JAPICHIN
Cyber Highlander
Registrado
18.3K Mensagens
5.2K Curtidas
>>> tópico movido da sala de "Segurança: discussões, dúvidas e informações" >>>
japichin
Moderador
Naldo Volpe
Cyber Highlander
Registrado
20.8K Mensagens
3.5K Curtidas
Instale o MalwareBytes (...de RubbeR DuckY)
*Antes de concluir a instalação, desmarque a opção Ativar trial gratuito do Malwarebytes Anti-Malware PRO
*Aguarde a atualização e o programa será aberto automaticamente
*Selecione [Verificação Rápida]
*Clique [Verificar]
*Ao término, clique [OK] > [Ver Resultados] > [Remover Selecionados]
*Cole o relatório apresentado
Andreatta
Tô em todas
Registrado
2.4K Mensagens
39 Curtidas
Instale o MalwareBytes (...de RubbeR DuckY)
*Antes de concluir a instalação, desmarque a opção Ativar trial gratuito do Malwarebytes Anti-Malware PRO
*Aguarde a atualização e o programa será aberto automaticamente
*Selecione [Verificação Rápida]
*Clique [Verificar]
*Ao término, clique [OK] > [Ver Resultados] > [Remover Selecionados]
*Cole o relatório apresentado
Verificação Rápida ? bom segue o log :
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Versão da Base de Dados: v2013.06.27.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
wagner :: WAGNER-PC [administrador]
27/06/2013 20:09:31
mbam-log-2013-06-27 (20-09-31).txt
Tipo de Verificação: Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 253739
Tempo decorrido: 3 minuto(s), 53 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)
(fim)
Naldo Volpe
Cyber Highlander
Registrado
20.8K Mensagens
3.5K Curtidas
Andreatta
Tô em todas
Registrado
2.4K Mensagens
39 Curtidas
joram
Highlander
Registrado
5.4K Mensagens
2.5K Curtidas
Bom Dia! Andreatta
|- Desinstale seus navegadores,Firefox e Google Chrome,utilizando o RevoUnistaller no modo Avançado.
|- Ps: Ao concluir a limpeza,direi quando reinstalá-los novamente.
|- Ps: Procure executar os procedimentos,sendo fiel à ordem que seguem.
-/-
|- Baixe: < > ( ... by Oleg N. Scherbakov )
|- Salve-o no desktop!
|- Para Windows 7,clique direito em JRT.exe e execute-o ...
|- Aguarde a conclusão e poste o relatório. ( JRT.txt )
-/-
|- Baixe: < Revo Uninstaller >
|- Salve-o no desktop.
|- Instale o utilitário e verifique se na tela principal aparece o programa a ser desinstalado.
|- No seu caso,o Firefox e o Google Chrome.
|- Selecione-os e clique em Desinstalar.
|- Desinstale um por vez!
|- Para maiores detalhes,leia o < Tutorial >
-/-
|- Baixe: < zoek > ( ... by Smeenk )
|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.
startupall;
autoclean;
filesrcm;
emptyalltemp;
|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script". <- Aguarde a conclusão!
|- Aceite e/ou confirme o reboot!
zoek.hta failed by unknown error.
Restart computer, and try again.
|- Ps: Ao obter algun erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<
|- Recomendo enviá-lo à CJoint.com,postando o link ao relatório.
-/-
|- Execute a ferramenta OTL.exe.
|- Copie estas informações que estão no Code,para o campo clipboard da ferramenta. ( "Exames Personalizados/Correções" )
[code=rich]:OTL
IE - HKU\S-1-5-21-160635771-3247580687-3712117055-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: File not found
FF - HKCU\Software\MozillaPlugins\@fancyguo.com/FancyGame,version=1.0.0.1: File not found
O2:64bit: - BHO: (no name) - {95525BD9-6136-4A26-8263-9CEE295D442D} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-160635771-3247580687-3712117055-1001\..\Toolbar\WebBrowser: (no name) - {E0301295-AB3E-4AF3-979F-3D453C5F9F48} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
[2013/06/27 13:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu Security
[2013/06/27 13:17:59 | 000,000,000 | ---D | C] -- C:\Users\wagner\AppData\Roaming\Baidu
[2013/06/27 13:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu
[2013/06/27 00:49:54 | 000,000,000 | ---D | M] -- C:\Users\wagner\AppData\Roaming\Awesomium
[2013/06/27 13:17:59 | 000,000,000 | ---D | M] -- C:\Users\wagner\AppData\Roaming\Baidu
[2013/06/27 12:27:13 | 000,000,000 | ---D | M] -- C:\Users\wagner\AppData\Roaming\Baidu Security
[2013/06/27 00:49:54 | 000,000,000 | ---D | M] -- C:\Users\wagner\AppData\Roaming\Awesomium
[2013/06/27 13:17:59 | 000,000,000 | ---D | M] -- C:\Users\wagner\AppData\Roaming\Baidu
[2013/06/27 12:27:13 | 000,000,000 | ---D | M] -- C:\Users\wagner\AppData\Roaming\Baidu Security
[2012/12/22 16:19:11 | 000,009,216 | ---- | C] () -- C:\Users\wagner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"Gopher"="gopher://"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
:Files
type C:\AdwCleaner[S1].txt /C
:Commands
[CLEARALLRESTOREPOINTS]
[emptytemp]
[Reboot][/code]|- Clique no botão Consertar -> Aguarde a conclusão!
|- O computador vai reiniciar! -> Clique em "Executar".
|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.
|- Poste o relatório: C:\_OTL\MovedFiles\*.log
|- Recomendo enviá-lo à CJoint.com,postando o link ao relatório.
A+
Andreatta
Tô em todas
Registrado
2.4K Mensagens
39 Curtidas
Bom Dia! Andreatta
|- Desinstale seus navegadores,Firefox e Google Chrome,utilizando o RevoUnistaller no modo Avançado.
|- Ps: Ao concluir a limpeza,direi quando reinstalá-los novamente.
|- Ps: Procure executar os procedimentos,sendo fiel à ordem que seguem.
-/-
|- Baixe: < > ( ... by Oleg N. Scherbakov )
|- Salve-o no desktop!
|- Para Windows 7,clique direito em JRT.exe e execute-o ...
|- Aguarde a conclusão e poste o relatório. ( JRT.txt )
-/-
|- Baixe: < Revo Uninstaller >
|- Salve-o no desktop.
|- Instale o utilitário e verifique se na tela principal aparece o programa a ser desinstalado.
|- No seu caso,o Firefox e o Google Chrome.
|- Selecione-os e clique em Desinstalar.
|- Desinstale um por vez!
|- Para maiores detalhes,leia o < Tutorial >
-/-
|- Baixe: < zoek > ( ... by Smeenk )
|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.
startupall;
autoclean;
filesrcm;
emptyalltemp;
|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script". <- Aguarde a conclusão!
|- Aceite e/ou confirme o reboot!
|- Ps: Ao obter algun erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<
|- Recomendo enviá-lo à CJoint.com,postando o link ao relatório.
-/-
|- Execute a ferramenta OTL.exe.
|- Copie estas informações que estão no Code,para o campo clipboard da ferramenta. ( "Exames Personalizados/Correções" )
[code=rich]:OTL
IE - HKU\S-1-5-21-160635771-3247580687-3712117055-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: File not found
FF - HKCU\Software\MozillaPlugins\@fancyguo.com/FancyGame,version=1.0.0.1: File not found
O2:64bit: - BHO: (no name) - {95525BD9-6136-4A26-8263-9CEE295D442D} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-160635771-3247580687-3712117055-1001\..\Toolbar\WebBrowser: (no name) - {E0301295-AB3E-4AF3-979F-3D453C5F9F48} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
[2013/06/27 13:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu Security
[2013/06/27 13:17:59 | 000,000,000 | ---D | C] -- C:\Users\wagner\AppData\Roaming\Baidu
[2013/06/27 13:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu
[2013/06/27 00:49:54 | 000,000,000 | ---D | M] -- C:\Users\wagner\AppData\Roaming\Awesomium
[2013/06/27 13:17:59 | 000,000,000 | ---D | M] -- C:\Users\wagner\AppData\Roaming\Baidu
[2013/06/27 12:27:13 | 000,000,000 | ---D | M] -- C:\Users\wagner\AppData\Roaming\Baidu Security
[2013/06/27 00:49:54 | 000,000,000 | ---D | M] -- C:\Users\wagner\AppData\Roaming\Awesomium
[2013/06/27 13:17:59 | 000,000,000 | ---D | M] -- C:\Users\wagner\AppData\Roaming\Baidu
[2013/06/27 12:27:13 | 000,000,000 | ---D | M] -- C:\Users\wagner\AppData\Roaming\Baidu Security
[2012/12/22 16:19:11 | 000,009,216 | ---- | C] () -- C:\Users\wagner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"Gopher"="gopher://"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
:Files
type C:\AdwCleaner[S1].txt /C
:Commands
[CLEARALLRESTOREPOINTS]
[emptytemp]
[Reboot][/code]|- Clique no botão Consertar -> Aguarde a conclusão!
|- O computador vai reiniciar! -> Clique em "Executar".
|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.
|- Poste o relatório: C:\_OTL\MovedFiles\*.log
|- Recomendo enviá-lo à CJoint.com,postando o link ao relatório.
A+
Relatório do Zoek, não sei se fiz correto :
Zoek.exe Version 4.0.0.3 Updated 27-June-2013
Tool run by wagner on 28/06/2013 at 14:26:48,13.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
"C:\Users\wagner\AppData\Local\{24E20E28-0B34-4753-BFED-367DFE7AF966}" deleted
"C:\Windows\SysNative\roboot64.exe" deleted
"C:\ProgramData\hash.dat" deleted
"C:\Users\wagner\AppData\Roaming\4Sync" deleted
"C:\Users\wagner\AppData\Local\CRE" deleted
"C:\Users\wagner\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2013-06-28 17:04:21 AC4E918EAD1C5AA28A91CEED2A1306D0 265338 ----a-w- C:\Windows\TempCloudAV0628170405_2224.csv
2013-06-28 03:07:59 E505EFB81113C111C67B8BDC02520272 188102 ----a-w- C:\Windows\TempCloudAV0627211027_2256.csv
2013-06-27 19:54:17 CE0CD0324155D9DC635C595E51BF70DA 1432413 ----a-w- C:\Windows\TempCloudAV0627195356_2272.csv
2013-06-27 16:19:03 236C31C55CC9BA3300B1BD77B3BF0CD7 27771 ----a-w- C:\Windows\TempCloudAV0627154701_2280.csv
2013-06-27 14:01:01 D17E710F3CC3AC3E125A1AE907833578 1551520 ----a-w- C:\Windows\TempCloudAV0627140048_2172.csv
2013-06-27 09:27:16 ACDB1F79D156FA891D7455B542F690B5 277988 ----a-w- C:\Windows\TempCloudAV0627092656_2220.csv
2013-06-26 15:17:22 3BA8AB1667CD24D6175162599827D876 2415172 ----a-w- C:\Windows\TempCloudAV0626151706_2216.csv
2013-06-25 19:01:12 E09651F1F02D6F966C8377F941235A95 11649828 ----a-w- C:\Windows\TempCloudAV0625190058_2228.csv
2013-06-25 09:21:35 AB685AA558DCEF35DA6D4FCF8B67FE1D 635212 ----a-w- C:\Windows\TempCloudAV0625092116_2228.csv
2013-06-24 16:58:29 76BE2D0A98232C3CF6FF1E8018350C0C 250167 ----a-w- C:\Windows\TempCloudAV0624165816_2284.csv
2013-06-22 16:29:48 86879CE90A7BCEB98FE860FA0A4DDA47 1168194 ----a-w- C:\Windows\TempCloudAV0622162931_2236.csv
2013-06-21 14:18:49 0E6E4E55B88996AA29520F03AAF6CFE3 4921035 ----a-w- C:\Windows\TempCloudAV0621141818_2276.csv
2013-06-19 15:04:23 0E6E49028EAB694ADB70F24768305EAD 1180746 ----a-w- C:\Windows\TempCloudAV0619144258_2192.csv
2013-06-19 02:06:04 9942A9A2E2499E9619A4731A3BA554A9 4757494 ----a-w- C:\Windows\TempCloudAV0619020546_2272.csv
2013-06-17 13:31:15 E703B5AB317F0B6FF0AABBBA12A59644 786752 ----a-w- C:\Windows\TempCloudAV0617133056_2192.csv
2013-06-16 13:31:04 AB16D990203725DF7651B1FB05A7AC81 207214 ----a-w- C:\Windows\TempCloudAV0616132456_2180.csv
2013-06-14 21:33:07 4C3D29A2082113D668154F178E0F7E17 2181772 ----a-w- C:\Windows\TempCloudAV0614213251_2200.csv
2013-06-14 14:39:12 D80859FE2D61D0892C14CD76350232AD 650071 ----a-w- C:\Windows\TempCloudAV0614143851_2196.csv
2013-06-13 13:42:06 AF37027D7CD80B0D71736EAB0FB07530 20342 ----a-w- C:\Windows\TempCloudAV0613132056_2232.csv
2013-06-11 14:25:16 81B17A06DF22D1D2169EF4D54D520C69 2053265 ----a-w- C:\Windows\TempCloudAV0611142456_2212.csv
2013-06-11 14:17:07 C1E35A3286F8D9E33D902D716C728810 72391 ----a-w- C:\Windows\TempCloudAV0611135437_2228.csv
2013-06-10 13:53:52 4A8AB5773DD04671338CF889DFF1E197 3002639 ----a-w- C:\Windows\TempCloudAV0610135338_2148.csv
2013-06-08 12:00:23 11CD634794A7215D4AD29B8A59F748C5 471876 ----a-w- C:\Windows\TempCloudAV0608115929_2200.csv
2013-06-07 18:19:48 9FE5C4E3615D959CE2EE7599F0F37006 483458 ----a-w- C:\Windows\TempCloudAV0607181928_1964.csv
2013-06-05 09:25:55 0C16EEF1ECD2506EE152A5A1E974621C 456061 ----a-w- C:\Windows\TempCloudAV0605092542_2220.csv
2013-06-04 13:44:43 E0065A6433BBD88DED456D88155CA05C 9048291 ----a-w- C:\Windows\TempCloudAV0604133910_2224.csv
2013-06-03 22:10:33 1DE504D77FEAEC29F61FB0CCB7062533 2693442 ----a-w- C:\Windows\TempCloudAV0603221015_2228.csv
2013-06-02 16:27:44 5083DD2F5B7A11A6250F2B747030D8D3 1140237 ----a-w- C:\Windows\TempCloudAV0602162724_2052.csv
2013-06-02 14:55:43 4D615AFA25246623D37C27285ADAF7E2 1421530 ----a-w- C:\Windows\TempCloudAV0602142619_2184.csv
2013-06-01 14:20:06 B3B169573D5831E941B0F9A02BF7994C 77162 ----a-w- C:\Windows\TempCloudAV0601133502_2244.csv
2013-05-31 23:55:24 F4B340DE6842C0BF878F7C1B2AD63522 535902 ----a-w- C:\Windows\TempCloudAV0531234431_2212.csv
2013-05-31 23:13:30 4FBEDAECE76C7A4A2AE38F6D4BC82837 102775 ----a-w- C:\Windows\TempCloudAV0531231313_2188.csv
2013-05-31 14:50:17 2A34269B98940E740DC84668EC01AC33 1296879 ----a-w- C:\Windows\TempCloudAV0531144938_2232.csv
2013-05-31 12:59:00 D74746E4A8B7649243FB53AD340EF36E 520497 ----a-w- C:\Windows\TempCloudAV0531125843_2280.csv
2013-05-29 21:49:35 FB3C94D37A9B6AFB0E4DC43AF605C0A7 3868189 ----a-w- C:\Windows\TempCloudAV0529214921_2180.csv
====== C:\Users\wagner\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-06-24 17:08:07 351D111CD5C5479946EB724DBBB1275E 96168 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-19 02:53:09 75A158A90BAAF0AB9B3144710A9F295A 116096 ---ha-w- C:\Windows\SysWOW64\mlfcache.dat
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-06-28 17:11:17 9C3AC71A9934B884FAC567A8807E9C4D 31800 ----a-w- C:\Windows\Sysnative\drivers\revoflt.sys
2013-06-28 14:48:46 D6C6BAE38CFEDCF3F7E046A5A72528FD 58808 ----a-w- C:\Windows\Sysnative\drivers\PSKMAD.sys
2013-05-29 20:16:45 23DF78ABB48AA697EC6BC87452247598 137448 ----a-w- C:\Windows\Sysnative\drivers\PSINProt.sys
====== C:\Windows\Tasks ======
2013-06-27 17:02:03 0861EFB7F2D359FD3B880A2B83A0B165 1064 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce7358bfc49a0.job
2013-05-31 23:36:08 9CF91B17C0F1DBCE0CDE77513DC3CF7C 298 ----a-w- C:\Windows\Tasks\Registry Optimizer_DEFAULT.job
2013-05-31 23:36:03 74A13930D0C6B3F2DBD71D74AE8A8C8C 306 ----a-w- C:\Windows\Tasks\Registry Optimizer_UPDATES.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-06-28 17:11:15 -------- d-----w- C:\Program Files\VS Revo Group
======= C:\Program Files (x86) =====
2013-06-25 16:51:12 -------- d-----w- C:\Program Files (x86)\Activision
2013-06-25 04:08:09 -------- d-----w- C:\Program Files (x86)\StarCraft II
2013-06-20 20:21:22 -------- d-----w- C:\Program Files (x86)\Age of Empires II HD
2013-06-08 18:59:46 -------- d-----w- C:\Program Files (x86)\GameVicio
2013-05-31 23:40:59 -------- d-----w- C:\Program Files (x86)\EVGA Precision X
======= C: =====
2013-06-27 16:25:56 FA8EC3ADA028F4118CCC71D97E16C6A7 1302 ----a-w- C:\AdwCleaner[S15].txt
2013-06-27 16:24:54 E518B6B2BDB6C2FD935BF3B53D68F815 1248 ----a-w- C:\AdwCleaner[R1].txt
2013-06-27 15:44:20 248F43E308B43F796863D8B4C8D4FAA8 3754 ----a-w- C:\AdwCleaner[S14].txt
====== C:\Users\wagner\AppData\Roaming ======
2013-06-28 17:11:35 -------- d-----w- C:\users\wagner\AppData\Local\VS Revo Group
2013-06-27 17:25:50 -------- d-----w- C:\users\wagner\AppData\Local\CrashRpt
2013-06-27 17:25:48 -------- d-----w- C:\users\wagner\AppData\Roaming\DawngateData
2013-06-27 17:25:05 -------- d-----w- C:\users\wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dawngate
2013-06-27 17:25:04 -------- d-----w- C:\users\wagner\AppData\Local\Electronic Arts
2013-06-27 15:55:28 -------- d-----w- C:\users\wagner\AppData\Local\Apple
2013-06-25 17:34:47 -------- d-----w- C:\users\wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
2013-06-19 02:56:52 C4980308B109EEDA012EDB0F0498298E 8 ----a-w- C:\users\wagner\AppData\Roaming\DofusAppId0_1
2013-06-19 02:56:52 -------- d-----w- C:\users\wagner\AppData\Roaming\DofusTesting
2013-06-19 02:54:35 -------- d-----w- C:\users\wagner\AppData\Roaming\AnkamaCertificates
2013-06-19 02:53:21 -------- d-----w- C:\users\wagner\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2013-06-19 02:53:21 -------- d-----w- C:\users\wagner\AppData\Roaming\app
2013-06-19 02:53:17 DA47083F75122EDAF8F5CD0EDE531FFA 125 ----a-w- C:\users\wagner\AppData\Roaming\D2Info0
2013-06-19 02:53:17 C19D840B08373C00DA9AF78F36151983 8 ----a-w- C:\users\wagner\AppData\Roaming\DofusAppId0_2
2013-06-19 02:53:17 -------- d-----w- C:\users\wagner\AppData\Roaming\DofusTesting-2
2013-06-19 02:53:17 -------- d-----w- C:\users\wagner\AppData\Roaming\Dofus2
2013-06-10 22:08:41 -------- d-----w- C:\users\wagner\AppData\Roaming\Awesomium
2013-06-06 00:10:50 -------- d-----w- C:\users\wagner\AppData\Local\TeknoGods
2013-05-31 23:41:02 -------- d-----w- C:\users\wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision X
2013-05-31 23:36:00 -------- d-----w- C:\users\wagner\AppData\Roaming\Nico Mak Computing
====== C:\Users\wagner ======
2013-06-28 17:11:19 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2013-06-28 17:11:17 -------- d-----w- C:\ProgramData\VS Revo Group
2013-06-28 17:08:35 24FAF7A6230132BFD58A907F9A453342 9916056 ----a-w- C:\Users\wagner\Downloads\RevoUninProSetup.exe
2013-06-28 17:07:46 09A3F926C400C29B3CF04FD15A0D8DEA 545954 ----a-w- C:\Users\wagner\Desktop\JRT.exe
2013-06-28 02:54:33 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\wagner\Desktop\OTL.exe
2013-06-27 23:06:04 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\wagner\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-27 17:01:34 38E3D2DAFEE9D3D018B98D66E60D19D5 800232 ----a-w- C:\Users\wagner\Downloads\ChromeSetup (1).exe
2013-06-27 15:55:24 -------- d-----w- C:\ProgramData\Apple
2013-06-25 17:17:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
2013-06-25 04:08:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2013-06-25 03:23:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nival
2013-06-21 05:54:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
2013-06-20 21:45:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Empires II HD
2013-06-20 20:25:10 -------- d-----w- C:\ProgramData\Steam
====== C: exe-files ==
2013-06-28 17:17:35 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\JRT\erunt\ERUNT.EXE
2013-06-28 17:14:58 FF8DFEDAD0C13E52026D5E638A638724 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-160635771-3247580687-3712117055-1001\$IAZK4NU.exe
2013-06-28 17:14:58 B3AE5EF6EF2A6DFD381A6F2372574B6D 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-160635771-3247580687-3712117055-1001\$ID3XVIU.exe
2013-06-28 17:14:58 9C7FACABF4DC4EE9F10832CF23951139 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-160635771-3247580687-3712117055-1001\$IGCRIQP.exe
2013-06-28 17:14:58 2F26F15688022B0331C0A20DF2DED7E0 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-160635771-3247580687-3712117055-1001\$IKCPU66.exe
2013-06-28 17:14:58 128412233533E2D66DC546AC6FA7B5E0 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-160635771-3247580687-3712117055-1001\$IR3EI3H.exe
2013-06-28 17:14:57 A637C0B169259FA9F31492B49708F099 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-160635771-3247580687-3712117055-1001\$IICS31Q.exe
2013-06-28 17:14:57 5EE0115ABED14D8D09ECE0A1A943B2FF 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-160635771-3247580687-3712117055-1001\$IF0IOG7.exe
2013-06-28 17:14:57 4F1087F25AD2991935460FEA0EAEEA8F 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-160635771-3247580687-3712117055-1001\$IY0QDYH.exe
2013-06-28 17:14:55 55604308D5708912FFA10F8DFC7E267C 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-160635771-3247580687-3712117055-1001\$IB3ATVM.exe
2013-06-28 17:11:17 7F3B3ABA994FBFCC90FF8FED64111CDB 81360 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoCmd.exe
2013-06-28 17:11:17 26B0E0310E166BCECDDA4FEA5D97BDDB 3766336 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoAppBar.exe
2013-06-28 17:11:17 04EFED15350A230218D3884C95C1931F 7151696 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\ruplp.exe
2013-06-28 17:11:16 285B268116852C3D2244D562CD2B3E5D 16953400 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
2013-06-28 17:11:16 26EBC22E25315B7ECDE12F9A1FB52E02 1287565 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe
2013-06-28 17:09:59 9ED26823A1B005904F09DDFC8E6F8A26 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-160635771-3247580687-3712117055-1001\$IKHCDG8.exe
2013-06-28 17:09:28 5D8251144865423B1D026A05C2343B94 1272654 ----a-w- C:\$Recycle.Bin\S-1-5-21-160635771-3247580687-3712117055-1001\$RKHCDG8.exe
2013-06-28 17:08:10 97FA7580C94220E7FED7B4408B2CBE23 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-160635771-3247580687-3712117055-1001\$IPT1S1R.exe
2013-06-28 17:07:46 09A3F926C400C29B3CF04FD15A0D8DEA 545954 ----a-w- C:\Users\wagner\Desktop\JRT.exe
2013-06-28 02:54:33 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\wagner\Desktop\OTL.exe
2013-06-28 01:36:33 0E68A0BD86C3F2461C7DB224368AE438 410152 ----a-w- C:\Program Files (x86)\GbPlugin\gbpsv.exe
2013-06-27 19:39:41 E9349A03FD81B4806714A16796B5E20A 17304 ----a-w- C:\$Recycle.Bin\S-1-5-21-160635771-3247580687-3712117055-1001\$RAZK4NU.exe
2013-06-27 19:39:41 D14C8E7F719BF8AAD42E4B11F38D5AC9 92056 ----a-w- C:\$Recycle.Bin\S-1-5-21-160635771-3247580687-3712117055-1001\$RGCRIQP.exe
2013-06-27 19:39:41 98EF5E255AB8672777AA893BDB4E6EE0 26520 ----a-w- C:\$Recycle.Bin\S-1-5-21-160635771-3247580687-3712117055-1001\$RD3XVIU.exe
2013-06-27 19:39:41 5ACFD57748729AA310D488ECE1EF6EB2 170232 ----a-w- C:\$Recycle.Bin\S-1-5-21-160635771-3247580687-3712117055-1001\$RR3EI3H.exe
2013-06-27 19:39:41 4C1BAC10319899DB30A0FE9FA89E6F95 868088 ----a-w- C:\$Recycle.Bin\S-1-5-21-160635771-3247580687-3712117055-1001\$RZWZ1ON\helper.exe
2013-06-27 19:39:41 38C84044777D079774B6F26C80248DDB 272792 ----a-w- C:\$Recycle.Bin\S-1-5-21-160635771-3247580687-3712117055-1001\$RKCPU66.exe
2013-06-27 19:39:40 C8D28F8B498CADBB9445AC4545BD41B7 920472 ----a-w- C:\$Recycle.Bin\S-1-5-21-160635771-3247580687-3712117055-1001\$RICS31Q.exe
2013-06-27 19:39:40 528A5C2570F468155A1B3CF0A2FF5EBD 117144 ----a-w- C:\$Recycle.Bin\S-1-5-21-160635771-3247580687-3712117055-1001\$RY0QDYH.exe
2013-06-27 19:39:40 46DB78E5D6896B11AF5FDEC3AE3AF0AA 193824 ----a-w- C:\$Recycle.Bin\S-1-5-21-160635771-3247580687-3712117055-1001\$RF0IOG7.exe
2013-06-27 19:39:40 1B4F47C7D94B2261C09D2A34EDE2613E 116120 ----a-w- C:\$Recycle.Bin\S-1-5-21-160635771-3247580687-3712117055-1001\$RB3ATVM.exe
2013-06-27 18:58:21 7E18674B29A1BB373EAF750376107CA7 1042432 ----a-w- C:\Users\wagner\AppData\Local\Electronic Arts\Dawngate\game\CrashSender1300.exe
2013-06-27 18:20:29 A0B217B6846C9632A1FC9B391C5C924F 14221144 ----a-w- C:\Users\wagner\AppData\Local\Electronic Arts\Dawngate\game\Dawngate.exe
2013-06-27 17:02:03 C3190BA6ED6220369EEEED081A14DDFC 59784 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleUpdateOnDemand.exe
2013-06-27 17:02:03 38E3D2DAFEE9D3D018B98D66E60D19D5 800232 ----a-w- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleUpdateSetup.exe
2013-06-27 17:02:03 1017788353D8349BF6086B9CDDC8CB7B 59784 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleUpdateBroker.exe
2013-06-27 17:02:02 CA35155F6B4C4DB2513AAAA868BAFF47 324488 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler64.exe
2013-06-27 17:02:02 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleUpdate.exe
2013-06-27 17:02:02 09C87F376507122A5FE1CBE06E015512 239496 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler.exe
2013-06-27 15:00:42 C77CEFCE1DA1107E83D2745766E0FEA2 33573216 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\27.0.1453.116\27.0.1453.116_chrome_installer.exe
2013-06-26 22:23:06 5D3279B3F410D61C4355D1BA9B487AFF 33792 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\HardwareSurvey.exe
2013-06-26 22:16:50 355732F197C62DCAA82427919FE113C5 28573952 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelGame.exe
2013-06-25 20:54:54 C59803F64C738BEE609D68FAA85FE61B 19461168 ----a-w- C:\Program Files (x86)\StarCraft II\Versions\Base24944\SC2.exe
2013-06-25 20:54:54 A21984BF64665745AF91DFED669C944A 364592 ----a-w- C:\Program Files (x86)\StarCraft II\StarCraft II Editor.exe
2013-06-25 17:34:48 3CD32EA926771F63B1508AB164242807 516867 ----a-w- C:\Program Files (x86)\GameVicio\Call of Duty Modern Warfare 2\Desinstalar.exe
2013-06-25 17:17:42 8DEA79877305B883E92FE34CC1CFCA77 3513944 ----a-r- C:\Program Files (x86)\Activision\Modern Warfare 2\iw4sp.exe
2013-06-25 17:17:42 16EFB76039D76ED3FDB868771AB9C4A8 3923544 ----a-r- C:\Program Files (x86)\Activision\Modern Warfare 2\iw4mp.exe
2013-06-25 17:06:31 5C82BE7AD1775B67916EE19C15B99331 2723264 ----a-w- C:\Program Files (x86)\Activision\Modern Warfare 2\Redist\vcredist_x86.exe
2013-06-25 17:06:24 9E970EB020EC22032DBBD0BD8C2C659F 525656 ----a-w- C:\Program Files (x86)\Activision\Modern Warfare 2\Redist\DirectX\DXSETUP.exe
2013-06-25 16:51:12 0C93B60052893B799949BE5A08D0A045 704346 ----a-w- C:\Program Files (x86)\Activision\Modern Warfare 2\unins000.exe
2013-06-25 16:27:00 2396D5A05354C32229BBFFFEA645BABB 501360 ----a-w- C:\Program Files (x86)\Origin\OriginCrashReporter.exe
2013-06-25 16:26:58 FD80353E9E69A3CD790928C37301035C 13912 ----a-w- C:\Program Files (x86)\Origin\igoproxy64.exe
2013-06-25 04:08:09 DE6C8979346BCE0E693CB893EFC2308A 26029104 ----a-w- C:\Program Files (x86)\StarCraft II\Support\SC2Editor.exe
2013-06-25 04:08:09 C267DEBBAB1E844FE3BEC95150D5A5DC 2149424 ----a-w- C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
2013-06-25 04:08:09 BE92A8B17EC519DC3275EA2F20F978D4 1414192 ----a-w- C:\Program Files (x86)\StarCraft II\Support\SC2Switcher.exe
2013-06-25 04:08:09 AB50E8B2D9F248D39BCF53B13F2F6EA0 49424 ----a-w- C:\Program Files (x86)\StarCraft II\Support\PrePopulateCache.exe
2013-06-25 04:08:09 A829DDDC417B4BB4D8175DF1846B8BAA 1337424 ----a-w- C:\Program Files (x86)\Common Files\Blizzard Entertainment\StarCraft II\Uninstall.exe
2013-06-25 04:08:09 616AF2E7440E697D21319391BFF83CD2 491520 ----a-w- C:\Program Files (x86)\StarCraft II\Support\ErrorReporter.exe
2013-06-25 04:08:09 4E875D4C8DC3E69D21EDBE02B3219B0E 321072 ----a-w- C:\Program Files (x86)\StarCraft II\Support\BlizzardError.exe
2013-06-25 04:08:09 2B6C9C52D4158EC26D773F5E49B13CA5 2149424 ----a-w- C:\Program Files (x86)\StarCraft II\StarCraft II.exe
2013-06-25 04:07:47 DD1DAC91C31ECE9F40ECD0B0ADA4170E 19258488 ----a-w- C:\Users\Todos os Usuários\Battle.net\Client\Blizzard Launcher.1974\Blizzard Launcher.exe
2013-06-25 04:07:47 DD1DAC91C31ECE9F40ECD0B0ADA4170E 19258488 ----a-w- C:\ProgramData\Battle.net\Client\Blizzard Launcher.1974\Blizzard Launcher.exe
2013-06-25 04:07:39 ED136EE9DD4D9EBC59AD7272C03D8AC8 6065712 ----a-w- C:\Users\Todos os Usuários\Battle.net\Agent\Agent.1737\Agent.exe
2013-06-25 04:07:39 ED136EE9DD4D9EBC59AD7272C03D8AC8 6065712 ----a-w- C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
2013-06-25 04:07:09 0D455B8705B22C18EBCC94D3A9E73AB6 5973112 ----a-w- C:\Users\Todos os Usuários\Battle.net\Agent\Agent.1675\Agent.exe
2013-06-25 04:07:09 0D455B8705B22C18EBCC94D3A9E73AB6 5973112 ----a-w- C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
2013-06-25 04:07:07 2B6C9C52D4158EC26D773F5E49B13CA5 2149424 ----a-w- C:\Users\Todos os Usuários\Battle.net\Setup\s2_ptbr\StarCraft II Setup.exe
2013-06-25 04:07:07 2B6C9C52D4158EC26D773F5E49B13CA5 2149424 ----a-w- C:\ProgramData\Battle.net\Setup\s2_ptbr\StarCraft II Setup.exe
2013-06-25 03:23:40 4F216DA5C5FA7FAED81345FE1C0711DA 741712 ----a-w- C:\Games\Prime World English\tools\SelfUpdateWatchdog.exe
2013-06-25 03:23:40 1C6B3A6E1E9DF2C8313BCF98AABFC8E1 230912 ----a-w- C:\Games\Prime World English\tools\xdelta.exe
2013-06-25 03:23:39 42BADC1D2F03A8B1E4875740D3D49336 587776 ----a-w- C:\Games\Prime World English\tools\7z.exe
2013-06-25 03:23:37 A19459AA16639C8B76C1E4B0C8590360 2062672 ----a-w- C:\Games\Prime World English\PWLauncher.exe
2013-06-25 03:23:36 8B3F8EBEA2C57C40B459D0E81ABED986 1183309 ----a-w- C:\Games\Prime World English\unins000.exe
2013-06-25 02:58:08 5CB8155C46443389C5305C3930839AAB 11747184 ----a-w- C:\$Recycle.Bin\S-1-5-21-160635771-3247580687-3712117055-1001\$RPT1S1R.exe
2013-06-21 19:39:32 4C8933620783953E359EC20F08000391 33692512 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\28.0.1500.52\28.0.1500.52_chrome_installer.exe
=== C: other files ==
2013-06-28 17:17:35 E4B95882FB080670179EA3605395889B 29803 ----a-w- C:\JRT\iexplore.bat
2013-06-28 17:17:35 C0C9EBB0F67894B294057F8DFD982FB7 224236 ----a-w- C:\JRT\firefox.bat
2013-06-28 17:17:35 BC6829679AE4DF51BA5F2B6DF9C0BAFC 14243 ----a-w- C:\JRT\medfos.bat
2013-06-28 17:17:35 9EE3D7F3A45E24135711E9CBA48DC54F 11837 ----a-w- C:\JRT\JRT.bat
2013-06-28 17:17:35 892B8347BAF133646A19D3B90928AE86 15542 ----a-w- C:\JRT\chrome.bat
2013-06-28 17:17:35 833D69BA76F526DF45C9BEA1A92DC82B 29565 ----a-w- C:\JRT\prelim.bat
2013-06-28 17:17:35 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\JRT\ev_clear.bat
2013-06-28 17:17:35 6AFF3EA276AA312EFBB29BA0D5D2A85A 9763 ----a-w- C:\JRT\modules.bat
2013-06-28 17:17:35 63FEB4EAF9E8C709C3B3470BC40E3EF8 37373 ----a-w- C:\JRT\ask.bat
2013-06-28 17:17:35 620AD0970CC18D799A357D5B9C797F31 5379 ----a-w- C:\JRT\runvalues.bat
2013-06-28 17:17:35 44E5FFC65156A594FCD57D13A7546046 14028 ----a-w- C:\JRT\get.bat
2013-06-28 17:17:35 357F4F46BA2ADE86E2084DE3EC219A18 13025 ----a-w- C:\JRT\searchlnk.bat
2013-06-28 17:17:35 33A0F7BBDF15B84FB01A361D09F54DFE 1825 ----a-w- C:\JRT\delfolders.bat
2013-06-28 17:17:35 31D9F977B48014E79CC35A98D324B16A 1256 ----a-w- C:\JRT\FWPolicy.bat
2013-06-28 17:17:35 296AEB5FF1159F45030514E8C1751368 81579 ----a-w- C:\JRT\misc.bat
2013-06-28 17:17:35 1EE55AF77826E0E6F89A0ED6278E2C35 1040 ----a-w- C:\JRT\TDL4.bat
2013-06-28 17:11:17 9C3AC71A9934B884FAC567A8807E9C4D 31800 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\revoflt.sys
2013-06-26 22:16:50 CBE8521345B0A772CE6A69EBE81539AC 1918157 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\InstallDependencies\BranchConfigure\library.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSUAMain"="C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe /LaunchSysTray"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Advanced SystemCare 6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Advanced SystemCare 6"
"hkey"="HKCU"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\amd_dc_opt]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="amd_dc_opt"
"hkey"="HKLM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Anti-Malware Lab]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Anti-Malware Lab"
"hkey"="HKCU"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ares]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ares"
"hkey"="HKCU"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\B2C_AGENT]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="B2C_AGENT"
"hkey"="HKLM"
"command"="C:\\ProgramData\\LGMOBILEAX\\B2C_Client\\B2CNotiAgent.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Babylon Client]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Babylon Client"
"hkey"="HKLM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BitTorrent"
"hkey"="HKCU"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\conhost]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="conhost"
"hkey"="HKCU"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Lite"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EADM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EADM"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Origin\\Origin.exe\" -AutoStart"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Facebook Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\wagner\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HotKeysCmds"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\hkcmd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IgfxTray"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\igfxtray.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightShot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LightShot"
"hkey"="HKCU"
"command"="C:\\Users\\wagner\\AppData\\Local\\Skillbrains\\lightshot\\LightShot.exe Flags: uninsdeletevalue"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCSpeedUp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCSpeedUp"
"hkey"="HKCU"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Persistence"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\igfxpers.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PSafeTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PSafeTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\PSafe\\PSafeSysTray.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PSafeWDS]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PSafeWDS"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\PSafe\\PSafeWDS.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVCpl"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpybotSD TeaTimer"
"hkey"="HKCU"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpywareTerminator]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpywareTerminator"
"hkey"="HKLM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpywareTerminatorUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpywareTerminatorUpdate"
"hkey"="HKCU"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Steam\\Steam.exe\" -silent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StereoLinksInstall]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StereoLinksInstall"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\nvstlink.exe\" /install1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vProt"
"hkey"="HKLM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebCake Desktop]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WebCake Desktop"
"hkey"="HKCU"
"command"="\"C:\\Users\\wagner\\AppData\\Roaming\\WebCake\\WebCakeDesktop.exe\""
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [27/06/2013 16:45]
C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce7358bfc49a0.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27/07/2011 17:22]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27/07/2011 17:22]
C:\Windows\tasks\RegCure Pro.job --a------ C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe []
C:\Windows\tasks\Registry Optimizer_DEFAULT.job --a------ C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe []
C:\Windows\tasks\Registry Optimizer_UPDATES.job --a------ C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe []
==== Firefox Extensions ======================
==== Firefox Plugins ======================
Profilepath: C:\Users\wagner\AppData\Roaming\Mozilla\Firefox\Profiles\8ayb27z6.default
3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash
D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17
66640A55AEFF3819C94E0A8D40D7E0AD - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll - Shockwave for Director / Shockwave for Director
71B61A08992B0F895288CAAB2B43E3F7 - C:\Users\wagner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\wagner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cgiaikfpllchefojlnehlmpekeogihnm - No path found[]
jbolfgndggfhhpbnkgnpjkfhinclbigj - No path found[]
nneajnkjbffgblleaoojgaacokifdkhm - No path found[]
==== Chrome Fix ======================
C:\Users\wagner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dhkplhfnhceodhffomolpfigojocbpcb_0.localstorage deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.ig.com.br/"
"Search Bar"="http://www.google.com/"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.ig.com.br/"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-160635771-3247580687-3712117055-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{326E768D-4182-46FD-9C16-1449A49795F4} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cgiaikfpllchefojlnehlmpekeogihnm deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nneajnkjbffgblleaoojgaacokifdkhm deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\wagner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\wagner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\wagner\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\users\wagner\AppData\Local\Mozilla\Firefox\Profiles\8ayb27z6.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\users\wagner\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\wagner\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\wagner\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
==== EOF on 28/06/2013 at 16:01:39,80 ======================
e Os Outros relatórios não cabem ai.......segue este relatório........e depois me diga o que devo fazer.
joram
Highlander
Registrado
5.4K Mensagens
2.5K Curtidas
Boa Tarde! Andreatta
e Os Outros relatórios não cabem ai.......segue este relatório........e depois me diga o que devo fazer.
|- Envie os logs a cjoint.com e poste seus links.
Abs!
Andreatta
Tô em todas
Registrado
2.4K Mensagens
39 Curtidas
Boa Tarde! Andreatta
|- Envie os logs a cjoint.com e poste seus links.
Abs!
links
http://cjoint.com/data3/3FCwAdHpcDA.htm
dos outros não to conseguindo fazer link.....
tenho o arquivo texto.
este link ai é do JRT
joram
Highlander
Registrado
5.4K Mensagens
2.5K Curtidas
Olá!
|- Divida o log da OTL em 2 posts.
|- Já tentou dessa forma?
A+
Andreatta
Tô em todas
Registrado
2.4K Mensagens
39 Curtidas
joram
Highlander
Registrado
5.4K Mensagens
2.5K Curtidas
Bom Dia! Andreatta
< C:\_OTL\MovedFiles\*.log << Eis o caminho ao relatório!
|- O log da OTL que foi pedido,não é o de diagnóstico.
|- Poste o log que resultou,após a execução do script.
|- Baixe: < > ( ... by sUBs )
|- Salve-o no desktop! ( Área de trabalho! )
|- Ps: Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! )
|- Feche algum programa/arquivo que esteja aberto.
|- Feche,também,seu navegador! ( IE,Firefox,Opera ou Google Chrome )
|- Ps: Esteja conectado(a) à Internet. <- Importante!
|- É preciso estar logado no sistema com privilégios de administrador.
|- Execute ComboFix.exe,com um duplo clique.
|- Ps: Instale o "Console de Recuperação",caso seja solicitado! <- Somente XP!
|- Ps: Ficará,portanto,à seu critério optar por sua instalação.
|- Surgindo alguma mensagem de erro,execute ComboFix.exe em Modo de Segurança com rede.
|- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador.
|- Abrir-se-á a janela Auto Scan.
|- Aguarde a finalização de todas as Etapas.
|- Durante o scan,evite utilizar o mouse ou teclado!
|- Concluindo,poste: C:\ComboFix.txt
"Tentativa de operaçao ilegal em uma chave do Registro marcada para exclusão."
|- Ao ocorrer este erro,basta reiniciar o computador!
|- "ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão de analistas de segurança."
-/-
|- Baixe: < Complete Internet Repair >
|- Extraia o conteúdo e execute o arquivo "CIntRep.exe".
|- Marque,apenas,as checkbox:
Reset Internet Protocol (TCP/IP)
Repair Winsock (Reset Catalog)
Renew Internet Connections
Flush DNS Resolver Cache
Restore the default hosts file
|- Clique "Go!".
|- Ao concluir,reinicie o computador!
|- À seguir,acesse a pasta "Complete Internet Repair" >> "Logging".
|- Duplo-clique em "CIntRep.log".
|- Poste o log resultante!
|- Ps: Verifique se já pode ter acesso ao jogo!
A+