Bom Dia! MasterFuxi

|- O que ocorre?

-/-

|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/OTL/otlDesktopIcon.png&key=1894e5d356219721410c3360cbf9af74877ae24ccc81ed88026fc2d95dd96a07" alt="otlDesktopIcon.png" /> > ( ... by OldTimer Tools )

|- Salve-o no desktop!
|- Duplo clique em OTL.exe >> Executar ou /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />

|- Ps: Tendo dificuldades ao executar OTL.exe,delete o arquivo e baixe-o daqui ou aqui.

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acbYKMx0.jpg&key=956637f2de1bf97f9519e151336a4238161d36fe56a7bd50d0667620da5dd24e" alt="acbYKMx0.jpg" />

|- Configure a ferramenta,segundo a screenshot!
|- Em "Exame Extra do Registro",assinale "Nenhum".

crack /s
keygen /s
serial /s
AutoKMS /s
loader /s
netsvcs
msconfig
%SYSTEMDRIVE%\.
%APPDATA%\Local\*.
%APPDATA%\*.exe /s
%APPDATA%\*.
%systemdrive%\drivers\*.exe
%USERPROFILE%\AppData\Local\.
%USERPROFILE%\AppData\Roaming\.
%systemroote%\*. /mp /s
%systemroot%\system32\drivers\. /90
%systemroot%\assembly\tmp\. /S /MD5
%systemroot%\assembly\temp\. /S /MD5
%systemroot%\assembly\GAC\. /S /MD5
%systemroot%\assembly\GAC_32\. /S /MD5
%systemroot%\assembly\GAC_64\. /S /MD5
%systemroot%\system32\config\systemprofile\AppData\Local\.
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\.
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
/md5start
services.exe
/md5stop
regedit /e c:\registrybackup.reg /c
%systemroot%\system32\tasks\. /s /64
%windir%\tasks\. /s
|- Copie estas informações que estão no Code,para o Bloco de Notas.
|- Salve-as em Meus Documentos ou desktop,com o nome scan. << Texto!
|- Clique na área "Exames Personalizados/Correções".

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acvcVUrd.jpg&key=db0fed5b23d09625588d8b5ed5b03efe9a64bb5fdd50957d617e8b044de082da" alt="acvcVUrd.jpg" />

|- Clique em Ok para procurar um arquivo com exame personalizado.
|- Clique "Abrir". ( scan.txt )

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acqlW68e.jpg&key=51d7a6c7e3539bcb6c0a92e46b99db282782947af7f9a4ce208742fee824c2e1" alt="acqlW68e.jpg" />

|- Após colar as informações na área branca,clique em /applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acng1cS9.jpg&key=fb1e02409683f8329d0b244b9220e36e79615ed69c4f8fed8fb2c273e8653d04" alt="acng1cS9.jpg" />

|- Concluindo,poste o relatório: OTL.txt << Link ao relatório!

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abmdaZsE.jpg&key=433ccdd2cd040bd965a0b2bee3887132a2fd78ca8d607165658bf45467e220f0" alt="abmdaZsE.jpg" />

|- Para enviar,acesse: < MyFile.tk >

|- Ou acesse: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" /> >

|- Maiores informações: < |Link| >

Abraços!

Olá. Só queria saber se tem alguma coisa anormal no log.

OTL

http://cjoint.com/?CAEr4Li4m8Q

Obs: Já estou ciente da memória baixa.

Boa Noite! MasterFuxi

/applications/core/interface/imageproxy/imageproxy.php?img=http://forum.imasters.com.br/public/style_images/imasters-2011/snapback.png&key=6c4595d94bb1086600237aa9845db775ed272665f16a239c5c53fcdbbbb6a3c3" alt="snapback.png" /> MasterFuxi, em 30/01/2013, disse: Obs: Já estou ciente da memória baixa.

__________

735,30 Mb Total Physical Memory | 54,91 Mb Available Physical Memory | 7,47% Memory free
__________

|- Sim!Realmente,está baixa.

-/-

|- Execute o OTL.exe.
|- Copie estas informações que estão no Code,para o campo clipboard da ferramenta. ( "Exames Personalizados/Correções" )

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.fissa.com/br/?s=h&c=12031713428&suid=Eu2QtmY2U&d=8&pid=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110808&tt=3612_4&babsrc=SP_ss&mntrId=3805bd9e000000000000000000000000
IE - HKCU\..\SearchScopes\{509489F6-6383-250E-9923-6CA2B0545982}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_pt-BRBR479
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
IE - HKCU\..\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}: "URL" = http://www.fissa.com/br/results/?s=b&c=12031713428&suid=Eu2QtmY2U&d=8&pid=&q={searchTerms}
IE - HKCU\..\SearchScopes\{F0762484-E94E-4171-A443-B08BDB266288}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MYC2&o=APN10416&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AIT&apn_dtid=^zzz002^YY^BR&apn_uid=865341e0-375c-49de-98b2-8113a5f1198f&apn_sauid=8879CDCE-5EE3-456C-988A-B577E0CBE9CA
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
O33 - MountPoints2\{cd3c72cd-ac2b-11e1-96e3-0019216aa339}\Shell - "" = AutoRun
O33 - MountPoints2\{cd3c72cd-ac2b-11e1-96e3-0019216aa339}\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2012/10/07 12:58:17 | 000,290,500 | ---- | C] () -- C:\Users\gaspar\AppData\Local\funmoods-speeddial_sf.crx
[2012/10/07 12:58:12 | 000,031,465 | ---- | C] () -- C:\Users\gaspar\AppData\Local\funmoods.crx
[1 \Users\gaspar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QOZVKAO8\.tmp files -> \Users\gaspar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QOZVKAO8\.tmp -> ]
[3 \Users\gaspar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TFW00X45\.tmp files -> \Users\gaspar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TFW00X45\.tmp -> ]

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{509489F6-6383-250E-9923-6CA2B0545982}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{509489F6-6383-250E-9923-6CA2B0545982}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F0762484-E94E-4171-A443-B08BDB266288}]

:Files
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\*.sqm
C:\Users\gaspar\AppData\Local\{*}

:Commands
[CLEARALLRESTOREPOINTS]
[purity]
[emptytemp]
[Reboot]
|- Clique no botão Consertar -> Aguarde a conclusão!

|- O computador vai reiniciar! -> Clique em "Executar".

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/OTL_RunFix.jpg&key=09e9249e416710368096f3071f572470adab328652ebc1420e14063af4dbfd77" alt="OTL_RunFix.jpg" />

|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.
|- Poste o relatório: C:\_OTL\MovedFiles\*.log

A+

Boa tarde. Aqui está:

OTL

http://cjoint.com/?CAFrx6fsO7I

Boa Tarde! MasterFuxi

|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/adwcleaner_logo.jpg&key=e2bde0dd8c13fd52e18ca6fc88e8f2d73040a387059f8bc22a53202f0de6f95f" alt="adwcleaner_logo.jpg" /> > ( ... par Xplode )

|- Ao acessar,clique na imagem: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Tlcharger.jpg&key=2319bbcd35144166c25768473f26c7f193a7ab5036b9479bd1465d8257d6f6b2" alt="AdwCleaner_Tlcharger.jpg" /> >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />
|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/AdwCleaner_Delete.jpg&key=75f446191cf36528cf6179827354e5d573f05557fda01df5a7ea91d29f5b7dee" alt="AdwCleaner_Delete.jpg" />

|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt

-/-

|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Silent.jpg&key=b108c6f3da4b9ebe004c6fc63c6e29fc4f2043056612e16f58c8a6da9600eaea" alt="ZHPDiag_Silent.jpg" /> > ( ... par Nicolas Coolman )

|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Caso utilize o Avast,estabeleça esta configuração à SandBox.
|- Para Windows Vista ou 7,clique direito e execute o arquivo como /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />
|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_4cones.jpg&key=1fa875282159446f710d915aa0f19515c10ea929b8487f1466b6ce34a529ae11" alt="ZHPDiag_4cones.jpg" />

|- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abi6rX9e.jpg&key=92c78ea35f87f8eb069ae0f2916f89217f86c2317aef892b27e6440e4dd75740" alt="abi6rX9e.jpg" />

|- Poste e/ou cole aqui,o link que será gerado,logo após o relatório.

|- Ou acesse: /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" />

|- Ou acesse: /applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abmdaZsE.jpg&key=433ccdd2cd040bd965a0b2bee3887132a2fd78ca8d607165658bf45467e220f0" alt="abmdaZsE.jpg" />

|- Maiores informações: < |Link| >

A+

Boa tarde. aqui está:

AdwCleaner

AdwCleaner v2.109 - Logfile created 01/31/2013 at 15:52:13

Updated 26/01/2013 by Xplode

Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)

User : gaspar - GASPAR-PC

Boot Mode : Normal

Running from : C:\Users\gaspar\Downloads\AdwCleaner.exe

Option [Delete]

*** [services] ***

*** [Files / Folders] ***

File Deleted : C:\END
File Deleted : C:\user.js
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\gaspar\AppData\Local\APN
Folder Deleted : C:\Users\gaspar\AppData\Roaming\Babylon
Folder Deleted : C:\Users\gaspar\AppData\Roaming\FissaSearch
Folder Deleted : C:\Windows\Installer\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}

*** [Registry] ***

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\FissaSearch
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\ProtectedSearch
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\AedgePerformanceBCN
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\Software\Classes\Installer\Features\BA172DB42E6685D4FA8808EFB370074C
Key Deleted : HKLM\Software\Classes\Installer\Products\BA172DB42E6685D4FA8808EFB370074C
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\Software\FissaSearch
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BA172DB42E6685D4FA8808EFB370074C
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}
Key Deleted : HKLM\Software\PIP

*** [internet Browsers] ***

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.56

File : C:\Users\gaspar\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.16] : urls_to_restore_on_startup = [ "hxxp://www.google.com.br/", "hxxp://searchfunmoods.com/?f=[...]
Deleted [l.4199] : urls_to_restore_on_startup = [ "hxxp://www.google.com.br/", "hxxp://searchfunmoods.com/?f=1&a[...]

*************************

AdwCleaner[s1].txt - [3955 octets] - [31/01/2013 15:52:13]

########## EOF - C:\AdwCleaner[s1].txt - [4015 octets] ##########

ZHPDiag

Quando instalei, na hora de gerar o relatório, apareceu o seguinte erro.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/iNEFbSd.jpg&key=ae72dfcdea08dbf0bccf5fd3304b0cde9285a645380dbf28ced140d10f5f8d1f" alt="iNEFbSd.jpg" />

Boa Noite! MasterFuxi

|- Verifique se ZHPDiag2,ao executar,gera relatório.

|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i48.tinypic.com/1268r49.png&key=be85c7a026af0cb092d2f868777759c6b4bd667a01f00e36e91558a667424520" alt="1268r49.png" /> > ( ... de Thisisu )

|- Salve-o no desktop!

|- Para Windows 7,clique direito em JRT.exe e execute-o como /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />

|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

|- Baixe: | ZHPDiag2 | ºº < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/NicolasCoolman.jpg&key=31eaca9d787a5cb7b785eaca882cfe95bdd41bfffaf35086b6e7ecf044ef83cf" alt="NicolasCoolman.jpg" /> > ( ... de Nicolas Coolman )

|- Salve-o no desktop!

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag2.jpg&key=178ad18b812c89ff002c2f7a6a9d26b7ea0a5b5c562a6b193a3cfe4a954dd513" alt="ZHPDiag2.jpg" />

|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag_Installation.jpg&key=96a003c16d3f0c4253ed9d913f8dbccdccf05e2d319057541335ce11db36eedb" alt="ZHPDiag_Installation.jpg" />

|- Confirme todos os passos,ao instalar ZHPDiag.

|- Conclua a instalação,clicando em "Termine".

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_MBRCheck.jpg&key=422695ace691aac35aeb3c90e3a6a983cfe4bf8e09e8b7c24f682693d9ed8b14" alt="ZHPDiag_MBRCheck.jpg" />

|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:

|- <1> MBRCheck

|- <2> ZHPDiag2

|- <3> ZHPFix

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_cones.jpg&key=28df64f28f8eccaf2ff09c97b834aecbbd25cab9f58be4d67df683b802f5731a" alt="ZHPDiag_cones.jpg" />

|- Clique no ícone do pergaminho. ( ZHPScript )

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Update.jpg&key=023d5cefa9a24da0bb233d6c3e9cfa2c6e9791d4b2e637615413003efcd1974c" alt="ZHPDiag_Update.jpg" />

|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )

|- Habilite todas as opções de diagnóstico,clicando em "Options".

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPDiag_All.jpg&key=3039b3237721774c7ab0d572b8e334e5c59ce98a6435f488397e0b5452ea4640" alt="ZHPDiag_All.jpg" />

|- Clique em All.

|- Desmarque,à seguir,as de n° O45,O61,O62,O65,O82.

|- /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_30days.jpg&key=4e2e7f7c08dde47e5d0f7001510ca78ffc8d42a4df5b5c0087e1aee884192fea" alt="ZHPDiag_30days.jpg" />

|- Clique em "Calendar" e escolha 30 dias!

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Lupa.jpg&key=8c7d977ff17da07a9b2472916401a7cf33c310788cb5a2891a5ebdc78642cd4e" alt="ZHPDiag_Lupa.jpg" />

|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )

|- Ao concluir,clique em "Save Report".

|- Ps: Salve-o em um local conveniente!

|- Anexe na sua resposta,ZHPDiag.txt. ( Coloque-o em um zip! )

|- Ps: Não poste,diretamente,esse arquivo texto.

|- Envie-o à Pjjoint.malekal,clicando na seta azul! < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag_Pjjoint-1.jpg&key=e6b4e6e3b19c50d6f2496ead0bcc87ac5ce8da02d5c381929fc5543e68ca06b0" alt="ZHPDiag_Pjjoint-1.jpg" /> >

|- Ou acesse: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" /> > ( Tire-o do zip ao enviar! )

|- Maiores informações: < |Link| >

A+

Boa tarde. Depois de ter gerado o relatório do ZHPDiag, o Google Chrome está fechando sem parar, mostrando a mensagem "Nossa! Houve uma falha no Google Chrome. Deseja reiniciar agora?"

Tive que escrever essa resposta no bloco de notas e colar no post, senão não iria conseguir. Talvez tenha acontecido algo a algum arquivo do Chrome.

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.5.8 (01.31.2013:1)

OS: Windows 7 Ultimate x86

Ran by gaspar on 01/02/2013 at 13:15:29,48

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{cc59e0f9-7e43-44fa-9faa-8377850bf205}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{cc59e0f9-7e43-44fa-9faa-8377850bf205}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\gaspar\appdata\local\downtango"

Successfully deleted: [Folder] "C:\Users\gaspar\appdata\locallow\simplytech"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 01/02/2013 at 13:21:39,77

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ZHPDiag2

http://cjoint.com/?CBbq1R40R9g

Boa Tarde! MasterFuxi

>
Boa tarde. Depois de ter gerado o relatório do ZHPDiag, o Google Chrome está fechando sem parar, mostrando a mensagem "Nossa! Houve uma falha no Google Chrome. Deseja reiniciar agora?"

Tive que escrever essa resposta no bloco de notas e colar no post, senão não iria conseguir. Talvez tenha acontecido algo a algum arquivo do Chrome.

|- Mas...ZHPDiag foi executado em modo diagnóstico e não poderia afetar o navegador. Ps: Fechou o Chrome ao executar a ferramenta?

-/-

|- Feche programas/pastas que estejam abertos.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPFix_Logo.jpg&key=e1490e388cb3365073cd3d8484ad299330f9c980ec992ca5e2d4b57fd46b5d7b" alt="ZHPFix_Logo.jpg" />

|- Dê um duplo clique em ZHPFix.

|- Selecione e copie estas informações,que estão na Quote,para o "Bloco de Notas".

>
[MD5.98B31CBC09D671DADEB7C92AEF1CBE29] - (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Users\gaspar\AppData\Roaming\VIVO INTERNET\ouc.exe [110592] [PID.2004]

O4 - Global Startup: C:\Users\gaspar\Desktop\[PSX] Castlevania.Symphony.Of.The.Night.NTSC.US - Atalho.lnk . (...) -- C:\Users\gaspar\Desktop\[PSX] Castlevania.Symphony.Of.The.Night.NTSC.US.rar (.not file.)

O43 - CFD: 16/04/2012 - 00:43:29 - [0] ----D C:\Users\gaspar\AppData\Local\Dados de aplicativos

O43 - CFD: 07/11/2012 - 11:14:15 - [0] ----D C:\Users\gaspar\AppData\Local\FLT

O43 - CFD: 16/04/2012 - 00:43:29 - [0] ----D C:\Users\gaspar\AppData\Local\Histórico

O43 - CFD: 21/01/2013 - 13:16:11 - [0] ----D C:\Users\gaspar\AppData\Local\Programs

O43 - CFD: 31/01/2013 - 14:16:42 - [0] ----D C:\Users\gaspar\AppData\Local\{68FCD0B4-F7B9-43B7-964F-4EC65004121E}

O43 - CFD: 31/01/2013 - 15:56:14 - [0] ----D C:\Users\gaspar\AppData\Local\{6F9C4449-FB6A-4EF9-AF4A-612089730E22}

O43 - CFD: 24/11/2012 - 17:44:49 - [0,013] ----D C:\Users\gaspar\AppData\Roaming\teamspeak2 => Toolbar.Conduit

O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Web Search) - [http://search.certified-toolbar.com](http://search.certified-toolbar.com) => Infection BT (Adware.Bandoo)

O87 - FAEL: "TCP Query User{94AFAC84-3939-4AF1-BB56-8D62112CC399}F:\fxpansion\guru\guru.exe" |In - Private - P6 - TRUE | .(...) -- F:\fxpansion\guru\guru.exe (.not file.)

O87 - FAEL: "UDP Query User{99B10B7B-52F5-4635-968C-B830D5ABBFDF}F:\fxpansion\guru\guru.exe" |In - Private - P17 - TRUE | .(...) -- F:\fxpansion\guru\guru.exe (.not file.)

[HKLM\Software\360Safe] => Infection Diverse (Lozavita.Troj)

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

proxyfix

emptytemp

emptyflash

firewallraz

sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
|- Minimize o Bloco de Notas.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_PasteClipboard.jpg&key=e48613cfa6f79756d0d3087d1f9470f91a4d063f3d1285295d93d87cacbfb63d" alt="ZHPDiag_PasteClipboard.jpg" />

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPFix_GO.jpg&key=558fe81face1e694faa61f1e0c3985db203e8ad910d59aa68f5da5f2fd114f02" alt="ZHPFix_GO.jpg" />

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

A+

Boa tarde. Reiniciei a máquina e o navegador voltou a funcionar normalmente.

ZHPFix

Rapport de ZHPFix 1.3.13 par Nicolas Coolman, Update du 26/01/2013

Fichier d'export Registre :
Run by gaspar at 01/02/2013 15:27:26
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

========== Memory Process ==========
DELETED Memory Process: C:\Users\gaspar\AppData\Roaming\VIVO INTERNET\ouc.exe

========== Registry Key ==========
DELETED Key: SearchScopes :{afdbddaa-5d3f-42ee-b79c-185a7020515b}
DELETED Key: HKLM\Software\360Safe

========== Registry Value ==========
NOT FOUND TCP Query User{94AFAC84-3939-4AF1-BB56-8D62112CC399}F:/fxpansion/guru/guru.exe
NOT FOUND UDP Query User{99B10B7B-52F5-4635-968C-B830D5ABBFDF}F:/fxpansion/guru/guru.exe
DELETED [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
No Value in Standard Profile Register Key FirewallRaz :
No Value in Domain Profile Register Key FirewallRaz :
DELETED FirewallRaz (Private) : TCP Query User{94AFAC84-3939-4AF1-BB56-8D62112CC399}F:\fxpansion\guru\guru.exe
DELETED FirewallRaz (Private) : UDP Query User{99B10B7B-52F5-4635-968C-B830D5ABBFDF}F:\fxpansion\guru\guru.exe
DELETED FirewallRaz (Domain) : {FC64CA27-A471-4BB2-AD58-E75FC961A5EE}
DELETED FirewallRaz (Domain) : {54C286E2-61F7-4754-9092-43C4D1B07806}
DELETED FirewallRaz (Public) : {D183F2A0-FE1C-4C64-AFFD-35E1B0A6D2CD}
DELETED FirewallRaz (Public) : {3CF81599-D2B2-4EA6-8E95-6A4954A76BAF}
DELETED FirewallRaz (Domain) : {2C0C99F8-C0FB-445C-8CC9-FCBD4D41BDDA}
DELETED FirewallRaz (Domain) : {980BA63E-4ECF-44B5-9478-2BE2272E2FA8}
DELETED FirewallRaz (Domain) : {E8340205-AF6B-4DC4-ACE1-BE172A4F7B94}
DELETED FirewallRaz (Domain) : {5B1A1AC2-6D67-4A1A-8B1E-EB34664A41FF}
DELETED FirewallRaz (Public) : {35A4B21E-9A19-4096-AEB4-C1D04FC96114}
DELETED FirewallRaz (Public) : {2ABB16A8-B3C2-4526-8FB3-EE9B581AA515}
DELETED FirewallRaz (Public) : {A86C9498-3E35-4AC0-B319-D897EBCFBF60}
DELETED FirewallRaz (Public) : {FDFD5A70-095D-451F-83FA-57D555AF2714}

========== Repertory ==========
NOT FOUND C:\Users\gaspar\AppData\Local\Dados de aplicativos
DELETED Folder: C:\Users\gaspar\AppData\Local\FLT
NOT FOUND C:\Users\gaspar\AppData\Local\Histórico
DELETED Folder: C:\Users\gaspar\AppData\Local\Programs
DELETED Folder: C:\Users\gaspar\AppData\Local\{68FCD0B4-F7B9-43B7-964F-4EC65004121E}
DELETED Folder: C:\Users\gaspar\AppData\Local\{6F9C4449-FB6A-4EF9-AF4A-612089730E22}
DELETED Folder: C:\Users\gaspar\AppData\Roaming\teamspeak2
DELETED Window Temporary:
DELETED Flash Cookies:

========== File ==========
DELETED File***: c:\users\gaspar\appdata\roaming\vivo internet\ouc.exe
DELETED c:\users\gaspar\desktop\[psx] castlevania.symphony.of.the.night.ntsc.us - atalho.lnk
NOT FOUND File: c:\users\gaspar\desktop\[psx] castlevania.symphony.of.the.night.ntsc.us.rar (.not file.)
DELETED Window Temporary:
DELETED Flash Cookies:

========== Restoration ==========
Restore System Point created succefully

========== Summary ==========
1 : Memory Process
2 : Registry Key
25 : Registry Value
9 : Repertory
5 : File
1 : Restoration

End of clean in 01mn 31s

========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 01/02/2013 15:27:29 [3300]

Boa Tarde! MasterFuxi

|- Poste HijackThis atualizado!

A+

Boa tarde. Aqui está:

HiJackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:08:24, on 01/02/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\System32\VTTimer.exe
C:\Windows\System32\VTTrayp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\mmrtkrnl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\gaspar\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\gaspar\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\gaspar\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - Startup: Dropbox.lnk = gaspar\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{61FA8882-2F70-4DEE-8D1F-C1C7CCE6127A}: NameServer = 200.222.122.134 200.165.132.155
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

--
End of file - 6002 bytes

Boa Noite! MasterFuxi

|- Abra o HijackThis.

|- Clique: Do a system scan only

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

|- Marque esta entrada àcima.

|- Clique,para finalizá-la,em Fix checked >> Sim!

-/-

|- Estando tudo Ok,remova as ferramentas que foram utilizadas!

|- Abra o OTL.exe >> Clique /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/OTL_Limpeza_zps0873a931.jpg&key=35973ade82d4285d157a0ba42d971b40c802a13fdd7f3865224dae3b71ebb683" alt="OTL_Limpeza_zps0873a931.jpg" />

|- Confirme essa solicitação!

|- Aceite o reboot!

|- Seus logs estão limpos!

A+

Boa noite. Obrigado pela ajuda.

Problema resolvido!

PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.