assistente Emérito

  • Emérito
  • 11.382 posts
1. Abra o OTL e clique no botão
Imagem Postada
Feche o OTL.

2. Faça o Download do Ccleaner Slim ( Atenção: Esta versão não possui a Yahoo Toolbar para Internet Explorer, caso queira, sugiro que visite esta pagina.)

  • Instale o programa
  • Clique em Registro > procurar erros > corrigir erros selecionados.
  • Depois, clique em Limpador > analisar > executar limpeza.

Se desejar, leia o tutorial do programa:
http://linhadefensiv...showtopic=12395

3. - Versões antigas do Java, têm vulnerabilidades que alguns malwares podem usar para infectar seu sistema. Verifique se o seu sistema tem a última versão instalada:

Imagem Postada
Acesse o site Java.com/Download. Clique na opção Tenho o java?

Aguarde ele analisar se você possui a ultima versão do java. Feito isso, clique em Faça o download do Java agora. Instale a nova versão do Java.

4.
Imagem Postada
Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.
Remova a versão mais antiga e clique aqui para instalar a mais nova versão.

5. - Ok, o log está limpo
Imagem Postada

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para maiores informações sobre como evitar infecções;

- Se não há mais nenhum problema relacionado a malwares, clique no botão
Imagem Postada
e diga que o seu caso foi resolvido.

- Linha Defensiva no FaceBook
Twitter Linha Defensiva Khan Academy

st-cs.jpg
Não abandone o seu tópico, alguém dedicou parte do seu tempo para ajudá-lo!


#19
Felipe-rj

Felipe-rj

    Moderador

  • Moderador
  • 837 posts
Problema Resolvido!

Caso o autor necessite que o tópico seja reaberto, entre em contato com um dos membros da equipe de moderação.