Você está na página 1de 7

Faa o download do OTL by OldTimer, e salve na sua rea de trabalho:

http://oldtimer.geekstogo.com/OTL.exe
** Usurios do Windows Vista e Windows 7/8:
Clique com o direito sobre o arquivo OTL.exe, depois clique
em

Onde diz Sada, marque Padro


Marque tambm estas opes:

Data de Criao -> mude para 90 dias

Usar WhiteList para Nomes de Companhias.

Ignorar Arquivos Microsoft

Verificar Lop

Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleo, e escolha a
opo copiar
CREATERESTOREPOINT
netsvcs
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%(x86)\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\*.scr
%appdata%\*.*
%programdata%\*.*
%programdata%\*.exe /s
%programdata%\*.dll /s
%PROGRAMFILES%\Internet Explorer\*.*
C:\windows\system32\Tasks\*.* /64
%windir%\tasks\*.*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
/md5start
services.*
/md5stop
Volte ao programa, clique com o direito em qualquer parte branca da sesso Exames
Personalizados/Correes e escolha colar

Clique no boto
O OTL comear a examinar seu computador. No interrompa o processo e nem use outras
janelas at que ele termine.
No modifique nenhuma outra configurao, a menos que tenha sido orientado (a)
a fazer isso.
O exame demora um pouco, tenha pacincia.
Quando terminar, dois blocos de notas sero exibidos: OTL.txt e Extras.txt
Ambos ficaro salvos dentro do mesmo diretrio onde est o OTL.exe, ou seja, na sua rea
de trabalho.
Copie todo o contedo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt
OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um
arquivo .zip ou .rar e anexe-os sua resposta.

Ol,
1)
Selecione estas linhas dentro do CODE, clique com o direito sobre a seleo e escolha a
opo copiar
OBS: Certifique-se de copiar comeando pela letra e sinal de dois pontos ": O" de OTL.

:OTL
PRC - [2013/05/08 19:58:46 | 000,087,240 | ---- | M] (PSafe S.A.) -- C:\Program
Files (x86)\PSafe\PSafeWDS.exe
PRC - [2013/05/08 19:58:44 | 002,820,296 | ---- | M] (PSafe) -- C:\Program Files
(x86)\PSafe\PSafeSysTray.exe
PRC - [2013/05/08 19:58:44 | 000,262,856 | ---- | M] (PSafe S.A.) -- C:\Program
Files (x86)\PSafe\PSafeWD.exe
PRC - [2013/05/08 19:58:42 | 001,244,360 | ---- | M] (PSafe S/A) -- C:\Program
Files (x86)\PSafe\PSafesvc.exe
PRC - [2013/05/08 19:39:36 | 002,182,344 | ---- | M] (PSafe S.A.) -- C:\Program
Files (x86)\PSafe\Protege\psprotegesvc.exe
PRC - [2013/05/08 19:39:34 | 005,318,344 | ---- | M] (PSafe S.A.) -- C:\Program
Files (x86)\PSafe\Protege\psprotege.exe
PRC - [2013/05/08 19:34:44 | 000,371,912 | ---- | M] (PSafe S/A) -- C:\Program
Files (x86)\PSafe\SearchDesk\psSearchDesk.exe
PRC - [2013/05/08 19:33:30 | 003,576,832 | R--- | M] (PSafe Tecnologia S.A.) -C:\Program Files (x86)\PSafe\ClikSeguro\PsClikSeguro.exe
RV - [2013/05/08 19:58:44 | 000,262,856 | ---- | M] (PSafe S.A.) [Auto | Running]
-- C:\Program Files (x86)\PSafe\PSafeWD.exe -- (PSafeWD)
SRV - [2013/05/08 19:58:42 | 001,244,360 | ---- | M] (PSafe S/A) [Auto | Running]
-- C:\Program Files (x86)\PSafe\PSafesvc.exe -- (PSafeSVC)
SRV - [2013/05/08 19:39:36 | 002,182,344 | ---- | M] (PSafe S.A.) [Auto | Running]
-- C:\Program Files (x86)\PSafe\Protege\psprotegesvc.exe -- (PSProtegeSVC)
SRV - [2013/05/08 19:33:30 | 003,576,832 | R--- | M] (PSafe Tecnologia S.A.)
[On_Demand | Running] -- C:\Program Files (x86)\PSafe\ClikSeguro\PsClikSeguro.exe
-- (PsClikSeguro)

DRV:[b]64bit:[/b] - [2013/01/17 21:07:36 | 000,288,688 | R--- | M] (360.cn)


[File_System | System | Running] -- C:\Windows\SysNative\drivers\360FltOEM.sys -(360FltOEM)
IE - HKCU\..\URLSearchHook: {a8625cb7-85fe-4936-92a4-b2a7c925209e} - No CLSID value
found
IE - HKCU\..\SearchScopes,DefaultScope = {92001F8A-C36B-473A-91E7-5BE0C81CF2B3}
IE - HKCU\..\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}: "URL" =
http://clikseguro.com/Search.aspx?cx=017847565674971774939%3Aktp_l5v6i2u&ie=ISO8859-1&q={searchTerms}
CHR - Extension: Lyrics Finder = C:\Users\Robson\AppData\Local\Google\Chrome\User
Data\Default\Extensions\gnbcopcndefcccgdofjadnafjljgofam\1.110_0\
O2 - BHO: (Lyrics Finder) - {398C01F1-E584-46AD-A649-4F78B435DCFE} - C:\Program
Files (x86)\LyricsFinder\lfind.dll (Nijad Software)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []

File not found

O4 - HKLM..\Run: [PSafeTray] C:\Program Files (x86)\PSafe\PSafeSysTray.exe (PSafe)


O4 - HKLM..\Run: [PSafeWDS] C:\Program Files (x86)\PSafe\PSafeWDS.exe (PSafe S.A.)
O4 - HKLM..\Run: [Yahoo Messenger]

File not found

O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 C:\Windows\SysNative\PsClikS64.dll (PSafe Tecnologia S.A.)


O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 C:\Windows\SysNative\PsClikS64.dll (PSafe Tecnologia S.A.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 C:\Windows\SysNative\PsClikS64.dll (PSafe Tecnologia S.A.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 C:\Windows\SysNative\PsClikS64.dll (PSafe Tecnologia S.A.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000015 C:\Windows\SysNative\PsClikS64.dll (PSafe Tecnologia S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 C:\Windows\SysWow64\PsClikS.dll (PSafe Tecnologia S.A.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 C:\Windows\SysWow64\PsClikS.dll (PSafe Tecnologia S.A.)


O10 - Protocol_Catalog9\Catalog_Entries\000000000003 C:\Windows\SysWow64\PsClikS.dll (PSafe Tecnologia S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 C:\Windows\SysWow64\PsClikS.dll (PSafe Tecnologia S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 C:\Windows\SysWow64\PsClikS.dll (PSafe Tecnologia S.A.)
O33 - MountPoints2\{acd03b69-5e83-11e1-b604-0090f5a8c07c}\Shell - "" = AutoRun
O33 - MountPoints2\{acd03b69-5e83-11e1-b604-0090f5a8c07c}\Shell\AutoRun\command "" = E:\LaunchU3.exe -a
[2013/05/16 20:38:14 | 000,000,000 | ---D | C] -- C:\Program Files
(x86)\LyricsFinder
[2013/05/09 23:03:08 | 000,000,000 | ---D | C] -C:\Users\Robson\AppData\Local\PSafe
[2013/05/09 23:03:07 | 000,000,000 | ---D | C] -C:\Users\Robson\AppData\Local\cache
[2013/05/09 23:02:46 | 000,382,976 | R--- | C] (PSafe Tecnologia S.A.) -C:\Windows\SysNative\PsClikS64.dll
[2013/05/09 23:02:46 | 000,322,560 | R--- | C] (PSafe Tecnologia S.A.) -C:\Windows\SysWow64\PsClikS.dll
[2013/04/10 23:10:03 | 000,000,000 | ---D | C] -C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSafe
2013/03/14 19:25:32 | 000,288,688 | R--- | C] (360.cn) -C:\Windows\SysNative\drivers\360FltOEM.sys
[2013/03/14 19:25:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PSafe
[2013/03/14 19:22:38 | 000,000,000 | ---D | C] -C:\Users\Robson\AppData\Roaming\AnySend
[2013/03/14 19:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AnySend
[2013/03/14 19:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PSafe
[2013/05/20 09:12:32 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\Lyrics Finder
Update.job

[2013/05/19 12:21:23 | 000,000,182 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat


[2013/05/15 10:45:50 | 000,001,389 | ---- | C] () -C:\Users\Robson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet
Explorer.lnk
[2013/03/14 19:25:43 | 000,000,000 | ---D | M] -C:\Users\Robson\AppData\Roaming\AnySend
[2013/05/16 20:37:25 | 000,003,514 | ---- | M] () -C:\Windows\SysNative\Tasks\DealPly
[2013/05/16 20:37:23 | 000,003,368 | ---- | M] () -C:\Windows\SysNative\Tasks\DealPlyUpdate
[2013/05/16 20:38:17 | 000,003,234 | ---- | M] () -C:\Windows\SysNative\Tasks\DSite
[2013/05/16 20:38:18 | 000,003,064 | ---- | M] () -C:\Windows\SysNative\Tasks\Lyrics Finder Update
2013/05/20 09:12:26 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\DSite.job

:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections]
"DefaultConnectionSettings"=hex:3c,00,00,00,15,00,00,00,01,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,\
01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00
"SavedLegacySettings"=hex:3c,00,00,00,e6,01,00,00,01,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,\
00,00,c0,a8,83,41,00,00,00,00,00,00,00,00

:Files
ipconfig /flushdns /c

:Commands
[createrestorepoint]
[purity]
[emptytemp]

Execute o OTL.exe
Clique com o direito em qualquer parte branca, da sesso Exames
Personalizados/Correes e escolha a opo colar
Feche TODAS as janelas (exceto o prprio OTL).
Clique no boto
O programa executar o script e reiniciar o seu computador.
Quando o Windows for carregado, o OTL ser executado automaticamente. Permita a sua
execuo.
Um bloco de notas ser aberto, contendo algumas informaes.
Copie TODO o contedo deste bloco de notas e cole na sua resposta.
Uma cpia deste log ficar armazenado na pasta C:\_OTL\MovedFiles com o nome no
seguinte formato data_hora.log.
Exemplo: 03142010_145545.log
2)
Poste um novo log do HijackThis.