Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Olá. Meu email está enviando spam para todos os contatos, e minha conta está para ser bloqueada.
Aqui está o log.
HiJackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:39:11, on 12/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SOUNDMAN.EXE
C:\Windows\System32\VTTimer.exe
C:\Windows\System32\VTTrayp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Users\gaspar\AppData\Roaming\VIVO INTERNET\ouc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wuauclt.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VModes] VModes UpdateRegistryOnly
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\gaspar\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{61FA8882-2F70-4DEE-8D1F-C1C7CCE6127A}: NameServer = 200.222.122.134 200.165.132.155
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
--
End of file - 5590 bytes
Olá.
Aqui estão os logs.
BankerFix
BankerFix 3.1 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefensiva.org/bankerfix/
-------------------------------------------------------
Data: 2012-06-13 - 10:31
-------------------------------------------------------
Lista de Definição: 2012-03-19-1 | CORE: 2012-01-27-1
=======================================================
IP malicioso encontrado no hosts:
IP malicioso encontrado no hosts:
IP malicioso encontrado no hosts:
IP malicioso encontrado no hosts:
IP malicioso encontrado no hosts:
IP malicioso encontrado no hosts:
----- Fim -------------------------
ZHPDiag
Bom Dia! MasterFuxi
|- Feche programas/pastas que estejam abertos.
|- Feche,também,o navegador!
|- Para Windows Vista,desabilite a UAC.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPFix_Logo.jpg&key=e1490e388cb3365073cd3d8484ad299330f9c980ec992ca5e2d4b57fd46b5d7b" alt="ZHPFix_Logo.jpg" />
|- Dê um duplo clique em ZHPFix.
|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".
>
[MD5.98B31CBC09D671DADEB7C92AEF1CBE29] - (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Users\gaspar\AppData\Roaming\VIVO INTERNET\ouc.exe [110592] [PID.320]O43 - CFD: 23/05/2012 - 00:28:32 - [0] ----D C:\Users\gaspar\AppData\Local\{00607571-AC77-4B95-9A97-E166F875E08D}
O43 - CFD: 29/05/2012 - 00:51:32 - [0] ----D C:\Users\gaspar\AppData\Local\{029145DE-C1AF-41D2-9129-18B6F2007D64}
O43 - CFD: 19/04/2012 - 18:03:48 - [0] ----D C:\Users\gaspar\AppData\Local\{03D6E76C-3584-4349-8E5F-526A7FE4DC6B}
O43 - CFD: 09/05/2012 - 03:05:57 - [0] ----D C:\Users\gaspar\AppData\Local\{03FB6F91-EEB8-4A79-B481-AB9B0F9F6DB7}
O43 - CFD: 02/06/2012 - 12:35:10 - [0] ----D C:\Users\gaspar\AppData\Local\{04FF714D-B678-4DB9-88B1-46B71CC78754}
O43 - CFD: 20/05/2012 - 09:28:34 - [0] ----D C:\Users\gaspar\AppData\Local\{0549E382-1124-4F11-BE4D-C477D301A77C}
O43 - CFD: 17/04/2012 - 11:13:13 - [0] ----D C:\Users\gaspar\AppData\Local\{062E16D0-A2EF-40E4-9274-ED592D8E323E}
O43 - CFD: 12/05/2012 - 10:54:17 - [0] ----D C:\Users\gaspar\AppData\Local\{07D94CF4-13CC-4316-BAF2-805CD8CCC87D}
O43 - CFD: 16/04/2012 - 19:49:33 - [0] ----D C:\Users\gaspar\AppData\Local\{0C42CE57-E6D6-4EC2-B690-45E116F96448}
O43 - CFD: 20/04/2012 - 17:47:35 - [0] ----D C:\Users\gaspar\AppData\Local\{0CDCBEFC-1E21-43B8-9F42-6F622FF42D58}
O43 - CFD: 17/05/2012 - 11:26:36 - [0] ----D C:\Users\gaspar\AppData\Local\{0E87468B-6C7A-423E-A4EE-7ED42CF1E438}
O43 - CFD: 24/04/2012 - 23:54:23 - [0] ----D C:\Users\gaspar\AppData\Local\{0EA6E3CF-26DE-4C33-B53C-3C296486FC16}
O43 - CFD: 04/05/2012 - 12:04:19 - [0] ----D C:\Users\gaspar\AppData\Local\{105ACAF9-AEFA-4EC0-AD87-F186D9C76D84}
O43 - CFD: 24/05/2012 - 01:57:02 - [0] ----D C:\Users\gaspar\AppData\Local\{107787DA-2343-4D5E-895B-6E1437CA701D}
O43 - CFD: 31/05/2012 - 10:44:43 - [0] ----D C:\Users\gaspar\AppData\Local\{108D12F7-A275-4E9A-B93D-C01446EE1A6A}
O43 - CFD: 19/04/2012 - 23:33:42 - [0] ----D C:\Users\gaspar\AppData\Local\{11EF0AF7-C40A-4707-89EC-46F6F9DB58DE}
O43 - CFD: 11/06/2012 - 01:25:38 - [0] ----D C:\Users\gaspar\AppData\Local\{1494B52F-F3B9-4CC9-94FA-681DB66815A7}
O43 - CFD: 16/04/2012 - 02:55:42 - [0] ----D C:\Users\gaspar\AppData\Local\{1717A59C-DBBF-47ED-90E9-6BA896E5118A}
O43 - CFD: 25/05/2012 - 11:01:39 - [0] ----D C:\Users\gaspar\AppData\Local\{19147EA2-26C8-4D3A-BE18-9C3F0F8E91A7}
O43 - CFD: 02/05/2012 - 01:31:13 - [0] ----D C:\Users\gaspar\AppData\Local\{1A41BB43-7C40-496B-AC2A-D7B45114377B}
O43 - CFD: 22/04/2012 - 00:38:06 - [0] ----D C:\Users\gaspar\AppData\Local\{1AF02015-6F39-4D8A-A0F2-9DE147C0970C}
O43 - CFD: 11/06/2012 - 01:26:04 - [0] ----D C:\Users\gaspar\AppData\Local\{1DD1E525-58A8-4518-B89F-021D0ABCF114}
O43 - CFD: 30/05/2012 - 01:22:07 - [0] ----D C:\Users\gaspar\AppData\Local\{1E081168-3DF9-44CE-9BFB-7C15F63F2C2D}
O43 - CFD: 04/06/2012 - 11:09:20 - [0] ----D C:\Users\gaspar\AppData\Local\{1EE81692-B5A8-4354-BBBD-1A960A8588CD}
O43 - CFD: 12/06/2012 - 02:39:25 - [0] ----D C:\Users\gaspar\AppData\Local\{2035B707-AA10-4D2A-BF6F-04497F7CECC3}
O43 - CFD: 08/06/2012 - 09:44:37 - [0] ----D C:\Users\gaspar\AppData\Local\{2053C11B-DC35-4B10-91CA-06E2D720E60D}
O43 - CFD: 16/04/2012 - 18:52:56 - [0] ----D C:\Users\gaspar\AppData\Local\{23A51A09-8E53-4AFF-87D6-2EF8F3A77FCD}
O43 - CFD: 03/05/2012 - 01:33:59 - [0] ----D C:\Users\gaspar\AppData\Local\{247F4E72-B032-4048-938E-E8D5F2C8D9BC}
O43 - CFD: 17/05/2012 - 23:56:19 - [0] ----D C:\Users\gaspar\AppData\Local\{27890668-11BE-4330-A2CD-C10AB89295F9}
O43 - CFD: 01/06/2012 - 17:54:01 - [0] ----D C:\Users\gaspar\AppData\Local\{28E3751B-C5E7-405A-8FF9-8252E0A5C446}
O43 - CFD: 20/05/2012 - 17:12:29 - [0] ----D C:\Users\gaspar\AppData\Local\{2CA5E933-B6F1-4FEA-9728-B30B29D900A0}
O43 - CFD: 05/05/2012 - 12:11:29 - [0] ----D C:\Users\gaspar\AppData\Local\{2EDA8FA7-753B-46F7-945C-492E8C19A424}
O43 - CFD: 10/05/2012 - 01:52:07 - [0] ----D C:\Users\gaspar\AppData\Local\{2F3F9A9F-981A-4601-948A-30641D5F1D9E}
O43 - CFD: 25/05/2012 - 11:01:33 - [0] ----D C:\Users\gaspar\AppData\Local\{33D1DDF2-7103-41FF-A39D-2675D343B353}
O43 - CFD: 17/05/2012 - 23:56:38 - [0] ----D C:\Users\gaspar\AppData\Local\{34B2DE60-FE45-4CE9-9201-9ED886A3A7FD}
O43 - CFD: 29/05/2012 - 00:51:43 - [0] ----D C:\Users\gaspar\AppData\Local\{34E0079B-12D2-4E80-8F45-3CFA27B9C248}
O43 - CFD: 19/05/2012 - 14:27:38 - [0] ----D C:\Users\gaspar\AppData\Local\{358C626E-C620-4B02-8B65-91E6277F128E}
O43 - CFD: 24/04/2012 - 01:51:33 - [0] ----D C:\Users\gaspar\AppData\Local\{39B31ED0-4DFE-431B-9BA1-0A4B51A434B8}
O43 - CFD: 11/05/2012 - 13:40:54 - [0] ----D C:\Users\gaspar\AppData\Local\{3A701CA3-34EA-4673-A2C3-5FEDB2CCF1AF}
O43 - CFD: 10/05/2012 - 01:52:18 - [0] ----D C:\Users\gaspar\AppData\Local\{3C0472E3-6244-4ED1-9B22-CE8F863F9F14}
O43 - CFD: 09/06/2012 - 10:10:54 - [0] ----D C:\Users\gaspar\AppData\Local\{3C39FC48-CDCD-4D32-A4E7-F249047F788B}
O43 - CFD: 22/04/2012 - 21:52:00 - [0] ----D C:\Users\gaspar\AppData\Local\{3CF64400-7912-4B03-8CE9-9431532C2A0B}
O43 - CFD: 25/04/2012 - 11:55:09 - [0] ----D C:\Users\gaspar\AppData\Local\{3DD50EAC-906D-43A8-AE7F-043A3B0F215D}
O43 - CFD: 26/04/2012 - 01:25:54 - [0] ----D C:\Users\gaspar\AppData\Local\{3EE4B7C9-5AC2-43F6-9DE9-4BBF9A9B2E9A}
O43 - CFD: 17/04/2012 - 22:42:54 - [0] ----D C:\Users\gaspar\AppData\Local\{40D1BB83-2F9A-482E-B30C-6EB1162DE4B3}
O43 - CFD: 13/05/2012 - 10:39:21 - [0] ----D C:\Users\gaspar\AppData\Local\{4139B941-85A6-4B07-AFB1-979E72FD941B}
O43 - CFD: 18/04/2012 - 23:43:22 - [0] ----D C:\Users\gaspar\AppData\Local\{414A49CC-0917-4A50-BDDD-1D633E9C0FBE}
O43 - CFD: 20/04/2012 - 15:51:50 - [0] ----D C:\Users\gaspar\AppData\Local\{46F150C1-903B-4351-8965-65D5802ECE69}
O43 - CFD: 11/05/2012 - 22:53:17 - [0] ----D C:\Users\gaspar\AppData\Local\{49F00E22-2F29-456C-8A23-C63174C3E3D8}
O43 - CFD: 02/05/2012 - 01:31:23 - [0] ----D C:\Users\gaspar\AppData\Local\{4CCAFDC1-168A-41C7-91B9-DF0907C33C0C}
O43 - CFD: 22/04/2012 - 00:38:16 - [0] ----D C:\Users\gaspar\AppData\Local\{4E3A6E67-CA29-4986-B80B-210F40575A85}
O43 - CFD: 21/04/2012 - 04:46:11 - [0] ----D C:\Users\gaspar\AppData\Local\{4EA6DAC1-3ED9-4058-BBE0-4FD55A32032C}
O43 - CFD: 06/06/2012 - 00:28:43 - [0] ----D C:\Users\gaspar\AppData\Local\{4F95BE3A-E660-4D48-8E7F-DD9C25330AA2}
O43 - CFD: 08/06/2012 - 09:44:52 - [0] ----D C:\Users\gaspar\AppData\Local\{50EA9D85-A045-4407-BB44-3C12CAEE60CF}
O43 - CFD: 17/04/2012 - 10:36:31 - [0] ----D C:\Users\gaspar\AppData\Local\{536F7950-0B38-4628-AC71-A254119AD7BD}
O43 - CFD: 16/04/2012 - 18:44:31 - [0] ----D C:\Users\gaspar\AppData\Local\{568E5E19-414F-4CEF-A4D5-ABC644E9EEAC}
O43 - CFD: 03/06/2012 - 23:05:56 - [0] ----D C:\Users\gaspar\AppData\Local\{56CB6019-1288-4BC1-B50C-CF7053ADA782}
O43 - CFD: 19/04/2012 - 23:33:29 - [0] ----D C:\Users\gaspar\AppData\Local\{57BEF99F-981B-485A-BAE2-A0D7AD36A5E9}
O43 - CFD: 03/06/2012 - 21:23:57 - [0] ----D C:\Users\gaspar\AppData\Local\{57D555AC-E4CC-470F-AD81-6343C7D9CD11}
O43 - CFD: 27/04/2012 - 01:27:36 - [0] ----D C:\Users\gaspar\AppData\Local\{58B9A8A6-9BCE-4DCE-A86B-FF7DF7C42D31}
O43 - CFD: 20/04/2012 - 15:11:18 - [0] ----D C:\Users\gaspar\AppData\Local\{5AB1310A-72F1-4BE0-A339-32521A15A400}
O43 - CFD: 28/05/2012 - 11:58:34 - [0] ----D C:\Users\gaspar\AppData\Local\{5B8F6C83-CA54-4E16-8DCB-C0BD36E243B1}
O43 - CFD: 03/06/2012 - 01:20:18 - [0] ----D C:\Users\gaspar\AppData\Local\{5C0F09CC-3AC8-4CE0-977E-E49042D70EF5}
O43 - CFD: 04/05/2012 - 11:55:44 - [0] ----D C:\Users\gaspar\AppData\Local\{5C1DD387-F088-4E78-AF4E-6C2461AF578A}
O43 - CFD: 17/05/2012 - 11:26:40 - [0] ----D C:\Users\gaspar\AppData\Local\{5C5B8422-62CB-4C6B-9CFE-1A6C90787C64}
O43 - CFD: 21/05/2012 - 01:23:24 - [0] ----D C:\Users\gaspar\AppData\Local\{5DB61D80-D775-4E57-9A68-0389796D47AB}
O43 - CFD: 11/05/2012 - 22:53:33 - [0] ----D C:\Users\gaspar\AppData\Local\{5FC5EBB6-2506-40AC-8B23-18AF93D23ABB}
O43 - CFD: 08/05/2012 - 13:09:01 - [0] ----D C:\Users\gaspar\AppData\Local\{5FEBA1C8-1E8D-4C55-BCBD-0197C63C0F22}
O43 - CFD: 04/05/2012 - 14:57:57 - [0] ----D C:\Users\gaspar\AppData\Local\{60122FC6-2EE6-42AE-A95A-8FFFFD4ADE37}
O43 - CFD: 16/04/2012 - 21:16:30 - [0] ----D C:\Users\gaspar\AppData\Local\{60B2E7CB-E27C-4176-9A94-FA7ECBDCD1BF}
O43 - CFD: 18/04/2012 - 23:43:21 - [0] ----D C:\Users\gaspar\AppData\Local\{62384DBE-5879-45AA-8D6C-8F7025DCFA61}
O43 - CFD: 17/04/2012 - 10:10:59 - [0] ----D C:\Users\gaspar\AppData\Local\{62509D6C-1EF6-47D5-9944-E6969F5DB637}
O43 - CFD: 02/06/2012 - 12:35:04 - [0] ----D C:\Users\gaspar\AppData\Local\{660BD70F-8FB3-4A91-A698-FEF3A55B67CA}
O43 - CFD: 06/06/2012 - 21:44:02 - [0] ----D C:\Users\gaspar\AppData\Local\{67E83EE0-9DEB-4631-ABB6-A9A725BCEA59}
O43 - CFD: 19/04/2012 - 09:38:17 - [0] ----D C:\Users\gaspar\AppData\Local\{6812D102-23F1-4F7D-A515-D2F1753B6928}
O43 - CFD: 27/05/2012 - 23:47:37 - [0] ----D C:\Users\gaspar\AppData\Local\{6852B2A2-C8ED-44E7-9820-63CA0D5A3205}
O43 - CFD: 07/05/2012 - 23:39:18 - [0] ----D C:\Users\gaspar\AppData\Local\{69831CA5-D810-4DB6-ACEF-81DB0F57AEEE}
O43 - CFD: 18/05/2012 - 18:46:36 - [0] ----D C:\Users\gaspar\AppData\Local\{6AA4118D-6590-403C-A8E8-F3847FDB85F7}
O43 - CFD: 27/04/2012 - 17:56:31 - [0] ----D C:\Users\gaspar\AppData\Local\{6CE28542-DB50-4E33-9073-D37EF280A777}
O43 - CFD: 12/06/2012 - 02:39:14 - [0] ----D C:\Users\gaspar\AppData\Local\{6DE002B9-B62D-4302-B40C-BCBB547B6F9D}
O43 - CFD: 02/05/2012 - 13:31:53 - [0] ----D C:\Users\gaspar\AppData\Local\{729A03E3-B311-4CFC-A2A3-1872CDBD392D}
O43 - CFD: 16/04/2012 - 00:59:53 - [0] ----D C:\Users\gaspar\AppData\Local\{73D908D5-3D74-4A72-A8B7-81E28B37A6F2}
O43 - CFD: 19/05/2012 - 19:14:45 - [0] ----D C:\Users\gaspar\AppData\Local\{7A107F75-CEA4-4333-A328-EB9DE6C056B6}
O43 - CFD: 07/05/2012 - 23:39:51 - [0] ----D C:\Users\gaspar\AppData\Local\{7A9AA16D-C54B-4653-ADF4-A3F3332638D7}
O43 - CFD: 16/04/2012 - 20:51:41 - [0] ----D C:\Users\gaspar\AppData\Local\{7D398888-9512-434C-8567-47DCE3A40DB8}
O43 - CFD: 22/05/2012 - 13:21:28 - [0] ----D C:\Users\gaspar\AppData\Local\{7DE69209-757E-4A33-9064-D9B9C8D53EA5}
O43 - CFD: 27/05/2012 - 23:47:27 - [0] ----D C:\Users\gaspar\AppData\Local\{7FAF264D-66B7-44E0-8A0C-918A897787C3}
O43 - CFD: 07/06/2012 - 11:44:32 - [0] ----D C:\Users\gaspar\AppData\Local\{835E39C7-5EAB-4273-942D-9A206FD6BFB7}
O43 - CFD: 10/06/2012 - 13:24:38 - [0] ----D C:\Users\gaspar\AppData\Local\{8653AF30-0B63-43E4-BD90-DDE9A4F26B7D}
O43 - CFD: 23/04/2012 - 13:45:43 - [0] ----D C:\Users\gaspar\AppData\Local\{8670205C-D946-499C-9DB4-266D5F5C7626}
O43 - CFD: 16/04/2012 - 18:49:09 - [0] ----D C:\Users\gaspar\AppData\Local\{86E53AF4-A2DE-4130-9E6A-8222E815F771}
O43 - CFD: 26/04/2012 - 13:27:05 - [0] ----D C:\Users\gaspar\AppData\Local\{87FABFFF-FFB2-4910-BA1A-52F71785BE40}
O43 - CFD: 11/05/2012 - 11:59:37 - [0] ----D C:\Users\gaspar\AppData\Local\{8B379BD0-D819-4838-966B-007F2F61AC47}
O43 - CFD: 03/06/2012 - 23:06:09 - [0] ----D C:\Users\gaspar\AppData\Local\{8C083E6C-12B7-402C-B56B-A591C26FC769}
O43 - CFD: 21/04/2012 - 02:27:57 - [0] ----D C:\Users\gaspar\AppData\Local\{8D01306A-72D6-4D6A-B77A-A4B240241A52}
O43 - CFD: 21/04/2012 - 15:00:48 - [0] ----D C:\Users\gaspar\AppData\Local\{8ED33E02-BE6F-4C73-AC9D-7BFF7071513F}
O43 - CFD: 14/05/2012 - 00:14:22 - [0] ----D C:\Users\gaspar\AppData\Local\{9149640A-48B8-49F1-8EF8-ADAC1FA5AF14}
O43 - CFD: 12/06/2012 - 16:25:04 - [0] ----D C:\Users\gaspar\AppData\Local\{918602A2-F161-422B-9740-E573A8A907E2}
O43 - CFD: 16/04/2012 - 20:11:33 - [0] ----D C:\Users\gaspar\AppData\Local\{939EE0DF-FCD1-4CE6-B8FF-D1FB35E3CBFA}
O43 - CFD: 25/04/2012 - 11:54:53 - [0] ----D C:\Users\gaspar\AppData\Local\{94773467-B621-4915-BA0D-266457A29E25}
O43 - CFD: 09/05/2012 - 03:05:46 - [0] ----D C:\Users\gaspar\AppData\Local\{9629D3E1-241A-48D1-9C54-AC79CDB4CC22}
O43 - CFD: 03/06/2012 - 17:14:03 - [0] ----D C:\Users\gaspar\AppData\Local\{96EF6CA9-9950-4B18-941D-02350A6EC68C}
O43 - CFD: 15/05/2012 - 12:35:48 - [0] ----D C:\Users\gaspar\AppData\Local\{972AA802-83EC-4BFD-8761-AE9BF8C51051}
O43 - CFD: 20/04/2012 - 22:04:04 - [0] ----D C:\Users\gaspar\AppData\Local\{992B74A5-8336-44C3-AF7D-4CE19C2F0761}
O43 - CFD: 05/06/2012 - 01:38:33 - [0] ----D C:\Users\gaspar\AppData\Local\{995882BA-1B7D-4223-A884-148F0A10C77D}
O43 - CFD: 20/05/2012 - 12:09:02 - [0] ----D C:\Users\gaspar\AppData\Local\{9A0FAE81-621A-419B-81A2-11A79EE5EC77}
O43 - CFD: 24/04/2012 - 01:51:21 - [0] ----D C:\Users\gaspar\AppData\Local\{9C784AD3-C7E9-47EB-84DD-495E0C6F4F2E}
O43 - CFD: 02/05/2012 - 13:32:04 - [0] ----D C:\Users\gaspar\AppData\Local\{9CD85368-CAC9-4BF3-8F6A-C38D9330E0F1}
O43 - CFD: 30/04/2012 - 10:36:14 - [0] ----D C:\Users\gaspar\AppData\Local\{9FB93ABB-CB20-400D-949E-F123B4102F42}
O43 - CFD: 27/04/2012 - 01:27:48 - [0] ----D C:\Users\gaspar\AppData\Local\{A22E6256-95A1-4BF5-B38F-B4EFC11E8DF5}
O43 - CFD: 07/05/2012 - 01:56:30 - [0] ----D C:\Users\gaspar\AppData\Local\{A27CB6A5-7ADA-4F8D-9184-19A906B183AE}
O43 - CFD: 28/04/2012 - 10:05:03 - [0] ----D C:\Users\gaspar\AppData\Local\{A4DB7620-5E4F-406D-A372-1DAD6319E9C3}
O43 - CFD: 21/04/2012 - 14:48:12 - [0] ----D C:\Users\gaspar\AppData\Local\{A5DCC6A7-B56A-4256-80F9-C02356E43528}
O43 - CFD: 17/04/2012 - 22:50:17 - [0] ----D C:\Users\gaspar\AppData\Local\{A8FA7538-572C-47B8-B6EA-691D54E68D4F}
O43 - CFD: 17/04/2012 - 11:52:28 - [0] ----D C:\Users\gaspar\AppData\Local\{A91D990F-BAEA-4FD5-9874-A45DAD98F323}
O43 - CFD: 05/06/2012 - 01:38:46 - [0] ----D C:\Users\gaspar\AppData\Local\{AA9A2B3F-CA94-4065-B1A0-348CCDC3CC2C}
O43 - CFD: 24/05/2012 - 01:56:50 - [0] ----D C:\Users\gaspar\AppData\Local\{AB592CCB-BFD9-4423-951C-2445DA1F4297}
O43 - CFD: 27/05/2012 - 03:30:31 - [0] ----D C:\Users\gaspar\AppData\Local\{AE1750A5-46DC-43AB-A455-4F02396EC532}
O43 - CFD: 31/05/2012 - 12:24:08 - [0] ----D C:\Users\gaspar\AppData\Local\{B0FB751D-6E22-40AC-89A8-948BB8AA1CC2}
O43 - CFD: 21/04/2012 - 11:54:21 - [0] ----D C:\Users\gaspar\AppData\Local\{B319912F-1BD7-4387-B3DC-ADB8D2535FB0}
O43 - CFD: 10/06/2012 - 01:23:40 - [0] ----D C:\Users\gaspar\AppData\Local\{B6E73BF4-AC71-4024-AAF3-BE9B71E36C8A}
O43 - CFD: 03/05/2012 - 01:33:08 - [0] ----D C:\Users\gaspar\AppData\Local\{B9B2B0E8-1B54-43FE-9684-6DA667EF0BE3}
O43 - CFD: 13/06/2012 - 10:20:54 - [0] ----D C:\Users\gaspar\AppData\Local\{BC5B6845-8712-4241-8609-838AA0A09A29}
O43 - CFD: 16/04/2012 - 02:52:13 - [0] ----D C:\Users\gaspar\AppData\Local\{BCABED0A-C12B-49BF-9609-8EA17280F3B2}
O43 - CFD: 06/06/2012 - 00:28:55 - [0] ----D C:\Users\gaspar\AppData\Local\{BCED9F4C-8E54-4E46-BB33-A733CC385B79}
O43 - CFD: 14/05/2012 - 00:14:11 - [0] ----D C:\Users\gaspar\AppData\Local\{BDDE5297-7473-49B2-A96C-EC7F118A0014}
O43 - CFD: 17/05/2012 - 11:55:21 - [0] ----D C:\Users\gaspar\AppData\Local\{BF13847E-8493-4D8A-A39E-3CAC4EB3E959}
O43 - CFD: 29/04/2012 - 10:20:26 - [0] ----D C:\Users\gaspar\AppData\Local\{C126A8BA-B5F4-47F3-BC62-77001F90710D}
O43 - CFD: 23/05/2012 - 00:29:00 - [0] ----D C:\Users\gaspar\AppData\Local\{C13DD9C1-5493-47D0-BB54-A8D19D2B0C2F}
O43 - CFD: 26/04/2012 - 01:26:05 - [0] ----D C:\Users\gaspar\AppData\Local\{C39AE456-3D42-4C57-AD7C-1ADA7D67D34C}
O43 - CFD: 16/05/2012 - 00:19:46 - [0] ----D C:\Users\gaspar\AppData\Local\{C471A3A2-1735-4F62-A745-6120535D952B}
O43 - CFD: 07/05/2012 - 01:56:44 - [0] ----D C:\Users\gaspar\AppData\Local\{C4FA5CD5-CF7D-4491-B6FD-AC9E5790FD7B}
O43 - CFD: 16/04/2012 - 01:00:49 - [0] ----D C:\Users\gaspar\AppData\Local\{C73F1A4E-9F88-4B18-9FF2-DD784FE673A3}
O43 - CFD: 24/05/2012 - 16:34:47 - [0] ----D C:\Users\gaspar\AppData\Local\{C793CE04-25D7-4AC6-B71C-4B80B659DE56}
O43 - CFD: 18/04/2012 - 10:51:10 - [0] ----D C:\Users\gaspar\AppData\Local\{C92C7316-0411-40B8-A3A1-C4C196ACE205}
O43 - CFD: 08/05/2012 - 15:04:05 - [0] ----D C:\Users\gaspar\AppData\Local\{CC9819FF-1F93-445A-828E-3AE331F42DFF}
O43 - CFD: 03/06/2012 - 13:36:40 - [0] ----D C:\Users\gaspar\AppData\Local\{CCC72B6A-3769-4A86-BADA-6E1EC318162C}
O43 - CFD: 23/04/2012 - 13:47:00 - [0] ----D C:\Users\gaspar\AppData\Local\{CE037391-2A5C-4E24-A4EF-651AE4F417C9}
O43 - CFD: 19/05/2012 - 11:28:11 - [0] ----D C:\Users\gaspar\AppData\Local\{D1A7B2A6-D741-46E6-A3F8-BED8B52ED385}
O43 - CFD: 08/05/2012 - 15:03:21 - [0] ----D C:\Users\gaspar\AppData\Local\{D2DBA722-08B2-42FA-849C-0DF2B9E9E1C8}
O43 - CFD: 16/05/2012 - 00:19:28 - [0] ----D C:\Users\gaspar\AppData\Local\{D40071FA-6EED-452C-93DD-43EE5F71C0B8}
O43 - CFD: 10/06/2012 - 13:24:54 - [0] ----D C:\Users\gaspar\AppData\Local\{D72566FC-26A3-44B7-980F-7044610D3468}
O43 - CFD: 10/06/2012 - 01:23:55 - [0] ----D C:\Users\gaspar\AppData\Local\{D73A94B3-BCE6-4166-BFA3-2FCA6B4EAA8B}
O43 - CFD: 24/04/2012 - 23:54:12 - [0] ----D C:\Users\gaspar\AppData\Local\{D9348F90-CF7F-4875-87FB-DBA62F0FF54C}
O43 - CFD: 21/05/2012 - 01:23:34 - [0] ----D C:\Users\gaspar\AppData\Local\{DA9ADEB8-A1DF-4ADA-9001-114AD4A1C812}
O43 - CFD: 17/04/2012 - 22:50:28 - [0] ----D C:\Users\gaspar\AppData\Local\{E442B907-18C4-40CF-A002-18291D402B30}
O43 - CFD: 27/05/2012 - 03:30:43 - [0] ----D C:\Users\gaspar\AppData\Local\{E62E0B99-C883-464B-812A-EEFCBE090B48}
O43 - CFD: 30/05/2012 - 01:22:27 - [0] ----D C:\Users\gaspar\AppData\Local\{E845442A-2701-448B-BCDE-BD50CCAABF5E}
O43 - CFD: 12/05/2012 - 10:54:38 - [0] ----D C:\Users\gaspar\AppData\Local\{EA13275A-0C2D-47DB-94AD-FADA8ED9DAF8}
O43 - CFD: 18/04/2012 - 10:51:20 - [0] ----D C:\Users\gaspar\AppData\Local\{EA4F577C-8141-4D56-8056-C43949F74E86}
O43 - CFD: 03/06/2012 - 02:58:50 - [0] ----D C:\Users\gaspar\AppData\Local\{EABDD91B-6EEB-45C4-988A-FA260EF827F9}
O43 - CFD: 22/05/2012 - 00:23:40 - [0] ----D C:\Users\gaspar\AppData\Local\{EC88FB0A-4236-47EB-8CC4-F100C6C8C9CD}
O43 - CFD: 06/05/2012 - 14:02:58 - [0] ----D C:\Users\gaspar\AppData\Local\{ECB1A593-749E-4DFF-A85A-A562781BE32E}
O43 - CFD: 15/05/2012 - 00:42:14 - [0] ----D C:\Users\gaspar\AppData\Local\{EF2220B5-09F7-4F08-A0ED-35320C0A631D}
O43 - CFD: 19/05/2012 - 19:15:08 - [0] ----D C:\Users\gaspar\AppData\Local\{F32FF5CA-8EFD-4A47-AE23-CD198AAAA54F}
O43 - CFD: 27/05/2012 - 03:20:52 - [0] ----D C:\Users\gaspar\AppData\Local\{F3871C77-6C2E-43CF-9918-5A7EEAA5963F}
O43 - CFD: 29/04/2012 - 17:47:26 - [0] ----D C:\Users\gaspar\AppData\Local\{F494371A-7A53-4709-B2F7-FDF2DFC77874}
O43 - CFD: 16/04/2012 - 23:13:44 - [0] ----D C:\Users\gaspar\AppData\Local\{F648ECF4-D933-4B9E-9A36-13F651B41ACE}
O43 - CFD: 03/05/2012 - 19:52:19 - [0] ----D C:\Users\gaspar\AppData\Local\{F780A7DA-29D5-4FF3-85EF-294870B81FE6}
O43 - CFD: 17/04/2012 - 21:34:12 - [0] ----D C:\Users\gaspar\AppData\Local\{F7FBF960-1414-40CA-AA8F-9081493F7BB0}
O43 - CFD: 26/04/2012 - 13:26:53 - [0] ----D C:\Users\gaspar\AppData\Local\{FAC8A6DB-ACCA-4461-91F0-3233EC6183B1}
O43 - CFD: 01/05/2012 - 11:08:56 - [0] ----D C:\Users\gaspar\AppData\Local\{FB0AC820-4455-482A-AD7B-59812AA6EC46}
O43 - CFD: 22/05/2012 - 00:23:53 - [0] ----D C:\Users\gaspar\AppData\Local\{FC745D71-3B63-474E-BEE8-0F3B218127BE}
O43 - CFD: 26/05/2012 - 13:08:51 - [0] ----D C:\Users\gaspar\AppData\Local\{FCA6930F-C1EB-4789-A269-10157661A536}
O43 - CFD: 27/04/2012 - 13:49:22 - [0] ----D C:\Users\gaspar\AppData\Local\{FF67303F-91CD-45EC-A1CD-FDB4D81296BF}
O51 - MPSK:{0758efd8-acc8-11e1-9d98-0019216aa339}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) => Microsoft Windows NT or Infection USB
O51 - MPSK:{cd3c72ae-ac2b-11e1-96e3-0019216aa339}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) => Microsoft Windows NT or Infection USB
O51 - MPSK:{cd3c72cd-ac2b-11e1-96e3-0019216aa339}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) => Microsoft Windows NT or Infection USBO51 - MPSK:{d07a4ae7-876c-11e1-ae9d-806e6f6e6963}\AutoRun\command. (.Macrovision Corporation - DemoShield Multi-CD Launch.) -- E:\Install.exe
O61 - LFC:Last File Created 08/06/2012 - 19:13:31 ---A- C:\Users\gaspar\AppData\Roaming\Kalydo\KalydoPlayer\bin1\uninstall.exe [124237]
O61 - LFC:Last File Created 30/12/1899 - 14:48:31 --HA- C:\Users\gaspar\AppData\Local\Temp\etilqs_MmxTju32UACYDcn [1028]
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell
hostfix
proxyfix
emptytemp
emptyflash
firewallraz
sysrestore
|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
|- Minimize o Bloco de Notas.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_PasteClipboard.jpg&key=e48613cfa6f79756d0d3087d1f9470f91a4d063f3d1285295d93d87cacbfb63d" alt="ZHPDiag_PasteClipboard.jpg" />
|- Clique no menu,"Paste ClipBoard".
|- Clique em "GO" -> Oui.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPFix_GO.jpg&key=558fe81face1e694faa61f1e0c3985db203e8ad910d59aa68f5da5f2fd114f02" alt="ZHPFix_GO.jpg" />
|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt
Abraços!
Boa Noite! MasterFuxi
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_RAM.jpg&key=23ff101799503d685fdebf4163f89dbedd56de51ef4eb5e28ea3296139584187" alt="ZHPDiag_RAM.jpg" />
|- Você possui pouca memória RAM disponível.
|- Isso pode ocasionar travamentos,ao utilizar o computador.
-/-
|- Baixe: < MyHosts > ( ... par Jeanmimigab )
|- Salve-o no desktop!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/MyHosts.jpg&key=55ffdb1b1e10372ffe12971bf75febd40dd02a1d214b922df8081924a61b3181" alt="MyHosts.jpg" />
|- Execute o arquivo MyHosts.exe,que está na área de trabalho.
|- Para Windows Vista ou 7,execute-o como administrador.
#######ººº#######
Rapport MyHosts.txt
MyHosts V.1.0.0.2 de jeanmimigab
Merci à la team MH, W-T ,C_XX, Laddy et à Batch_man pour leurs aides
Résultat de l'opération:restauration du fichier hosts réussi...
Fin du rapport
#######ººº#######
|- Poste o relatório: C:\MyHosts.txt
-/-
|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/OTL/otlDesktopIcon.png&key=1894e5d356219721410c3360cbf9af74877ae24ccc81ed88026fc2d95dd96a07" alt="otlDesktopIcon.png" /> > ( ...by OldTimer Tools )
|- Clique em Salvar! < /applications/core/interface/imageproxy/imageproxy.php?img=http://www.mediafire.com/imgbnc.php/0e5c629f14858f5bf77e61d46c160e317c6d8c5d3ee101e311e440e99d7fd7b06g.jpg&key=3b5f68b982954852820a7b1c44c7d4ba5f9d81d9cc9adb16f3359408e8cb0d2c" alt="0e5c629f14858f5bf77e61d46c160e317c6d8c5d3ee101e311e440e99d7fd7b06g.jpg" /> >
|- Salve-o no desktop! < /applications/core/interface/imageproxy/imageproxy.php?img=http://www.mediafire.com/imgbnc.php/98c0f1ab3823c58ea05c695fd153839feac6fb6b44aaa3f7f5a2cd4a87354c946g.jpg&key=fdd081d7d566e9ee7a4326a3039dd79a57a2005ed7e54a981d560e259f22d658" alt="98c0f1ab3823c58ea05c695fd153839feac6fb6b44aaa3f7f5a2cd4a87354c946g.jpg" /> >
|- Duplo clique em OTL.exe --> Executar:
/applications/core/interface/imageproxy/imageproxy.php?img=http://www.mediafire.com/imgbnc.php/c19ede0bf8817fba1b9a9c0e9dae6ede3b8983c41017d8926efac3638b95aee16g.jpg&key=422d6e6777df6b11458399b7f42d7cf2ca878f8e09b61a66ff681dacba971926" alt="c19ede0bf8817fba1b9a9c0e9dae6ede3b8983c41017d8926efac3638b95aee16g.jpg" />
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/OTL_Configuracao.jpg&key=7e76108b70bd59b556c6498d72f98bc50a1507c1101b089d8b9941f652fb86f9" alt="OTL_Configuracao.jpg" />
|- Configure "Verificação de Arquivos",segundo a screenshot!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/OTL_SemExt2.jpg&key=05f9220c5424b04df13bdcb38bad393cbf3e2b0c3d3705a4baff62e1096dadd8" alt="OTL_SemExt2.jpg" />
|- Ps: Faça o mesmo para estes!
|- Em "Exame Extra do Registro",assinale "Nenhum".
>
netsvcs%APPDATA%\*.exe /s
%APPDATA%\*.
/md5start
explorer.exe
userinit.exe
winlogon.exe
wininit.exe
csrss.exe
smss.exe
svchost.exe
services.exe
uninst.exe
/md5stop
%systemroot%\system32\tasks\. /s /64
%windir%\tasks\. /s
CREATERESTOREPOINT
/applications/core/interface/imageproxy/imageproxy.php?img=http://www.mediafire.com/imgbnc.php/6659d256325569c6e621117dc332966313a07d11cb5fb0ea4d9176217c7aefa76g.jpg&key=2f5fa92bb006b1b2ac6be24e167f552dde9bcc59e9fb935192d1c347c1a94cbf" alt="6659d256325569c6e621117dc332966313a07d11cb5fb0ea4d9176217c7aefa76g.jpg" />
|- Cole estas informações,que estão em verde,para o campo "Exames Personalizados/Correções".
|- Clique em Verificar: /applications/core/interface/imageproxy/imageproxy.php?img=http://www.mediafire.com/imgbnc.php/49e6f2665be35b3681ba584e7c765651ce4e159059fd54e9cc162579633ccaf56g.jpg&key=d24731d149ca02202f1af3bc0f68180908b3a6484a675521ba32d785e2bc3e36" alt="49e6f2665be35b3681ba584e7c765651ce4e159059fd54e9cc162579633ccaf56g.jpg" />
|- Concluindo,poste o relatório: OTL.txt
Abraços!
Boa Noite!
Aqui estão os logs.
MyHosts
Rapport MyHosts.txt
MyHosts V.1.0.0.2 de jeanmimigab
Merci à la team MH, W-T ,C_XX, Laddy et à Batch_man pour leurs aides
Résultat de l'opération:restauration du fichier hosts réussi...
Fin du rapport
OTL
Boa Noite! MaxterFuxi
|- Execute o OTL.exe.
|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )
>
:OTLDRV - (XDva397) -- C:\Windows\system32\XDva397.sys File not found
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (LLRING0) -- C:\Users\gaspar\Desktop\DragonMu S6Ep3_v1\MuGuard\llck.sys File not found
O3 - HKU\S-1-5-21-1834084741-3228411641-3107641466-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O13 - gopher Prefix: missing
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"Gopher"="gopher://"
:Commands
[CLEARALLRESTOREPOINTS]
[emptytemp]
[purity]
[reboot]
|- Clique no botão Consertar.
|- Ps: A ferramenta irá reiniciar o computador.
|- Ao surgir,clique em executar.
|- Poste o relatório: C:\_OTL\MovedFiles\*.log
Abraços!
Boa Noite! MaxterFuxi
|- Abra o OTL.exe -> Clique em Limpeza. <-- Confirme!
|- Ps: O computador irá reiniciar!
-/-
|- < Link - 2 >
|- < Link - 3 >
|- Atualize o programa!
|- Escolha o escaneamento Completo!
|- Desabilite programas de proteção,ao executar o malwarebytes.
|- Para Windows Vista ou 7,clique direito no arquivo e execute-o como administrador.
|- Ps: Para determinadas infecções,a ferramenta pedirá reboot. <- Confirme!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/MBAN_Remover.jpg&key=769077ac5b55019d1aad55c2d0b07156ebc821f3ed8336181e0d7fc80b826bd1" alt="MBAN_Remover.jpg" />
|- Ao concluir,clique em "Ok" -> "Ver Resultados" -> "Remover Selecionados".
|- Poste,o relatório: mbam-log-2012-xx-xx (00-00-00).txt
Abraços!
Boa Noite.
Aqui está o log.
Malwarebytes
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Versão da Base de Dados: v2012.06.14.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
gaspar :: GASPAR-PC [administrador]
14/06/2012 11:53:36
mbam-log-2012-06-14 (11-53-36).txt
Tipo de Verificação: Verificação Completa
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 271307
Tempo decorrido: 1 hora(s), 29 minuto(s), 50 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)
(fim)
Boa Noite! MasterFuxi
|- Baixe: |DelFix| ( ... de Xplode )
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/DelFix_V88.jpg&key=5ec7a08d5144b777ce14352bc4e894f1309eb5f50d73bc1432eace41fc816659" alt="DelFix_V88.jpg" />
|- Estando na página,clique na seta verde para o download. ( Seta verde! )
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/DelFix_Suppression.jpg&key=504213ed0fd7c7ffdd71bbc9a8ecfed75d167e84deb27fd5dfec08c0104c80c3" alt="DelFix_Suppression.jpg" />
|- Clique em "Suppression".
|- Poste o relatório! ( C:\DelFixSuppr.txt )
|- À seguir,para remover DelFix do seu computador,clique em "Désinstallation".
-/-
|- Seus logs estão limpos!
|- Caso,ainda,tenha violações em seu hotmail,sugiro que tenha seu E-Mail no Yahoo,que apresenta maior segurança.
Abraços!
Boa Noite.
Obrigado pela ajuda e paciência. Problema resolvido.
Aqui está o log.
DelFix
~~~~~~ Dossiers(s) ~~~~~~
Supprimé : C:\MyHosts
Supprimé : C:\ZHP
Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Supprimé : C:\Program Files\ZHPDiag
~~~~~~ Fichier(s) ~~~~~~
Supprimé : C:\PhysicalDisk0_MBR.bin
Supprimé : C:\Users\gaspar\Desktop\HiJackThis.exe
Supprimé : C:\Users\gaspar\Desktop\ZHPDiag2.exe
Supprimé : C:\Users\Public\Desktop\ZHPDiag.lnk
Supprimé : C:\Users\Public\Desktop\ZHPFix.lnk
Supprimé : C:\Users\Public\Desktop\MBRCheck.lnk
~~~~~~ Registre ~~~~~~
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
~~~~~~ Autres ~~~~~~
-> Prefetch Vidé
*************************
DelFix[s1].txt - [985 octets] - [14/06/2012 20:14:41]
########## EOF - C:\DelFix[s1].txt - [1108 octets] ##########
PROBLEMA RESOLVIDO
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Boa Noite! MasterFuxi
|- Baixe: < BankerFix 3.1 >
|- Salve-o diretamente no disco local! ( C ;D ; ... )
|- Desabilite,temporariamente,o seu antivírus.
|- Ps: Após baixar o BankerFix,não execute-o na primeira em que aparecer na tela.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/BankerFix_Iniciar.jpg&key=c6c83039cb6ecf02efeddcb608541a346cb73f7bb8e2c7f4b3da25a89d7d5191" alt="BankerFix_Iniciar.jpg" />
|- Feche a janela e abra-a,novamente,à partir do arquivo "Iniciar-BankerFix.vbs".
|- Ps: Esse arquivo ( .vbs ),fica na pasta: C:\LinhaDefensiva
|- A janela do BankerFix 3.1,abrir-se-á com a seguinte pergunta: "Instalar o Bankerfix 3.1?"
|- Clique em Sim!
|- Uma janela informando que o BankerFix 3.1 será baixado,via internet,abrir-se-á.
|- Clique OK -> Aguarde!
|- Na próxima janela,clique em OK.
|- O BankerFix 3.1 será iniciado!
|- Pressione qualquer tecla,para dar continuidade ao processo. <- Aguarde!
|- Terminado o scan,leia a mensagem na tela e aperte Enter.
|- Habilite o seu anti-vírus.
|- Retorne com o relatório do BankerFix,que estará em: C:\LinhaDefensiva\relatorio.txt
-/-
|- Baixe: | ZHPDiag2 | ºº < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/NicolasCoolman.jpg&key=31eaca9d787a5cb7b785eaca882cfe95bdd41bfffaf35086b6e7ecf044ef83cf" alt="NicolasCoolman.jpg" /> > ( ... de Nicolas Coolman )
|- Salve-o no desktop!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag2.jpg&key=178ad18b812c89ff002c2f7a6a9d26b7ea0a5b5c562a6b193a3cfe4a954dd513" alt="ZHPDiag2.jpg" />
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag_Installation.jpg&key=96a003c16d3f0c4253ed9d913f8dbccdccf05e2d319057541335ce11db36eedb" alt="ZHPDiag_Installation.jpg" />
|- Confirme todos os passos,ao instalar ZHPDiag.
|- Conclua a instalação,clicando em "Termine".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_MBRCheck.jpg&key=422695ace691aac35aeb3c90e3a6a983cfe4bf8e09e8b7c24f682693d9ed8b14" alt="ZHPDiag_MBRCheck.jpg" />
|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:
|- <1> MBRCheck
|- <2> ZHPDiag2
|- <3> ZHPFix
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_cones.jpg&key=28df64f28f8eccaf2ff09c97b834aecbbd25cab9f58be4d67df683b802f5731a" alt="ZHPDiag_cones.jpg" />
|- Clique no ícone do pergaminho. ( ZHPScript )
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Update.jpg&key=023d5cefa9a24da0bb233d6c3e9cfa2c6e9791d4b2e637615413003efcd1974c" alt="ZHPDiag_Update.jpg" />
|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )
|- Habilite todas as opções de diagnóstico,clicando em "Options".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPDiag_All.jpg&key=3039b3237721774c7ab0d572b8e334e5c59ce98a6435f488397e0b5452ea4640" alt="ZHPDiag_All.jpg" />
|- Clique em All.
|- /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_30days.jpg&key=4e2e7f7c08dde47e5d0f7001510ca78ffc8d42a4df5b5c0087e1aee884192fea" alt="ZHPDiag_30days.jpg" />
|- Clique em "Calendar" e escolha 30 dias!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Lupa.jpg&key=8c7d977ff17da07a9b2472916401a7cf33c310788cb5a2891a5ebdc78642cd4e" alt="ZHPDiag_Lupa.jpg" />
|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )
|- Ao concluir,clique em "Save Report".
|- Salve-o em um local conveniente! ( ZHPDiag.txt )
|- Ps: Não poste,diretamente,esse arquivo texto.
|- Ou envie-o à Pjjoint.malekal,clicando na seta azul! < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag_Pjjoint-1.jpg&key=e6b4e6e3b19c50d6f2496ead0bcc87ac5ce8da02d5c381929fc5543e68ca06b0" alt="ZHPDiag_Pjjoint-1.jpg" /> >
|- Ou acesse: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/wikisend.jpg&key=65a3a9fe5a04dee9ac28fea782c0c8a78b10846561445e42933a92762e7f8e99" alt="wikisend.jpg" /> >
|- Para enviar,siga o caminho: Selecionar arquivo... -> Abrir -> Upload file
|- Poste o endereço que estará em "Download link" ou "Forum link".
|- Ou acesse: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" /> >
|- Maiores informações: < |Link| >
Abraços!