Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Xwist

Proxy Changer

Recommended Posts

Olá, boa noite caros. Após baixar um drive para minha placa de som, acredito que o mesmo fez a instalação de algum malware, configurando o proxy do navegador automaticamente, mesmo após eu apagar e colocar para não utilizar nenhum proxy. Todos os navegadores estão configurados, exceto o Chrome a qual ainda consigo manter a configuração sem proxy. O proxy é: http://www.pointsecuptmobile.com/realtek1008201202.win. Pela pesquisa, parece ser um site que armazena dados do pc, estou preocupado :(

Utilizo o nod32 como antivirus, ele detecta apenas quando abro o navegador e não deixa o proxy agir.

Segue os logs:

DDS

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Felipe at 23:39:29 on 2012-08-12

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.3327.1807 [GMT -3:00]

.

AV: ESET NOD32 Antivírus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivírus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\taskhost.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

uRun: [Google Update] "C:\Users\Felipe\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

TCP: DhcpNameServer = 201.6.2.90 201.6.2.180

TCP: Interfaces\{372988BF-FA9C-4DBB-8648-D21A94FCDB36} : DhcpNameServer = 201.6.2.90 201.6.2.180

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

{9030D464-4C02-4ABF-8ECC-5164760863C6}

mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

.

============= SERVICES / DRIVERS ===============

.

R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-3-7 913144]

R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-8-8 1262400]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]

R3 RTL8023x64;Driver Realtek 10/100 NIC Family NDIS x64;C:\Windows\system32\DRIVERS\Rtnic64.sys --> C:\Windows\system32\DRIVERS\Rtnic64.sys [?]

.

=============== Created Last 30 ================

.

2012-08-12 05:33:21 -------- d-----w- C:\Program Files (x86)\Microsoft

2012-08-12 05:32:38 -------- d-----w- C:\Windows\PCHEALTH

2012-08-11 23:44:01 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-08-11 20:18:27 -------- d-----w- C:\Users\Felipe\AppData\Roaming\Malwarebytes

2012-08-11 20:18:06 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-11 20:18:06 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-11 20:18:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-11 20:11:03 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll

2012-08-11 20:11:03 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll

2012-08-11 20:10:59 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-08-11 20:10:59 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-08-11 20:10:51 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

2012-08-11 20:10:49 640896 ----a-w- C:\Windows\System32\winload.efi

2012-08-11 20:10:49 603976 ----a-w- C:\Windows\System32\winload.exe

2012-08-11 20:10:49 556928 ----a-w- C:\Windows\System32\winresume.efi

2012-08-11 20:10:49 518160 ----a-w- C:\Windows\System32\winresume.exe

2012-08-11 20:10:49 20352 ----a-w- C:\Windows\System32\kdusb.dll

2012-08-11 20:10:49 19328 ----a-w- C:\Windows\System32\kd1394.dll

2012-08-11 20:10:49 17792 ----a-w- C:\Windows\System32\kdcom.dll

2012-08-11 20:01:40 720896 ----a-w- C:\Windows\System32\odbc32.dll

2012-08-11 20:01:40 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll

2012-08-11 20:01:40 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-08-11 20:01:39 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-08-11 20:01:39 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2012-08-11 20:01:39 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2012-08-11 20:01:39 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2012-08-11 20:01:39 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2012-08-11 20:01:39 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2012-08-11 20:01:39 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2012-08-11 20:01:33 148992 ----a-w- C:\Windows\System32\t2embed.dll

2012-08-11 20:01:33 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2012-08-11 19:57:47 -------- d-----w- C:\Users\Felipe\AppData\Local\Diagnostics

2012-08-11 15:17:08 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-08-11 15:17:04 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C275629-4383-490A-A17D-6790CE8C91A7}\mpengine.dll

2012-08-11 08:24:31 -------- d-----w- C:\Program Files (x86)\booddanet

2012-08-11 06:19:13 -------- d-----w- C:\Program Files (x86)\GlideWrapper

2012-08-11 04:45:21 -------- d-----w- C:\Revo Uninstaller

2012-08-11 04:29:22 -------- d-----w- C:\Sierra

2012-08-11 03:55:56 -------- d-----w- C:\Program Files\CCleaner

2012-08-11 02:13:26 -------- d-----w- C:\Windows\SysWow64\Logs

2012-08-11 00:15:21 -------- d-----w- C:\Windows\SysWow64\directx

2012-08-11 00:06:12 -------- d-----w- C:\Program Files\Steam

2012-08-10 06:17:31 -------- d-----w- C:\Users\Felipe\AppData\Roaming\Realteks

2012-08-10 03:00:53 -------- d-----w- C:\Windows\wb

2012-08-10 02:00:30 -------- d-----w- C:\Users\Felipe\AppData\Roaming\Atari

2012-08-10 01:55:55 -------- d-----w- C:\Program Files (x86)\Roller Coaster Tycoon 3 Platinum - CarlesNeo !

2012-08-09 23:02:05 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2012-08-09 22:50:46 -------- d-----w- C:\Program Files (x86)\Infogrames Interactive

2012-08-09 22:50:16 692224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll

2012-08-09 22:50:16 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

2012-08-09 22:50:16 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe

2012-08-09 22:50:16 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

2012-08-09 22:50:16 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll

2012-08-09 22:50:16 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll

2012-08-09 22:50:16 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll

2012-08-09 22:20:06 -------- d-----w- C:\Users\Felipe\AppData\Roaming\LolClient

2012-08-09 19:52:44 -------- d-----w- C:\Program Files (x86)\Hero Editor

2012-08-09 19:52:37 249856 ------w- C:\Windows\Setup1.exe

2012-08-09 19:52:36 73216 ----a-w- C:\Windows\ST6UNST.EXE

2012-08-09 18:31:04 2829 ----a-w- C:\Windows\DIIUnin.pif

2012-08-09 18:31:03 94208 ----a-w- C:\Windows\DIIUnin.exe

2012-08-09 18:24:40 -------- d-----w- C:\Program Files (x86)\Diablo II

2012-08-09 16:26:34 -------- d-----w- C:\Users\Felipe\AppData\Roaming\NVIDIA

2012-08-09 02:45:06 -------- d-----w- C:\Users\Felipe\AppData\Local\Microsoft Games

2012-08-08 20:49:31 -------- d-----w- C:\Windows\Panther

2012-08-08 19:29:04 -------- d-----w- C:\Program Files (x86)\uTorrent

2012-08-08 19:28:05 -------- d-----w- C:\Users\Felipe\AppData\Roaming\uTorrent

2012-08-08 18:54:54 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2012-08-08 18:54:54 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2012-08-08 18:54:54 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2012-08-08 18:54:54 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2012-08-08 18:54:54 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2012-08-08 18:54:54 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2012-08-08 18:54:53 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2012-08-08 18:54:53 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2012-08-08 18:54:52 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2012-08-08 18:43:36 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2012-08-08 18:43:12 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-08-08 18:43:12 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-08-08 18:43:12 6151488 ----a-w- C:\Windows\System32\nvcpl.dll

2012-08-08 18:43:12 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-08-08 18:43:12 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-08-08 18:43:12 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-08-08 18:40:38 -------- d-----w- C:\Program Files\NVIDIA Corporation

2012-08-08 18:40:17 -------- d-----w- C:\NVIDIA

2012-08-08 18:03:41 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-08-08 18:03:33 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-08-08 18:03:01 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-08-08 18:03:01 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-08-08 17:55:40 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll

2012-08-08 17:55:40 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll

2012-08-08 17:55:39 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll

2012-08-08 17:53:15 1706640 ----a-w- C:\Windows\RtlExUpd.dll

2012-08-08 17:53:15 -------- d--h--w- C:\Program Files (x86)\Temp

2012-08-08 17:51:48 -------- d-----w- C:\Riot Games

2012-08-08 17:34:29 -------- d-----w- C:\Program Files (x86)\FinalWire

2012-08-08 17:10:08 -------- d-----w- C:\Users\Felipe\AppData\Local\PMB Files

2012-08-08 17:10:07 -------- d-----w- C:\ProgramData\PMB Files

2012-08-08 17:09:37 -------- d-----w- C:\Program Files (x86)\Pando Networks

2012-08-08 16:58:01 -------- d-----w- C:\Users\Felipe\Tracing

2012-08-08 16:52:41 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive

2012-08-08 16:47:00 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2012-08-08 16:46:10 -------- d-----w- C:\Users\Felipe\AppData\Local\ESET

2012-08-08 16:22:28 -------- d-----w- C:\Program Files (x86)\Steam

2012-08-08 16:22:28 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2012-08-08 16:16:53 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes

2012-08-08 16:13:41 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-08-08 16:09:58 -------- d-----w- C:\Users\Felipe\AppData\Local\Mozilla

2012-08-08 16:09:17 -------- d-----w- C:\Users\Felipe\AppData\Local\Google

2012-08-08 16:08:33 -------- d-----w- C:\Users\Felipe\AppData\Local\Deployment

2012-08-08 16:08:33 -------- d-----w- C:\Users\Felipe\AppData\Local\Apps

2012-08-08 16:08:31 -------- d-----w- C:\Program Files\ESET

2012-08-08 16:06:20 -------- d-sh--w- C:\Windows\Installer

.

==================== Find3M ====================

.

2012-08-09 23:02:05 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2012-05-15 10:48:00 8139072 ----a-w- C:\Windows\System32\nvcuda.dll

2012-05-15 05:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

.

============= FINISH: 23:40:07,37 ===============

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Felipe at 23:39:29 on 2012-08-12

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.3327.1807 [GMT -3:00]

.

AV: ESET NOD32 Antivírus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivírus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\taskhost.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Felipe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

uRun: [Google Update] "C:\Users\Felipe\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

TCP: DhcpNameServer = 201.6.2.90 201.6.2.180

TCP: Interfaces\{372988BF-FA9C-4DBB-8648-D21A94FCDB36} : DhcpNameServer = 201.6.2.90 201.6.2.180

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

{9030D464-4C02-4ABF-8ECC-5164760863C6}

mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

.

============= SERVICES / DRIVERS ===============

.

R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-3-7 913144]

R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-8-8 1262400]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]

R3 RTL8023x64;Driver Realtek 10/100 NIC Family NDIS x64;C:\Windows\system32\DRIVERS\Rtnic64.sys --> C:\Windows\system32\DRIVERS\Rtnic64.sys [?]

.

=============== Created Last 30 ================

.

2012-08-12 05:33:21 -------- d-----w- C:\Program Files (x86)\Microsoft

2012-08-12 05:32:38 -------- d-----w- C:\Windows\PCHEALTH

2012-08-11 23:44:01 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-08-11 20:18:27 -------- d-----w- C:\Users\Felipe\AppData\Roaming\Malwarebytes

2012-08-11 20:18:06 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-11 20:18:06 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-11 20:18:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-11 20:11:03 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll

2012-08-11 20:11:03 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll

2012-08-11 20:10:59 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-08-11 20:10:59 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-08-11 20:10:51 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

2012-08-11 20:10:49 640896 ----a-w- C:\Windows\System32\winload.efi

2012-08-11 20:10:49 603976 ----a-w- C:\Windows\System32\winload.exe

2012-08-11 20:10:49 556928 ----a-w- C:\Windows\System32\winresume.efi

2012-08-11 20:10:49 518160 ----a-w- C:\Windows\System32\winresume.exe

2012-08-11 20:10:49 20352 ----a-w- C:\Windows\System32\kdusb.dll

2012-08-11 20:10:49 19328 ----a-w- C:\Windows\System32\kd1394.dll

2012-08-11 20:10:49 17792 ----a-w- C:\Windows\System32\kdcom.dll

2012-08-11 20:01:40 720896 ----a-w- C:\Windows\System32\odbc32.dll

2012-08-11 20:01:40 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll

2012-08-11 20:01:40 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-08-11 20:01:39 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-08-11 20:01:39 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2012-08-11 20:01:39 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2012-08-11 20:01:39 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2012-08-11 20:01:39 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2012-08-11 20:01:39 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2012-08-11 20:01:39 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2012-08-11 20:01:33 148992 ----a-w- C:\Windows\System32\t2embed.dll

2012-08-11 20:01:33 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2012-08-11 19:57:47 -------- d-----w- C:\Users\Felipe\AppData\Local\Diagnostics

2012-08-11 15:17:08 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-08-11 15:17:04 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C275629-4383-490A-A17D-6790CE8C91A7}\mpengine.dll

2012-08-11 08:24:31 -------- d-----w- C:\Program Files (x86)\booddanet

2012-08-11 06:19:13 -------- d-----w- C:\Program Files (x86)\GlideWrapper

2012-08-11 04:45:21 -------- d-----w- C:\Revo Uninstaller

2012-08-11 04:29:22 -------- d-----w- C:\Sierra

2012-08-11 03:55:56 -------- d-----w- C:\Program Files\CCleaner

2012-08-11 02:13:26 -------- d-----w- C:\Windows\SysWow64\Logs

2012-08-11 00:15:21 -------- d-----w- C:\Windows\SysWow64\directx

2012-08-11 00:06:12 -------- d-----w- C:\Program Files\Steam

2012-08-10 06:17:31 -------- d-----w- C:\Users\Felipe\AppData\Roaming\Realteks

2012-08-10 03:00:53 -------- d-----w- C:\Windows\wb

2012-08-10 02:00:30 -------- d-----w- C:\Users\Felipe\AppData\Roaming\Atari

2012-08-10 01:55:55 -------- d-----w- C:\Program Files (x86)\Roller Coaster Tycoon 3 Platinum - CarlesNeo !

2012-08-09 23:02:05 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2012-08-09 22:50:46 -------- d-----w- C:\Program Files (x86)\Infogrames Interactive

2012-08-09 22:50:16 692224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll

2012-08-09 22:50:16 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

2012-08-09 22:50:16 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe

2012-08-09 22:50:16 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

2012-08-09 22:50:16 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll

2012-08-09 22:50:16 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll

2012-08-09 22:50:16 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll

2012-08-09 22:20:06 -------- d-----w- C:\Users\Felipe\AppData\Roaming\LolClient

2012-08-09 19:52:44 -------- d-----w- C:\Program Files (x86)\Hero Editor

2012-08-09 19:52:37 249856 ------w- C:\Windows\Setup1.exe

2012-08-09 19:52:36 73216 ----a-w- C:\Windows\ST6UNST.EXE

2012-08-09 18:31:04 2829 ----a-w- C:\Windows\DIIUnin.pif

2012-08-09 18:31:03 94208 ----a-w- C:\Windows\DIIUnin.exe

2012-08-09 18:24:40 -------- d-----w- C:\Program Files (x86)\Diablo II

2012-08-09 16:26:34 -------- d-----w- C:\Users\Felipe\AppData\Roaming\NVIDIA

2012-08-09 02:45:06 -------- d-----w- C:\Users\Felipe\AppData\Local\Microsoft Games

2012-08-08 20:49:31 -------- d-----w- C:\Windows\Panther

2012-08-08 19:29:04 -------- d-----w- C:\Program Files (x86)\uTorrent

2012-08-08 19:28:05 -------- d-----w- C:\Users\Felipe\AppData\Roaming\uTorrent

2012-08-08 18:54:54 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2012-08-08 18:54:54 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2012-08-08 18:54:54 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2012-08-08 18:54:54 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2012-08-08 18:54:54 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2012-08-08 18:54:54 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2012-08-08 18:54:53 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2012-08-08 18:54:53 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2012-08-08 18:54:52 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2012-08-08 18:43:36 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2012-08-08 18:43:12 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-08-08 18:43:12 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-08-08 18:43:12 6151488 ----a-w- C:\Windows\System32\nvcpl.dll

2012-08-08 18:43:12 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-08-08 18:43:12 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-08-08 18:43:12 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-08-08 18:40:38 -------- d-----w- C:\Program Files\NVIDIA Corporation

2012-08-08 18:40:17 -------- d-----w- C:\NVIDIA

2012-08-08 18:03:41 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-08-08 18:03:33 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-08-08 18:03:01 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-08-08 18:03:01 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-08-08 17:55:40 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll

2012-08-08 17:55:40 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll

2012-08-08 17:55:39 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll

2012-08-08 17:53:15 1706640 ----a-w- C:\Windows\RtlExUpd.dll

2012-08-08 17:53:15 -------- d--h--w- C:\Program Files (x86)\Temp

2012-08-08 17:51:48 -------- d-----w- C:\Riot Games

2012-08-08 17:34:29 -------- d-----w- C:\Program Files (x86)\FinalWire

2012-08-08 17:10:08 -------- d-----w- C:\Users\Felipe\AppData\Local\PMB Files

2012-08-08 17:10:07 -------- d-----w- C:\ProgramData\PMB Files

2012-08-08 17:09:37 -------- d-----w- C:\Program Files (x86)\Pando Networks

2012-08-08 16:58:01 -------- d-----w- C:\Users\Felipe\Tracing

2012-08-08 16:52:41 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive

2012-08-08 16:47:00 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2012-08-08 16:46:10 -------- d-----w- C:\Users\Felipe\AppData\Local\ESET

2012-08-08 16:22:28 -------- d-----w- C:\Program Files (x86)\Steam

2012-08-08 16:22:28 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2012-08-08 16:16:53 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes

2012-08-08 16:13:41 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-08-08 16:09:58 -------- d-----w- C:\Users\Felipe\AppData\Local\Mozilla

2012-08-08 16:09:17 -------- d-----w- C:\Users\Felipe\AppData\Local\Google

2012-08-08 16:08:33 -------- d-----w- C:\Users\Felipe\AppData\Local\Deployment

2012-08-08 16:08:33 -------- d-----w- C:\Users\Felipe\AppData\Local\Apps

2012-08-08 16:08:31 -------- d-----w- C:\Program Files\ESET

2012-08-08 16:06:20 -------- d-sh--w- C:\Windows\Installer

.

==================== Find3M ====================

.

2012-08-09 23:02:05 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2012-05-15 10:48:00 8139072 ----a-w- C:\Windows\System32\nvcuda.dll

2012-05-15 05:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

.

============= FINISH: 23:40:07,37 ===============

Attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 08/08/2012 12:55:26

System Uptime: 12/08/2012 13:20:15 (10 hours ago)

.

Motherboard: PEGATRON | | To be filled by O.E.M.

Processor: AMD Phenom II X4 820 Processor | CPU 1 | 2800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 881,662 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP10: 09/08/2012 19:52:59 - Windows Defender Checkpoint

RP11: 09/08/2012 19:59:41 - Windows Update

RP12: 11/08/2012 12:26:26 - Windows Update

RP13: 11/08/2012 17:11:12 - Windows Update

RP14: 12/08/2012 05:24:58 - Windows Update

.

==== Installed Programs ======================

.

AIDA64 Extreme Edition v2.50

Assistente de Conexão do Windows Live

µTorrent

Diablo II

Dota 2

Ferramenta de Carregamento do Windows Live

Google Chrome

Half-Life

Half-Life 2

Hero Editor V1.03

League of Legends

Malwarebytes Anti-Malware versão 1.62.0.1300

Microsoft Choice Guard

MSVCRT

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Pando Media Booster

Realtek High Definition Audio Driver

Roller Coaster Tycoon 3 Platinum - CarlesNeo !

RollerCoaster Tycoon Deluxe

Steam

VirtualCloneDrive

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

zeckensack's Glide wrapper (remove only)

.

==== End Of File ===========================

O Gmer apenas acusou que não houve modificação no sistema e não gerou nenhum log, caso tenha feito algo errado, posso tentar novamente.

Obrigado desde já! ^_^

Editado por Xwist

Compartilhar este post


Link para o post
Compartilhar em outros sites

Configure o Windows para mostrar todos os arquivos

Acesse este site: http://virustotal.com/

Em Choose File coloque: C:\Windows\DIIUnin.exe

Em seguida clique em Submit

Copie e poste o resultado deste exame.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Opa Renato, obrigado pela resposta. Pelo que vi esse é o desinstalador do Diablo 2. Mas de qualquer forma segue o log.

    SHA256: c6f717d1af7119b74ed3a9047e5e7690193b300d855b90aaf10e7931b4f38ced

    File name: DIIUnin.exe

    Detection ratio: 0 / 42

    Analysis date: 2012-08-14 03:27:57 UTC ( 0 minuto ago )

    * CERTIFIED GOODWARE *

    Submitted by GoodAware Project.

    File Name: C:\Windows\DIIUnin.exe

    File Version: 1, 0, 0, 5

    Company: Blizzard Entertainment

    Description: Diablo II Uninstaller

    Size: 94208 bytes

    MD5: bbf0373a7c04161f6aff2b9543703ffc

    This file is from a clean Windows 7 Home Premium installation and as such is known to be safe.

    #goodware

    Valeu :)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Abra o bloco de notas e copie (CTRL + C) e cole (CTRL + V) o seguinte texto entre QUOTE:


    reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" > C:\look.txt
    notepad C:\look.txt

    Salve o arquivo como FixServices.bat

    Escolha salvar colocando como tipo de arquivo: Todos os Arquivos.

    1. Ficará um ícone como este 4qhg48p.jpg.
    2. Dê um duplo clique em FixServices.bat.
    3. Espere o bat terminar de executar. Ao terminar a execução, aparecerá um arquivo de texto, copie-o e cole-o e sua próxima resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Obrigado pela resposta, segue o log:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

    IE5_UA_Backup_Flag REG_SZ 5.0

    User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    EmailName REG_SZ User@

    PrivDiscUiShown REG_DWORD 0x1

    EnableHttp1_1 REG_DWORD 0x1

    WarnOnIntranet REG_DWORD 0x1

    MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges

    AutoConfigProxy REG_SZ wininet.dll

    UseSchannelDirectly REG_BINARY 01000000

    WarnOnPost REG_BINARY 01000000

    UrlEncoding REG_DWORD 0x0

    SecureProtocols REG_DWORD 0xa0

    PrivacyAdvanced REG_DWORD 0x0

    ZonesSecurityUpgrade REG_BINARY 8169D96E1577CD01

    DisableCachingOfSSLPages REG_DWORD 0x0

    WarnonZoneCrossing REG_DWORD 0x0

    CertificateRevocation REG_DWORD 0x1

    EnableNegotiate REG_DWORD 0x1

    MigrateProxy REG_DWORD 0x1

    ProxyEnable REG_DWORD 0x0

    ProxyHttp1.1 REG_DWORD 0x1

    EnablePunycode REG_DWORD 0x1

    DisableIDNPrompt REG_DWORD 0x0

    ShowPunycode REG_DWORD 0x0

    WarnonBadCertRecving REG_DWORD 0x1

    WarnOnPostRedirect REG_DWORD 0x1

    EnableAutodial REG_DWORD 0x0

    NoNetAutodial REG_DWORD 0x0

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Leia as instruções contidas neste link:

    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

    • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Boa noite Renato, obrigado pela resposta.

    Segue o log:

    ComboFix 12-08-22.03 - Felipe 23/08/2012 17:49:10.1.4 - x64

    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.3327.2320 [GMT -3:00]

    Executando de: c:\users\Felipe\Desktop\ComboFix.exe

    AV: ESET NOD32 Antivírus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

    SP: ESET NOD32 Antivírus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    * Criado um novo ponto de restauração

    .

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\windows\SysWow64\logs

    c:\windows\SysWow64\logs\Game - R3d Logs\2012-08-10_23-13-26_r3dlog.txt

    .

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2012-07-23 to 2012-08-23 ))))))))))))))))))))))))))))

    .

    .

    2012-08-23 20:52 . 2012-08-23 20:52 -------- d-----w- c:\users\Default\AppData\Local\temp

    2012-08-22 03:16 . 2012-08-22 03:16 -------- d-----w- c:\program files (x86)\LIMBO

    2012-08-19 23:50 . 2012-08-23 05:15 -------- d-----w- c:\program files (x86)\World of Warcraft

    2012-08-19 23:50 . 2012-08-19 23:52 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment

    2012-08-19 23:49 . 2012-08-20 01:57 -------- d-----w- c:\programdata\Blizzard Entertainment

    2012-08-19 21:48 . 2012-08-19 21:48 -------- d-----w- c:\programdata\Messenger Plus!

    2012-08-19 21:47 . 2012-08-19 21:47 -------- d-----w- c:\program files (x86)\Messenger Plus! Live

    2012-08-17 22:37 . 2012-08-17 22:37 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-08-17 22:37 . 2012-08-17 22:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2012-08-17 22:37 . 2012-08-17 22:37 -------- d-----w- c:\windows\SysWow64\Macromed

    2012-08-17 22:37 . 2012-08-17 22:37 -------- d-----w- c:\windows\system32\Macromed

    2012-08-17 22:07 . 2012-08-17 22:07 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

    2012-08-15 21:52 . 2012-08-22 17:53 -------- d-----w- c:\program files (x86)\SpeedFan

    2012-08-14 21:31 . 2012-08-14 21:31 -------- d-----w- c:\programdata\VirtualizedApplications

    2012-08-14 19:16 . 2012-08-14 19:16 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client

    2012-08-14 19:16 . 2012-08-14 19:16 -------- d-----w- c:\program files\Microsoft Office

    2012-08-14 19:15 . 2012-08-14 19:15 -------- d-----w- c:\windows\system32\appmgmt

    2012-08-12 05:33 . 2012-08-12 05:33 -------- d-----w- c:\program files (x86)\Microsoft

    2012-08-12 05:32 . 2012-08-12 05:32 -------- d-----w- c:\windows\PCHEALTH

    2012-08-11 23:44 . 2012-08-11 23:44 -------- d-----w- c:\programdata\Kaspersky Lab

    2012-08-11 20:18 . 2012-08-11 20:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

    2012-08-11 20:18 . 2012-08-11 20:18 -------- d-----w- c:\programdata\Malwarebytes

    2012-08-11 20:18 . 2012-07-03 16:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-08-11 20:11 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll

    2012-08-11 20:11 . 2010-05-05 06:46 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll

    2012-08-11 20:10 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll

    2012-08-11 20:10 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll

    2012-08-11 20:10 . 2010-07-29 06:30 82944 ----a-w- c:\windows\SysWow64\iccvid.dll

    2012-08-11 20:10 . 2011-02-05 12:41 556928 ----a-w- c:\windows\system32\winresume.efi

    2012-08-11 20:10 . 2011-02-05 12:41 640896 ----a-w- c:\windows\system32\winload.efi

    2012-08-11 20:10 . 2011-02-05 12:41 20352 ----a-w- c:\windows\system32\kdusb.dll

    2012-08-11 20:10 . 2011-02-05 12:41 19328 ----a-w- c:\windows\system32\kd1394.dll

    2012-08-11 20:10 . 2011-02-05 12:41 17792 ----a-w- c:\windows\system32\kdcom.dll

    2012-08-11 20:10 . 2011-02-05 12:39 603976 ----a-w- c:\windows\system32\winload.exe

    2012-08-11 20:10 . 2011-02-05 12:39 518160 ----a-w- c:\windows\system32\winresume.exe

    2012-08-11 20:01 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll

    2012-08-11 20:01 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

    2012-08-11 20:01 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll

    2012-08-11 20:01 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

    2012-08-11 20:01 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

    2012-08-11 20:01 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

    2012-08-11 20:01 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll

    2012-08-11 20:01 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll

    2012-08-11 20:01 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

    2012-08-11 20:01 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll

    2012-08-11 20:01 . 2010-08-26 05:27 148992 ----a-w- c:\windows\system32\t2embed.dll

    2012-08-11 20:01 . 2010-08-26 04:39 109056 ----a-w- c:\windows\SysWow64\t2embed.dll

    2012-08-11 15:26 . 2012-07-03 06:19 59701280 ----a-w- c:\windows\system32\MRT.exe

    2012-08-11 15:17 . 2012-07-16 05:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C275629-4383-490A-A17D-6790CE8C91A7}\mpengine.dll

    2012-08-11 08:24 . 2012-08-11 08:24 -------- d-----w- c:\program files (x86)\booddanet

    2012-08-11 06:19 . 2012-08-11 06:19 -------- d-----w- c:\program files (x86)\GlideWrapper

    2012-08-11 04:45 . 2012-08-11 04:45 -------- d-----w- C:\Revo Uninstaller

    2012-08-11 04:29 . 2012-08-11 04:29 -------- d-----w- C:\Sierra

    2012-08-11 03:55 . 2012-08-11 03:55 -------- d-----w- c:\program files\CCleaner

    2012-08-11 00:06 . 2012-08-11 00:06 -------- d-----w- c:\program files\Steam

    2012-08-10 03:00 . 2012-08-10 03:00 -------- d-----w- c:\windows\wb

    2012-08-10 01:55 . 2012-08-10 01:58 -------- d-----w- c:\program files (x86)\Roller Coaster Tycoon 3 Platinum - CarlesNeo !

    2012-08-09 23:02 . 2012-08-09 23:02 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

    2012-08-09 22:50 . 2012-08-09 22:50 -------- d-----w- c:\program files (x86)\Infogrames Interactive

    2012-08-09 19:52 . 2012-08-09 20:15 -------- d-----w- c:\program files (x86)\Hero Editor

    2012-08-09 19:52 . 2012-08-09 19:52 249856 ------w- c:\windows\Setup1.exe

    2012-08-09 19:52 . 2012-08-09 19:52 73216 ----a-w- c:\windows\ST6UNST.EXE

    2012-08-09 18:31 . 2012-08-09 18:31 2829 ----a-w- c:\windows\DIIUnin.pif

    2012-08-09 18:31 . 2012-08-09 18:31 94208 ----a-w- c:\windows\DIIUnin.exe

    2012-08-09 18:24 . 2012-08-09 19:52 -------- d-----w- c:\program files (x86)\Diablo II

    2012-08-08 20:49 . 2012-08-11 14:52 -------- d-----w- c:\windows\Panther

    2012-08-08 19:29 . 2012-08-08 19:29 -------- d-----w- c:\program files (x86)\uTorrent

    2012-08-08 18:54 . 2012-08-08 18:54 -------- d-----w- c:\program files (x86)\Common Files\InstallShield

    2012-08-08 18:43 . 2012-08-08 18:43 -------- d-----w- c:\users\UpdatusUser

    2012-08-08 18:43 . 2012-08-08 18:43 -------- d-----w- c:\program files (x86)\NVIDIA Corporation

    2012-08-08 18:43 . 2012-08-23 20:53 -------- d-----w- c:\programdata\NVIDIA

    2012-08-08 18:43 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe

    2012-08-08 18:43 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll

    2012-08-08 18:43 . 2012-05-15 09:29 2561856 ----a-w- c:\windows\system32\nvsvcr.dll

    2012-08-08 18:43 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll

    2012-08-08 18:43 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll

    2012-08-08 18:43 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll

    2012-08-08 18:40 . 2012-08-08 18:43 -------- d-----w- c:\program files\NVIDIA Corporation

    2012-08-08 18:40 . 2012-08-08 18:40 -------- d-----w- C:\NVIDIA

    2012-08-08 18:03 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

    2012-08-08 18:03 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

    2012-08-08 18:03 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

    2012-08-08 18:03 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

    2012-08-08 18:03 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

    2012-08-08 18:03 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

    2012-08-08 18:03 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

    2012-08-08 18:03 . 2012-06-02 18:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

    2012-08-08 18:03 . 2012-06-02 18:15 36864 ----a-w- c:\windows\system32\wuapp.exe

    2012-08-08 17:55 . 2008-07-12 11:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

    2012-08-08 17:55 . 2008-07-12 11:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

    2012-08-08 17:55 . 2008-07-12 11:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

    2012-08-08 17:53 . 2012-08-11 04:46 -------- d--h--w- c:\program files (x86)\Temp

    2012-08-08 17:53 . 2012-05-25 21:06 1706640 ----a-w- c:\windows\RtlExUpd.dll

    2012-08-08 17:51 . 2012-08-11 04:46 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information

    2012-08-08 17:51 . 2012-08-08 17:51 -------- d-----w- C:\Riot Games

    2012-08-08 17:34 . 2012-08-08 17:34 -------- d-----w- c:\program files (x86)\FinalWire

    2012-08-08 17:10 . 2012-08-19 23:46 -------- d-----w- c:\programdata\PMB Files

    2012-08-08 17:09 . 2012-08-08 17:09 -------- d-----w- c:\program files (x86)\Pando Networks

    2012-08-08 16:52 . 2012-08-08 16:52 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive

    2012-08-08 16:52 . 2012-08-12 05:33 -------- d-----w- c:\program files (x86)\Windows Live

    2012-08-08 16:47 . 2012-08-08 16:47 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

    2012-08-08 16:22 . 2012-08-23 20:27 -------- d-----w- c:\program files (x86)\Steam

    2012-08-08 16:22 . 2012-08-23 03:14 -------- d-----w- c:\program files (x86)\Common Files\Steam

    2012-08-08 16:16 . 2012-08-08 16:16 -------- d-----w- c:\program files (x86)\Elaborate Bytes

    2012-08-08 16:14 . 2012-08-08 16:14 -------- d-----w- c:\program files\WinRAR

    2012-08-08 16:13 . 2012-05-31 15:25 279656 ------w- c:\windows\system32\MpSigStub.exe

    2012-08-08 16:08 . 2012-08-08 16:08 -------- d-----w- c:\program files\ESET

    2012-08-08 16:06 . 2012-08-17 07:55 -------- d-sh--w- c:\windows\Installer

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por padrão não são apresentadas.

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

    "aux"=wdmaud.drv

    .

    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]

    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2011-04-05 4925184]

    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]

    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]

    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-02-07 822624]

    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]

    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]

    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

    S3 RTL8023x64;Driver Realtek 10/100 NIC Family NDIS x64;c:\windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]

    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [2011-10-01 765288]

    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [2011-10-01 268648]

    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [2011-10-01 25960]

    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [2011-10-01 22376]

    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

    .

    .

    --- =Outros Serviços/Drivers Na Memória ---

    .

    *NewlyCreated* - WS2IFSL

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    .

    2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1302757549-2883402269-2165836234-1000Core.job

    - c:\users\Felipe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-08 16:09]

    .

    2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1302757549-2883402269-2165836234-1000UA.job

    - c:\users\Felipe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-08 16:09]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]

    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-05 8060960]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    "LoadAppInit_DLLs"=0x0

    .

    ------- Scan Suplementar -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    mLocal Page = c:\windows\SysWOW64\blank.htm

    TCP: DhcpNameServer = 201.6.2.90 201.6.2.180

    FF - ProfilePath - c:\users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\i98lhica.default\

    .

    - - - - ORFÃOS REMOVIDOS - - - -

    .

    Wow6432Node-HKLM-Run-PlusService - c:\program files (x86)\Messenger Plus! Live\PlusService.exe

    .

    .

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Tempo para conclusão: 2012-08-23 17:56:58 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2012-08-23 20:56

    .

    Pré-execução: 908.635.738.112 bytes disponíveis

    Pós execução: 908.158.152.704 bytes disponíveis

    .

    - - End Of File - - 6D3619EFEBFB010239ACED6641DAF3E5

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Abra o bloco de notas e copie (CTRL + C) e cole (CTRL + V) o seguinte texto entre QUOTE:


    reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" > C:\look.txt
    notepad C:\look.txt

    Salve o arquivo como FixServices.bat

    Escolha salvar colocando como tipo de arquivo: Todos os Arquivos.

    1. Ficará um ícone como este 4qhg48p.jpg.
    2. Dê um duplo clique em FixServices.bat.
    3. Espere o bat terminar de executar. Ao terminar a execução, aparecerá um arquivo de texto, copie-o e cole-o e sua próxima resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Segue o log:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

    IE5_UA_Backup_Flag REG_SZ 5.0

    User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)

    EmailName REG_SZ User@

    PrivDiscUiShown REG_DWORD 0x1

    EnableHttp1_1 REG_DWORD 0x1

    WarnOnIntranet REG_DWORD 0x1

    MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges

    AutoConfigProxy REG_SZ wininet.dll

    UseSchannelDirectly REG_BINARY 01000000

    WarnOnPost REG_BINARY 01000000

    UrlEncoding REG_DWORD 0x0

    SecureProtocols REG_DWORD 0xa0

    PrivacyAdvanced REG_DWORD 0x0

    ZonesSecurityUpgrade REG_BINARY 8169D96E1577CD01

    DisableCachingOfSSLPages REG_DWORD 0x0

    WarnonZoneCrossing REG_DWORD 0x0

    CertificateRevocation REG_DWORD 0x1

    EnableNegotiate REG_DWORD 0x1

    MigrateProxy REG_DWORD 0x1

    ProxyEnable REG_DWORD 0x0

    ProxyHttp1.1 REG_DWORD 0x1

    EnablePunycode REG_DWORD 0x1

    DisableIDNPrompt REG_DWORD 0x0

    ShowPunycode REG_DWORD 0x0

    WarnonBadCertRecving REG_DWORD 0x1

    WarnOnPostRedirect REG_DWORD 0x0

    EnableAutodial REG_DWORD 0x0

    NoNetAutodial REG_DWORD 0x0

    WarnOnHTTPSToHTTPRedirect REG_DWORD 0x1

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Seu computador faz parte de alguma rede? Poderia explicar como funciona sua conexão?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Então, ele é ligado diretamente no modem da Motorola, que já possui Wireless. Mas não está liberado o acesso de nenhum computador, nem o notebook que possuímos aqui em casa. Nunca tentei ligar ele em rede a outros computadores, uso somente para internet mesmo. A wireless tem senha, acredito que não tenham acesso a mesma...

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Baixe o Kaspersky AVP Tool de um desses 2 links:

    http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

    http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

    Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

    Informe seu email depois clique no botão Submit Form.

    A página será recarregada. Clique no botão Download

    Salve-o em sua área de trabalho.

    Execute o arquivo e aguarde a instalação.

    ** Usuários do Windows Vista e Windows 7:

    Clique com o direito sobre o arquivo, depois clique em Executar como administrador

    Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

    KRT_settings.png

    Nesta tela, marque a caixa ao lado de:

    • Meu Computador
    • Disco local (C:)

    Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

    KRT_install2_.png

    De volta à tela inicial do programa, clique no botão Start scanning

    Tenha paciência, é um pouco demorado.

    Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

    Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

    KRT_detection_.png

    Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

    Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

    De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

    Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

    Escolha um local de fácil acesso e salve como log.txt

    Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

    Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

    Para sair do programa, basta clicar no X no canto superior direito.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×