Archived

This topic is now archived and is closed to further replies.

reneallan

Problema com Certificado do facebook

19 posts in this topic

Boa tarde,

Enquanto eu navegava, abriu rapidamente uma página do Adobe Flash Player com este endereço "http://184.22.51.164/ads.js/header.js/?A", já pedindo a autorização para download do possível update, sem pensar eu autorizei o download e instalação.

Desde então, quando tento acessar o Facebook, ele emite a seguinte mensagem: Certificado de servidor inválido, a internet começou a cair a cada 2 minutos.

Então segue o log do Hijackthis para análise:

Logfile of HijackThis v1.99.1

Scan saved at 15:24:29, on 06/04/2012

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Running processes:

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Renê\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://afo.kasperupdate.com:2012/attwin.dat

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: 67.221.174.30 tagged.com

O1 - Hosts: 204.9.178.11 typepad.com

O1 - Hosts: 74.113.152.32 istockphoto.com

O1 - Hosts: 208.94.0.38 yfrog.com

O1 - Hosts: 123.125.50.22 126.com

O1 - Hosts: 174.36.28.11 slideshare.com

O1 - Hosts: 213.238.60.190 xing.com

O1 - Hosts: 59.106.98.139 seesaa.net

O1 - Hosts: 184.72.253.170 hootsuite.com

O1 - Hosts: 211.151.146.16 soku.com

O1 - Hosts: 72.32.120.222 metacafe.com

O1 - Hosts: 204.11.109.133 tribalfusion.com

O1 - Hosts: 207.154.14.31tripadvisor.com

O1 - Hosts: 216.52.240.133 ustream.tv

O1 - Hosts: 174.36.244.132 linkwithin.com

O1 - Hosts: 121.67.203.61 scan.novirusthanks.org

O1 - Hosts: 209.172.34.139 imagevenue.com

O1 - Hosts: 91.206.232.220 booking.com

O1 - Hosts: 118.69.251.6 vnexpress.net

O1 - Hosts: 208.85.40.80 pandora.com

O1 - Hosts: 194.116.241.57 softonic.com

O1 - Hosts: 208.83.243.15 match.com

O1 - Hosts: 202.57.69.84 nwt.com

O1 - Hosts: 65.11.53.80 nttnavi.com

O1 - Hosts: 72.51.41.235 nrk.no

O1 - Hosts: 110.16.19.157 nozonedata.com

O1 - Hosts: 76.106.43.251 nachtagenten.com

O1 - Hosts: 195.82.124.124 musicmatch.com

O1 - Hosts: 70.52.56.163 moscowtimes.com

O1 - Hosts: 124.217.235.76 gsn.com

O1 - Hosts: 61.178.63.198 mgd.com

O1 - Hosts: 174.142.24.205 mediastorm.hu

O1 - Hosts: 38.113.207.59 media-servers.com

O1 - Hosts: 116.66.206.161 m5prod.com

O1 - Hosts: 74.175.65.66 lupa.com

O1 - Hosts: 207.200.66.53 liveintercom.com

O1 - Hosts: 71.96.135.20 keenspace.com

O1 - Hosts: 202.51.107.37 jetsoftware.com

O1 - Hosts: 60.251.54.208 jamba.com

O1 - Hosts: 222.161.3.133 ir.com

O1 - Hosts: 200.24.227.170 investopedia.com

O1 - Hosts: 202.149.24.216 choiceradio.com

O1 - Hosts: 91.206.232.220 booking.com

O1 - Hosts: 118.69.251.6 vnexpress.net

O1 - Hosts: 141.76.45.18 chip.com

O1 - Hosts: 128.006.192.15 redv.net

O1 - Hosts: 194.42.17.124 cgi.com

O1 - Hosts: 199.26.254.66 centcomm.com

O1 - Hosts: 202.149.24.216 digitallook.com

O1 - Hosts: 60.251.189.134 domainfactory.com

O1 - Hosts: 222.161.3.133 dvdfocomm.nu

O1 - Hosts: 157.95.56.15 e-kolay.com

O1 - Hosts: 85.249.23.115 eurosport.com

O1 - Hosts: 189.104.149.61 f1cd.com

O1 - Hosts: 125.162.92.234 free6.com

O1 - Hosts: 80.81.159.20 cdmworldsoftware.com

O1 - Hosts: 117.102.101.219 grafika.com

O1 - Hosts: 85.249.23.115 adware-delete.com

O1 - Hosts: 69.89.22.135 hbv.com

O1 - Hosts: 92.48.201.39 protectorsuite.com

O1 - Hosts: 128.31.1.16 howstuffworks.com

O1 - Hosts: 132.239.17.2 gns.com

O1 - Hosts: 85.249.23.117 hyena.com

O1 - Hosts: 219.139.158.59 iinfo.com67.221.174.30 tagged.com

O1 - Hosts: 204.9.178.11 typepad.com

O1 - Hosts: 74.113.152.32 istockphoto.com

O1 - Hosts: 208.94.0.38 yfrog.com

O1 - Hosts: 123.125.50.22 126.com

O1 - Hosts: 174.36.28.11 slideshare.com

O1 - Hosts: 213.238.60.190 xing.com

O1 - Hosts: 59.106.98.139 seesaa.net

O1 - Hosts: 184.72.253.170 hootsuite.com

O1 - Hosts: 211.151.146.16 soku.com

O1 - Hosts: 72.32.120.222 metacafe.com

O1 - Hosts: 204.11.109.133 tribalfusion.com

O1 - Hosts: 207.154.14.31tripadvisor.com

O1 - Hosts: 216.52.240.133 ustream.tv

O1 - Hosts: 174.36.244.132 linkwithin.com

O1 - Hosts: 121.67.203.61 scan.novirusthanks.org

O1 - Hosts: 209.172.34.139 imagevenue.com

O1 - Hosts: 91.206.232.220 booking.com

O1 - Hosts: 118.69.251.6 vnexpress.net

O1 - Hosts: 208.85.40.80 pandora.com

O1 - Hosts: 194.116.241.57 softonic.com

O1 - Hosts: 208.83.243.15 match.com

O1 - Hosts: 202.57.69.84 nwt.com

O1 - Hosts: 65.11.53.80 nttnavi.com

O1 - Hosts: 72.51.41.235 nrk.no

O1 - Hosts: 110.16.19.157 nozonedata.com

O1 - Hosts: 76.106.43.251 nachtagenten.com

O1 - Hosts: 195.82.124.124 musicmatch.com

O1 - Hosts: 70.52.56.163 moscowtimes.com

O1 - Hosts: 124.217.235.76 gsn.com

O1 - Hosts: 61.178.63.198 mgd.com

O1 - Hosts: 174.142.24.205 mediastorm.hu

O1 - Hosts: 38.113.207.59 media-servers.com

O1 - Hosts: 116.66.206.161 m5prod.com

O1 - Hosts: 74.175.65.66 lupa.com

O1 - Hosts: 207.200.66.53 liveintercom.com

O1 - Hosts: 71.96.135.20 keenspace.com

O1 - Hosts: 202.51.107.37 jetsoftware.com

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Segue também o log do Malwarebytes:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Versão da Base de Dados: v2012.04.06.06

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Renê :: REN-PC [administrador]

06/04/2012 15:24:03

mbam-log-2012-04-06 (16-28-11).txt

Tipo de Verificação: Verificação Completa

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 433531

Tempo decorrido: 1 hora(s), 3 minuto(s), 48 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 1

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GOOGLEUPDATE.EXE (Trojan.Agent) -> Nenhuma ação foi feita.

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 4

D:\Install\Antivirus\KIS 2012 PT-BR\ktr_2012.exe (Trojan.Agent.CK) -> Nenhuma ação foi feita.

D:\Install\autocad2012 x64\x-force_2012_x64.exe (Trojan.Agent.ck) -> Nenhuma ação foi feita.

D:\Install\Microsoft Office 2010 x86 - SP1+Ativador Senha 123\Ativador office 2010\mini-KMS_Activator_v1.053.exe (PUP.Hacktool.Office) -> Nenhuma ação foi feita.

C:\Users\Renê\AppData\Roaming\googleupdate.exe (Trojan.Agent) -> Nenhuma ação foi feita.

(fim)

Ótima pascoa à todos

Att. Renê Allan Pasko

Share this post


Link to post
Share on other sites

Faça o download do BankerFix:

http://www.linhadefensiva.org/dl/bankerfix

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em

UAC_icon.png
Executar como administrador

Importante: A ferramenta irá finalizar o Internet Explorer. Salve qualquer link que você precisa acessar depois antes de executá-la.

Dê dois cliques no bankerfix.exe para executá-lo.

Clique em OK na primeira e [CANCELAR] na segunda tela para impedir a execução do BankerFix.

Feito isso, vá em C:\LinhaDefensiva\ e execute o arquivo Iniciar-Bankerfix.vbs. Confirme que deseja atualizar o software e em [OK] para executar o software.

Quando ele executar, aparecerá uma tela preta pedindo para que aperte qualquer tecla. Tecle Enter e espere ele terminar. Pode levar algum tempo.

Ao terminar, leia a mensagem na tela e aperte Enter novamente. Quando ele terminar, poste o arquivo relatorio.txt localizado em: C:\LinhaDefensiva\relatorio.txt

Share this post


Link to post
Share on other sites

Seguem dois relatórios, pois executei o bankerfix duas vezes e apareceram resultados diferentes.

Segue o primeiro:

-------------------------------------------------------

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2012-04-07 - 19:24

-------------------------------------------------------

Lista de Definição: 2012-03-19-1 | CORE: 2012-01-27-1

=======================================================

Arquivo infectado detectado: C:\Windows\System32\explorer.exe

O arquivo só será removido quando o sistema for reiniciado

IP malicioso encontrado no hosts: 124.217

IP malicioso encontrado no hosts: 174.36

IP malicioso encontrado no hosts: 189.1

IP malicioso encontrado no hosts: 67.20

IP malicioso encontrado no hosts: 69.2

IP malicioso encontrado no hosts: 76.10

IP malicioso encontrado no hosts: 76.163

----- Fim -------------------------

-------------------------------------------------------

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2012-04-07 - 19:27

-------------------------------------------------------

Lista de Definição: 2012-03-19-1 | CORE: 2012-01-27-1

=======================================================

Segue o Segundo:

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2012-04-07 - 19:27

-------------------------------------------------------

Lista de Definição: 2012-03-19-1 | CORE: 2012-01-27-1

=======================================================

----- Fim -------------------------

Att.

Renê Allan Pasko

Share this post


Link to post
Share on other sites

Baixe OTL by OldTimer, e salve na sua área de trabalho.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em

UAC_icon.png
Executar como administrador

Feche todas as janelas e execute a ferramenta.

Onde diz Saída, marque Padrão

Marque também estas opções:

  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

netsvcs

%SYSTEMDRIVE%\*.*

%systemdrive%\drivers\*.exe

%systemroot%\system32\drivers\*.* /90

%PROGRAMFILES%(x86)\*.*

%LOCALAPPDATA%\*.exe

%LOCALAPPDATA%\*.txt

%LOCALAPPDATA%\*.ini

%LOCALAPPDATA%\*.dll

%LOCALAPPDATA%\*.dat

%USERPROFILE%\*.exe

%USERPROFILE%\*.txt

%USERPROFILE%\*.ini

%USERPROFILE%\*.dll

%USERPROFILE%\*.dat /30

C:\windows\system32\Tasks\*.* /s /64

%windir%\tasks\*.*

CREATERESTOREPOINT

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão Verificar

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt

Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do Extras.txt e cole na sua resposta.

Anexe o arquivo OTL.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.

:legal:

Share this post


Link to post
Share on other sites

Olá,

Percebi que o site do Gmail e Orkut estão apresentando o mesmo problema, apenas com o navegador do Google Chrome.

Segui sua orientação, porém, gerou apenas o OTL.txt.

Segue:

OTL logfile created on: 07/04/2012 22:59:37 - Run 2

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Renê\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

8,00 Gb Total Physical Memory | 6,05 Gb Available Physical Memory | 75,60% Memory free

16,00 Gb Paging File | 13,82 Gb Available in Paging File | 86,40% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 265,31 Gb Total Space | 158,50 Gb Free Space | 59,74% Space Free | Partition Type: NTFS

Drive D: | 200,45 Gb Total Space | 106,02 Gb Free Space | 52,89% Space Free | Partition Type: NTFS

Computer Name: REN-PC | User Name: Renê | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/07 22:57:42 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Renê\Desktop\OTL.exe

PRC - [2012/04/03 22:56:42 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2012/02/13 19:15:28 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/01/10 20:18:46 | 002,592,768 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe

PRC - [2011/12/14 08:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2011/08/20 20:49:33 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe

PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/03 22:56:41 | 000,444,400 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll

MOD - [2012/04/03 22:56:39 | 003,915,248 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.151\pdf.dll

MOD - [2012/04/03 22:55:14 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.151\avutil-51.dll

MOD - [2012/04/03 22:55:12 | 000,220,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.151\avformat-53.dll

MOD - [2012/04/03 22:55:11 | 001,747,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.151\avcodec-53.dll

MOD - [2012/03/21 12:12:32 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2012/03/21 12:12:29 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll

MOD - [2012/03/21 12:12:29 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL

MOD - [2012/03/21 12:12:29 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll

MOD - [2012/03/21 12:12:29 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll

MOD - [2012/02/13 19:15:28 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

MOD - [2012/01/10 20:18:46 | 002,592,768 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/30 13:58:02 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/01/30 19:13:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/12/14 08:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2011/11/12 23:34:47 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/10/11 23:47:41 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Arquivos de Programas\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de Programas\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2011/11/30 14:44:02 | 010,497,024 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/11/30 13:13:28 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/08/11 14:54:24 | 000,099,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C60x64.sys -- (L1C)

DRV:64bit: - [2011/07/29 12:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)

DRV:64bit: - [2011/07/29 12:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)

DRV:64bit: - [2011/06/06 19:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2009/10/21 00:30:32 | 001,270,784 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV:64bit: - [2009/07/16 00:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV:64bit: - [2009/07/13 22:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 22:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 22:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 22:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 17:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/22 20:08:37 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2009/05/22 11:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/02/17 14:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV - [2011/07/29 12:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)

DRV - [2011/07/29 12:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E E5 E3 0A 13 14 CD 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}...Box&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://afo.kasperupdate.com:2012/attwin.dat

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.151\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.151\gcswf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Renê\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Pesquisa do Google = C:\Users\Renê\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Bleach Theme2 = C:\Users\Renê\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbgbfeiijkpelbhpmbdliomlgbdiggho\2_0\

CHR - Extension: Skype Click to Call = C:\Users\Renê\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

CHR - Extension: Gmail = C:\Users\Renê\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/07 19:28:03 | 000,450,226 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 67.221.174.30 tagged.com

O1 - Hosts: 204.9.178.11 typepad.com

O1 - Hosts: 74.113.152.32 istockphoto.com

O1 - Hosts: 208.94.0.38 yfrog.com

O1 - Hosts: 123.125.50.22 126.com

O1 - Hosts: 213.238.60.190 xing.com

O1 - Hosts: 59.106.98.139 seesaa.net

O1 - Hosts: 184.72.253.170 hootsuite.com

O1 - Hosts: 211.151.146.16 soku.com

O1 - Hosts: 72.32.120.222 metacafe.com

O1 - Hosts: 204.11.109.133 tribalfusion.com

O1 - Hosts: 207.154.14.31tripadvisor.com

O1 - Hosts: 216.52.240.133 ustream.tv

O1 - Hosts: 209.172.34.139 imagevenue.com

O1 - Hosts: 91.206.232.220 booking.com

O1 - Hosts: 208.85.40.80 pandora.com

O1 - Hosts: 194.116.241.57 softonic.com

O1 - Hosts: 208.83.243.15 match.com

O1 - Hosts: 202.57.69.84 nwt.com

O1 - Hosts: 65.11.53.80 nttnavi.com

O1 - Hosts: 72.51.41.235 nrk.no

O1 - Hosts: 110.16.19.157 nozonedata.com

O1 - Hosts: 195.82.124.124 musicmatch.com

O1 - Hosts: 70.52.56.163 moscowtimes.com

O1 - Hosts: 61.178.63.198 mgd.com

O1 - Hosts: 15470 more lines...

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Arquivos de Programas\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Arquivos de Programas\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [bankerFixV3] \LinhaDefensiva\rotinas\postreboot.bat ()

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm ()

O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm ()

O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm ()

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm ()

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)

O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.7.0.15 189.7.0.14

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C21A16C-4988-4E33-913B-F72B158FE832}: DhcpNameServer = 189.7.0.15 189.7.0.14

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{98a31865-d7b0-11dd-9cde-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{98a31865-d7b0-11dd-9cde-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe

O33 - MountPoints2\{fc23c29e-c938-11e0-a3b9-14dae96ef502}\Shell - "" = AutoRun

O33 - MountPoints2\{fc23c29e-c938-11e0-a3b9-14dae96ef502}\Shell\AutoRun\command - "" = F:\OriginInstaller.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/07 22:57:36 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Renê\Desktop\OTL.exe

[2012/04/07 19:23:12 | 000,000,000 | ---D | C] -- C:\LinhaDefensiva

[2012/04/07 19:12:36 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{8536E49B-D785-4F30-BB71-923EB73CB8F1}

[2012/04/06 15:20:54 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2012/04/06 15:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/04/06 15:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/04/06 13:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012/04/06 13:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/04/06 13:44:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2012/04/06 13:33:02 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{B16C0F9E-684F-4779-A2CC-2A30C1C5D762}

[2012/04/06 05:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\KONAMI

[2012/04/06 00:11:09 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{491B19F6-F637-403C-9473-A57C88E7C1BA}

[2012/04/05 12:36:19 | 000,000,000 | ---D | C] -- C:\Neowiz

[2012/04/05 12:10:44 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{EA2DEB03-C16F-452B-8889-95239C82A5D3}

[2012/04/04 11:54:37 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{6E7ABB87-A5C7-462E-AF52-7AC44C5454C8}

[2012/04/03 22:00:05 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{7F16E2DB-0292-4CEE-9874-17D938CED4CA}

[2012/04/03 09:59:40 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{7767B123-16C7-41B6-BAE1-B85BEF3F80B9}

[2012/04/02 21:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIKA

[2012/04/02 21:27:07 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OnGame

[2012/04/02 21:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnGame

[2012/04/02 18:45:25 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{4FB743EC-438B-4944-9C72-EDFC05C7511F}

[2012/04/02 06:44:50 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{05898E5A-1A52-4E0B-97DA-34D74CC45D21}

[2012/04/01 18:44:37 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{7394A64B-3928-4DA6-9830-3E50ACB0E2CC}

[2012/03/31 11:57:29 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{D80B7277-2503-40E6-A14E-63A873310883}

[2012/03/30 12:13:28 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{0078095E-179B-42F9-9B64-45B2A83E2F7E}

[2012/03/29 23:57:02 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{5271B807-C61B-4AA3-B8A0-695DB1439115}

[2012/03/29 11:56:37 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{1EAAB7AD-CF81-45A5-80F9-A3AEC6B45DB0}

[2012/03/28 12:07:25 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{DE35ACC5-75DF-4A3A-8A45-8F399D2AE6DF}

[2012/03/28 12:07:01 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{D3DC3CA2-E17C-43BE-B038-56836F4A9836}

[2012/03/28 00:06:36 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{701F68F4-6FA9-4CD3-862D-A3A4843649CC}

[2012/03/28 00:06:13 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{5254549F-32A6-4D78-96EC-09DAFBCF8B22}

[2012/03/27 12:05:48 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{6B969C6B-3783-42D5-BC9D-7430D207F6FE}

[2012/03/27 12:05:25 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{CFC6ED1B-B563-4FF5-89AB-86993DF99F09}

[2012/03/27 00:04:59 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{46AFA499-D649-465C-8320-E3EC33485FC0}

[2012/03/27 00:04:36 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{754B1709-0FB2-4E12-9D71-C98BE6A31093}

[2012/03/26 12:04:11 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{91AA278E-D820-4E0D-9D8C-5153C2005875}

[2012/03/26 12:03:46 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{D52E9E2A-373D-4C5F-BDD3-AE5EA50361C5}

[2012/03/26 11:17:49 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{F0CAD5CF-E5DC-4DAB-8B34-3C49118AE6E7}

[2012/03/25 13:23:01 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{E12A2513-69A0-45D0-AD1F-D621CB7350F2}

[2012/03/25 13:22:38 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{8E2FB3CA-5857-4D05-9D19-C45CAC03D25D}

[2012/03/25 01:22:12 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{5A5DF807-179E-4364-A5A8-7FD9AD8CBA0E}

[2012/03/24 13:21:35 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{C9F3C7FF-A5A7-4FB3-A8A7-0BCA19C8BE2B}

[2012/03/24 13:21:21 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{83395B0B-92E4-4648-81B0-24B87B9DDD72}

[2012/03/24 00:03:34 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{E43DC7FD-6810-464A-9F52-5CC468599A04}

[2012/03/24 00:03:11 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{1D5B487B-3FE9-4C37-A1A5-6B9E0CFAE9A7}

[2012/03/23 12:02:45 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{2FE67889-42C2-4258-BD2A-BFC7050F15B7}

[2012/03/23 12:02:23 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{52CF7AB3-4376-4C22-9654-54DC9E46DACD}

[2012/03/23 00:01:57 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{B98DC20E-6CB3-4C26-B8C5-52940B8E75E7}

[2012/03/23 00:01:34 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{D390E6CB-D624-461C-BC0E-CFE280BFF5F0}

[2012/03/22 12:01:08 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{750D91D3-E9A2-4D08-B1B8-0B9A3A7AD743}

[2012/03/22 12:00:56 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{98955493-E484-497F-B4DB-C8E8B127EB55}

[2012/03/21 12:13:25 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{D4F1D9E6-89AB-44EB-A2B1-D1E0D363658E}

[2012/03/21 12:13:13 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{A18ED83A-6103-40E8-AF3E-5710789795FB}

[2012/03/20 21:25:11 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{CE4A0277-678E-4337-A398-FA9C0393104B}

[2012/03/20 21:24:48 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{05577817-1856-4922-A8AC-C27FEC72AEB3}

[2012/03/20 09:24:21 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{715F2A37-1694-48D5-B254-486A82C52299}

[2012/03/20 09:24:10 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{7F536143-DB16-4CD0-8495-9A483D6CFAC3}

[2012/03/19 21:20:38 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{7AC01DFF-AFDA-4B47-A2E8-C1D1C8117254}

[2012/03/19 21:20:15 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{0FE1564E-CABB-457A-A4C8-B05434324F94}

[2012/03/19 18:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012/03/19 18:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2012/03/19 09:19:49 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{28AA1D54-A0FE-4689-9834-1AAA2F5217BB}

[2012/03/19 09:19:37 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{143DBCA8-8D08-456A-B3C2-019B3AFD9B71}

[2012/03/18 17:25:10 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{56A99C77-FBFD-43F1-BE7B-AA67F45E8AAE}

[2012/03/18 17:24:57 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{71C0D75B-2FA0-438D-B2C9-7717A268E00E}

[2012/03/17 11:43:42 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{5E7540D3-5220-40CF-8484-D4C57A3533EC}

[2012/03/17 11:43:29 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{AC871B34-4F5A-4F53-B49B-CCC4F5EDEAA4}

[2012/03/16 12:14:26 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{BCAE4F2F-53D1-4830-AE6B-0315EBF8E126}

[2012/03/16 12:14:15 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{EAA1348E-65FC-46F7-9CE3-3BF3E13436A4}

[2012/03/15 22:30:19 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{2C3B8724-B94A-4197-8D2C-84DF17F2C6DE}

[2012/03/15 22:29:56 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{CB4E3EF8-69FD-4045-A21A-8EE7B5028A52}

[2012/03/15 21:14:20 | 000,000,000 | ---D | C] -- C:\Downloads

[2012/03/15 12:54:22 | 000,000,000 | ---D | C] -- C:\Users\Renê\Documents\NFSTR

[2012/03/15 12:38:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Need for Speed The Run

[2012/03/15 12:21:17 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller

[2012/03/15 10:29:30 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{368B715D-9581-475E-BCFF-8970616D4593}

[2012/03/15 10:29:18 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{857767CE-40C4-4F46-9355-0C10C6852508}

[2012/03/14 12:46:38 | 000,000,000 | ---D | C] -- C:\Users\Renê\Documents\Remedy

[2012/03/14 12:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remedy Entertainment

[2012/03/14 12:40:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Remedy Entertainment

[2012/03/14 08:56:19 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{0A5A4F25-5692-49BD-AABA-528365CFE9A2}

[2012/03/14 08:56:07 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{624FDB33-9EE0-4C4C-BC5D-FF9C2D7DB966}

[2012/03/13 18:44:25 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{5E468F95-B9EA-4F49-BE99-D48102D5B8D3}

[2012/03/13 18:44:02 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{239AAF6F-5561-4767-8DB4-5CFC751E309C}

[2012/03/13 06:43:37 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{579F6FE8-64A9-4BD2-8344-78693BED0006}

[2012/03/13 06:43:13 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{F5BBAC18-42A2-42F4-8D45-1FF62271C862}

[2012/03/12 18:43:01 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{BB0304BB-397E-466F-BB82-708C59FC9C8B}

[2012/03/12 18:42:38 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{76EB34D0-0FB6-4D07-B703-FB952CB0B0F2}

[2012/03/12 12:36:14 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\SKIDROW

[2012/03/12 12:36:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo dos Renegados

[2012/03/12 06:42:10 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{BF83C3E6-1D23-49C5-B72C-7F9EE1003549}

[2012/03/12 06:41:55 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{6DBE937E-FB9D-4D9F-AD06-2BC9901A4927}

[2012/03/10 11:45:39 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{DEF0174D-D9FC-4588-AC35-B756EA749127}

[2012/03/10 11:45:26 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{972D0D08-4D36-4800-81BF-E32F7B86BBA8}

[2012/03/09 18:59:37 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{D815FBA9-1332-48C2-9B17-50F15A1CC0D2}

[2012/03/09 18:59:25 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{F15B8B29-AF8E-4014-95CE-637B8526A603}

[2012/03/08 23:52:15 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{03A44884-CF0E-4502-94D7-808D3B991A7A}

[2012/03/08 23:51:52 | 000,000,000 | ---D | C] -- C:\Users\Renê\AppData\Local\{7B248A92-E6FA-47BE-B6E1-2F529C35ED4B}

[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/07 22:57:42 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Renê\Desktop\OTL.exe

[2012/04/07 22:47:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/04/07 19:28:03 | 000,450,226 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/04/07 19:17:00 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/07 19:17:00 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/07 19:11:57 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/04/07 19:11:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/04/07 19:11:42 | 2146,836,479 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/06 15:23:17 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/06 13:44:39 | 000,001,258 | ---- | M] () -- C:\Users\Renê\Desktop\Spybot - Search & Destroy.lnk

[2012/04/06 04:22:21 | 000,002,937 | -HS- | M] () -- C:\Users\Renê\sec.vbe

[2012/04/06 04:22:21 | 000,001,733 | -HS- | M] () -- C:\Users\Renê\nebp.vbe

[2012/04/05 12:36:22 | 000,001,485 | ---- | M] () -- C:\Users\Public\Desktop\Seven Souls Online.lnk

[2012/04/01 22:03:37 | 000,010,331 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120406-140515.backup

[2012/03/15 12:54:16 | 000,001,730 | ---- | M] () -- C:\Users\Renê\Desktop\Need For Speed The Run - Atalho.lnk

[2012/03/14 18:58:00 | 001,635,264 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/03/14 18:58:00 | 000,705,602 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat

[2012/03/14 18:58:00 | 000,654,170 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/03/14 18:58:00 | 000,147,288 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat

[2012/03/14 18:58:00 | 000,122,002 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/03/14 12:46:10 | 000,002,151 | ---- | M] () -- C:\Users\Public\Desktop\Alan Wake.lnk

[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/06 15:23:17 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/06 13:44:39 | 000,001,258 | ---- | C] () -- C:\Users\Renê\Desktop\Spybot - Search & Destroy.lnk

[2012/04/06 04:22:21 | 000,002,937 | -HS- | C] () -- C:\Users\Renê\sec.vbe

[2012/04/06 04:22:21 | 000,001,733 | -HS- | C] () -- C:\Users\Renê\nebp.vbe

[2012/04/05 12:36:22 | 000,001,485 | ---- | C] () -- C:\Users\Public\Desktop\Seven Souls Online.lnk

[2012/03/15 12:54:16 | 000,001,730 | ---- | C] () -- C:\Users\Renê\Desktop\Need For Speed The Run - Atalho.lnk

[2012/03/14 12:46:10 | 000,002,151 | ---- | C] () -- C:\Users\Public\Desktop\Alan Wake.lnk

[2011/12/07 11:29:27 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe

[2011/12/07 11:29:27 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe

[2011/12/07 11:29:27 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll

[2011/12/07 11:29:27 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys

[2011/12/07 11:29:27 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys

[2011/11/30 13:29:04 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2011/11/30 13:29:04 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2011/10/11 23:48:15 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

[2011/10/03 10:22:37 | 001,646,102 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/09/30 16:59:56 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2011/09/12 20:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/09/11 00:35:39 | 000,117,152 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011/09/07 02:29:18 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2011/09/01 19:27:03 | 000,005,120 | ---- | C] () -- C:\Users\Renê\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/08/30 00:39:15 | 000,000,017 | ---- | C] () -- C:\Users\Renê\AppData\Local\resmon.resmoncfg

[2011/08/24 20:19:10 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll

[2011/08/18 01:15:02 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2011/08/18 01:15:01 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2011/08/18 01:14:51 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

[2011/08/18 01:14:51 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

[2011/08/17 22:31:59 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2011/08/17 22:31:57 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll

[2011/08/17 22:31:57 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011/08/17 22:31:57 | 000,612,864 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll

[2011/08/17 22:31:57 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011/08/17 22:31:56 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2011/08/17 22:19:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/08/17 22:00:39 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2011/08/17 22:00:32 | 000,017,222 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2011/06/27 15:23:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== LOP Check ==========

[2011/10/13 00:18:59 | 000,000,000 | ---D | M] -- C:\Users\Renê\AppData\Roaming\Autodesk

[2011/08/29 21:40:16 | 000,000,000 | ---D | M] -- C:\Users\Renê\AppData\Roaming\BFBC2CC

[2012/04/06 05:06:57 | 000,000,000 | ---D | M] -- C:\Users\Renê\AppData\Roaming\BSplayer

[2011/08/17 22:36:54 | 000,000,000 | ---D | M] -- C:\Users\Renê\AppData\Roaming\BSplayer Pro

[2011/08/29 20:57:12 | 000,000,000 | ---D | M] -- C:\Users\Renê\AppData\Roaming\FlashGet

[2011/08/17 22:30:37 | 000,000,000 | ---D | M] -- C:\Users\Renê\AppData\Roaming\Foxit

[2011/09/07 14:51:27 | 000,000,000 | ---D | M] -- C:\Users\Renê\AppData\Roaming\LolClient

[2012/01/10 19:55:42 | 000,000,000 | ---D | M] -- C:\Users\Renê\AppData\Roaming\TeamViewer

[2011/10/29 11:16:58 | 000,000,000 | ---D | M] -- C:\Users\Renê\AppData\Roaming\TS3Client

[2012/03/15 21:17:20 | 000,000,000 | ---D | M] -- C:\Users\Renê\AppData\Roaming\uTorrent

[2012/02/21 19:55:44 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2011/08/20 20:55:29 | 000,000,006 | ---- | M] () -- C:\7Loader.TAG

[2009/07/13 22:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr

[2011/08/17 21:33:40 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2011/08/20 20:55:21 | 000,171,136 | RHS- | M] () -- C:\grldr

[2012/04/07 19:11:42 | 2146,836,479 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/07 19:11:43 | 4294,107,135 | -HS- | M] () -- C:\pagefile.sys

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >

< %PROGRAMFILES%(x86)\*.* >

< %LOCALAPPDATA%\*.exe >

< %LOCALAPPDATA%\*.txt >

< %LOCALAPPDATA%\*.ini >

[2011/11/17 18:41:31 | 000,005,120 | ---- | M] () -- C:\Users\Renê\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< %LOCALAPPDATA%\*.dll >

< %LOCALAPPDATA%\*.dat >

[2012/01/30 19:22:59 | 000,116,152 | ---- | M] () -- C:\Users\Renê\AppData\Local\GDIPFONTCACHEV1.DAT

< %USERPROFILE%\*.exe >

< %USERPROFILE%\*.txt >

< %USERPROFILE%\*.ini >

[2011/08/17 21:45:51 | 000,000,020 | -HS- | M] () -- C:\Users\Renê\ntuser.ini

< %USERPROFILE%\*.dll >

< %USERPROFILE%\*.dat /30 >

[2012/04/07 23:01:09 | 007,340,032 | -HS- | M] () -- C:\Users\Renê\ntuser.dat

< C:\windows\system32\Tasks\*.* /s /64 >

[2012/03/22 12:42:32 | 000,003,808 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskMachineCore

[2012/03/22 12:42:33 | 000,004,060 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskMachineUA

[2012/04/06 04:22:21 | 000,003,260 | ---- | M] () -- C:\Windows\SysNative\Tasks\Tasker

[2012/04/06 04:22:21 | 000,003,262 | ---- | M] () -- C:\Windows\SysNative\Tasks\Wisker

[2011/09/07 02:28:19 | 000,002,878 | ---- | M] () -- C:\Windows\SysNative\Tasks\{2904DEA9-2E8F-44B6-A181-2AA3A463C818}

[2012/04/06 04:57:10 | 000,003,120 | ---- | M] () -- C:\Windows\SysNative\Tasks\{5EF6945A-CEF4-4000-85AD-17B508355FA0}

[2011/10/02 17:54:54 | 000,003,120 | ---- | M] () -- C:\Windows\SysNative\Tasks\{A3B55FA5-8AB3-4599-B8FE-2794E501B3ED}

[2011/08/18 01:15:07 | 000,003,054 | ---- | M] () -- C:\Windows\SysNative\Tasks\ASUS\ASUS RegRun Loader

[2011/08/19 10:38:54 | 000,004,158 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task

[2009/07/14 01:53:29 | 000,004,472 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)

[2009/07/14 01:53:29 | 000,003,854 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)

[2009/07/14 01:54:39 | 000,002,900 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\AppID\PolicyConverter

[2009/07/14 01:54:39 | 000,003,790 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck

[2009/07/14 01:54:05 | 000,003,458 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Application Experience\AitAgent

[2009/07/14 01:54:05 | 000,003,614 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater

[2009/07/14 01:49:22 | 000,003,026 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Autochk\Proxy

[2009/07/14 01:57:09 | 000,001,862 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask

[2009/07/14 01:53:22 | 000,004,130 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask

[2009/07/14 01:53:22 | 000,003,868 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask

[2009/07/14 02:09:01 | 000,003,134 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam

[2009/07/14 01:57:09 | 000,002,934 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator

[2009/07/14 01:53:33 | 000,003,946 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask

[2009/07/14 01:54:08 | 000,003,598 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip

[2009/07/14 01:57:12 | 000,003,886 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag

[2009/07/14 01:57:07 | 000,004,018 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Diagnosis\Scheduled

[2011/09/05 09:54:18 | 000,003,760 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector

[2011/08/17 21:37:11 | 000,002,538 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver

[2009/07/14 01:57:13 | 000,003,554 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Location\Notifications

[2011/08/18 14:25:13 | 000,004,036 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Maintenance\WinSAT

[2011/08/17 21:37:23 | 000,002,420 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch

[2011/08/17 21:37:22 | 000,002,448 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService

[2011/09/11 18:51:26 | 000,003,690 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks

[2011/08/17 21:37:21 | 000,002,400 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\ehDRMInit

[2011/08/17 21:37:23 | 000,002,546 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\InstallPlayReady

[2011/08/17 21:37:15 | 000,002,790 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\mcupdate

[2011/08/17 21:37:17 | 000,002,954 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask

[2011/08/17 21:37:16 | 000,002,958 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask

[2011/08/17 21:37:21 | 000,002,380 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\OCURActivate

[2011/08/17 21:37:21 | 000,002,400 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\OCURDiscovery

[2011/08/17 21:37:21 | 000,002,384 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PBDADiscovery

[2011/08/17 21:37:19 | 000,003,226 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1

[2011/08/17 21:37:20 | 000,003,228 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2

[2011/08/17 21:37:19 | 000,003,822 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry

[2011/08/17 21:37:16 | 000,002,926 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask

[2011/08/17 21:37:16 | 000,002,918 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask

[2011/08/17 21:37:17 | 000,003,078 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\RecordingRestart

[2011/08/17 21:37:22 | 000,002,408 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows&

Share this post


Link to post
Share on other sites

Desculpe o equivoco, agora que percebi que não coube todo o texto. Então segue o arquivo .rar

Att.

Renê Allan Pasko

OTL.rar

Share this post


Link to post
Share on other sites

1. Selecione estas linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar:

:OTL

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://afo.kasperupdate.com:2012/attwin.dat

O4 - HKLM..\Run: [bankerFixV3] \LinhaDefensiva\rotinas\postreboot.bat ()

[2012/04/06 04:22:21 | 000,002,937 | -HS- | M] () -- C:\Users\Renê\sec.vbe

[2012/04/06 04:22:21 | 000,001,733 | -HS- | M] () -- C:\Users\Renê\nebp.vbe

:Commands

[CREATERESTOREPOINT]

[RESETHOSTS]

[EMPTYTEMP]

[EMPTYFLASH]

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

Siga as intruções desta página e peça ajuda em Remoção de Malware

Execute o OTL.exe

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL) e clique no botão

imagemal.png

O programa executará o script e reiniciará o seu computador.

Poste o novo log na próxima resposta.

Obs: Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

2. Execute o OTL.exe

Feche TODAS as janelas (exceto o próprio OTL).

Onde diz Saída, marque a opção Padrão

Clique no botão

botaoNenhum.png

Na caixa Exame extra do Registro marque Usar SafeList e em seguida clique no botão

botaoverificar.png

semttulofj.png

Quando terminar, um bloco de notas será aberto, contendo algumas informações.

Copie TODO o conteúdo do log EXTRAS.TXT que será aberto minimizado.

Uma cópia deste log ficará armazenado na mesma pasta onde está o OTL.exe, ou seja, na sua área de trabalho, com o nome Extras.txt

Share this post


Link to post
Share on other sites

Seguem os logs,

04092012_182731.log

All processes killed

========== OTL ==========

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BankerFixV3 deleted successfully.

File move failed. \LinhaDefensiva\rotinas\postreboot.bat scheduled to be moved on reboot.

C:\Users\Renê\sec.vbe moved successfully.

C:\Users\Renê\nebp.vbe moved successfully.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Convidado

->Temp folder emptied: 50175 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Renê

->Temp folder emptied: 3418772 bytes

->Temporary Internet Files folder emptied: 22673340 bytes

->Java cache emptied: 456083 bytes

->Google Chrome cache emptied: 60137670 bytes

->Flash cache emptied: 982 bytes

User: Renˆ

User: Todos os Usuários

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 2428680 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 80430 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68006 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 85,00 mb

[EMPTYFLASH]

User: All Users

User: Convidado

User: Default

User: Default User

User: Public

User: Renê

->Flash cache emptied: 0 bytes

User: Renˆ

User: Todos os Usuários

User: Usuário Padrão

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.39.2 log created on 04092012_182731

Files\Folders moved on Reboot...

File move failed. \LinhaDefensiva\rotinas\postreboot.bat scheduled to be moved on reboot.

C:\Users\Renê\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

--------------------------------------------------------------------------------

LOG Extras.txt

OTL Extras logfile created on: 09/04/2012 18:33:36 - Run 3

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Renê\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

8,00 Gb Total Physical Memory | 6,29 Gb Available Physical Memory | 78,66% Memory free

16,00 Gb Paging File | 14,19 Gb Available in Paging File | 88,68% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 265,31 Gb Total Space | 157,36 Gb Free Space | 59,31% Space Free | Partition Type: NTFS

Drive D: | 200,45 Gb Total Space | 106,02 Gb Free Space | 52,89% Space Free | Partition Type: NTFS

Computer Name: REN-PC | User Name: Renê | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{09F75D2E-0393-CE6B-C01A-79008E91B6EF}" = AMD Media Foundation Decoders

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{3099E885-DE8A-4099-ABE2-561DC8589DFA}" = Microsoft Antimalware Service PT-BR Language Pack

"{3F829160-B531-B9F0-5BC7-918167BB5DCE}" = ccc-utility64

"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5783F2D7-A001-0409-0102-0060B0CE6BBA}" = AutoCAD 2012 - English

"{5783F2D7-A001-0409-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - English

"{5C1858C7-B7A8-7085-60AA-A538954E3832}" = ccc-utility64

"{6A7F7056-14E1-D8E4-0B87-BC3F18EAC8AC}" = ATI AVIVO64 Codecs

"{6C8EEF0B-C4BE-35A7-BF08-7C3C667EB62A}" = Microsoft .NET Framework 4 Extended PTB Language Pack

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{84C3FCBF-8A79-E383-9CC6-B6661CAF8675}" = AMD Media Foundation Decoders

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9828EE10-F994-6C74-05F3-5228D7CDE37D}" = AMD Catalyst Install Manager

"{AB813B91-07DB-F136-C09A-3743AA7CA23F}" = AMD AVIVO64 Codecs

"{B7693CDE-074B-301C-9584-FC4343696C8B}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client PT-BR Language Pack

"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012

"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion plug-in for AutoCAD 2012

"{F480BE66-C9F2-608F-A47A-E9F966080883}" = AMD Drag and Drop Transcoding

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012

"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack

"AutoCAD 2012 - English" = AutoCAD 2012 - English

"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012

"Autodesk Inventor Fusion plug-in for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012

"CCleaner" = CCleaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)

"Microsoft Security Client" = Microsoft Security Essentials

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"WinRAR archiver" = Arquivo do WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02446EBD-7E93-8DB2-662A-20A8BE5630E0}" = Catalyst Control Center InstallProxy

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{05B7B9BA-9EBC-4C5B-933D-49F372EFE7A1}" = Adobe Photoshop CS4

"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0AFBB699-665E-616E-1863-168A6C62C6C5}" = CCC Help Spanish

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D03ED1F-A3B1-1089-B47D-96A3C7BED398}" = Catalyst Control Center Localization All

"{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}" = Need for Speed™ The Run

"{0F99EAFA-4054-4ABC-A3D3-D2299210572F}" = Adobe Bridge CS4

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding

"{19D41B9A-C474-D1A9-CAA1-499D362F2DD1}" = CCC Help Dutch

"{1B7A4B3C-9A00-123A-1BC8-AD5DB6517EE4}" = CCC Help Turkish

"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{235BBFC6-D863-4066-A01A-3BD504C31046}" = Nero 7 Ultra Edition

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in

"{298EEE62-A419-E250-9D01-58DFA08E0D11}" = Catalyst Control Center Graphics Previews Common

"{2C5FF744-EE63-D37C-09B6-8DD5DD192578}" = Catalyst Control Center Localization All

"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{35070A8C-1660-952E-6638-7B4BDFE7DE5E}" = CCC Help Polish

"{35F9CEEB-B54F-7BF9-39B9-0AC67505E1CF}" = CCC Help Norwegian

"{38141809-CC3B-D09A-5270-3882AFE4134F}" = CCC Help Finnish

"{3D8AAFC2-4DD0-89BB-5738-8FFC250918FE}" = CCC Help Czech

"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials

"{48C19885-4773-5A0B-4373-7F33594B195D}" = CCC Help Swedish

"{4925872A-F7E7-23CB-1C1B-D8E1392728B5}" = CCC Help Greek

"{49C09E32-B9FD-4EDC-9152-9BC0CC618A13}" = GetDataBack for FAT and GetDataBack for NTFS

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B64E5A1-8988-F6B0-F87B-464D09998451}" = CCC Help German

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{5047CFAD-8181-5563-68E0-EE3558E251AB}" = CCC Help Thai

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{51989139-5EBD-F77E-FE25-588CBC39078A}" = CCC Help Chinese Traditional

"{5352A52A-751E-FD13-7BF4-FC97A38E077F}" = CCC Help Japanese

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{5A8E2AE3-F83A-F29C-B588-13159782D407}" = Catalyst Control Center Graphics Previews Common

"{5CBBB59D-45C5-1FDF-B8B0-8176A2691C2F}" = CCC Help French

"{62380A96-B00B-D943-E3BC-E2C372604EB1}" = CCC Help Czech

"{64F0B15A-A3BF-7943-2937-7DA4C2F0B2DC}" = CCC Help English

"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012

"{66EA0C27-9DE8-0390-9BD9-58F5F472F531}" = CCC Help Chinese Standard

"{675E907A-E267-10E3-7BB1-B535646D0F1D}" = Catalyst Control Center

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6EC9AD7E-DC4C-41D4-04CC-ABFF1E741BB5}" = CCC Help English

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{78D7928B-5928-ADB3-CB9F-09BBB5ED9D5D}" = CCC Help Turkish

"{7B41BE0A-6A6E-CA1F-0922-4FF69305B868}" = CCC Help Thai

"{7CA1DEB6-FEDE-84E1-EAC3-F8C01D1DE1F2}" = CCC Help Norwegian

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{82A1CEEC-19D4-E243-82B6-A780DE1FC389}" = CCC Help Danish

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012

"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9583CCD2-E842-AE10-B2AB-086BCFF55DF8}" = CCC Help Russian

"{95CA013B-0AAE-E2F0-82CE-97160DDA9796}" = CCC Help Greek

"{98780400-EC17-11E0-96CF-B8AC6F97B88E}" = Google Earth Plug-in

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9E77326C-5661-EA4E-B3C2-82F5FEEF68D8}" = CCC Help Swedish

"{A1C9D1DA-7803-4586-B509-450009938312}" = Adobe Setup

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A97FB5C1-1064-7046-8806-F19B51D7FC7D}" = Catalyst Control Center

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AF2A8E58-DBC6-36D3-A145-7252029F6F48}" = Microsoft Report Viewer Redistributable 2008 SP1

"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B4C4A2CE-F4A4-D2E7-85A5-828932A59D20}" = CCC Help German

"{B501D576-E145-AD74-9C12-18DDB082E87D}" = CCC Help Portuguese

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BE6E693C-F64D-702A-FE70-3D840094F882}" = CCC Help Finnish

"{C08A8130-6ADB-9C19-5307-E250256A6FB7}" = CCC Help Korean

"{C1ACD2C6-909C-EAD9-9AF6-C37318311BA7}" = CCC Help Korean

"{C355AA5E-A808-E1D6-4135-1A535695984E}" = CCC Help Portuguese

"{C4418DF9-5B57-4C5D-ACC2-D6B1338CCE09}" = Photoshop Camera Raw

"{C4B85AD5-3FF2-472A-D1D7-6A498773426B}" = HydraVision

"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D2824608-FA77-BADF-AE4B-96032F7B814E}" = CCC Help Hungarian

"{D3CC02D6-1767-33F0-D3D4-C2FB9E49C1DD}" = CCC Help French

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D7778B61-4D55-6290-7A37-993C91276039}" = CCC Help Italian

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DB766BE3-CD84-18EE-6665-B9F836A7FDB4}" = CCC Help Spanish

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{DDD2B96C-DF53-3BE0-10AA-A34A58B45D25}" = CCC Help Dutch

"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E6195FA5-1049-EC5F-3AD1-C570D38AC28E}" = CCC Help Hungarian

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012

"{E7FFFA9A-ADD3-35E7-FB83-56C22023B0BF}" = CCC Help Chinese Standard

"{E8627DF4-F0B2-E7C1-0E66-2779E4F0AAC8}" = HydraVision

"{EC139E50-6C33-BD5F-15FA-9E5F45AFB26C}" = CCC Help Danish

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F15CED14-5BB9-65C7-122E-8A8499E2FF48}" = CCC Help Polish

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"{F56D3FB8-AC0F-41EA-A4F0-735D985FD80D}" = CCC Help Chinese Traditional

"{F7FC09BA-5A3E-49C0-AD4C-07D8FD5CE3EA}" = Seven Souls Online

"{F92295B6-7391-1A6B-4E84-7A8EBAC6F814}" = CCC Help Italian

"{FAB432C3-4578-09A1-F98A-7E9F0A339261}" = CCC Help Japanese

"{FE386918-377B-B94A-504B-064CFB00799D}" = CCC Help Russian

"Adobe_b741c3c52d3108664cedeb2b76f6d96" = Adobe Photoshop CS4

"Alan Wake_is1" = Alan Wake

"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50

"FlashGet" = FlashGet 1.9.2.1028

"Foxit Reader" = Foxit Reader

"Google Chrome" = Google Chrome

"HijackThis" = HijackThis 1.99.1

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Gerenciador de dispositivo de plataforma

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.8.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.60.1.1000

"Microsoft Report Viewer Redistributable 2008 SP1" = Microsoft Report Viewer Redistributable 2008 SP1

"MV RegClean 6.0_is1" = MV RegClean 6.0

"Rage BR" = Rage Tradução BR v1.01

"Steam App 10" = Counter-Strike

"Steam App 9200" = RAGE

"TeamViewer 7" = TeamViewer 7

"Tradução Adobe Photoshop CS4_is1" = Adobe Photoshop CS4 1.0

"uTorrent" = µTorrent

"VirtualCloneDrive" = VirtualCloneDrive

"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 09/04/2012 17:31:25 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização

automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Não foi possível encontrar o procedimento especificado. .

Error - 09/04/2012 17:31:26 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização

automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Não foi possível encontrar o procedimento especificado. .

Error - 09/04/2012 17:31:26 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização

automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Não foi possível encontrar o procedimento especificado. .

Error - 09/04/2012 17:31:26 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização

automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Não foi possível encontrar o procedimento especificado. .

Error - 09/04/2012 17:31:27 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização

automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Não foi possível encontrar o procedimento especificado. .

Error - 09/04/2012 17:31:27 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização

automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Não foi possível encontrar o procedimento especificado. .

Error - 09/04/2012 17:31:28 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização

automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Não foi possível encontrar o procedimento especificado. .

Error - 09/04/2012 17:31:39 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização

automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Não foi possível encontrar o procedimento especificado. .

Error - 09/04/2012 17:31:39 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização

automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Não foi possível encontrar o procedimento especificado. .

Error - 09/04/2012 17:31:40 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização

automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Não foi possível encontrar o procedimento especificado. .

[ System Events ]

Error - 03/01/2012 11:28:11 | Computer Name = Renê-PC | Source = DCOM | ID = 10010

Description =

Error - 03/01/2012 16:24:09 | Computer Name = Renê-PC | Source = Microsoft Antimalware | ID = 3002

Description = O recurso de Proteção em Tempo Real %%860 encontrou um erro e falhou.

Recurso:

%%835 Código do Erro: 0x80004005 Descrição do Erro: Erro não especificado Motivo:

%%842

Error - 03/01/2012 23:23:58 | Computer Name = Renê-PC | Source = DCOM | ID = 10010

Description =

Error - 04/01/2012 08:39:09 | Computer Name = Renê-PC | Source = Microsoft Antimalware | ID = 3002

Description = O recurso de Proteção em Tempo Real %%860 encontrou um erro e falhou.

Recurso:

%%835 Código do Erro: 0x80004005 Descrição do Erro: Erro não especificado Motivo:

%%842

Error - 04/01/2012 16:10:08 | Computer Name = Renê-PC | Source = DCOM | ID = 10010

Description =

Error - 04/01/2012 16:21:55 | Computer Name = Renê-PC | Source = Microsoft Antimalware | ID = 3002

Description = O recurso de Proteção em Tempo Real %%860 encontrou um erro e falhou.

Recurso:

%%835 Código do Erro: 0x80004005 Descrição do Erro: Erro não especificado Motivo:

%%842

Error - 04/01/2012 19:01:24 | Computer Name = Renê-PC | Source = NetBT | ID = 4321

Description = O nome "WORKGROUP :1d" não pôde ser registrado na interface com

o endereço IP 192.168.0.2. O computador de endereço IP 192.168.0.3 não permitiu

que o nome fosse reivindicado por este computador.

Error - 04/01/2012 19:19:28 | Computer Name = Renê-PC | Source = DCOM | ID = 10010

Description =

Error - 04/01/2012 19:20:29 | Computer Name = Renê-PC | Source = Microsoft Antimalware | ID = 3002

Description = O recurso de Proteção em Tempo Real %%860 encontrou um erro e falhou.

Recurso:

%%835 Código do Erro: 0x80004005 Descrição do Erro: Erro não especificado Motivo:

%%842

Error - 04/01/2012 23:00:42 | Computer Name = Renê-PC | Source = DCOM | ID = 10010

Description =

< End of report >

Att.

Renê Allan Pasko

Share this post


Link to post
Share on other sites

Olá,

Como está o computador?

Poste um novo log do HijackThis.

Share this post


Link to post
Share on other sites

Boa noite,

Voltei a ter acesso aos sites, parece que o problema foi resolvido.

Segue o log:

Logfile of HijackThis v1.99.1

Scan saved at 23:28:46, on 10/04/2012

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Running processes:

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Renê\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://afo.kasperupdate.com:2012/attwin.dat

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: ÿþ127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Att.

Renê Allan Pasko

Share this post


Link to post
Share on other sites

Perdão novamente pela resposta seguida. Mas eu havia esquecido que o Malwarebytes continua bloqueando o googleupdate.exe como visto nesse log

2012/04/10 00:40:27 -0300 REN-PC Renê IP-BLOCK 199.27.135.6 (Type: outgoing, Port: 51697, Process: chrome.exe)

2012/04/10 00:40:27 -0300 REN-PC Renê IP-BLOCK 173.245.60.73 (Type: outgoing, Port: 51701, Process: chrome.exe)

2012/04/10 11:27:08 -0300 REN-PC Renê MESSAGE Starting protection

2012/04/10 11:27:12 -0300 REN-PC Renê MESSAGE Protection started successfully

2012/04/10 11:27:15 -0300 REN-PC Renê MESSAGE Starting IP protection

2012/04/10 11:27:16 -0300 REN-PC Renê MESSAGE IP Protection started successfully

2012/04/10 12:39:52 -0300 REN-PC Renê IP-BLOCK 94.100.23.90 (Type: outgoing, Port: 50064, Process: chrome.exe)

2012/04/10 12:39:52 -0300 REN-PC Renê IP-BLOCK 94.100.23.90 (Type: outgoing, Port: 50065, Process: chrome.exe)

2012/04/10 12:39:52 -0300 REN-PC Renê IP-BLOCK 94.100.23.90 (Type: outgoing, Port: 50066, Process: chrome.exe)

2012/04/10 12:39:52 -0300 REN-PC Renê IP-BLOCK 94.100.23.90 (Type: outgoing, Port: 50067, Process: chrome.exe)

2012/04/10 12:39:52 -0300 REN-PC Renê IP-BLOCK 94.100.23.90 (Type: outgoing, Port: 50068, Process: chrome.exe)

2012/04/10 12:39:52 -0300 REN-PC Renê IP-BLOCK 94.100.23.90 (Type: outgoing, Port: 50069, Process: chrome.exe)

2012/04/10 18:03:30 -0300 REN-PC Renê MESSAGE Starting protection

2012/04/10 18:03:33 -0300 REN-PC Renê MESSAGE Protection started successfully

2012/04/10 18:03:36 -0300 REN-PC Renê MESSAGE Executing scheduled update: Daily

2012/04/10 18:03:36 -0300 REN-PC Renê MESSAGE Starting IP protection

2012/04/10 18:03:37 -0300 REN-PC Renê MESSAGE IP Protection started successfully

2012/04/10 18:03:53 -0300 REN-PC Renê MESSAGE Scheduled update executed successfully: database updated from version v2012.04.04.08 to version v2012.04.10.09

2012/04/10 18:03:53 -0300 REN-PC Renê MESSAGE Starting database refresh

2012/04/10 18:03:53 -0300 REN-PC Renê MESSAGE Stopping IP protection

2012/04/10 18:05:30 -0300 REN-PC Renê MESSAGE IP Protection stopped

2012/04/10 18:05:33 -0300 REN-PC Renê MESSAGE Database refreshed successfully

2012/04/10 18:05:33 -0300 REN-PC Renê MESSAGE Starting IP protection

2012/04/10 18:05:33 -0300 REN-PC Renê MESSAGE IP Protection started successfully

2012/04/10 19:23:06 -0300 REN-PC Renê MESSAGE Starting protection

2012/04/10 19:23:08 -0300 REN-PC Renê MESSAGE Protection started successfully

2012/04/10 19:23:11 -0300 REN-PC Renê MESSAGE Starting IP protection

2012/04/10 19:23:12 -0300 REN-PC Renê MESSAGE IP Protection started successfully

2012/04/10 19:27:12 -0300 REN-PC Renê IP-BLOCK 199.27.135.6 (Type: outgoing, Port: 49508, Process: chrome.exe)

2012/04/10 19:27:12 -0300 REN-PC Renê IP-BLOCK 173.245.60.73 (Type: outgoing, Port: 49509, Process: chrome.exe)

2012/04/10 19:50:26 -0300 REN-PC Renê IP-BLOCK 199.27.135.6 (Type: outgoing, Port: 50193, Process: chrome.exe)

2012/04/10 19:50:26 -0300 REN-PC Renê IP-BLOCK 173.245.60.73 (Type: outgoing, Port: 50197, Process: chrome.exe)

Att.

Renê Allan Pasko

Share this post


Link to post
Share on other sites

Olá,

Infelizmente você ainda está infectado. Sugiro que não use sites de bancos por enquanto e troque todas as suas senhas.

Perdão novamente pela resposta seguida. Mas eu havia esquecido que o Malwarebytes continua bloqueando o googleupdate.exe como visto nesse log

Como o GoogleUpdate.exe é um processo legitimo, basta desativar a proteção em tempo real do Malwarebytes.

1. Delete o OTL.exe que se encontra em C:\Users\Renê\Desktop

2. Baixe OTL by OldTimer, e salve na sua área de trabalho.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em

UAC_icon.png
Executar como administrador

Feche todas as janelas e execute a ferramenta.

Onde diz Saída, marque Padrão

Marque também estas opções:

  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

netsvcs

%SYSTEMDRIVE%\*.*

%systemdrive%\drivers\*.exe

%systemroot%\system32\drivers\*.* /90

%PROGRAMFILES%(x86)\*.*

%LOCALAPPDATA%\*.exe

%LOCALAPPDATA%\*.txt

%LOCALAPPDATA%\*.ini

%LOCALAPPDATA%\*.dll

%LOCALAPPDATA%\*.dat

%USERPROFILE%\*.exe

%USERPROFILE%\*.txt

%USERPROFILE%\*.ini

%USERPROFILE%\*.dll

%USERPROFILE%\*.dat /30

C:\windows\system32\Tasks\*.* /s /64

%windir%\tasks\*.*

CREATERESTOREPOINT

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão Verificar

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt

Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do Extras.txt e cole na sua resposta.

Anexe o arquivo OTL.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.

:legal:

Share this post


Link to post
Share on other sites

Boa noite,

Ao tentar acessar o site linhadefensiva.org do meu computador ele emite a seguinte mensagem no navegador: "não foi possível conectar-se ao servidor proxy". pode estar relacionado ao banker?

Seguem os logs.

OTL Extras logfile created on: 11/04/2012 18:52:12 - Run 4

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Renê\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

8,00 Gb Total Physical Memory | 6,08 Gb Available Physical Memory | 76,03% Memory free

16,00 Gb Paging File | 14,02 Gb Available in Paging File | 87,64% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 265,31 Gb Total Space | 156,59 Gb Free Space | 59,02% Space Free | Partition Type: NTFS

Drive D: | 200,45 Gb Total Space | 106,02 Gb Free Space | 52,89% Space Free | Partition Type: NTFS

Computer Name: REN-PC | User Name: Renê | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{09F75D2E-0393-CE6B-C01A-79008E91B6EF}" = AMD Media Foundation Decoders

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{3099E885-DE8A-4099-ABE2-561DC8589DFA}" = Microsoft Antimalware Service PT-BR Language Pack

"{3F829160-B531-B9F0-5BC7-918167BB5DCE}" = ccc-utility64

"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5783F2D7-A001-0409-0102-0060B0CE6BBA}" = AutoCAD 2012 - English

"{5783F2D7-A001-0409-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - English

"{5C1858C7-B7A8-7085-60AA-A538954E3832}" = ccc-utility64

"{6A7F7056-14E1-D8E4-0B87-BC3F18EAC8AC}" = ATI AVIVO64 Codecs

"{6C8EEF0B-C4BE-35A7-BF08-7C3C667EB62A}" = Microsoft .NET Framework 4 Extended PTB Language Pack

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{84C3FCBF-8A79-E383-9CC6-B6661CAF8675}" = AMD Media Foundation Decoders

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9828EE10-F994-6C74-05F3-5228D7CDE37D}" = AMD Catalyst Install Manager

"{AB813B91-07DB-F136-C09A-3743AA7CA23F}" = AMD AVIVO64 Codecs

"{B7693CDE-074B-301C-9584-FC4343696C8B}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client PT-BR Language Pack

"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012

"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion plug-in for AutoCAD 2012

"{F480BE66-C9F2-608F-A47A-E9F966080883}" = AMD Drag and Drop Transcoding

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012

"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack

"AutoCAD 2012 - English" = AutoCAD 2012 - English

"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012

"Autodesk Inventor Fusion plug-in for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012

"CCleaner" = CCleaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)

"Microsoft Security Client" = Microsoft Security Essentials

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"WinRAR archiver" = Arquivo do WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02446EBD-7E93-8DB2-662A-20A8BE5630E0}" = Catalyst Control Center InstallProxy

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{05B7B9BA-9EBC-4C5B-933D-49F372EFE7A1}" = Adobe Photoshop CS4

"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0AFBB699-665E-616E-1863-168A6C62C6C5}" = CCC Help Spanish

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D03ED1F-A3B1-1089-B47D-96A3C7BED398}" = Catalyst Control Center Localization All

"{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}" = Need for Speed™ The Run

"{0F99EAFA-4054-4ABC-A3D3-D2299210572F}" = Adobe Bridge CS4

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding

"{19D41B9A-C474-D1A9-CAA1-499D362F2DD1}" = CCC Help Dutch

"{1B7A4B3C-9A00-123A-1BC8-AD5DB6517EE4}" = CCC Help Turkish

"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{235BBFC6-D863-4066-A01A-3BD504C31046}" = Nero 7 Ultra Edition

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in

"{298EEE62-A419-E250-9D01-58DFA08E0D11}" = Catalyst Control Center Graphics Previews Common

"{2C5FF744-EE63-D37C-09B6-8DD5DD192578}" = Catalyst Control Center Localization All

"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{35070A8C-1660-952E-6638-7B4BDFE7DE5E}" = CCC Help Polish

"{35F9CEEB-B54F-7BF9-39B9-0AC67505E1CF}" = CCC Help Norwegian

"{38141809-CC3B-D09A-5270-3882AFE4134F}" = CCC Help Finnish

"{3D8AAFC2-4DD0-89BB-5738-8FFC250918FE}" = CCC Help Czech

"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials

"{48C19885-4773-5A0B-4373-7F33594B195D}" = CCC Help Swedish

"{4925872A-F7E7-23CB-1C1B-D8E1392728B5}" = CCC Help Greek

"{49C09E32-B9FD-4EDC-9152-9BC0CC618A13}" = GetDataBack for FAT and GetDataBack for NTFS

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B64E5A1-8988-F6B0-F87B-464D09998451}" = CCC Help German

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{5047CFAD-8181-5563-68E0-EE3558E251AB}" = CCC Help Thai

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{51989139-5EBD-F77E-FE25-588CBC39078A}" = CCC Help Chinese Traditional

"{5352A52A-751E-FD13-7BF4-FC97A38E077F}" = CCC Help Japanese

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{5A8E2AE3-F83A-F29C-B588-13159782D407}" = Catalyst Control Center Graphics Previews Common

"{5CBBB59D-45C5-1FDF-B8B0-8176A2691C2F}" = CCC Help French

"{62380A96-B00B-D943-E3BC-E2C372604EB1}" = CCC Help Czech

"{64F0B15A-A3BF-7943-2937-7DA4C2F0B2DC}" = CCC Help English

"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012

"{66EA0C27-9DE8-0390-9BD9-58F5F472F531}" = CCC Help Chinese Standard

"{675E907A-E267-10E3-7BB1-B535646D0F1D}" = Catalyst Control Center

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6EC9AD7E-DC4C-41D4-04CC-ABFF1E741BB5}" = CCC Help English

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{78D7928B-5928-ADB3-CB9F-09BBB5ED9D5D}" = CCC Help Turkish

"{7B41BE0A-6A6E-CA1F-0922-4FF69305B868}" = CCC Help Thai

"{7CA1DEB6-FEDE-84E1-EAC3-F8C01D1DE1F2}" = CCC Help Norwegian

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{82A1CEEC-19D4-E243-82B6-A780DE1FC389}" = CCC Help Danish

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012

"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9583CCD2-E842-AE10-B2AB-086BCFF55DF8}" = CCC Help Russian

"{95CA013B-0AAE-E2F0-82CE-97160DDA9796}" = CCC Help Greek

"{98780400-EC17-11E0-96CF-B8AC6F97B88E}" = Google Earth Plug-in

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9E77326C-5661-EA4E-B3C2-82F5FEEF68D8}" = CCC Help Swedish

"{A1C9D1DA-7803-4586-B509-450009938312}" = Adobe Setup

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A97FB5C1-1064-7046-8806-F19B51D7FC7D}" = Catalyst Control Center

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AF2A8E58-DBC6-36D3-A145-7252029F6F48}" = Microsoft Report Viewer Redistributable 2008 SP1

"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B4C4A2CE-F4A4-D2E7-85A5-828932A59D20}" = CCC Help German

"{B501D576-E145-AD74-9C12-18DDB082E87D}" = CCC Help Portuguese

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BE6E693C-F64D-702A-FE70-3D840094F882}" = CCC Help Finnish

"{C08A8130-6ADB-9C19-5307-E250256A6FB7}" = CCC Help Korean

"{C1ACD2C6-909C-EAD9-9AF6-C37318311BA7}" = CCC Help Korean

"{C355AA5E-A808-E1D6-4135-1A535695984E}" = CCC Help Portuguese

"{C4418DF9-5B57-4C5D-ACC2-D6B1338CCE09}" = Photoshop Camera Raw

"{C4B85AD5-3FF2-472A-D1D7-6A498773426B}" = HydraVision

"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D2824608-FA77-BADF-AE4B-96032F7B814E}" = CCC Help Hungarian

"{D3CC02D6-1767-33F0-D3D4-C2FB9E49C1DD}" = CCC Help French

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D7778B61-4D55-6290-7A37-993C91276039}" = CCC Help Italian

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DB766BE3-CD84-18EE-6665-B9F836A7FDB4}" = CCC Help Spanish

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{DDD2B96C-DF53-3BE0-10AA-A34A58B45D25}" = CCC Help Dutch

"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E6195FA5-1049-EC5F-3AD1-C570D38AC28E}" = CCC Help Hungarian

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012

"{E7FFFA9A-ADD3-35E7-FB83-56C22023B0BF}" = CCC Help Chinese Standard

"{E8627DF4-F0B2-E7C1-0E66-2779E4F0AAC8}" = HydraVision

"{EC139E50-6C33-BD5F-15FA-9E5F45AFB26C}" = CCC Help Danish

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F15CED14-5BB9-65C7-122E-8A8499E2FF48}" = CCC Help Polish

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"{F56D3FB8-AC0F-41EA-A4F0-735D985FD80D}" = CCC Help Chinese Traditional

"{F7FC09BA-5A3E-49C0-AD4C-07D8FD5CE3EA}" = Seven Souls Online

"{F92295B6-7391-1A6B-4E84-7A8EBAC6F814}" = CCC Help Italian

"{FAB432C3-4578-09A1-F98A-7E9F0A339261}" = CCC Help Japanese

"{FE386918-377B-B94A-504B-064CFB00799D}" = CCC Help Russian

"Adobe_b741c3c52d3108664cedeb2b76f6d96" = Adobe Photoshop CS4

"Alan Wake_is1" = Alan Wake

"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50

"FlashGet" = FlashGet 1.9.2.1028

"Foxit Reader" = Foxit Reader

"Google Chrome" = Google Chrome

"HijackThis" = HijackThis 1.99.1

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Gerenciador de dispositivo de plataforma

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.8.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.61.0.1400

"Microsoft Report Viewer Redistributable 2008 SP1" = Microsoft Report Viewer Redistributable 2008 SP1

"MV RegClean 6.0_is1" = MV RegClean 6.0

"Rage BR" = Rage Tradução BR v1.01

"Steam App 10" = Counter-Strike

"Steam App 9200" = RAGE

"TeamViewer 7" = TeamViewer 7

"Tradução Adobe Photoshop CS4_is1" = Adobe Photoshop CS4 1.0

"uTorrent" = µTorrent

"VirtualCloneDrive" = VirtualCloneDrive

"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 10/04/2012 10:39:23 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização

automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Não foi possível encontrar o procedimento especificado. .

Error - 10/04/2012 10:39:23 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização

automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Não foi possível encontrar o procedimento especificado. .

Error - 10/04/2012 10:39:23 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização

automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Não foi possível encontrar o procedimento especificado. .

Error - 10/04/2012 10:39:23 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização

automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Não foi possível encontrar o procedimento especificado. .

Error - 10/04/2012 10:39:23 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização

automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Não foi possível encontrar o procedimento especificado. .

Error - 10/04/2012 10:39:23 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização

automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Não foi possível encontrar o procedimento especificado. .

Error - 10/04/2012 10:39:38 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização

automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Não foi possível encontrar o procedimento especificado. .

Error - 10/04/2012 10:39:38 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização

automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Não foi possível encontrar o procedimento especificado. .

Error - 10/04/2012 10:39:38 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização

automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Não foi possível encontrar o procedimento especificado. .

Error - 10/04/2012 10:39:51 | Computer Name = Renê-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização

automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Não foi possível encontrar o procedimento especificado. .

[ System Events ]

Error - 03/01/2012 10:22:35 | Computer Name = Renê-PC | Source = Microsoft Antimalware | ID = 3002

Description = O recurso de Proteção em Tempo Real %%860 encontrou um erro e falhou.

Recurso:

%%835 Código do Erro: 0x80004005 Descrição do Erro: Erro não especificado Motivo:

%%842

Error - 03/01/2012 11:28:11 | Computer Name = Renê-PC | Source = DCOM | ID = 10010

Description =

Error - 03/01/2012 16:24:09 | Computer Name = Renê-PC | Source = Microsoft Antimalware | ID = 3002

Description = O recurso de Proteção em Tempo Real %%860 encontrou um erro e falhou.

Recurso:

%%835 Código do Erro: 0x80004005 Descrição do Erro: Erro não especificado Motivo:

%%842

Error - 03/01/2012 23:23:58 | Computer Name = Renê-PC | Source = DCOM | ID = 10010

Description =

Error - 04/01/2012 08:39:09 | Computer Name = Renê-PC | Source = Microsoft Antimalware | ID = 3002

Description = O recurso de Proteção em Tempo Real %%860 encontrou um erro e falhou.

Recurso:

%%835 Código do Erro: 0x80004005 Descrição do Erro: Erro não especificado Motivo:

%%842

Error - 04/01/2012 16:10:08 | Computer Name = Renê-PC | Source = DCOM | ID = 10010

Description =

Error - 04/01/2012 16:21:55 | Computer Name = Renê-PC | Source = Microsoft Antimalware | ID = 3002

Description = O recurso de Proteção em Tempo Real %%860 encontrou um erro e falhou.

Recurso:

%%835 Código do Erro: 0x80004005 Descrição do Erro: Erro não especificado Motivo:

%%842

Error - 04/01/2012 19:01:24 | Computer Name = Renê-PC | Source = NetBT | ID = 4321

Description = O nome "WORKGROUP :1d" não pôde ser registrado na interface com

o endereço IP 192.168.0.2. O computador de endereço IP 192.168.0.3 não permitiu

que o nome fosse reivindicado por este computador.

Error - 04/01/2012 19:19:28 | Computer Name = Renê-PC | Source = DCOM | ID = 10010

Description =

Error - 04/01/2012 19:20:29 | Computer Name = Renê-PC | Source = Microsoft Antimalware | ID = 3002

Description = O recurso de Proteção em Tempo Real %%860 encontrou um erro e falhou.

Recurso:

%%835 Código do Erro: 0x80004005 Descrição do Erro: Erro não especificado Motivo:

%%842

< End of report >

OTL.rar

Share this post


Link to post
Share on other sites
"não foi possível conectar-se ao servidor proxy". pode estar relacionado ao banker?

Você ainda está enfrentando esse problema? Hoje a tarde o site do Linha apresentou problemas (pelo menos para mim) para abrir.

Selecione estas linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar:

:OTL

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://afo.kasperupdate.com:2012/attwin.dat

:Commands

[EMPTYTEMP]

[EMPTYFLASH]

[CREATERESTOREPOINT]

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

Siga as intruções desta página e peça ajuda em Remoção de Malware

Execute o OTL.exe

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL) e clique no botão

imagemal.png

O programa executará o script e reiniciará o seu computador.

Poste o novo log na próxima resposta.

Obs: Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

:legal:

Share this post


Link to post
Share on other sites

Olá,

Estou acessando o site novamente pelo desktop.

Segue o Log:

All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Convidado

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Renê

->Temp folder emptied: 1366602 bytes

->Temporary Internet Files folder emptied: 3206394 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 39242094 bytes

->Flash cache emptied: 1143 bytes

User: Renˆ

User: Todos os Usuários

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 79692 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 42,00 mb

[EMPTYFLASH]

User: All Users

User: Convidado

User: Default

User: Default User

User: Public

User: Renê

->Flash cache emptied: 0 bytes

User: Renˆ

User: Todos os Usuários

User: Usuário Padrão

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.39.2 log created on 04122012_231141

Files\Folders moved on Reboot...

C:\Users\Renê\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Olá,

Poste um novo log do Hijackthis.

Share this post


Link to post
Share on other sites

Olá,

Ao meio-dia mandei rodar o Panda Activescan Cleaner, ele fez 4 detecções.

Agora a noite não acusou nada, se bem que o computador ficou desligado a tarde toda... mas enfim.

Segue o log.

Logfile of HijackThis v1.99.1

Scan saved at 18:46:40, on 13/04/2012

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Running processes:

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Renê\Desktop\HijackThis.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: ÿþ127.0.0.1 localhost

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Obrigado

Share this post


Link to post
Share on other sites

1. Abra o OTL e clique no botão

UQC5f.png

Feche o OTL.

2. Faça o Download do Ccleaner Slim ( Atenção: Esta versão não possui a Yahoo Toolbar para Internet Explorer, caso queira, sugiro que visite esta pagina.)

  • Instale o programa
  • Clique em Registro > procurar erros > corrigir erros selecionados.
  • Depois, clique em Limpador > analisar > executar limpeza.

Se desejar, leia o tutorial do programa:

http://linhadefensiva.org/forum/index.php?showtopic=12395

3. - Versões antigas do Java, têm vulnerabilidades que alguns malwares podem usar para infectar seu sistema. Verifique se o seu sistema tem a última versão instalada:

java2.png
Acesse o site Java.com/Download. Clique na opção Tenho o java?

Aguarde ele analisar se você possui a ultima versão do java. Feito isso, clique em Faça o download do Java agora. Instale a nova versão do Java.

4.

AdobeReader.png
Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

Remova a versão mais antiga e clique aqui para instalar a mais nova versão.

5. - Ok, o log está limpo

smile.gif

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para maiores informações sobre como evitar infecções;

- Se não há mais nenhum problema relacionado a malwares, clique no botão

p_report.gif
e diga que o seu caso foi resolvido.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.