Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Boa tarde, toda vez que instalo o anti virus ele acusa minhas fotos como vírus e coloca em quarentena, ai pego e recupero o sistema para minhas fotos voltarem, depois que recuperei vários programas não funcionam.
Segue o logo:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:40:35, on 14/05/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Leandro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leandro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Leandro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Leandro\Downloads\HijackThis (1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [bankerFixV3] \LinhaDefensiva\rotinas\postreboot.bat
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Leandro\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10080 bytes
Segue o log do AdwCleaner:
*** [services] ***
*** [Files / Folders] ***
Folder Found : C:\Users\Leandro\AppData\Local\Babylon
Folder Found : C:\Users\Leandro\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Gabriela\AppData\LocalLow\BabylonToolbar
Folder Found : C:\ProgramData\Babylon
*** [Registry] ***
Key Found : HKCU\Software\Headlight
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKCU\Software\Headlight
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
*** [Registre - GUID] ***
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
*** [internet Browsers] ***
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v [unable to get version]
Profile name : default
File : C:\Users\Leandro\AppData\Roaming\Mozilla\Firefox\Profiles\q8fu0xw8.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Users\Gabriela\AppData\Roaming\Mozilla\Firefox\Profiles\gw82po3i.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v18.0.1025.168
File : C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2294 octets] - [15/05/2012 12:37:17]
########## EOF - C:\AdwCleaner[R1].txt - [2422 octets] ##########
Boa Tarde! leandro aislan
|- Lance,novamente,AdwCleaner e clique em "Delete" ou "Suppression".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Suppression.jpg&key=ea7f314988c364d38f61f15aee7583e1c9e325cba8a0d859f1c7cd594582e777" alt="AdwCleaner_Suppression.jpg" />
|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt
-/-/-/-
|- Poste,também,à seguir,o relatório da ferramenta AVPTool.
|- Adicione o relatório de ZHPDiag.
Abraços!
Boa tarde, após fazer o scaneamento do anti virus foram encontrado 27 virus e logo em seguida o windows reiniciou, sendo assim, não consegui tirar o log.
*** [services] ***
*** [Files / Folders] ***
Folder Deleted : C:\Users\Leandro\AppData\Local\Babylon
Folder Deleted : C:\Users\Leandro\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Gabriela\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\ProgramData\Babylon
*** [Registry] ***
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
*** [Registre - GUID] ***
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
*** [internet Browsers] ***
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v [unable to get version]
Profile name : default
File : C:\Users\Leandro\AppData\Roaming\Mozilla\Firefox\Profiles\q8fu0xw8.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Users\Gabriela\AppData\Roaming\Mozilla\Firefox\Profiles\gw82po3i.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v18.0.1025.168
File : C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2409 octets] - [15/05/2012 12:37:17]
AdwCleaner[s1].txt - [1890 octets] - [15/05/2012 13:23:20]
########## EOF - C:\AdwCleaner[s1].txt - [2018 octets] ##########
Boa Tarde! leandro aislan
"Como não foi possível postar o log de AVPTool,poste o de ZHPDiag."
~~°°~~
|- Poste o link ao relatório de ZHPDiag.
Abraços!
Tentei passar novamente o anti virus e foi reiniciado.
As pastas com minhas fotos sumiram....
Pastas como back up do GPS também sumiram.
Segue o link do log:
http://pjjoint.malekal.com/files.php?read=ZHPDiag_20120515_w6s10m14j12i10
Boa Tarde! leandro aislan
|- Qual antivírus estás utilizando no momento!
-/-/-/-
|- Feche programas/pastas que estejam abertas.
|- Para Windows Vista,desabilite a UAC.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPFix_Logo.jpg&key=e1490e388cb3365073cd3d8484ad299330f9c980ec992ca5e2d4b57fd46b5d7b" alt="ZHPFix_Logo.jpg" />
|- Dê um duplo clique em ZHPFix.
|- Clique no menu,H < /applications/core/interface/imageproxy/imageproxy.php?img=http://www.premiumorange.com/zeb-help-process/img/Fix/PanelHelper.jpg&key=58c89a64d6ca5988e1d75f4ff519a4a35934d623824ec0f72b0d191a87e86f24" alt="PanelHelper.jpg" /> >
>
R3 - URLSearchHook: (no name) [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.)O4 - HKLM\..\Wow6432Node\RunOnce: [GrpConv] Orphean Key
O8 - Extra context menu item: res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 - (.not file.) - C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll
O8 - Extra context menu item: res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 - (.not file.) - C:\Program Files (x86)\MICROS~2\Office14\EXCEL.exe
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-140612206-2747226350-1124050360-1001Core.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-140612206-2747226350-1124050360-1001UA.job
[MD5.00000000000000000000000000000000] [APT] [{47BB9B61-FC39-45C4-98A7-974D6A487A39}] (...) -- C:\Users\Leandro\Downloads\Nova pasta\sp33411.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{909A5308-89BC-49B0-BD7D-B2A884376A28}] (...) -- C:\Program Files (x86)\Kazaa Lite K++\unins000.exe (.not file.)
O45 - LFCP:[MD5.BD62084FAB4BB2E00B133CF27A20761A] - 01/05/2012 - 20:05:03 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-140612206-2747226350-1124050360-1003.db
O45 - LFCP:[MD5.E2127E5A2022D794E454F4C16DDF7404] - 01/05/2012 - 20:05:03 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-140612206-2747226350-1124050360-1003.db
O45 - LFCP:[MD5.7EE76CFC40F58358450B7309CAC9CD35] - 01/05/2012 - 22:16:32 ---A- - C:\Windows\Prefetch\AgCx_SC1.db.trx
O45 - LFCP:[MD5.164496BE7384964E62DDFCA6C3B373EF] - 01/05/2012 - 22:17:32 ---A- - C:\Windows\Prefetch\AgCx_SC1.db
O45 - LFCP:[MD5.44EDC79AF59F197BF177F8B4B7ECEE2C] - 12/05/2012 - 18:42:44 ---A- - C:\Windows\Prefetch\AgCx_SC4.db
O45 - LFCP:[MD5.C1C59ADAB66769AAEDFA64670EF3C91C] - 14/05/2012 - 18:38:27 ---A- - C:\Windows\Prefetch\AgCx_S1_S-1-5-21-140612206-2747226350-1124050360-1003.snp.db
O45 - LFCP:[MD5.34B9CC1BEC4DEAD6BDBD5D64A977CEC7] - 15/05/2012 - 12:08:22 ---A- - C:\Windows\Prefetch\Layout.ini
O45 - LFCP:[MD5.21E3128737B604E398B7DB67E390ADBB] - 15/05/2012 - 12:37:25 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-140612206-2747226350-1124050360-1001.db
O45 - LFCP:[MD5.73F5EE182ED6E70E734657FC34DC3D35] - 15/05/2012 - 12:37:26 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-140612206-2747226350-1124050360-1001.db
O45 - LFCP:[MD5.005FC9B397F0148062810DF1942CA9D0] - 15/05/2012 - 13:50:54 ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin
O45 - LFCP:[MD5.9338C6C6B9C73F290A3412AB65EB1341] - 15/05/2012 - 13:50:55 ---A- - C:\Windows\Prefetch\AgRobust.db
O45 - LFCP:[MD5.993BFAB40C554E87F57FDED3B393806A] - 15/05/2012 - 13:50:58 ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db
O45 - LFCP:[MD5.56E4ED7CA9DA0356AEBE7ECEC09CE9E3] - 15/05/2012 - 13:51:00 ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db
O45 - LFCP:[MD5.233C9EB4C26E35056B8F506194314ECB] - 15/05/2012 - 13:51:01 ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell
[HKLM\Software\WOW6432Node\Classes\CLSID\{761f6a83-f007-49e4-8eac-cdb6808ef06f}]
C:\Users\Leandro\AppData\Local\Temp\2338343\bases\*.kdc
hostfix
proxyfix
emptytemp
emptyflash
firewallraz
sysrestore
|- Copie e cole estas informações,que estão em vermelho,para o campo "amarelo claro" de ZHPFix.
|- Ps: Procure deixar o campo limpo,antes de colar as informações que estão na Quote.
|- Clique em GO -> Oui.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt
-/-/-/-
|- Baixe: < DrWebCureIt >
|- Salve-o no desktop!
|- Reinicie o computador em Modo de Segurança.
|- Inicie a instalação/execução,com um duplo-clique em drweb-cureit.
|- Na janela que abrir,clique em Iniciar -> OK.
|- Será dado início a "Verificação rápida" -> Feche a janela de propaganda!
|- Terminando,marque a caixa de "Verificação Completa".
|- Click em "Options" -> Em Change settings,desmarque a "Heuristic analysis".
|- Ps: Neste modo,são verificados os seguintes objetos:
|- <1> Sectores de Arranque de Todos os Discos
|- <2> Todas as Unidades Removíveis
|- <3> Todos os Discos Locais
|- Clique em "Iniciar verificação" -> Aguarde!
|- Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim.
|- Terminando,clique em "Ficheiro" -> "Guardar lista de relatórios".
|- Procure salvá-lo em um local adequado. ( DrWeb.csv ) <-- Converta em Texto!
|- Poste: DrWeb.csv <- Relatório!
Abraços!
Não estou usando nenhum anti virus, apenas agora que usei o kasperhy que deletou minhas pastas de fotos e outros back ups que tinha....
Rapport de ZHPFix 1.2.05 par Nicolas Coolman, Update du 30/04/2012
Fichier d'export Registre :
Run by Leandro at 15/05/2012 15:18:14
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Web site : http://nicolascoolman.skyrock.com/
========== Registry Key ==========
NOT FOUND Key: Menu Contextuel: res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
NOT FOUND Key: Menu Contextuel: res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
DELETED Key: HKLM\Software\WOW6432Node\Classes\CLSID\{761f6a83-f007-49e4-8eac-cdb6808ef06f}
========== Registry Value ==========
DELETED URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
NOT FOUND RunValue: GrpConv
NOT FOUND CLSID SSODL: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
NOT FOUND Value Key: NoActiveDesktopChanges
NOT FOUND [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
No Value in Standard Profile Register Key FirewallRaz :
No Value in Domain Profile Register Key FirewallRaz :
No Value in Firewall Exception Register Key (FirewallRaz)
========== Repertory ==========
DELETED Window Temporary:
DELETED Flash Cookies:
========== File ==========
NOT FOUND File: c:\program files (x86)\micros~2\office14\onbttnie.dll
DELETED File: c:\windows\tasks\googleupdatetaskusers-1-5-21-140612206-2747226350-1124050360-1001core.job
DELETED File: c:\windows\tasks\googleupdatetaskusers-1-5-21-140612206-2747226350-1124050360-1001ua.job
NOT FOUND File: c:\windows\prefetch\aggluad_p_s-1-5-21-140612206-2747226350-1124050360-1003.db
NOT FOUND File: c:\windows\prefetch\aggluad_s-1-5-21-140612206-2747226350-1124050360-1003.db
NOT FOUND File: c:\windows\prefetch\agcx_sc1.db.trx
NOT FOUND File: c:\windows\prefetch\agcx_sc1.db
NOT FOUND File: c:\windows\prefetch\agcx_sc4.db
NOT FOUND File: c:\windows\prefetch\agcx_s1_s-1-5-21-140612206-2747226350-1124050360-1003.snp.db
NOT FOUND File: c:\windows\prefetch\layout.ini
NOT FOUND File: c:\windows\prefetch\aggluad_s-1-5-21-140612206-2747226350-1124050360-1001.db
NOT FOUND File: c:\windows\prefetch\aggluad_p_s-1-5-21-140612206-2747226350-1124050360-1001.db
NOT FOUND File: c:\windows\prefetch\pfsvperfstats.bin
NOT FOUND File: c:\windows\prefetch\agrobust.db
NOT FOUND File: c:\windows\prefetch\agglglobalhistory.db
NOT FOUND File: c:\windows\prefetch\agglfaulthistory.db
NOT FOUND File: c:\windows\prefetch\agglfgapphistory.db
DELETED File: C:\Users\Leandro\AppData\Local\Temp\2338343\bases\*.kdc
DELETED File: c:\users\leandro\appdata\local\temp\2338343\bases\.kdc
DELETED Window Temporary:
DELETED Flash Cookies:
========== Task ==========
DELETED Task: {47BB9B61-FC39-45C4-98A7-974D6A487A39}
DELETED Task: {909A5308-89BC-49B0-BD7D-B2A884376A28}
========== Restoration ==========
Restore System Point not created
========== Summary ==========
3 : Registry Key
14 : Registry Value
2 : Repertory
21 : File
2 : Task
1 : Restoration
End of clean in 00mn 10s
========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 15/05/2012 15:18:14 [3239]
Boa Tarde! leandro aislan
Não estou usando nenhum anti virus, apenas agora que usei o kasperhy que deletou minhas pastas de fotos e outros back ups que tinha....
|- Ótimo! Até concluírmos o caso,pode ficar sem antivírus.
|- Aguardo,então,a desinfecção que proporcionará a ferramenta DrWebCureit.
Abraços!
Uma pergunta, esta maquina que estou agora foi que você arrumou ontem, nela uso o kaspersky versão paga, fui colocar o cartão de memória da minha camera e acusou virus? O que pode ser?? notei que de uns dias pra cá, nem minha camera esta aceitando os cartões se não formatar? tem alguma coisa relacionado???
O anti virus fez a leitura e movel para a quarentena.
Boa Tarde! leandro aislan
Uma pergunta, esta maquina que estou agora foi que você arrumou ontem, nela uso o kaspersky versão paga, fui colocar o cartão de memória da minha camera e acusou virus? O que pode ser??
|- Ainda não sei com quem estamos lidando,já que o relatório de AVPTool não foi postado e estou aguardando o de DrWebCureit. Mas... estou desconfiado da presença de file infectors,provavelmente o Sality.
|- Ps: Você obteve essa referência,durante o scan de AVPTool e/ou DrWeb?
-/-/-/-
notei que de uns dias pra cá, nem minha camera esta aceitando os cartões se não formatar? tem alguma coisa relacionado???
|- Se for infector(s),a formatação seria um boa possibilidade.
-/-/-/-
|- Baixe: < sality_off.zip >
|- Extraia seu conteúdo,para o C:\. <-- Disco local ©
|- Desative seu antivírus temporariamente!
|- Ps: A ferramenta será executada,simultaneamente,em 2 janelas:
<1> A primeira janela:
|- Vá em Iniciar --> Executar > Digite: C:\Sality_off.exe -m
/applications/core/interface/imageproxy/imageproxy.php?img=http://f.imagehost.org/0007/sality.jpg&key=684f2c23c3a44a80327e16dad0182c4ae5c22b637f337a44bcf754667bfdd6c6" alt="sality.jpg" />
|- Clique OK!
|- Ps: Aguarde a finalização,que é demorada!
<2> A segunda janela:
|- Clique Iniciar -> Executar -> Copie e cole: C:\salitykiller.exe -y -l sality.txt -> OK.
|- Ps: Ao concluir,a janela 2 será fechada automaticamente!
|- Feche,à seguir,a "janela 1".
|- Ps: Aguarde a finalização,que é demorada!
|- Terminando,aperte ENTER!
############
Monitoring thread stopped
01:39:21:156 2368
completed
01:39:21:156 2368 Infected files: 387
01:39:21:156 2368 Infected processes: 0
01:39:21:156 2368 Infected threads: 0
01:39:21:156 2368 Cured files: 386
01:39:21:156 2368 Will be cured on reboot: 0
01:39:21:156 2368 Executed registry scripts: 1
############
|- Poste,segundo o exemplo,seu resumo final ou conclusão.
Abraços!
Tirei o cartão do notebook e coloquei na outra maquina, o kaspersky que acusou....
** Ainda estou scaneando com o Dr...esta bem demorado....
Quando formato o cartão fica tudo ok, quando coloco no notebook volta a dar problemas na camera.
Logo após terminar o DR executo o sality ou posso executar junto??
Boa Tarde! leandro aislan
Logo após terminar o DR executo o sality ou posso executar junto??
|- Aguarde a conclusão de DrWeb e,à seguir,execute o Sality_off.
Abraços!
Bom dia, demorou mas acabou rs.
Segue:
download.exe C:\LinhaDefensiva\exec Win32.Sector.22 Desinfectado.
md5.exe C:\LinhaDefensiva\exec Win32.Sector.22 Desinfectado.
pv.exe C:\LinhaDefensiva\exec Win32.Sector.22 Desinfectado.
unzip.exe C:\LinhaDefensiva\exec Win32.Sector.22 Desinfectado.
3DVision_195.62.exe C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English Win32.Sector.22 Desinfectado.
hdaudio_1.00.00.63_xp_vista_win7.exe C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English Win32.Sector.22 Desinfectado.
NvCplSetupEng.exe C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English Win32.Sector.22 Desinfectado.
PhysX_9.09.0814_SystemSoftware.exe C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English Win32.Sector.22 Desinfectado.
setup.exe C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English Win32.Sector.22 Desinfectado.
setup.exe C:\NVIDIA\nForceWin7\32bit Win32.Sector.22 Desinfectado.
NvCplSetupInt.exe C:\NVIDIA\nForceWin7\32bit\Display Win32.Sector.22 Desinfectado.
nvudisp.exe C:\NVIDIA\nForceWin7\32bit\Display Win32.Sector.22 Desinfectado.
PDsetup.exe C:\NVIDIA\nForceWin7\32bit\Display Win32.Sector.22 Desinfectado.
PhysX_9.09.0203_SystemSoftware.exe C:\NVIDIA\nForceWin7\32bit\Display Win32.Sector.22 Desinfectado.
setup.exe C:\NVIDIA\nForceWin7\32bit\Display Win32.Sector.22 Desinfectado.
DPInst.exe C:\NVIDIA\nForceWin7\32bit\Ethernet Win32.Sector.22 Desinfectado.
nvunrm.exe C:\NVIDIA\nForceWin7\32bit\Ethernet Win32.Sector.22 Desinfectado.
NAMSetup.exe C:\NVIDIA\nForceWin7\32bit\Ethernet\NAM Win32.Sector.22 Desinfectado.
nvuhda.exe C:\NVIDIA\nForceWin7\32bit\HDAudio Win32.Sector.22 Desinfectado.
nvusmu.exe C:\NVIDIA\nForceWin7\32bit\SMU Win32.Sector.22 Desinfectado.
setup.exe C:\NVIDIA\WinVista64\179.48\IS Win32.Sector.22 Desinfectado.
PhysX_9.09.0010_SystemSoftware.exe C:\NVIDIA\WinVista64\179.48\IS\Display Win32.Sector.22 Desinfectado.
setup.exe C:\NVIDIA\WinVista64\179.48\IS\Display Win32.Sector.22 Desinfectado.
nvuhda.exe C:\NVIDIA\WinVista64\179.48\IS\HDAudio Win32.Sector.22 Desinfectado.
TeamViewer_Desktop.exe C:\Program Files (x86)\TeamViewer\Version6 Win32.Sector.22 Desinfectado.
tv_w32.exe C:\Program Files (x86)\TeamViewer\Version6 Win32.Sector.22 Desinfectado.
uninstall.exe C:\Program Files (x86)\TeamViewer\Version6 Win32.Sector.22 Desinfectado.
rmvparse.exe C:\Sierra\Empire Earth Win32.Sector.22 Desinfectado.
SierraUp.exe C:\Sierra\Empire Earth\Sierra Update Win32.Sector.22 Desinfectado.
nvuide.exe C:\swsetup\SP33411 Win32.Sector.22 Desinfectado.
nvunrm.exe C:\swsetup\SP33411 Win32.Sector.22 Desinfectado.
nvusmb.exe C:\swsetup\SP33411 Win32.Sector.22 Desinfectado.
nvusmu.exe C:\swsetup\SP33411 Win32.Sector.22 Desinfectado.
setup.exe C:\swsetup\SP33411 Win32.Sector.22 Desinfectado.
nvunrm.exe C:\swsetup\SP33411\Ethernet Win32.Sector.22 Desinfectado.
nvuide.exe C:\swsetup\SP33411\IDE\Win2K\sata_ide Win32.Sector.22 Desinfectado.
nvuide.exe C:\swsetup\SP33411\IDE\WinXP\sata_ide Win32.Sector.22 Desinfectado.
nvusmb.exe C:\swsetup\SP33411\SMBus Win32.Sector.22 Desinfectado.
nvusmu.exe C:\swsetup\SP33411\SMU Win32.Sector.22 Desinfectado.
Setup.exe C:\swsetup\SP37732 Win32.Sector.22 Desinfectado.
Setup.exe C:\swsetup\SP37732\Hermosa Win32.Sector.22 Desinfectado.
Setup.exe C:\swsetup\SP37732\Hermosa\V32 Win32.Sector.22 Desinfectado.
UIU32a.exe C:\swsetup\SP37732\Hermosa\V32 Win32.Sector.22 Desinfectado.
Setup.exe C:\swsetup\SP37732\Hermosa\V32\SmAudio Win32.Sector.22 Desinfectado.
SmAudio.exe C:\swsetup\SP37732\Hermosa\V32\SmAudio\SmAudio Win32.Sector.22 Desinfectado.
Setup.exe C:\swsetup\SP37732\Hermosa\V64\SmAudio Win32.Sector.22 Desinfectado.
SmAudio.exe C:\swsetup\SP37732\Hermosa\V64\SmAudio\SmAudio Win32.Sector.22 Desinfectado.
Setup.exe C:\swsetup\SP37732\Venice Win32.Sector.22 Desinfectado.
Setup.exe C:\swsetup\SP37732\Venice\V32 Win32.Sector.22 Desinfectado.
UIU32a.exe C:\swsetup\SP37732\Venice\V32 Win32.Sector.22 Desinfectado.
Setup.exe C:\swsetup\SP37732\Venice\V32\SmAudio Win32.Sector.22 Desinfectado.
SmAudio.exe C:\swsetup\SP37732\Venice\V32\SmAudio\SmAudio Win32.Sector.22 Desinfectado.
Setup.exe C:\swsetup\SP37732\Venice\V64\SmAudio Win32.Sector.22 Desinfectado.
SmAudio.exe C:\swsetup\SP37732\Venice\V64\SmAudio\SmAudio Win32.Sector.22 Desinfectado.
setup.exe C:\swsetup\SP38171\Disk1 Win32.Sector.22 Desinfectado.
Ev~NeN^e.eXe C:\Users\Gabriela\AppData\Local\Temp Win32.HLLW.Autoruner.54936 Incuravel.Movido.
vqvbl.exe C:\Users\Gabriela\AppData\Local\Temp BackDoor.Siggen.45488 Incuravel.Movido.
Messenger Plus .scr C:\Users\Gabriela\Documents Win32.HLLW.Autoruner.54936 Incuravel.Movido.
Messenger Plus! .scr C:\Users\Gabriela\Documents Win32.HLLW.Autoruner.54936 Incuravel.Movido.
Ev~NeN^e.eXe C:\Users\Leandro\AppData\Local\Temp Win32.HLLW.Autoruner.54936 Incuravel.Movido.
winhfjnt.exe C:\Users\Leandro\AppData\Local\Temp BackDoor.Siggen.45488 Incuravel.Movido.
Originals .scr C:\Users\Leandro\Desktop\Exportação sem título Win32.HLLW.Autoruner.54936 Incuravel.Movido.
audio .scr C:\Users\Leandro\Desktop\iGO Win32.HLLW.Autoruner.54936 Incuravel.Movido.
backup .scr C:\Users\Leandro\Desktop\iGO Win32.HLLW.Autoruner.54936 Incuravel.Movido.
content .scr C:\Users\Leandro\Desktop\iGO Win32.HLLW.Autoruner.54936 Incuravel.Movido.
custom .scr C:\Users\Leandro\Desktop\iGO Win32.HLLW.Autoruner.54936 Incuravel.Movido.
debug .scr C:\Users\Leandro\Desktop\iGO Win32.HLLW.Autoruner.54936 Incuravel.Movido.
gscript .scr C:\Users\Leandro\Desktop\iGO Win32.HLLW.Autoruner.54936 Incuravel.Movido.
iGO .scr C:\Users\Leandro\Desktop\iGO Win32.HLLW.Autoruner.54936 Incuravel.Movido.
license .scr C:\Users\Leandro\Desktop\iGO Win32.HLLW.Autoruner.54936 Incuravel.Movido.
save .scr C:\Users\Leandro\Desktop\iGO Win32.HLLW.Autoruner.54936 Incuravel.Movido.
ui_android .scr C:\Users\Leandro\Desktop\iGO Win32.HLLW.Autoruner.54936 Incuravel.Movido.
2011 .scr C:\Users\Leandro\Desktop\niver Win32.HLLW.Autoruner.54936 Incuravel.Movido.
niver Previews.lrdata .scr C:\Users\Leandro\Desktop\niver Win32.HLLW.Autoruner.54936 Incuravel.Movido.
0 .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.
1 .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.
2 .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.
3 .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.
4 .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.
5 .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.
6 .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.
7 .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.
8 .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.
9 .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.
A .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.
B .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.
C .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.
D .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.
E .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.
F .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.
iGO .scr C:\Users\Leandro\Desktop\Nova pasta Win32.HLLW.Autoruner.54936 Incuravel.Movido.
atualizacao_radares_05_jan[1] .scr C:\Users\Leandro\Documents Win32.HLLW.Autoruner.54936 Incuravel.Movido.
HostsXpert[1] .scr C:\Users\Leandro\Documents Win32.HLLW.Autoruner.54936 Incuravel.Movido.
Messenger Plus .scr C:\Users\Leandro\Documents Win32.HLLW.Autoruner.54936 Incuravel.Movido.
Messenger Plus! .scr C:\Users\Leandro\Documents Win32.HLLW.Autoruner.54936 Incuravel.Movido.
Meus arquivos recebidos .scr C:\Users\Leandro\Documents Win32.HLLW.Autoruner.54936 Incuravel.Movido.
samsung .scr C:\Users\Leandro\Documents Win32.HLLW.Autoruner.54936 Incuravel.Movido.
Bom dia não consegui salvar em C:
Aparece a msg : ! C:\sality_off.zip: Não foi possível criar Sality_off.exe
Acesso negado.
Boa Tarde! leandro aislan
|- Vamos desinstalar algumas ferramentas,mas...caso queira certifique-se da ausência do Sality com o Norman.
-/-/-/-
|- Baixe: |DelFix| ( ... de Xplode )
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/DelFix_V88.jpg&key=5ec7a08d5144b777ce14352bc4e894f1309eb5f50d73bc1432eace41fc816659" alt="DelFix_V88.jpg" />
|- Estando na página,clique na seta verde,para o download. ( Seta verde! )
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/DelFix_Suppression.jpg&key=504213ed0fd7c7ffdd71bbc9a8ecfed75d167e84deb27fd5dfec08c0104c80c3" alt="DelFix_Suppression.jpg" />
|- Clique em "Suppression".
|- Poste o relatório! ( C:\DelFixSuppr.txt )
|- À seguir,para remover DelFix do seu computador,clique em "Désinstallation".
-/-/-/-
|- Ou |Aqui|.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/Norman_Email.jpg&key=a5d449d087c965da4c93fbf444eb5fa54ecbb854599abda220cd60dce6ed7c24" alt="Norman_Email.jpg" />
|- Digite,no campo,o seu email e clique em "Download Free Malware Cleaner".
|- Salve-o no desktop.
|- Vá ao arquivo e clique em Executar --> Accept.
|- Clique em Add,para adicionar ou Remove,para remover unidades/setores à serem escaneados. ( **C:\.,D:\.,E:\*.***,etc... )
|- Clique em "Scan" --> Aguarde!
|- Ao concluir,clique em "Result" e poste o relatório,que estará no desktop.
|- Ps: Caminho ao relatório: C:\Documents and Settings\norman\Desktop\Nmc_2012-xx-xx_yy-yy-yy.log
Abraços!
Boa tarde,
não entendi esta parte.
[/|- Vamos desinstalar algumas ferramentas,mas...caso queira certifique-se da ausência do Sality com o Norman.
~~~~~~ Dossiers(s) ~~~~~~
Supprimé : C:\ZHP
Supprimé : C:\Users\Leandro\DoctorWeb
Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Supprimé : C:\Program Files (x86)\ZHPDiag
~~~~~~ Fichier(s) ~~~~~~
Supprimé : C:\AdwCleaner[R1].txt
Supprimé : C:\AdwCleaner[s1].txt
Supprimé : C:\PhysicalDisk0_MBR.bin
Supprimé : C:\Users\Leandro\Desktop\drweb-cureit.exe
Supprimé : C:\Users\Leandro\Desktop\OTS.exe
Supprimé : C:\Users\Leandro\Desktop\OTS.Txt
Supprimé : C:\Users\Leandro\Desktop\ZHPDiag.txt
Supprimé : C:\Users\Leandro\Desktop\ZHPFixReport.txt
Supprimé : C:\Users\Leandro\Downloads\adwcleaner.exe
Supprimé : C:\Users\Leandro\Downloads\HijackThis (1).exe
Supprimé : C:\Users\Leandro\Downloads\HijackThis.exe
Supprimé : C:\Users\Leandro\Downloads\hijackthis.log
Supprimé : C:\Users\Leandro\Downloads\ZHPDiag2.exe
Supprimé : C:\Users\Leandro\Downloads\ZHPDiag2_exe (1).2qshcea.partial
Supprimé : C:\Users\Leandro\Downloads\ZHPDiag2_exe.6c1dcos.partial
Supprimé : C:\Users\Public\Desktop\ZHPDiag.lnk
Supprimé : C:\Users\Public\Desktop\ZHPFix.lnk
Supprimé : C:\Users\Public\Desktop\MBRCheck.lnk
~~~~~~ Registre ~~~~~~
Clé Supprimée : HKCU\Software\IDAVLab
Clé Supprimée : HKLM\SOFTWARE\OldTimer Tools
Clé Supprimée : HKLM\SOFTWARE\AdwCleaner
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
~~~~~~ Autres ~~~~~~
-> Prefetch Vidé
*************************
DelFix[s1].txt - [1766 octets] - [16/05/2012 13:23:17]
########## EOF - C:\DelFix[s1].txt - [1890 octets] ##########
Norman Malware Cleaner v2.05.05
Copyright © 1990 - 2012, Norman ASA.
Norman Scanner Engine Version: 6.08.06
nvcbin.def: Version: 6.08.00, Date: 2012/05/16 03:16:23, Variants: 15110355
nvcmacro.def: Version: 6.08.00, Date: 2012/04/18 13:30:56, Variants: 20466
Operating System: Windows 7 Service Pack 1 x64
Switches: /iagree
Scan started: 2012/05/16 13:30:53
Running pre-scan cleanup routine...
Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s
Scanning running processes and process memory...
Number of objects found: 1173
Number of objects scanned: 1173
Number of objects not scanned: 0
Number of malicious memory objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 2m 24s
Scanning system for FakeAV...
Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 1s
Running custom scan...
C:\Program Files (x86)\GameVicio\Empire Earth\Atualizador.exe: Archive infected
C:\Program Files (x86)\GameVicio\Empire Earth\Atualizador.exe/noname.nsis/nsis.sld/file2: File infected with W32/Suspicious_Gen2.ONV
Delete archive object: C:\Program Files (x86)\GameVicio\Empire Earth\Atualizador.exe/noname.nsis/nsis.sld/file2
Cleaning not supported (220000)
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin: Error opening file for read: 0x00000020
C:\sality_off.zip: Archive infected
C:\sality_off.zip/Sality_off.exe: File infected with W32/Malware.LBBA
Delete archive object: C:\sality_off.zip/Sality_off.exe
Cleaning successful
C:\sality_off.zip: Archive is empty after cleaning
Delete file: C:\sality_off.zip
Cleaning successful
C:\System Volume Information\Syscache.hve: Error opening file for read: 0x00000020
C:\System Volume Information\Syscache.hve.LOG1: Error opening file for read: 0x00000020
C:\System Volume Information\Syscache.hve.LOG2: Error opening file for read: 0x00000020
C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0006a4/file0: I/O error scanning file: 0x00000026
C:\Users\Leandro\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E69A3AB3-9F43-11E1-84AE-E70EA2D74FCC}.dat: Error opening file for read: 0x00000020
C:\Users\Leandro\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{4F3E2610-9F73-11E1-84AE-E70EA2D74FCC}.dat: Error opening file for read: 0x00000020
C:\Users\Leandro\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{7FE0DCE0-9F73-11E1-84AE-E70EA2D74FCC}.dat: Error opening file for read: 0x00000020
C:\Users\Leandro\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{FCBBD150-9F43-11E1-84AE-E70EA2D74FCC}.dat: Error opening file for read: 0x00000020
C:\Users\Leandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\msoD22D.tmp: Error opening file for read: 0x00000020
C:\Users\Leandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\35I51YAC\sality_off[2].zip: Archive infected
C:\Users\Leandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\35I51YAC\sality_off[2].zip/Sality_off.exe: File infected with W32/Malware.LBBA
Delete archive object: C:\Users\Leandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\35I51YAC\sality_off[2].zip/Sality_off.exe
Cleaning successful
C:\Users\Leandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\35I51YAC\sality_off[2].zip: Archive is empty after cleaning
Delete file: C:\Users\Leandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\35I51YAC\sality_off[2].zip
Cleaning successful
C:\Users\Leandro\AppData\Local\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020
C:\Users\Leandro\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1: Error opening file for read: 0x00000020
C:\Users\Leandro\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2: Error opening file for read: 0x00000020
C:\Users\Leandro\AppData\Local\Temp\Rar$EX05.336\Sality_off.exe: File infected with W32/Malware.LBBA
Delete file: C:\Users\Leandro\AppData\Local\Temp\Rar$EX05.336\Sality_off.exe
Cleaning successful
C:\Users\Leandro\AppData\Local\Temp\~DF2EB8E364D1C6D048.TMP: Error opening file for read: 0x00000020
C:\Users\Leandro\AppData\Local\Temp\~DF74CF066CA39D7296.TMP: Error opening file for read: 0x00000020
C:\Users\Leandro\AppData\Local\Temp\~DF7B88092E01BFF1DE.TMP: Error opening file for read: 0x00000020
C:\Users\Leandro\AppData\Local\Temp\~DFCE07A1AE2F28AE63.TMP: Error opening file for read: 0x00000020
C:\Users\Leandro\AppData\Local\VirtualStore\sality_off.zip: Archive infected
C:\Users\Leandro\AppData\Local\VirtualStore\sality_off.zip/Sality_off.exe: File infected with W32/Malware.LBBA
Delete archive object: C:\Users\Leandro\AppData\Local\VirtualStore\sality_off.zip/Sality_off.exe
Cleaning successful
C:\Users\Leandro\AppData\Local\VirtualStore\sality_off.zip: Archive is empty after cleaning
Delete file: C:\Users\Leandro\AppData\Local\VirtualStore\sality_off.zip
Cleaning successful
C:\Users\Leandro\AppData\Roaming\Samsung\Kies\00000001.dat: I/O error scanning file: 0x00000026
C:\Users\Leandro\AppData\Roaming\Samsung\Kies\00000003.dat: I/O error scanning file: 0x00000026
C:\Users\Leandro\NTUSER.DAT: Error opening file for read: 0x00000020
C:\Users\Leandro\ntuser.dat.LOG1: Error opening file for read: 0x00000020
C:\Users\Leandro\ntuser.dat.LOG2: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\b86935641d9061465941847ad1353ba937a8c1e8.HomeGroupClassifier\9ed1ab26872d74fa5eef7c38364383d5\grouping\db.mdb: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\b86935641d9061465941847ad1353ba937a8c1e8.HomeGroupClassifier\9ed1ab26872d74fa5eef7c38364383d5\grouping\edb.log: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\b86935641d9061465941847ad1353ba937a8c1e8.HomeGroupClassifier\9ed1ab26872d74fa5eef7c38364383d5\grouping\tmp.edb: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\edb.log: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb: Error opening file for read: 0x00000020
C:\Windows\System32\config\DEFAULT: Error opening file for read: 0x00000020
C:\Windows\System32\config\DEFAULT.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\DEFAULT.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\DEFAULT: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SAM: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SECURITY: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SOFTWARE: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SYSTEM: Error opening file for read: 0x00000020
C:\Windows\System32\config\SAM: Error opening file for read: 0x00000020
C:\Windows\System32\config\SAM.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SAM.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\SECURITY: Error opening file for read: 0x00000020
C:\Windows\System32\config\SECURITY.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SECURITY.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\SOFTWARE: Error opening file for read: 0x00000020
C:\Windows\System32\config\SOFTWARE.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SOFTWARE.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\SYSTEM: Error opening file for read: 0x00000020
C:\Windows\System32\config\SYSTEM.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SYSTEM.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl: Error opening file for read: 0x00000020
Number of files found: 163313
Number of archives unpacked: 4498
Number of objects found: 454591
Number of objects scanned: 454524
Number of objects not scanned: 67
Number of malicious objects found: 8
Number of malicious objects cleaned: 7
Number of malicious files found: 5
Number of malicious files cleaned: 4
Scanning time: 2h 46m 55s
Running post-scan cleanup routine...
Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s
Results:
Total number of files found: 163313
Total number of archives unpacked: 4498
Total number of objects found: 455764
Total number of objects scanned: 455697
Total number of objects not scanned: 67
Total number of malicious objects found: 8
Total number of malicious objects cleaned: 7
Total number of malicious files found: 5
Total number of malicious files cleaned: 4
Total number of objects quarantined: 5
Total scanning time: 2h 49m 20s
Boa Tarde! leandro aislan
[/|- Vamos desinstalar algumas ferramentas,mas...caso queira certifique-se da ausência do Sality com o Norman.
|- Nova verificação que costumo realizar com o Norman Malware Cleaner,na desinfecção de arquivos infectados pelo Sality.
|- Tudo Ok já que pelo relatório do Norman,o Sality não está mais presente em seu PC.
-/-/-/-
|- Ps: Pode ficar com o Norman Malware Cleaner,que não conflitará com seu antivírus.
|- Seus logs estão limpos!
|- Tudo Ok!
Abraços!
Desculpa a demora Digiran....
Acredito que tenha melhorado bem sim, mas ainda todas as pastas que tinhas fotos sumiram, foram movidos para quarentena e não voltaram mais, sinto que meu pc ainda esta um pouco lento.....
Obrigado pela ajuda leandro
PROBLEMA RESOLVIDO
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Bom Dia! leandro aislan
|- Siga,na ordem em que estão dispostos,estes procedimentos!
-/-/-/-
|- Baixe: < AdwCleaner > ( ... par Xplode )
|- Ao acessar,clique na imagem: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Tcharger.jpg&key=1311cb99601ec37c74e9afe23b094fe7ff7a1ab59fe9ce4732c67d2e33d8dea3" alt="AdwCleaner_Tcharger.jpg" /> >
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".
|- Dê início ao scan,clicando em "Recherche" < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/AdwCleaner_Recherche.jpg&key=3af10e3152b7182d723ce988a6412cc4b12651b4c56bed0e6755357323538167" alt="AdwCleaner_Recherche.jpg" /> >
|- Ao concluir,poste o relatório: C:\AdwCleaner[R].txt
-/-/-/-
|- Baixe: < AVPTool >
|- < Link-2 >
|- Ps: Somente o campo "email" é obrigatório.
/applications/core/interface/imageproxy/imageproxy.php?img=http://www.mediafire.com/imgbnc.php/452fe62dcc1e70a4612473394b450d3f6b2ac7718d67d0f3b91993f3bd1c411d6g.jpg&key=5f91926b7873055b1a93685cfa85325a95756aa89da7627f49b7a21c9000f1e5" alt="452fe62dcc1e70a4612473394b450d3f6b2ac7718d67d0f3b91993f3bd1c411d6g.jpg" />
|- Informe seu email e depois,clique no botão "Submit Form".
|- Ps: A página será recarregada!
|- Clique no botão "Download".
|- Salve-o em seu desktop!
|- Duplo clique no arquivo "setup".
|- Ps: Aguarde a instalação!
|- Ps: Na próxima tela,marque: "I accept the licence agreement"
|- À seguir,clique em "Start".
|- Clique no botão: < /applications/core/interface/imageproxy/imageproxy.php?img=http://www.mediafire.com/imgbnc.php/76f0fc3841655bbb20073c5eafb99183ff229129be65005edaffab3e7d5270d76g.jpg&key=f4992ccdbaf54155ddcbb775c7b6dab8d1bbdc8315abeb85266a013bf2ccad75" alt="76f0fc3841655bbb20073c5eafb99183ff229129be65005edaffab3e7d5270d76g.jpg" /> >
|- Marque:
|- <1> Meu Computador;
|- <2> Disco local ( C: ) ou ( D: );
|- Ps: Normalmente,a unidade em que esteja instalado o SO!
/applications/core/interface/imageproxy/imageproxy.php?img=http://www.mediafire.com/imgbnc.php/88fecb3b2eff98883b66e8cdb9d80724cd68fc43575f9b35e4a44c1ee6132b786g.jpg&key=aeacff4203ba9081bd9d8812f1c4408dee4c9e879e3adf48cdbe3c77fc74cfd0" alt="88fecb3b2eff98883b66e8cdb9d80724cd68fc43575f9b35e4a44c1ee6132b786g.jpg" />
|- Clique em "Actions".
|- Ps: Deixe os dois quadrinhos Marcados! <- Importante!
|- Ps: Imprima estas orientações,para posterior consulta!
|- Clique na aba "Automatic Scan" e aguarde o término da verificação.
|- Clique no botão < /applications/core/interface/imageproxy/imageproxy.php?img=http://www.mediafire.com/imgbnc.php/b32fe2186e639ada1d2d057fd914121da5aca6d7cf049a1359c50213fa487d7b6g.jpg&key=a157b976c5bad17e2f9f1f5655c2352ebc5b1e692418bcd270a31a97616f1ce4" alt="b32fe2186e639ada1d2d057fd914121da5aca6d7cf049a1359c50213fa487d7b6g.jpg" /> >
|- Clique em"Detected threats".
|- Clique no botão "Save".
|- Ps: Copie o conteúdo do arquivo salvo. <-- *Se houver algo **detectado!*
|- Poste-o em sua resposta!
-/-/-/-
|- Baixe: | ZHPDiag | ºº < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/NicolasCoolman.jpg&key=31eaca9d787a5cb7b785eaca882cfe95bdd41bfffaf35086b6e7ecf044ef83cf" alt="NicolasCoolman.jpg" /> > ( ... de Nicolas Coolman )
|- Estando na página,clique em: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Tlcharger_ZHPDiag.jpg&key=88816ce0d223eab3298d8070b21eab527acf8ca8c0e91f236979078f33c528e9" alt="Tlcharger_ZHPDiag.jpg" /> >
|- Salve-o no desktop!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag2.jpg&key=178ad18b812c89ff002c2f7a6a9d26b7ea0a5b5c562a6b193a3cfe4a954dd513" alt="ZHPDiag2.jpg" />
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag_Installation.jpg&key=96a003c16d3f0c4253ed9d913f8dbccdccf05e2d319057541335ce11db36eedb" alt="ZHPDiag_Installation.jpg" />
|- Confirme todos os passos,ao instalar ZHPDiag.
|- Conclua a instalação,clicando em "Termine".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_MBRCheck.jpg&key=422695ace691aac35aeb3c90e3a6a983cfe4bf8e09e8b7c24f682693d9ed8b14" alt="ZHPDiag_MBRCheck.jpg" />
|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:
|- <1> MBRCheck
|- <2> ZHPDiag2
|- <3> ZHPFix
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_cones.jpg&key=28df64f28f8eccaf2ff09c97b834aecbbd25cab9f58be4d67df683b802f5731a" alt="ZHPDiag_cones.jpg" />
|- Abra a ferramenta e clique no ícone do pergaminho. ( ZHPScript )
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Update.jpg&key=023d5cefa9a24da0bb233d6c3e9cfa2c6e9791d4b2e637615413003efcd1974c" alt="ZHPDiag_Update.jpg" />
|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )
|- Habilite todas as opções de diagnóstico,clicando em "Options".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPDiag_All.jpg&key=3039b3237721774c7ab0d572b8e334e5c59ce98a6435f488397e0b5452ea4640" alt="ZHPDiag_All.jpg" />
|- Clique em All.
|- /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_30days.jpg&key=4e2e7f7c08dde47e5d0f7001510ca78ffc8d42a4df5b5c0087e1aee884192fea" alt="ZHPDiag_30days.jpg" />
|- Clique em "Calendar" e escolha 30 dias!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Lupa.jpg&key=8c7d977ff17da07a9b2472916401a7cf33c310788cb5a2891a5ebdc78642cd4e" alt="ZHPDiag_Lupa.jpg" />
|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )
|- Ao concluir,clique em "Save Report".
|- Ps: Salve-o em um local conveniente!
|- Anexe na sua resposta,ZHPDiag.txt.
|- Ps: Não poste,diretamente,esse arquivo texto.
|- Recomendo compactá-lo e anexar em sua resposta!
|- Ou envie-o à Pjjoint.malekal,clicando na seta azul! < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag_Pjjoint-1.jpg&key=e6b4e6e3b19c50d6f2496ead0bcc87ac5ce8da02d5c381929fc5543e68ca06b0" alt="ZHPDiag_Pjjoint-1.jpg" /> >
|- Ou acesse: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/wikisend.jpg&key=65a3a9fe5a04dee9ac28fea782c0c8a78b10846561445e42933a92762e7f8e99" alt="wikisend.jpg" /> >
|- Para enviar,siga o caminho: Selecionar arquivo... -> Abrir -> Upload file
|- Poste o endereço que estará em "Download link" ou "Forum link".
|- Ou acesse: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" /> > ( Tire-o do zip ao enviar! )
|- Maiores informações: < |Link| >
Abraços!