[Resolvido] &nbspE-mail infectado enviando vírus/spam

[MasterFuxi 0]

Olá. Meu email está enviando spam para todos os contatos, e minha conta está para ser bloqueada.

 

Aqui está o log.

 

HiJackThis

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:39:11, on 12/06/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\SOUNDMAN.EXE

C:\Windows\System32\VTTimer.exe

C:\Windows\System32\VTTrayp.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Free Download Manager\fdm.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Users\gaspar\AppData\Roaming\VIVO INTERNET\ouc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wuauclt.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gaspar\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [VModes] VModes UpdateRegistryOnly

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Users\gaspar\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\..\{61FA8882-2F70-4DEE-8D1F-C1C7CCE6127A}: NameServer = 200.222.122.134 200.165.132.155

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

 

--

End of file - 5590 bytes

[DigRam 144]

Boa Noite! MasterFuxi

 

|- Baixe: < BankerFix 3.1 >

|- Salve-o diretamente no disco local! ( C ;D ; ... )

|- Desabilite,temporariamente,o seu antivírus.

|- Ps: Após baixar o BankerFix,não execute-o na primeira em que aparecer na tela.

 

 

|- Feche a janela e abra-a,novamente,à partir do arquivo "Iniciar-BankerFix.vbs".

|- Ps: Esse arquivo ( .vbs ),fica na pasta: C:\LinhaDefensiva

|- A janela do BankerFix 3.1,abrir-se-á com a seguinte pergunta: "Instalar o Bankerfix 3.1?"

|- Clique em Sim!

|- Uma janela informando que o BankerFix 3.1 será baixado,via internet,abrir-se-á.

|- Clique OK -> Aguarde!

|- Na próxima janela,clique em OK.

|- O BankerFix 3.1 será iniciado!

|- Pressione qualquer tecla,para dar continuidade ao processo. <- Aguarde!

|- Terminado o scan,leia a mensagem na tela e aperte Enter.

|- Habilite o seu anti-vírus.

|- Retorne com o relatório do BankerFix,que estará em: C:\LinhaDefensiva\relatorio.txt

 

-/-

 

|- Baixe: | ZHPDiag2 | *ºº* < > ( ... de Nicolas Coolman )

 

|- Salve-o no desktop!

 

 

|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

 

 

|- Confirme todos os passos,ao instalar ZHPDiag.

|- Conclua a instalação,clicando em "Termine".

 

 

|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:

 

|- <1> MBRCheck

|- <2> ZHPDiag2

|- <3> ZHPFix

 

 

|- Clique no ícone do pergaminho. ( ZHPScript )

 

 

|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )

|- Habilite todas as opções de diagnóstico,clicando em "Options".

 

 

|- Clique em All.

 

|-

 

|- Clique em "Calendar" e escolha 30 dias!

 

 

|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )

|- Ao concluir,clique em "Save Report".

|- Salve-o em um local conveniente! ( ZHPDiag.txt )

|- Ps: Não poste,diretamente,esse arquivo texto.

 

|- Ou envie-o à Pjjoint.malekal,clicando na seta azul! < >

 

|- Ou acesse: < >

 

|- Para enviar,siga o caminho: Selecionar arquivo... -> Abrir -> Upload file

|- Poste o endereço que estará em "Download link" ou "Forum link".

 

|- Ou acesse: < >

 

|- Maiores informações: < |Link| >

 

Abraços!

[MasterFuxi 0]

Olá.

 

Aqui estão os logs.

 

BankerFix

 

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2012-06-13 - 10:31

-------------------------------------------------------

Lista de Definição: 2012-03-19-1 | CORE: 2012-01-27-1

=======================================================

 

IP malicioso encontrado no hosts:

 

IP malicioso encontrado no hosts:

 

IP malicioso encontrado no hosts:

 

IP malicioso encontrado no hosts:

 

IP malicioso encontrado no hosts:

 

IP malicioso encontrado no hosts:

 

 

 

----- Fim -------------------------

 

 

ZHPDiag

 

http://cjoint.com/?BFnp7oSHvrz

[DigRam 144]

Bom Dia! MasterFuxi

 

|- Feche programas/pastas que estejam abertos.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

 

 

|- Dê um duplo clique em ZHPFix.

|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

 

[MD5.98B31CBC09D671DADEB7C92AEF1CBE29] - (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Users\gaspar\AppData\Roaming\VIVO INTERNET\ouc.exe [110592] [PID.320]

O43 - CFD: 23/05/2012 - 00:28:32 - [0] ----D C:\Users\gaspar\AppData\Local\{00607571-AC77-4B95-9A97-E166F875E08D}

O43 - CFD: 29/05/2012 - 00:51:32 - [0] ----D C:\Users\gaspar\AppData\Local\{029145DE-C1AF-41D2-9129-18B6F2007D64}

O43 - CFD: 19/04/2012 - 18:03:48 - [0] ----D C:\Users\gaspar\AppData\Local\{03D6E76C-3584-4349-8E5F-526A7FE4DC6B}

O43 - CFD: 09/05/2012 - 03:05:57 - [0] ----D C:\Users\gaspar\AppData\Local\{03FB6F91-EEB8-4A79-B481-AB9B0F9F6DB7}

O43 - CFD: 02/06/2012 - 12:35:10 - [0] ----D C:\Users\gaspar\AppData\Local\{04FF714D-B678-4DB9-88B1-46B71CC78754}

O43 - CFD: 20/05/2012 - 09:28:34 - [0] ----D C:\Users\gaspar\AppData\Local\{0549E382-1124-4F11-BE4D-C477D301A77C}

O43 - CFD: 17/04/2012 - 11:13:13 - [0] ----D C:\Users\gaspar\AppData\Local\{062E16D0-A2EF-40E4-9274-ED592D8E323E}

O43 - CFD: 12/05/2012 - 10:54:17 - [0] ----D C:\Users\gaspar\AppData\Local\{07D94CF4-13CC-4316-BAF2-805CD8CCC87D}

O43 - CFD: 16/04/2012 - 19:49:33 - [0] ----D C:\Users\gaspar\AppData\Local\{0C42CE57-E6D6-4EC2-B690-45E116F96448}

O43 - CFD: 20/04/2012 - 17:47:35 - [0] ----D C:\Users\gaspar\AppData\Local\{0CDCBEFC-1E21-43B8-9F42-6F622FF42D58}

O43 - CFD: 17/05/2012 - 11:26:36 - [0] ----D C:\Users\gaspar\AppData\Local\{0E87468B-6C7A-423E-A4EE-7ED42CF1E438}

O43 - CFD: 24/04/2012 - 23:54:23 - [0] ----D C:\Users\gaspar\AppData\Local\{0EA6E3CF-26DE-4C33-B53C-3C296486FC16}

O43 - CFD: 04/05/2012 - 12:04:19 - [0] ----D C:\Users\gaspar\AppData\Local\{105ACAF9-AEFA-4EC0-AD87-F186D9C76D84}

O43 - CFD: 24/05/2012 - 01:57:02 - [0] ----D C:\Users\gaspar\AppData\Local\{107787DA-2343-4D5E-895B-6E1437CA701D}

O43 - CFD: 31/05/2012 - 10:44:43 - [0] ----D C:\Users\gaspar\AppData\Local\{108D12F7-A275-4E9A-B93D-C01446EE1A6A}

O43 - CFD: 19/04/2012 - 23:33:42 - [0] ----D C:\Users\gaspar\AppData\Local\{11EF0AF7-C40A-4707-89EC-46F6F9DB58DE}

O43 - CFD: 11/06/2012 - 01:25:38 - [0] ----D C:\Users\gaspar\AppData\Local\{1494B52F-F3B9-4CC9-94FA-681DB66815A7}

O43 - CFD: 16/04/2012 - 02:55:42 - [0] ----D C:\Users\gaspar\AppData\Local\{1717A59C-DBBF-47ED-90E9-6BA896E5118A}

O43 - CFD: 25/05/2012 - 11:01:39 - [0] ----D C:\Users\gaspar\AppData\Local\{19147EA2-26C8-4D3A-BE18-9C3F0F8E91A7}

O43 - CFD: 02/05/2012 - 01:31:13 - [0] ----D C:\Users\gaspar\AppData\Local\{1A41BB43-7C40-496B-AC2A-D7B45114377B}

O43 - CFD: 22/04/2012 - 00:38:06 - [0] ----D C:\Users\gaspar\AppData\Local\{1AF02015-6F39-4D8A-A0F2-9DE147C0970C}

O43 - CFD: 11/06/2012 - 01:26:04 - [0] ----D C:\Users\gaspar\AppData\Local\{1DD1E525-58A8-4518-B89F-021D0ABCF114}

O43 - CFD: 30/05/2012 - 01:22:07 - [0] ----D C:\Users\gaspar\AppData\Local\{1E081168-3DF9-44CE-9BFB-7C15F63F2C2D}

O43 - CFD: 04/06/2012 - 11:09:20 - [0] ----D C:\Users\gaspar\AppData\Local\{1EE81692-B5A8-4354-BBBD-1A960A8588CD}

O43 - CFD: 12/06/2012 - 02:39:25 - [0] ----D C:\Users\gaspar\AppData\Local\{2035B707-AA10-4D2A-BF6F-04497F7CECC3}

O43 - CFD: 08/06/2012 - 09:44:37 - [0] ----D C:\Users\gaspar\AppData\Local\{2053C11B-DC35-4B10-91CA-06E2D720E60D}

O43 - CFD: 16/04/2012 - 18:52:56 - [0] ----D C:\Users\gaspar\AppData\Local\{23A51A09-8E53-4AFF-87D6-2EF8F3A77FCD}

O43 - CFD: 03/05/2012 - 01:33:59 - [0] ----D C:\Users\gaspar\AppData\Local\{247F4E72-B032-4048-938E-E8D5F2C8D9BC}

O43 - CFD: 17/05/2012 - 23:56:19 - [0] ----D C:\Users\gaspar\AppData\Local\{27890668-11BE-4330-A2CD-C10AB89295F9}

O43 - CFD: 01/06/2012 - 17:54:01 - [0] ----D C:\Users\gaspar\AppData\Local\{28E3751B-C5E7-405A-8FF9-8252E0A5C446}

O43 - CFD: 20/05/2012 - 17:12:29 - [0] ----D C:\Users\gaspar\AppData\Local\{2CA5E933-B6F1-4FEA-9728-B30B29D900A0}

O43 - CFD: 05/05/2012 - 12:11:29 - [0] ----D C:\Users\gaspar\AppData\Local\{2EDA8FA7-753B-46F7-945C-492E8C19A424}

O43 - CFD: 10/05/2012 - 01:52:07 - [0] ----D C:\Users\gaspar\AppData\Local\{2F3F9A9F-981A-4601-948A-30641D5F1D9E}

O43 - CFD: 25/05/2012 - 11:01:33 - [0] ----D C:\Users\gaspar\AppData\Local\{33D1DDF2-7103-41FF-A39D-2675D343B353}

O43 - CFD: 17/05/2012 - 23:56:38 - [0] ----D C:\Users\gaspar\AppData\Local\{34B2DE60-FE45-4CE9-9201-9ED886A3A7FD}

O43 - CFD: 29/05/2012 - 00:51:43 - [0] ----D C:\Users\gaspar\AppData\Local\{34E0079B-12D2-4E80-8F45-3CFA27B9C248}

O43 - CFD: 19/05/2012 - 14:27:38 - [0] ----D C:\Users\gaspar\AppData\Local\{358C626E-C620-4B02-8B65-91E6277F128E}

O43 - CFD: 24/04/2012 - 01:51:33 - [0] ----D C:\Users\gaspar\AppData\Local\{39B31ED0-4DFE-431B-9BA1-0A4B51A434B8}

O43 - CFD: 11/05/2012 - 13:40:54 - [0] ----D C:\Users\gaspar\AppData\Local\{3A701CA3-34EA-4673-A2C3-5FEDB2CCF1AF}

O43 - CFD: 10/05/2012 - 01:52:18 - [0] ----D C:\Users\gaspar\AppData\Local\{3C0472E3-6244-4ED1-9B22-CE8F863F9F14}

O43 - CFD: 09/06/2012 - 10:10:54 - [0] ----D C:\Users\gaspar\AppData\Local\{3C39FC48-CDCD-4D32-A4E7-F249047F788B}

O43 - CFD: 22/04/2012 - 21:52:00 - [0] ----D C:\Users\gaspar\AppData\Local\{3CF64400-7912-4B03-8CE9-9431532C2A0B}

O43 - CFD: 25/04/2012 - 11:55:09 - [0] ----D C:\Users\gaspar\AppData\Local\{3DD50EAC-906D-43A8-AE7F-043A3B0F215D}

O43 - CFD: 26/04/2012 - 01:25:54 - [0] ----D C:\Users\gaspar\AppData\Local\{3EE4B7C9-5AC2-43F6-9DE9-4BBF9A9B2E9A}

O43 - CFD: 17/04/2012 - 22:42:54 - [0] ----D C:\Users\gaspar\AppData\Local\{40D1BB83-2F9A-482E-B30C-6EB1162DE4B3}

O43 - CFD: 13/05/2012 - 10:39:21 - [0] ----D C:\Users\gaspar\AppData\Local\{4139B941-85A6-4B07-AFB1-979E72FD941B}

O43 - CFD: 18/04/2012 - 23:43:22 - [0] ----D C:\Users\gaspar\AppData\Local\{414A49CC-0917-4A50-BDDD-1D633E9C0FBE}

O43 - CFD: 20/04/2012 - 15:51:50 - [0] ----D C:\Users\gaspar\AppData\Local\{46F150C1-903B-4351-8965-65D5802ECE69}

O43 - CFD: 11/05/2012 - 22:53:17 - [0] ----D C:\Users\gaspar\AppData\Local\{49F00E22-2F29-456C-8A23-C63174C3E3D8}

O43 - CFD: 02/05/2012 - 01:31:23 - [0] ----D C:\Users\gaspar\AppData\Local\{4CCAFDC1-168A-41C7-91B9-DF0907C33C0C}

O43 - CFD: 22/04/2012 - 00:38:16 - [0] ----D C:\Users\gaspar\AppData\Local\{4E3A6E67-CA29-4986-B80B-210F40575A85}

O43 - CFD: 21/04/2012 - 04:46:11 - [0] ----D C:\Users\gaspar\AppData\Local\{4EA6DAC1-3ED9-4058-BBE0-4FD55A32032C}

O43 - CFD: 06/06/2012 - 00:28:43 - [0] ----D C:\Users\gaspar\AppData\Local\{4F95BE3A-E660-4D48-8E7F-DD9C25330AA2}

O43 - CFD: 08/06/2012 - 09:44:52 - [0] ----D C:\Users\gaspar\AppData\Local\{50EA9D85-A045-4407-BB44-3C12CAEE60CF}

O43 - CFD: 17/04/2012 - 10:36:31 - [0] ----D C:\Users\gaspar\AppData\Local\{536F7950-0B38-4628-AC71-A254119AD7BD}

O43 - CFD: 16/04/2012 - 18:44:31 - [0] ----D C:\Users\gaspar\AppData\Local\{568E5E19-414F-4CEF-A4D5-ABC644E9EEAC}

O43 - CFD: 03/06/2012 - 23:05:56 - [0] ----D C:\Users\gaspar\AppData\Local\{56CB6019-1288-4BC1-B50C-CF7053ADA782}

O43 - CFD: 19/04/2012 - 23:33:29 - [0] ----D C:\Users\gaspar\AppData\Local\{57BEF99F-981B-485A-BAE2-A0D7AD36A5E9}

O43 - CFD: 03/06/2012 - 21:23:57 - [0] ----D C:\Users\gaspar\AppData\Local\{57D555AC-E4CC-470F-AD81-6343C7D9CD11}

O43 - CFD: 27/04/2012 - 01:27:36 - [0] ----D C:\Users\gaspar\AppData\Local\{58B9A8A6-9BCE-4DCE-A86B-FF7DF7C42D31}

O43 - CFD: 20/04/2012 - 15:11:18 - [0] ----D C:\Users\gaspar\AppData\Local\{5AB1310A-72F1-4BE0-A339-32521A15A400}

O43 - CFD: 28/05/2012 - 11:58:34 - [0] ----D C:\Users\gaspar\AppData\Local\{5B8F6C83-CA54-4E16-8DCB-C0BD36E243B1}

O43 - CFD: 03/06/2012 - 01:20:18 - [0] ----D C:\Users\gaspar\AppData\Local\{5C0F09CC-3AC8-4CE0-977E-E49042D70EF5}

O43 - CFD: 04/05/2012 - 11:55:44 - [0] ----D C:\Users\gaspar\AppData\Local\{5C1DD387-F088-4E78-AF4E-6C2461AF578A}

O43 - CFD: 17/05/2012 - 11:26:40 - [0] ----D C:\Users\gaspar\AppData\Local\{5C5B8422-62CB-4C6B-9CFE-1A6C90787C64}

O43 - CFD: 21/05/2012 - 01:23:24 - [0] ----D C:\Users\gaspar\AppData\Local\{5DB61D80-D775-4E57-9A68-0389796D47AB}

O43 - CFD: 11/05/2012 - 22:53:33 - [0] ----D C:\Users\gaspar\AppData\Local\{5FC5EBB6-2506-40AC-8B23-18AF93D23ABB}

O43 - CFD: 08/05/2012 - 13:09:01 - [0] ----D C:\Users\gaspar\AppData\Local\{5FEBA1C8-1E8D-4C55-BCBD-0197C63C0F22}

O43 - CFD: 04/05/2012 - 14:57:57 - [0] ----D C:\Users\gaspar\AppData\Local\{60122FC6-2EE6-42AE-A95A-8FFFFD4ADE37}

O43 - CFD: 16/04/2012 - 21:16:30 - [0] ----D C:\Users\gaspar\AppData\Local\{60B2E7CB-E27C-4176-9A94-FA7ECBDCD1BF}

O43 - CFD: 18/04/2012 - 23:43:21 - [0] ----D C:\Users\gaspar\AppData\Local\{62384DBE-5879-45AA-8D6C-8F7025DCFA61}

O43 - CFD: 17/04/2012 - 10:10:59 - [0] ----D C:\Users\gaspar\AppData\Local\{62509D6C-1EF6-47D5-9944-E6969F5DB637}

O43 - CFD: 02/06/2012 - 12:35:04 - [0] ----D C:\Users\gaspar\AppData\Local\{660BD70F-8FB3-4A91-A698-FEF3A55B67CA}

O43 - CFD: 06/06/2012 - 21:44:02 - [0] ----D C:\Users\gaspar\AppData\Local\{67E83EE0-9DEB-4631-ABB6-A9A725BCEA59}

O43 - CFD: 19/04/2012 - 09:38:17 - [0] ----D C:\Users\gaspar\AppData\Local\{6812D102-23F1-4F7D-A515-D2F1753B6928}

O43 - CFD: 27/05/2012 - 23:47:37 - [0] ----D C:\Users\gaspar\AppData\Local\{6852B2A2-C8ED-44E7-9820-63CA0D5A3205}

O43 - CFD: 07/05/2012 - 23:39:18 - [0] ----D C:\Users\gaspar\AppData\Local\{69831CA5-D810-4DB6-ACEF-81DB0F57AEEE}

O43 - CFD: 18/05/2012 - 18:46:36 - [0] ----D C:\Users\gaspar\AppData\Local\{6AA4118D-6590-403C-A8E8-F3847FDB85F7}

O43 - CFD: 27/04/2012 - 17:56:31 - [0] ----D C:\Users\gaspar\AppData\Local\{6CE28542-DB50-4E33-9073-D37EF280A777}

O43 - CFD: 12/06/2012 - 02:39:14 - [0] ----D C:\Users\gaspar\AppData\Local\{6DE002B9-B62D-4302-B40C-BCBB547B6F9D}

O43 - CFD: 02/05/2012 - 13:31:53 - [0] ----D C:\Users\gaspar\AppData\Local\{729A03E3-B311-4CFC-A2A3-1872CDBD392D}

O43 - CFD: 16/04/2012 - 00:59:53 - [0] ----D C:\Users\gaspar\AppData\Local\{73D908D5-3D74-4A72-A8B7-81E28B37A6F2}

O43 - CFD: 19/05/2012 - 19:14:45 - [0] ----D C:\Users\gaspar\AppData\Local\{7A107F75-CEA4-4333-A328-EB9DE6C056B6}

O43 - CFD: 07/05/2012 - 23:39:51 - [0] ----D C:\Users\gaspar\AppData\Local\{7A9AA16D-C54B-4653-ADF4-A3F3332638D7}

O43 - CFD: 16/04/2012 - 20:51:41 - [0] ----D C:\Users\gaspar\AppData\Local\{7D398888-9512-434C-8567-47DCE3A40DB8}

O43 - CFD: 22/05/2012 - 13:21:28 - [0] ----D C:\Users\gaspar\AppData\Local\{7DE69209-757E-4A33-9064-D9B9C8D53EA5}

O43 - CFD: 27/05/2012 - 23:47:27 - [0] ----D C:\Users\gaspar\AppData\Local\{7FAF264D-66B7-44E0-8A0C-918A897787C3}

O43 - CFD: 07/06/2012 - 11:44:32 - [0] ----D C:\Users\gaspar\AppData\Local\{835E39C7-5EAB-4273-942D-9A206FD6BFB7}

O43 - CFD: 10/06/2012 - 13:24:38 - [0] ----D C:\Users\gaspar\AppData\Local\{8653AF30-0B63-43E4-BD90-DDE9A4F26B7D}

O43 - CFD: 23/04/2012 - 13:45:43 - [0] ----D C:\Users\gaspar\AppData\Local\{8670205C-D946-499C-9DB4-266D5F5C7626}

O43 - CFD: 16/04/2012 - 18:49:09 - [0] ----D C:\Users\gaspar\AppData\Local\{86E53AF4-A2DE-4130-9E6A-8222E815F771}

O43 - CFD: 26/04/2012 - 13:27:05 - [0] ----D C:\Users\gaspar\AppData\Local\{87FABFFF-FFB2-4910-BA1A-52F71785BE40}

O43 - CFD: 11/05/2012 - 11:59:37 - [0] ----D C:\Users\gaspar\AppData\Local\{8B379BD0-D819-4838-966B-007F2F61AC47}

O43 - CFD: 03/06/2012 - 23:06:09 - [0] ----D C:\Users\gaspar\AppData\Local\{8C083E6C-12B7-402C-B56B-A591C26FC769}

O43 - CFD: 21/04/2012 - 02:27:57 - [0] ----D C:\Users\gaspar\AppData\Local\{8D01306A-72D6-4D6A-B77A-A4B240241A52}

O43 - CFD: 21/04/2012 - 15:00:48 - [0] ----D C:\Users\gaspar\AppData\Local\{8ED33E02-BE6F-4C73-AC9D-7BFF7071513F}

O43 - CFD: 14/05/2012 - 00:14:22 - [0] ----D C:\Users\gaspar\AppData\Local\{9149640A-48B8-49F1-8EF8-ADAC1FA5AF14}

O43 - CFD: 12/06/2012 - 16:25:04 - [0] ----D C:\Users\gaspar\AppData\Local\{918602A2-F161-422B-9740-E573A8A907E2}

O43 - CFD: 16/04/2012 - 20:11:33 - [0] ----D C:\Users\gaspar\AppData\Local\{939EE0DF-FCD1-4CE6-B8FF-D1FB35E3CBFA}

O43 - CFD: 25/04/2012 - 11:54:53 - [0] ----D C:\Users\gaspar\AppData\Local\{94773467-B621-4915-BA0D-266457A29E25}

O43 - CFD: 09/05/2012 - 03:05:46 - [0] ----D C:\Users\gaspar\AppData\Local\{9629D3E1-241A-48D1-9C54-AC79CDB4CC22}

O43 - CFD: 03/06/2012 - 17:14:03 - [0] ----D C:\Users\gaspar\AppData\Local\{96EF6CA9-9950-4B18-941D-02350A6EC68C}

O43 - CFD: 15/05/2012 - 12:35:48 - [0] ----D C:\Users\gaspar\AppData\Local\{972AA802-83EC-4BFD-8761-AE9BF8C51051}

O43 - CFD: 20/04/2012 - 22:04:04 - [0] ----D C:\Users\gaspar\AppData\Local\{992B74A5-8336-44C3-AF7D-4CE19C2F0761}

O43 - CFD: 05/06/2012 - 01:38:33 - [0] ----D C:\Users\gaspar\AppData\Local\{995882BA-1B7D-4223-A884-148F0A10C77D}

O43 - CFD: 20/05/2012 - 12:09:02 - [0] ----D C:\Users\gaspar\AppData\Local\{9A0FAE81-621A-419B-81A2-11A79EE5EC77}

O43 - CFD: 24/04/2012 - 01:51:21 - [0] ----D C:\Users\gaspar\AppData\Local\{9C784AD3-C7E9-47EB-84DD-495E0C6F4F2E}

O43 - CFD: 02/05/2012 - 13:32:04 - [0] ----D C:\Users\gaspar\AppData\Local\{9CD85368-CAC9-4BF3-8F6A-C38D9330E0F1}

O43 - CFD: 30/04/2012 - 10:36:14 - [0] ----D C:\Users\gaspar\AppData\Local\{9FB93ABB-CB20-400D-949E-F123B4102F42}

O43 - CFD: 27/04/2012 - 01:27:48 - [0] ----D C:\Users\gaspar\AppData\Local\{A22E6256-95A1-4BF5-B38F-B4EFC11E8DF5}

O43 - CFD: 07/05/2012 - 01:56:30 - [0] ----D C:\Users\gaspar\AppData\Local\{A27CB6A5-7ADA-4F8D-9184-19A906B183AE}

O43 - CFD: 28/04/2012 - 10:05:03 - [0] ----D C:\Users\gaspar\AppData\Local\{A4DB7620-5E4F-406D-A372-1DAD6319E9C3}

O43 - CFD: 21/04/2012 - 14:48:12 - [0] ----D C:\Users\gaspar\AppData\Local\{A5DCC6A7-B56A-4256-80F9-C02356E43528}

O43 - CFD: 17/04/2012 - 22:50:17 - [0] ----D C:\Users\gaspar\AppData\Local\{A8FA7538-572C-47B8-B6EA-691D54E68D4F}

O43 - CFD: 17/04/2012 - 11:52:28 - [0] ----D C:\Users\gaspar\AppData\Local\{A91D990F-BAEA-4FD5-9874-A45DAD98F323}

O43 - CFD: 05/06/2012 - 01:38:46 - [0] ----D C:\Users\gaspar\AppData\Local\{AA9A2B3F-CA94-4065-B1A0-348CCDC3CC2C}

O43 - CFD: 24/05/2012 - 01:56:50 - [0] ----D C:\Users\gaspar\AppData\Local\{AB592CCB-BFD9-4423-951C-2445DA1F4297}

O43 - CFD: 27/05/2012 - 03:30:31 - [0] ----D C:\Users\gaspar\AppData\Local\{AE1750A5-46DC-43AB-A455-4F02396EC532}

O43 - CFD: 31/05/2012 - 12:24:08 - [0] ----D C:\Users\gaspar\AppData\Local\{B0FB751D-6E22-40AC-89A8-948BB8AA1CC2}

O43 - CFD: 21/04/2012 - 11:54:21 - [0] ----D C:\Users\gaspar\AppData\Local\{B319912F-1BD7-4387-B3DC-ADB8D2535FB0}

O43 - CFD: 10/06/2012 - 01:23:40 - [0] ----D C:\Users\gaspar\AppData\Local\{B6E73BF4-AC71-4024-AAF3-BE9B71E36C8A}

O43 - CFD: 03/05/2012 - 01:33:08 - [0] ----D C:\Users\gaspar\AppData\Local\{B9B2B0E8-1B54-43FE-9684-6DA667EF0BE3}

O43 - CFD: 13/06/2012 - 10:20:54 - [0] ----D C:\Users\gaspar\AppData\Local\{BC5B6845-8712-4241-8609-838AA0A09A29}

O43 - CFD: 16/04/2012 - 02:52:13 - [0] ----D C:\Users\gaspar\AppData\Local\{BCABED0A-C12B-49BF-9609-8EA17280F3B2}

O43 - CFD: 06/06/2012 - 00:28:55 - [0] ----D C:\Users\gaspar\AppData\Local\{BCED9F4C-8E54-4E46-BB33-A733CC385B79}

O43 - CFD: 14/05/2012 - 00:14:11 - [0] ----D C:\Users\gaspar\AppData\Local\{BDDE5297-7473-49B2-A96C-EC7F118A0014}

O43 - CFD: 17/05/2012 - 11:55:21 - [0] ----D C:\Users\gaspar\AppData\Local\{BF13847E-8493-4D8A-A39E-3CAC4EB3E959}

O43 - CFD: 29/04/2012 - 10:20:26 - [0] ----D C:\Users\gaspar\AppData\Local\{C126A8BA-B5F4-47F3-BC62-77001F90710D}

O43 - CFD: 23/05/2012 - 00:29:00 - [0] ----D C:\Users\gaspar\AppData\Local\{C13DD9C1-5493-47D0-BB54-A8D19D2B0C2F}

O43 - CFD: 26/04/2012 - 01:26:05 - [0] ----D C:\Users\gaspar\AppData\Local\{C39AE456-3D42-4C57-AD7C-1ADA7D67D34C}

O43 - CFD: 16/05/2012 - 00:19:46 - [0] ----D C:\Users\gaspar\AppData\Local\{C471A3A2-1735-4F62-A745-6120535D952B}

O43 - CFD: 07/05/2012 - 01:56:44 - [0] ----D C:\Users\gaspar\AppData\Local\{C4FA5CD5-CF7D-4491-B6FD-AC9E5790FD7B}

O43 - CFD: 16/04/2012 - 01:00:49 - [0] ----D C:\Users\gaspar\AppData\Local\{C73F1A4E-9F88-4B18-9FF2-DD784FE673A3}

O43 - CFD: 24/05/2012 - 16:34:47 - [0] ----D C:\Users\gaspar\AppData\Local\{C793CE04-25D7-4AC6-B71C-4B80B659DE56}

O43 - CFD: 18/04/2012 - 10:51:10 - [0] ----D C:\Users\gaspar\AppData\Local\{C92C7316-0411-40B8-A3A1-C4C196ACE205}

O43 - CFD: 08/05/2012 - 15:04:05 - [0] ----D C:\Users\gaspar\AppData\Local\{CC9819FF-1F93-445A-828E-3AE331F42DFF}

O43 - CFD: 03/06/2012 - 13:36:40 - [0] ----D C:\Users\gaspar\AppData\Local\{CCC72B6A-3769-4A86-BADA-6E1EC318162C}

O43 - CFD: 23/04/2012 - 13:47:00 - [0] ----D C:\Users\gaspar\AppData\Local\{CE037391-2A5C-4E24-A4EF-651AE4F417C9}

O43 - CFD: 19/05/2012 - 11:28:11 - [0] ----D C:\Users\gaspar\AppData\Local\{D1A7B2A6-D741-46E6-A3F8-BED8B52ED385}

O43 - CFD: 08/05/2012 - 15:03:21 - [0] ----D C:\Users\gaspar\AppData\Local\{D2DBA722-08B2-42FA-849C-0DF2B9E9E1C8}

O43 - CFD: 16/05/2012 - 00:19:28 - [0] ----D C:\Users\gaspar\AppData\Local\{D40071FA-6EED-452C-93DD-43EE5F71C0B8}

O43 - CFD: 10/06/2012 - 13:24:54 - [0] ----D C:\Users\gaspar\AppData\Local\{D72566FC-26A3-44B7-980F-7044610D3468}

O43 - CFD: 10/06/2012 - 01:23:55 - [0] ----D C:\Users\gaspar\AppData\Local\{D73A94B3-BCE6-4166-BFA3-2FCA6B4EAA8B}

O43 - CFD: 24/04/2012 - 23:54:12 - [0] ----D C:\Users\gaspar\AppData\Local\{D9348F90-CF7F-4875-87FB-DBA62F0FF54C}

O43 - CFD: 21/05/2012 - 01:23:34 - [0] ----D C:\Users\gaspar\AppData\Local\{DA9ADEB8-A1DF-4ADA-9001-114AD4A1C812}

O43 - CFD: 17/04/2012 - 22:50:28 - [0] ----D C:\Users\gaspar\AppData\Local\{E442B907-18C4-40CF-A002-18291D402B30}

O43 - CFD: 27/05/2012 - 03:30:43 - [0] ----D C:\Users\gaspar\AppData\Local\{E62E0B99-C883-464B-812A-EEFCBE090B48}

O43 - CFD: 30/05/2012 - 01:22:27 - [0] ----D C:\Users\gaspar\AppData\Local\{E845442A-2701-448B-BCDE-BD50CCAABF5E}

O43 - CFD: 12/05/2012 - 10:54:38 - [0] ----D C:\Users\gaspar\AppData\Local\{EA13275A-0C2D-47DB-94AD-FADA8ED9DAF8}

O43 - CFD: 18/04/2012 - 10:51:20 - [0] ----D C:\Users\gaspar\AppData\Local\{EA4F577C-8141-4D56-8056-C43949F74E86}

O43 - CFD: 03/06/2012 - 02:58:50 - [0] ----D C:\Users\gaspar\AppData\Local\{EABDD91B-6EEB-45C4-988A-FA260EF827F9}

O43 - CFD: 22/05/2012 - 00:23:40 - [0] ----D C:\Users\gaspar\AppData\Local\{EC88FB0A-4236-47EB-8CC4-F100C6C8C9CD}

O43 - CFD: 06/05/2012 - 14:02:58 - [0] ----D C:\Users\gaspar\AppData\Local\{ECB1A593-749E-4DFF-A85A-A562781BE32E}

O43 - CFD: 15/05/2012 - 00:42:14 - [0] ----D C:\Users\gaspar\AppData\Local\{EF2220B5-09F7-4F08-A0ED-35320C0A631D}

O43 - CFD: 19/05/2012 - 19:15:08 - [0] ----D C:\Users\gaspar\AppData\Local\{F32FF5CA-8EFD-4A47-AE23-CD198AAAA54F}

O43 - CFD: 27/05/2012 - 03:20:52 - [0] ----D C:\Users\gaspar\AppData\Local\{F3871C77-6C2E-43CF-9918-5A7EEAA5963F}

O43 - CFD: 29/04/2012 - 17:47:26 - [0] ----D C:\Users\gaspar\AppData\Local\{F494371A-7A53-4709-B2F7-FDF2DFC77874}

O43 - CFD: 16/04/2012 - 23:13:44 - [0] ----D C:\Users\gaspar\AppData\Local\{F648ECF4-D933-4B9E-9A36-13F651B41ACE}

O43 - CFD: 03/05/2012 - 19:52:19 - [0] ----D C:\Users\gaspar\AppData\Local\{F780A7DA-29D5-4FF3-85EF-294870B81FE6}

O43 - CFD: 17/04/2012 - 21:34:12 - [0] ----D C:\Users\gaspar\AppData\Local\{F7FBF960-1414-40CA-AA8F-9081493F7BB0}

O43 - CFD: 26/04/2012 - 13:26:53 - [0] ----D C:\Users\gaspar\AppData\Local\{FAC8A6DB-ACCA-4461-91F0-3233EC6183B1}

O43 - CFD: 01/05/2012 - 11:08:56 - [0] ----D C:\Users\gaspar\AppData\Local\{FB0AC820-4455-482A-AD7B-59812AA6EC46}

O43 - CFD: 22/05/2012 - 00:23:53 - [0] ----D C:\Users\gaspar\AppData\Local\{FC745D71-3B63-474E-BEE8-0F3B218127BE}

O43 - CFD: 26/05/2012 - 13:08:51 - [0] ----D C:\Users\gaspar\AppData\Local\{FCA6930F-C1EB-4789-A269-10157661A536}

O43 - CFD: 27/04/2012 - 13:49:22 - [0] ----D C:\Users\gaspar\AppData\Local\{FF67303F-91CD-45EC-A1CD-FDB4D81296BF}

O51 - MPSK:{0758efd8-acc8-11e1-9d98-0019216aa339}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) => Microsoft Windows NT or Infection USB

O51 - MPSK:{cd3c72ae-ac2b-11e1-96e3-0019216aa339}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) => Microsoft Windows NT or Infection USB

O51 - MPSK:{cd3c72cd-ac2b-11e1-96e3-0019216aa339}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) => Microsoft Windows NT or Infection USB

O51 - MPSK:{d07a4ae7-876c-11e1-ae9d-806e6f6e6963}\AutoRun\command. (.Macrovision Corporation - DemoShield Multi-CD Launch.) -- E:\Install.exe

O61 - LFC:Last File Created 08/06/2012 - 19:13:31 ---A- C:\Users\gaspar\AppData\Roaming\Kalydo\KalydoPlayer\bin1\uninstall.exe [124237]

O61 - LFC:Last File Created 30/12/1899 - 14:48:31 --HA- C:\Users\gaspar\AppData\Local\Temp\etilqs_MmxTju32UACYDcn [1028]

 

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

 

hostfix

proxyfix

emptytemp

emptyflash

firewallraz

sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

 

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

 

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

Abraços!

[MasterFuxi 0]

Boa Tarde!

 

Aqui está o log.

 

ZHPFix

 

http://cjoint.com/?BFnsy1tPT2A

[DigRam 144]

Boa Noite! MasterFuxi

 

 

|- Você possui pouca memória RAM disponível.

|- Isso pode ocasionar travamentos,ao utilizar o computador.

 

-/-

 

|- Baixe: < MyHosts > ( ... par Jeanmimigab )

|- Salve-o no desktop!

 

 

|- Execute o arquivo MyHosts.exe,que está na área de trabalho.

|- Para Windows Vista ou 7,execute-o como administrador.

 

#######ººº#######

 

** Rapport MyHosts.txt **

 

MyHosts V.1.0.0.2 de jeanmimigab

 

Merci à la team MH, W-T ,C_XX, Laddy et à Batch_man pour leurs aides

 

Résultat de l'opération:restauration du fichier hosts réussi...

 

** Fin du rapport **

 

#######ººº#######

 

|- Poste o relatório: C:\MyHosts.txt

 

-/-

 

|- Baixe: < > ( ...by OldTimer Tools )

 

|- Clique em Salvar! < >

 

|- Salve-o no desktop! < >

 

|- Duplo clique em OTL.exe --> Executar:

 

 

 

|- Configure "Verificação de Arquivos",segundo a screenshot!

 

 

|- Ps: Faça o mesmo para estes!

|- Em "Exame Extra do Registro",assinale "Nenhum".

 

netsvcs

%APPDATA%\*.exe /s

%APPDATA%\*.

/md5start

explorer.exe

userinit.exe

winlogon.exe

wininit.exe

csrss.exe

smss.exe

svchost.exe

services.exe

uninst.exe

/md5stop

%systemroot%\system32\tasks\*.* /s /64

%windir%\tasks\*.* /s

CREATERESTOREPOINT

 

|- Cole estas informações,que estão em verde,para o campo "Exames Personalizados/Correções".

 

|- Clique em Verificar:

 

|- Concluindo,poste o relatório: OTL.txt

 

Abraços!

[MasterFuxi 0]

Boa Noite!

 

Aqui estão os logs.

 

MyHosts

 

** Rapport MyHosts.txt **

 

MyHosts V.1.0.0.2 de jeanmimigab

 

Merci à la team MH, W-T ,C_XX, Laddy et à Batch_man pour leurs aides

 

Résultat de l'opération:restauration du fichier hosts réussi...

 

** Fin du rapport **

 

OTL

 

http://cjoint.com/?BFocla7eRPC

[DigRam 144]

Boa Noite! MaxterFuxi

 

|- Execute o OTL.exe.

|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )

 

:OTL

DRV - (XDva397) -- C:\Windows\system32\XDva397.sys File not found

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found

DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found

DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found

DRV - (LLRING0) -- C:\Users\gaspar\Desktop\DragonMu S6Ep3_v1\MuGuard\llck.sys File not found

O3 - HKU\S-1-5-21-1834084741-3228411641-3107641466-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O13 - gopher Prefix: missing

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe

 

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]

"Gopher"="gopher://"

 

:Commands

[CLEARALLRESTOREPOINTS]

[emptytemp]

[purity]

[reboot]

|- Clique no botão Consertar.

|- Ps: A ferramenta irá reiniciar o computador.

|- Ao surgir,clique em executar.

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

 

Abraços!

[MasterFuxi 0]

Boa Noite!

 

Aqui está o log.

 

OTL

 

http://cjoint.com/?BFod3ZfeSqG

[DigRam 144]

Boa Noite! MaxterFuxi

 

|- Abra o OTL.exe -> Clique em Limpeza. <-- Confirme!

|- Ps: O computador irá reiniciar!

 

-/-

 

|- Baixe: < >

 

|- < Link - 2 >

 

|- < Link - 3 >

 

|- Atualize o programa!

|- Escolha o escaneamento Completo!

|- Desabilite programas de proteção,ao executar o malwarebytes.

|- Para Windows Vista ou 7,clique direito no arquivo e execute-o como administrador.

|- Ps: Para determinadas infecções,a ferramenta pedirá reboot. <- Confirme!

 

 

|- Ao concluir,clique em "Ok" -> "Ver Resultados" -> "Remover Selecionados".

|- Poste,o relatório: mbam-log-2012-xx-xx (00-00-00).txt

 

Abraços!

[MasterFuxi 0]

Boa Noite.

 

Aqui está o log.

 

Malwarebytes

 

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

 

Versão da Base de Dados: v2012.06.14.07

 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

gaspar :: GASPAR-PC [administrador]

 

14/06/2012 11:53:36

mbam-log-2012-06-14 (11-53-36).txt

 

Tipo de Verificação: Verificação Completa

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 271307

Tempo decorrido: 1 hora(s), 29 minuto(s), 50 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

 

(fim)

[DigRam 144]

Boa Noite! MasterFuxi

 

|- Baixe: |DelFix| ( ... de Xplode )

 

 

|- Estando na página,clique na seta verde para o download. ( Seta verde! )

|- Salve-a em um local conveniente! ( desktop! )

|- Feche aplicativos que estejam abertos.

 

 

|- Clique em "Suppression".

|- Poste o relatório! ( C:\DelFixSuppr.txt )

|- À seguir,para remover DelFix do seu computador,clique em "Désinstallation".

 

-/-

 

|- Seus logs estão limpos!

|- Caso,ainda,tenha violações em seu hotmail,sugiro que tenha seu E-Mail no Yahoo,que apresenta maior segurança.

 

Abraços!

[MasterFuxi 0]

Boa Noite.

 

Obrigado pela ajuda e paciência. Problema resolvido.

 

 

Aqui está o log.

 

DelFix

 

# DelFix v8.8 - Rapport créé le 14/06/2012 à 20:14:41

# Mis à jour le 12/02/12 par Xplode

# Système d'exploitation : Windows 7 Ultimate Service Pack 1 (32 bits)

# Nom d'utilisateur : gaspar - GASPAR-PC (Administrateur)

# Exécuté depuis : C:\Users\gaspar\Downloads\delfix.exe

# Option [suppression]

 

 

~~~~~~ Dossiers(s) ~~~~~~

 

Supprimé : C:\MyHosts

Supprimé : C:\ZHP

Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP

Supprimé : C:\Program Files\ZHPDiag

 

~~~~~~ Fichier(s) ~~~~~~

 

Supprimé : C:\PhysicalDisk0_MBR.bin

Supprimé : C:\Users\gaspar\Desktop\HiJackThis.exe

Supprimé : C:\Users\gaspar\Desktop\ZHPDiag2.exe

Supprimé : C:\Users\Public\Desktop\ZHPDiag.lnk

Supprimé : C:\Users\Public\Desktop\ZHPFix.lnk

Supprimé : C:\Users\Public\Desktop\MBRCheck.lnk

 

~~~~~~ Registre ~~~~~~

 

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

 

~~~~~~ Autres ~~~~~~

 

-> Prefetch Vidé

 

*************************

 

DelFix[s1].txt - [985 octets] - [14/06/2012 20:14:41]

 

########## EOF - C:\DelFix[s1].txt - [1108 octets] ##########

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.