Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Xwist

Proxy Changer

Recommended Posts

Olá, boa noite caros. Após baixar um drive para minha placa de som, acredito que o mesmo fez a instalação de algum malware, configurando o proxy do navegador automaticamente, mesmo após eu apagar e colocar para não utilizar nenhum proxy. Todos os navegadores estão configurados, exceto o Chrome a qual ainda consigo manter a configuração sem proxy. O proxy é: http://www.pointsecuptmobile.com/realtek1008201202.win. Pela pesquisa, parece ser um site que armazena dados do pc, estou preocupado :(

Utilizo o nod32 como antivirus, ele detecta apenas quando abro o navegador e não deixa o proxy agir.

Segue os logs:

DDS

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Felipe at 23:39:29 on 2012-08-12

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.3327.1807 [GMT -3:00]

.

AV: ESET NOD32 Antivírus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivírus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\taskhost.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

uRun: [Google Update] "C:\Users\Felipe\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

TCP: DhcpNameServer = 201.6.2.90 201.6.2.180

TCP: Interfaces\{372988BF-FA9C-4DBB-8648-D21A94FCDB36} : DhcpNameServer = 201.6.2.90 201.6.2.180

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

{9030D464-4C02-4ABF-8ECC-5164760863C6}

mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

.

============= SERVICES / DRIVERS ===============

.

R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-3-7 913144]

R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-8-8 1262400]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]

R3 RTL8023x64;Driver Realtek 10/100 NIC Family NDIS x64;C:\Windows\system32\DRIVERS\Rtnic64.sys --> C:\Windows\system32\DRIVERS\Rtnic64.sys [?]

.

=============== Created Last 30 ================

.

2012-08-12 05:33:21 -------- d-----w- C:\Program Files (x86)\Microsoft

2012-08-12 05:32:38 -------- d-----w- C:\Windows\PCHEALTH

2012-08-11 23:44:01 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-08-11 20:18:27 -------- d-----w- C:\Users\Felipe\AppData\Roaming\Malwarebytes

2012-08-11 20:18:06 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-11 20:18:06 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-11 20:18:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-11 20:11:03 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll

2012-08-11 20:11:03 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll

2012-08-11 20:10:59 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-08-11 20:10:59 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-08-11 20:10:51 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

2012-08-11 20:10:49 640896 ----a-w- C:\Windows\System32\winload.efi

2012-08-11 20:10:49 603976 ----a-w- C:\Windows\System32\winload.exe

2012-08-11 20:10:49 556928 ----a-w- C:\Windows\System32\winresume.efi

2012-08-11 20:10:49 518160 ----a-w- C:\Windows\System32\winresume.exe

2012-08-11 20:10:49 20352 ----a-w- C:\Windows\System32\kdusb.dll

2012-08-11 20:10:49 19328 ----a-w- C:\Windows\System32\kd1394.dll

2012-08-11 20:10:49 17792 ----a-w- C:\Windows\System32\kdcom.dll

2012-08-11 20:01:40 720896 ----a-w- C:\Windows\System32\odbc32.dll

2012-08-11 20:01:40 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll

2012-08-11 20:01:40 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-08-11 20:01:39 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-08-11 20:01:39 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2012-08-11 20:01:39 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2012-08-11 20:01:39 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2012-08-11 20:01:39 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2012-08-11 20:01:39 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2012-08-11 20:01:39 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2012-08-11 20:01:33 148992 ----a-w- C:\Windows\System32\t2embed.dll

2012-08-11 20:01:33 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2012-08-11 19:57:47 -------- d-----w- C:\Users\Felipe\AppData\Local\Diagnostics

2012-08-11 15:17:08 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-08-11 15:17:04 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C275629-4383-490A-A17D-6790CE8C91A7}\mpengine.dll

2012-08-11 08:24:31 -------- d-----w- C:\Program Files (x86)\booddanet

2012-08-11 06:19:13 -------- d-----w- C:\Program Files (x86)\GlideWrapper

2012-08-11 04:45:21 -------- d-----w- C:\Revo Uninstaller

2012-08-11 04:29:22 -------- d-----w- C:\Sierra

2012-08-11 03:55:56 -------- d-----w- C:\Program Files\CCleaner

2012-08-11 02:13:26 -------- d-----w- C:\Windows\SysWow64\Logs

2012-08-11 00:15:21 -------- d-----w- C:\Windows\SysWow64\directx

2012-08-11 00:06:12 -------- d-----w- C:\Program Files\Steam

2012-08-10 06:17:31 -------- d-----w- C:\Users\Felipe\AppData\Roaming\Realteks

2012-08-10 03:00:53 -------- d-----w- C:\Windows\wb

2012-08-10 02:00:30 -------- d-----w- C:\Users\Felipe\AppData\Roaming\Atari

2012-08-10 01:55:55 -------- d-----w- C:\Program Files (x86)\Roller Coaster Tycoon 3 Platinum - CarlesNeo !

2012-08-09 23:02:05 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2012-08-09 22:50:46 -------- d-----w- C:\Program Files (x86)\Infogrames Interactive

2012-08-09 22:50:16 692224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll

2012-08-09 22:50:16 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

2012-08-09 22:50:16 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe

2012-08-09 22:50:16 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

2012-08-09 22:50:16 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll

2012-08-09 22:50:16 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll

2012-08-09 22:50:16 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll

2012-08-09 22:20:06 -------- d-----w- C:\Users\Felipe\AppData\Roaming\LolClient

2012-08-09 19:52:44 -------- d-----w- C:\Program Files (x86)\Hero Editor

2012-08-09 19:52:37 249856 ------w- C:\Windows\Setup1.exe

2012-08-09 19:52:36 73216 ----a-w- C:\Windows\ST6UNST.EXE

2012-08-09 18:31:04 2829 ----a-w- C:\Windows\DIIUnin.pif

2012-08-09 18:31:03 94208 ----a-w- C:\Windows\DIIUnin.exe

2012-08-09 18:24:40 -------- d-----w- C:\Program Files (x86)\Diablo II

2012-08-09 16:26:34 -------- d-----w- C:\Users\Felipe\AppData\Roaming\NVIDIA

2012-08-09 02:45:06 -------- d-----w- C:\Users\Felipe\AppData\Local\Microsoft Games

2012-08-08 20:49:31 -------- d-----w- C:\Windows\Panther

2012-08-08 19:29:04 -------- d-----w- C:\Program Files (x86)\uTorrent

2012-08-08 19:28:05 -------- d-----w- C:\Users\Felipe\AppData\Roaming\uTorrent

2012-08-08 18:54:54 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2012-08-08 18:54:54 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2012-08-08 18:54:54 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2012-08-08 18:54:54 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2012-08-08 18:54:54 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2012-08-08 18:54:54 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2012-08-08 18:54:53 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2012-08-08 18:54:53 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2012-08-08 18:54:52 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2012-08-08 18:43:36 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2012-08-08 18:43:12 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-08-08 18:43:12 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-08-08 18:43:12 6151488 ----a-w- C:\Windows\System32\nvcpl.dll

2012-08-08 18:43:12 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-08-08 18:43:12 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-08-08 18:43:12 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-08-08 18:40:38 -------- d-----w- C:\Program Files\NVIDIA Corporation

2012-08-08 18:40:17 -------- d-----w- C:\NVIDIA

2012-08-08 18:03:41 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-08-08 18:03:33 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-08-08 18:03:01 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-08-08 18:03:01 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-08-08 17:55:40 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll

2012-08-08 17:55:40 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll

2012-08-08 17:55:39 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll

2012-08-08 17:53:15 1706640 ----a-w- C:\Windows\RtlExUpd.dll

2012-08-08 17:53:15 -------- d--h--w- C:\Program Files (x86)\Temp

2012-08-08 17:51:48 -------- d-----w- C:\Riot Games

2012-08-08 17:34:29 -------- d-----w- C:\Program Files (x86)\FinalWire

2012-08-08 17:10:08 -------- d-----w- C:\Users\Felipe\AppData\Local\PMB Files

2012-08-08 17:10:07 -------- d-----w- C:\ProgramData\PMB Files

2012-08-08 17:09:37 -------- d-----w- C:\Program Files (x86)\Pando Networks

2012-08-08 16:58:01 -------- d-----w- C:\Users\Felipe\Tracing

2012-08-08 16:52:41 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive

2012-08-08 16:47:00 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2012-08-08 16:46:10 -------- d-----w- C:\Users\Felipe\AppData\Local\ESET

2012-08-08 16:22:28 -------- d-----w- C:\Program Files (x86)\Steam

2012-08-08 16:22:28 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2012-08-08 16:16:53 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes

2012-08-08 16:13:41 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-08-08 16:09:58 -------- d-----w- C:\Users\Felipe\AppData\Local\Mozilla

2012-08-08 16:09:17 -------- d-----w- C:\Users\Felipe\AppData\Local\Google

2012-08-08 16:08:33 -------- d-----w- C:\Users\Felipe\AppData\Local\Deployment

2012-08-08 16:08:33 -------- d-----w- C:\Users\Felipe\AppData\Local\Apps

2012-08-08 16:08:31 -------- d-----w- C:\Program Files\ESET

2012-08-08 16:06:20 -------- d-sh--w- C:\Windows\Installer

.

==================== Find3M ====================

.

2012-08-09 23:02:05 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2012-05-15 10:48:00 8139072 ----a-w- C:\Windows\System32\nvcuda.dll

2012-05-15 05:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

.

============= FINISH: 23:40:07,37 ===============

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Felipe at 23:39:29 on 2012-08-12

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.3327.1807 [GMT -3:00]

.

AV: ESET NOD32 Antivírus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivírus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\taskhost.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

uRun: [Google Update] "C:\Users\Felipe\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

TCP: DhcpNameServer = 201.6.2.90 201.6.2.180

TCP: Interfaces\{372988BF-FA9C-4DBB-8648-D21A94FCDB36} : DhcpNameServer = 201.6.2.90 201.6.2.180

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

{9030D464-4C02-4ABF-8ECC-5164760863C6}

mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

.

============= SERVICES / DRIVERS ===============

.

R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-3-7 913144]

R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-8-8 1262400]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]

R3 RTL8023x64;Driver Realtek 10/100 NIC Family NDIS x64;C:\Windows\system32\DRIVERS\Rtnic64.sys --> C:\Windows\system32\DRIVERS\Rtnic64.sys [?]

.

=============== Created Last 30 ================

.

2012-08-12 05:33:21 -------- d-----w- C:\Program Files (x86)\Microsoft

2012-08-12 05:32:38 -------- d-----w- C:\Windows\PCHEALTH

2012-08-11 23:44:01 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-08-11 20:18:27 -------- d-----w- C:\Users\Felipe\AppData\Roaming\Malwarebytes

2012-08-11 20:18:06 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-11 20:18:06 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-11 20:18:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-11 20:11:03 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll

2012-08-11 20:11:03 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll

2012-08-11 20:10:59 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-08-11 20:10:59 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-08-11 20:10:51 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

2012-08-11 20:10:49 640896 ----a-w- C:\Windows\System32\winload.efi

2012-08-11 20:10:49 603976 ----a-w- C:\Windows\System32\winload.exe

2012-08-11 20:10:49 556928 ----a-w- C:\Windows\System32\winresume.efi

2012-08-11 20:10:49 518160 ----a-w- C:\Windows\System32\winresume.exe

2012-08-11 20:10:49 20352 ----a-w- C:\Windows\System32\kdusb.dll

2012-08-11 20:10:49 19328 ----a-w- C:\Windows\System32\kd1394.dll

2012-08-11 20:10:49 17792 ----a-w- C:\Windows\System32\kdcom.dll

2012-08-11 20:01:40 720896 ----a-w- C:\Windows\System32\odbc32.dll

2012-08-11 20:01:40 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll

2012-08-11 20:01:40 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-08-11 20:01:39 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-08-11 20:01:39 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2012-08-11 20:01:39 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2012-08-11 20:01:39 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2012-08-11 20:01:39 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2012-08-11 20:01:39 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2012-08-11 20:01:39 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2012-08-11 20:01:33 148992 ----a-w- C:\Windows\System32\t2embed.dll

2012-08-11 20:01:33 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2012-08-11 19:57:47 -------- d-----w- C:\Users\Felipe\AppData\Local\Diagnostics

2012-08-11 15:17:08 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-08-11 15:17:04 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C275629-4383-490A-A17D-6790CE8C91A7}\mpengine.dll

2012-08-11 08:24:31 -------- d-----w- C:\Program Files (x86)\booddanet

2012-08-11 06:19:13 -------- d-----w- C:\Program Files (x86)\GlideWrapper

2012-08-11 04:45:21 -------- d-----w- C:\Revo Uninstaller

2012-08-11 04:29:22 -------- d-----w- C:\Sierra

2012-08-11 03:55:56 -------- d-----w- C:\Program Files\CCleaner

2012-08-11 02:13:26 -------- d-----w- C:\Windows\SysWow64\Logs

2012-08-11 00:15:21 -------- d-----w- C:\Windows\SysWow64\directx

2012-08-11 00:06:12 -------- d-----w- C:\Program Files\Steam

2012-08-10 06:17:31 -------- d-----w- C:\Users\Felipe\AppData\Roaming\Realteks

2012-08-10 03:00:53 -------- d-----w- C:\Windows\wb

2012-08-10 02:00:30 -------- d-----w- C:\Users\Felipe\AppData\Roaming\Atari

2012-08-10 01:55:55 -------- d-----w- C:\Program Files (x86)\Roller Coaster Tycoon 3 Platinum - CarlesNeo !

2012-08-09 23:02:05 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2012-08-09 22:50:46 -------- d-----w- C:\Program Files (x86)\Infogrames Interactive

2012-08-09 22:50:16 692224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll

2012-08-09 22:50:16 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

2012-08-09 22:50:16 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe

2012-08-09 22:50:16 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

2012-08-09 22:50:16 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll

2012-08-09 22:50:16 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll

2012-08-09 22:50:16 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll

2012-08-09 22:20:06 -------- d-----w- C:\Users\Felipe\AppData\Roaming\LolClient

2012-08-09 19:52:44 -------- d-----w- C:\Program Files (x86)\Hero Editor

2012-08-09 19:52:37 249856 ------w- C:\Windows\Setup1.exe

2012-08-09 19:52:36 73216 ----a-w- C:\Windows\ST6UNST.EXE

2012-08-09 18:31:04 2829 ----a-w- C:\Windows\DIIUnin.pif

2012-08-09 18:31:03 94208 ----a-w- C:\Windows\DIIUnin.exe

2012-08-09 18:24:40 -------- d-----w- C:\Program Files (x86)\Diablo II

2012-08-09 16:26:34 -------- d-----w- C:\Users\Felipe\AppData\Roaming\NVIDIA

2012-08-09 02:45:06 -------- d-----w- C:\Users\Felipe\AppData\Local\Microsoft Games

2012-08-08 20:49:31 -------- d-----w- C:\Windows\Panther

2012-08-08 19:29:04 -------- d-----w- C:\Program Files (x86)\uTorrent

2012-08-08 19:28:05 -------- d-----w- C:\Users\Felipe\AppData\Roaming\uTorrent

2012-08-08 18:54:54 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2012-08-08 18:54:54 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2012-08-08 18:54:54 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2012-08-08 18:54:54 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2012-08-08 18:54:54 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2012-08-08 18:54:54 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2012-08-08 18:54:53 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2012-08-08 18:54:53 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2012-08-08 18:54:52 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2012-08-08 18:43:36 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2012-08-08 18:43:12 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-08-08 18:43:12 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-08-08 18:43:12 6151488 ----a-w- C:\Windows\System32\nvcpl.dll

2012-08-08 18:43:12 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-08-08 18:43:12 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-08-08 18:43:12 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-08-08 18:40:38 -------- d-----w- C:\Program Files\NVIDIA Corporation

2012-08-08 18:40:17 -------- d-----w- C:\NVIDIA

2012-08-08 18:03:41 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-08-08 18:03:33 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-08-08 18:03:01 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-08-08 18:03:01 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-08-08 17:55:40 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll

2012-08-08 17:55:40 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll

2012-08-08 17:55:39 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll

2012-08-08 17:53:15 1706640 ----a-w- C:\Windows\RtlExUpd.dll

2012-08-08 17:53:15 -------- d--h--w- C:\Program Files (x86)\Temp

2012-08-08 17:51:48 -------- d-----w- C:\Riot Games

2012-08-08 17:34:29 -------- d-----w- C:\Program Files (x86)\FinalWire

2012-08-08 17:10:08 -------- d-----w- C:\Users\Felipe\AppData\Local\PMB Files

2012-08-08 17:10:07 -------- d-----w- C:\ProgramData\PMB Files

2012-08-08 17:09:37 -------- d-----w- C:\Program Files (x86)\Pando Networks

2012-08-08 16:58:01 -------- d-----w- C:\Users\Felipe\Tracing

2012-08-08 16:52:41 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive

2012-08-08 16:47:00 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2012-08-08 16:46:10 -------- d-----w- C:\Users\Felipe\AppData\Local\ESET

2012-08-08 16:22:28 -------- d-----w- C:\Program Files (x86)\Steam

2012-08-08 16:22:28 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2012-08-08 16:16:53 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes

2012-08-08 16:13:41 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-08-08 16:09:58 -------- d-----w- C:\Users\Felipe\AppData\Local\Mozilla

2012-08-08 16:09:17 -------- d-----w- C:\Users\Felipe\AppData\Local\Google

2012-08-08 16:08:33 -------- d-----w- C:\Users\Felipe\AppData\Local\Deployment

2012-08-08 16:08:33 -------- d-----w- C:\Users\Felipe\AppData\Local\Apps

2012-08-08 16:08:31 -------- d-----w- C:\Program Files\ESET

2012-08-08 16:06:20 -------- d-sh--w- C:\Windows\Installer

.

==================== Find3M ====================

.

2012-08-09 23:02:05 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2012-05-15 10:48:00 8139072 ----a-w- C:\Windows\System32\nvcuda.dll

2012-05-15 05:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

.

============= FINISH: 23:40:07,37 ===============

Attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 08/08/2012 12:55:26

System Uptime: 12/08/2012 13:20:15 (10 hours ago)

.

Motherboard: PEGATRON | | To be filled by O.E.M.

Processor: AMD Phenom II X4 820 Processor | CPU 1 | 2800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 881,662 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP10: 09/08/2012 19:52:59 - Windows Defender Checkpoint

RP11: 09/08/2012 19:59:41 - Windows Update

RP12: 11/08/2012 12:26:26 - Windows Update

RP13: 11/08/2012 17:11:12 - Windows Update

RP14: 12/08/2012 05:24:58 - Windows Update

.

==== Installed Programs ======================

.

AIDA64 Extreme Edition v2.50

Assistente de Conexão do Windows Live

µTorrent

Diablo II

Dota 2

Ferramenta de Carregamento do Windows Live

Google Chrome

Half-Life

Half-Life 2

Hero Editor V1.03

League of Legends

Malwarebytes Anti-Malware versão 1.62.0.1300

Microsoft Choice Guard

MSVCRT

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Pando Media Booster

Realtek High Definition Audio Driver

Roller Coaster Tycoon 3 Platinum - CarlesNeo !

RollerCoaster Tycoon Deluxe

Steam

VirtualCloneDrive

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

zeckensack's Glide wrapper (remove only)

.

==== End Of File ===========================

O Gmer apenas acusou que não houve modificação no sistema e não gerou nenhum log, caso tenha feito algo errado, posso tentar novamente.

Obrigado desde já! ^_^

Editado por Xwist

Compartilhar este post


Link para o post
Compartilhar em outros sites

Configure o Windows para mostrar todos os arquivos

Acesse este site: http://virustotal.com/

Em Choose File coloque: C:\Windows\DIIUnin.exe

Em seguida clique em Submit

Copie e poste o resultado deste exame.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa Renato, obrigado pela resposta. Pelo que vi esse é o desinstalador do Diablo 2. Mas de qualquer forma segue o log.

SHA256: c6f717d1af7119b74ed3a9047e5e7690193b300d855b90aaf10e7931b4f38ced

File name: DIIUnin.exe

Detection ratio: 0 / 42

Analysis date: 2012-08-14 03:27:57 UTC ( 0 minuto ago )

* CERTIFIED GOODWARE *

Submitted by GoodAware Project.

File Name: C:\Windows\DIIUnin.exe

File Version: 1, 0, 0, 5

Company: Blizzard Entertainment

Description: Diablo II Uninstaller

Size: 94208 bytes

MD5: bbf0373a7c04161f6aff2b9543703ffc

This file is from a clean Windows 7 Home Premium installation and as such is known to be safe.

#goodware

Valeu :)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Abra o bloco de notas e copie (CTRL + C) e cole (CTRL + V) o seguinte texto entre QUOTE:


reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" > C:\look.txt
notepad C:\look.txt

Salve o arquivo como FixServices.bat

Escolha salvar colocando como tipo de arquivo: Todos os Arquivos.

  1. Ficará um ícone como este 4qhg48p.jpg.
  2. Dê um duplo clique em FixServices.bat.
  3. Espere o bat terminar de executar. Ao terminar a execução, aparecerá um arquivo de texto, copie-o e cole-o e sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigado pela resposta, segue o log:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

IE5_UA_Backup_Flag REG_SZ 5.0

User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)

EmailName REG_SZ User@

PrivDiscUiShown REG_DWORD 0x1

EnableHttp1_1 REG_DWORD 0x1

WarnOnIntranet REG_DWORD 0x1

MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges

AutoConfigProxy REG_SZ wininet.dll

UseSchannelDirectly REG_BINARY 01000000

WarnOnPost REG_BINARY 01000000

UrlEncoding REG_DWORD 0x0

SecureProtocols REG_DWORD 0xa0

PrivacyAdvanced REG_DWORD 0x0

ZonesSecurityUpgrade REG_BINARY 8169D96E1577CD01

DisableCachingOfSSLPages REG_DWORD 0x0

WarnonZoneCrossing REG_DWORD 0x0

CertificateRevocation REG_DWORD 0x1

EnableNegotiate REG_DWORD 0x1

MigrateProxy REG_DWORD 0x1

ProxyEnable REG_DWORD 0x0

ProxyHttp1.1 REG_DWORD 0x1

EnablePunycode REG_DWORD 0x1

DisableIDNPrompt REG_DWORD 0x0

ShowPunycode REG_DWORD 0x0

WarnonBadCertRecving REG_DWORD 0x1

WarnOnPostRedirect REG_DWORD 0x1

EnableAutodial REG_DWORD 0x0

NoNetAutodial REG_DWORD 0x0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite Renato, obrigado pela resposta.

Segue o log:

ComboFix 12-08-22.03 - Felipe 23/08/2012 17:49:10.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.3327.2320 [GMT -3:00]

Executando de: c:\users\Felipe\Desktop\ComboFix.exe

AV: ESET NOD32 Antivírus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivírus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\logs

c:\windows\SysWow64\logs\Game - R3d Logs\2012-08-10_23-13-26_r3dlog.txt

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-07-23 to 2012-08-23 ))))))))))))))))))))))))))))

.

.

2012-08-23 20:52 . 2012-08-23 20:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-22 03:16 . 2012-08-22 03:16 -------- d-----w- c:\program files (x86)\LIMBO

2012-08-19 23:50 . 2012-08-23 05:15 -------- d-----w- c:\program files (x86)\World of Warcraft

2012-08-19 23:50 . 2012-08-19 23:52 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment

2012-08-19 23:49 . 2012-08-20 01:57 -------- d-----w- c:\programdata\Blizzard Entertainment

2012-08-19 21:48 . 2012-08-19 21:48 -------- d-----w- c:\programdata\Messenger Plus!

2012-08-19 21:47 . 2012-08-19 21:47 -------- d-----w- c:\program files (x86)\Messenger Plus! Live

2012-08-17 22:37 . 2012-08-17 22:37 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-17 22:37 . 2012-08-17 22:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-17 22:37 . 2012-08-17 22:37 -------- d-----w- c:\windows\SysWow64\Macromed

2012-08-17 22:37 . 2012-08-17 22:37 -------- d-----w- c:\windows\system32\Macromed

2012-08-17 22:07 . 2012-08-17 22:07 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-08-15 21:52 . 2012-08-22 17:53 -------- d-----w- c:\program files (x86)\SpeedFan

2012-08-14 21:31 . 2012-08-14 21:31 -------- d-----w- c:\programdata\VirtualizedApplications

2012-08-14 19:16 . 2012-08-14 19:16 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client

2012-08-14 19:16 . 2012-08-14 19:16 -------- d-----w- c:\program files\Microsoft Office

2012-08-14 19:15 . 2012-08-14 19:15 -------- d-----w- c:\windows\system32\appmgmt

2012-08-12 05:33 . 2012-08-12 05:33 -------- d-----w- c:\program files (x86)\Microsoft

2012-08-12 05:32 . 2012-08-12 05:32 -------- d-----w- c:\windows\PCHEALTH

2012-08-11 23:44 . 2012-08-11 23:44 -------- d-----w- c:\programdata\Kaspersky Lab

2012-08-11 20:18 . 2012-08-11 20:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-11 20:18 . 2012-08-11 20:18 -------- d-----w- c:\programdata\Malwarebytes

2012-08-11 20:18 . 2012-07-03 16:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-11 20:11 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll

2012-08-11 20:11 . 2010-05-05 06:46 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll

2012-08-11 20:10 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll

2012-08-11 20:10 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-08-11 20:10 . 2010-07-29 06:30 82944 ----a-w- c:\windows\SysWow64\iccvid.dll

2012-08-11 20:10 . 2011-02-05 12:41 556928 ----a-w- c:\windows\system32\winresume.efi

2012-08-11 20:10 . 2011-02-05 12:41 640896 ----a-w- c:\windows\system32\winload.efi

2012-08-11 20:10 . 2011-02-05 12:41 20352 ----a-w- c:\windows\system32\kdusb.dll

2012-08-11 20:10 . 2011-02-05 12:41 19328 ----a-w- c:\windows\system32\kd1394.dll

2012-08-11 20:10 . 2011-02-05 12:41 17792 ----a-w- c:\windows\system32\kdcom.dll

2012-08-11 20:10 . 2011-02-05 12:39 603976 ----a-w- c:\windows\system32\winload.exe

2012-08-11 20:10 . 2011-02-05 12:39 518160 ----a-w- c:\windows\system32\winresume.exe

2012-08-11 20:01 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll

2012-08-11 20:01 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-08-11 20:01 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll

2012-08-11 20:01 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2012-08-11 20:01 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2012-08-11 20:01 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2012-08-11 20:01 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll

2012-08-11 20:01 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll

2012-08-11 20:01 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2012-08-11 20:01 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll

2012-08-11 20:01 . 2010-08-26 05:27 148992 ----a-w- c:\windows\system32\t2embed.dll

2012-08-11 20:01 . 2010-08-26 04:39 109056 ----a-w- c:\windows\SysWow64\t2embed.dll

2012-08-11 15:26 . 2012-07-03 06:19 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-08-11 15:17 . 2012-07-16 05:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C275629-4383-490A-A17D-6790CE8C91A7}\mpengine.dll

2012-08-11 08:24 . 2012-08-11 08:24 -------- d-----w- c:\program files (x86)\booddanet

2012-08-11 06:19 . 2012-08-11 06:19 -------- d-----w- c:\program files (x86)\GlideWrapper

2012-08-11 04:45 . 2012-08-11 04:45 -------- d-----w- C:\Revo Uninstaller

2012-08-11 04:29 . 2012-08-11 04:29 -------- d-----w- C:\Sierra

2012-08-11 03:55 . 2012-08-11 03:55 -------- d-----w- c:\program files\CCleaner

2012-08-11 00:06 . 2012-08-11 00:06 -------- d-----w- c:\program files\Steam

2012-08-10 03:00 . 2012-08-10 03:00 -------- d-----w- c:\windows\wb

2012-08-10 01:55 . 2012-08-10 01:58 -------- d-----w- c:\program files (x86)\Roller Coaster Tycoon 3 Platinum - CarlesNeo !

2012-08-09 23:02 . 2012-08-09 23:02 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2012-08-09 22:50 . 2012-08-09 22:50 -------- d-----w- c:\program files (x86)\Infogrames Interactive

2012-08-09 19:52 . 2012-08-09 20:15 -------- d-----w- c:\program files (x86)\Hero Editor

2012-08-09 19:52 . 2012-08-09 19:52 249856 ------w- c:\windows\Setup1.exe

2012-08-09 19:52 . 2012-08-09 19:52 73216 ----a-w- c:\windows\ST6UNST.EXE

2012-08-09 18:31 . 2012-08-09 18:31 2829 ----a-w- c:\windows\DIIUnin.pif

2012-08-09 18:31 . 2012-08-09 18:31 94208 ----a-w- c:\windows\DIIUnin.exe

2012-08-09 18:24 . 2012-08-09 19:52 -------- d-----w- c:\program files (x86)\Diablo II

2012-08-08 20:49 . 2012-08-11 14:52 -------- d-----w- c:\windows\Panther

2012-08-08 19:29 . 2012-08-08 19:29 -------- d-----w- c:\program files (x86)\uTorrent

2012-08-08 18:54 . 2012-08-08 18:54 -------- d-----w- c:\program files (x86)\Common Files\InstallShield

2012-08-08 18:43 . 2012-08-08 18:43 -------- d-----w- c:\users\UpdatusUser

2012-08-08 18:43 . 2012-08-08 18:43 -------- d-----w- c:\program files (x86)\NVIDIA Corporation

2012-08-08 18:43 . 2012-08-23 20:53 -------- d-----w- c:\programdata\NVIDIA

2012-08-08 18:43 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-08-08 18:43 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-08-08 18:43 . 2012-05-15 09:29 2561856 ----a-w- c:\windows\system32\nvsvcr.dll

2012-08-08 18:43 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-08-08 18:43 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll

2012-08-08 18:43 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll

2012-08-08 18:40 . 2012-08-08 18:43 -------- d-----w- c:\program files\NVIDIA Corporation

2012-08-08 18:40 . 2012-08-08 18:40 -------- d-----w- C:\NVIDIA

2012-08-08 18:03 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-08-08 18:03 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-08-08 18:03 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-08-08 18:03 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-08-08 18:03 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-08-08 18:03 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-08-08 18:03 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-08-08 18:03 . 2012-06-02 18:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-08-08 18:03 . 2012-06-02 18:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-08-08 17:55 . 2008-07-12 11:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2012-08-08 17:55 . 2008-07-12 11:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2012-08-08 17:55 . 2008-07-12 11:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2012-08-08 17:53 . 2012-08-11 04:46 -------- d--h--w- c:\program files (x86)\Temp

2012-08-08 17:53 . 2012-05-25 21:06 1706640 ----a-w- c:\windows\RtlExUpd.dll

2012-08-08 17:51 . 2012-08-11 04:46 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information

2012-08-08 17:51 . 2012-08-08 17:51 -------- d-----w- C:\Riot Games

2012-08-08 17:34 . 2012-08-08 17:34 -------- d-----w- c:\program files (x86)\FinalWire

2012-08-08 17:10 . 2012-08-19 23:46 -------- d-----w- c:\programdata\PMB Files

2012-08-08 17:09 . 2012-08-08 17:09 -------- d-----w- c:\program files (x86)\Pando Networks

2012-08-08 16:52 . 2012-08-08 16:52 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive

2012-08-08 16:52 . 2012-08-12 05:33 -------- d-----w- c:\program files (x86)\Windows Live

2012-08-08 16:47 . 2012-08-08 16:47 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

2012-08-08 16:22 . 2012-08-23 20:27 -------- d-----w- c:\program files (x86)\Steam

2012-08-08 16:22 . 2012-08-23 03:14 -------- d-----w- c:\program files (x86)\Common Files\Steam

2012-08-08 16:16 . 2012-08-08 16:16 -------- d-----w- c:\program files (x86)\Elaborate Bytes

2012-08-08 16:14 . 2012-08-08 16:14 -------- d-----w- c:\program files\WinRAR

2012-08-08 16:13 . 2012-05-31 15:25 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-08-08 16:08 . 2012-08-08 16:08 -------- d-----w- c:\program files\ESET

2012-08-08 16:06 . 2012-08-17 07:55 -------- d-sh--w- c:\windows\Installer

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2011-04-05 4925184]

S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-02-07 822624]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S3 RTL8023x64;Driver Realtek 10/100 NIC Family NDIS x64;c:\windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [2011-10-01 765288]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - WS2IFSL

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1302757549-2883402269-2165836234-1000Core.job

- c:\users\Felipe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-08 16:09]

.

2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1302757549-2883402269-2165836234-1000UA.job

- c:\users\Felipe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-08 16:09]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-05 8060960]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 201.6.2.90 201.6.2.180

FF - ProfilePath - c:\users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\i98lhica.default\

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Wow6432Node-HKLM-Run-PlusService - c:\program files (x86)\Messenger Plus! Live\PlusService.exe

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2012-08-23 17:56:58 - Máquina reiniciou

ComboFix-quarantined-files.txt 2012-08-23 20:56

.

Pré-execução: 908.635.738.112 bytes disponíveis

Pós execução: 908.158.152.704 bytes disponíveis

.

- - End Of File - - 6D3619EFEBFB010239ACED6641DAF3E5

Compartilhar este post


Link para o post
Compartilhar em outros sites

Abra o bloco de notas e copie (CTRL + C) e cole (CTRL + V) o seguinte texto entre QUOTE:


reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" > C:\look.txt
notepad C:\look.txt

Salve o arquivo como FixServices.bat

Escolha salvar colocando como tipo de arquivo: Todos os Arquivos.

  1. Ficará um ícone como este 4qhg48p.jpg.
  2. Dê um duplo clique em FixServices.bat.
  3. Espere o bat terminar de executar. Ao terminar a execução, aparecerá um arquivo de texto, copie-o e cole-o e sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o log:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

IE5_UA_Backup_Flag REG_SZ 5.0

User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)

EmailName REG_SZ User@

PrivDiscUiShown REG_DWORD 0x1

EnableHttp1_1 REG_DWORD 0x1

WarnOnIntranet REG_DWORD 0x1

MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges

AutoConfigProxy REG_SZ wininet.dll

UseSchannelDirectly REG_BINARY 01000000

WarnOnPost REG_BINARY 01000000

UrlEncoding REG_DWORD 0x0

SecureProtocols REG_DWORD 0xa0

PrivacyAdvanced REG_DWORD 0x0

ZonesSecurityUpgrade REG_BINARY 8169D96E1577CD01

DisableCachingOfSSLPages REG_DWORD 0x0

WarnonZoneCrossing REG_DWORD 0x0

CertificateRevocation REG_DWORD 0x1

EnableNegotiate REG_DWORD 0x1

MigrateProxy REG_DWORD 0x1

ProxyEnable REG_DWORD 0x0

ProxyHttp1.1 REG_DWORD 0x1

EnablePunycode REG_DWORD 0x1

DisableIDNPrompt REG_DWORD 0x0

ShowPunycode REG_DWORD 0x0

WarnonBadCertRecving REG_DWORD 0x1

WarnOnPostRedirect REG_DWORD 0x0

EnableAutodial REG_DWORD 0x0

NoNetAutodial REG_DWORD 0x0

WarnOnHTTPSToHTTPRedirect REG_DWORD 0x1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seu computador faz parte de alguma rede? Poderia explicar como funciona sua conexão?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Então, ele é ligado diretamente no modem da Motorola, que já possui Wireless. Mas não está liberado o acesso de nenhum computador, nem o notebook que possuímos aqui em casa. Nunca tentei ligar ele em rede a outros computadores, uso somente para internet mesmo. A wireless tem senha, acredito que não tenham acesso a mesma...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Kaspersky AVP Tool de um desses 2 links:

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

Informe seu email depois clique no botão Submit Form.

A página será recarregada. Clique no botão Download

Salve-o em sua área de trabalho.

Execute o arquivo e aguarde a instalação.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em Executar como administrador

Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador
  • Disco local (C:)

Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

KRT_install2_.png

De volta à tela inicial do programa, clique no botão Start scanning

Tenha paciência, é um pouco demorado.

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

Escolha um local de fácil acesso e salve como log.txt

Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

Para sair do programa, basta clicar no X no canto superior direito.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×